search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MOXA linux-2.6.x / linux-2.6.9-uc0 from sdlinux-moxaart.tgz
[linux-2.6.9-moxart.git] / security / selinux / avc.c
blob7afe09eed6ac8d9b948022bd75be3b05ad433608
1 /*
2 * Implementation of the kernel access vector cache (AVC).
3 *
4 * Authors: Stephen Smalley, <sds@epoch.ncsc.mil>
5 * James Morris <jmorris@redhat.com>
6 *
7 * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2,
11 * as published by the Free Software Foundation.
12 */
13 #include <linux/types.h>
14 #include <linux/stddef.h>
15 #include <linux/kernel.h>
16 #include <linux/slab.h>
17 #include <linux/fs.h>
18 #include <linux/dcache.h>
19 #include <linux/init.h>
20 #include <linux/skbuff.h>
21 #include <net/sock.h>
22 #include <linux/un.h>
23 #include <net/af_unix.h>
24 #include <linux/ip.h>
25 #include <linux/audit.h>
26 #include <linux/ipv6.h>
27 #include <net/ipv6.h>
28 #include "avc.h"
29 #include "avc_ss.h"
30 #ifdef CONFIG_AUDIT
31 #include "class_to_string.h"
32 #endif
33 #include "common_perm_to_string.h"
34 #include "av_inherit.h"
35 #include "av_perm_to_string.h"
36 #include "objsec.h"
37
38 #define AVC_CACHE_SLOTS 512
39 #define AVC_CACHE_MAXNODES 410
40
41 struct avc_entry {
42 u32 ssid;
43 u32 tsid;
44 u16 tclass;
45 struct av_decision avd;
46 int used; /* used recently */
47 };
48
49 struct avc_node {
50 struct avc_entry ae;
51 struct avc_node *next;
52 };
53
54 struct avc_cache {
55 struct avc_node *slots[AVC_CACHE_SLOTS];
56 u32 lru_hint; /* LRU hint for reclaim scan */
57 u32 active_nodes;
58 u32 latest_notif; /* latest revocation notification */
59 };
60
61 struct avc_callback_node {
62 int (*callback) (u32 event, u32 ssid, u32 tsid,
63 u16 tclass, u32 perms,
64 u32 *out_retained);
65 u32 events;
66 u32 ssid;
67 u32 tsid;
68 u16 tclass;
69 u32 perms;
70 struct avc_callback_node *next;
71 };
72
73 static spinlock_t avc_lock = SPIN_LOCK_UNLOCKED;
74 static struct avc_node *avc_node_freelist;
75 static struct avc_cache avc_cache;
76 static unsigned avc_cache_stats[AVC_NSTATS];
77 static struct avc_callback_node *avc_callbacks;
78
79 static inline int avc_hash(u32 ssid, u32 tsid, u16 tclass)
80 {
81 return (ssid ^ (tsid<<2) ^ (tclass<<4)) & (AVC_CACHE_SLOTS - 1);
82 }
83
84 #ifdef AVC_CACHE_STATS
85 static inline void avc_cache_stats_incr(int type)
86 {
87 avc_cache_stats[type]++;
88 }
89
90 static inline void avc_cache_stats_add(int type, unsigned val)
91 {
92 avc_cache_stats[type] += val;
93 }
94 #else
95 static inline void avc_cache_stats_incr(int type)
96 { }
97
98 static inline void avc_cache_stats_add(int type, unsigned val)
99 { }
100 #endif
101
102 /**
103 * avc_dump_av - Display an access vector in human-readable form.
104 * @tclass: target security class
105 * @av: access vector
106 */
107 void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av)
108 {
109 char **common_pts = NULL;
110 u32 common_base = 0;
111 int i, i2, perm;
112
113 if (av == 0) {
114 audit_log_format(ab, " null");
115 return;
116 }
117
118 for (i = 0; i < ARRAY_SIZE(av_inherit); i++) {
119 if (av_inherit[i].tclass == tclass) {
120 common_pts = av_inherit[i].common_pts;
121 common_base = av_inherit[i].common_base;
122 break;
123 }
124 }
125
126 audit_log_format(ab, " {");
127 i = 0;
128 perm = 1;
129 while (perm < common_base) {
130 if (perm & av)
131 audit_log_format(ab, " %s", common_pts[i]);
132 i++;
133 perm <<= 1;
134 }
135
136 while (i < sizeof(av) * 8) {
137 if (perm & av) {
138 for (i2 = 0; i2 < ARRAY_SIZE(av_perm_to_string); i2++) {
139 if ((av_perm_to_string[i2].tclass == tclass) &&
140 (av_perm_to_string[i2].value == perm))
141 break;
142 }
143 if (i2 < ARRAY_SIZE(av_perm_to_string))
144 audit_log_format(ab, " %s",
145 av_perm_to_string[i2].name);
146 }
147 i++;
148 perm <<= 1;
149 }
150
151 audit_log_format(ab, " }");
152 }
153
154 /**
155 * avc_dump_query - Display a SID pair and a class in human-readable form.
156 * @ssid: source security identifier
157 * @tsid: target security identifier
158 * @tclass: target security class
159 */
160 void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tclass)
161 {
162 int rc;
163 char *scontext;
164 u32 scontext_len;
165
166 rc = security_sid_to_context(ssid, &scontext, &scontext_len);
167 if (rc)
168 audit_log_format(ab, "ssid=%d", ssid);
169 else {
170 audit_log_format(ab, "scontext=%s", scontext);
171 kfree(scontext);
172 }
173
174 rc = security_sid_to_context(tsid, &scontext, &scontext_len);
175 if (rc)
176 audit_log_format(ab, " tsid=%d", tsid);
177 else {
178 audit_log_format(ab, " tcontext=%s", scontext);
179 kfree(scontext);
180 }
181 audit_log_format(ab, " tclass=%s", class_to_string[tclass]);
182 }
183
184 /**
185 * avc_init - Initialize the AVC.
186 *
187 * Initialize the access vector cache.
188 */
189 void __init avc_init(void)
190 {
191 struct avc_node *new;
192 int i;
193
194 for (i = 0; i < AVC_CACHE_MAXNODES; i++) {
195 new = kmalloc(sizeof(*new), GFP_ATOMIC);
196 if (!new) {
197 printk(KERN_WARNING "avc: only able to allocate "
198 "%d entries\n", i);
199 break;
200 }
201 memset(new, 0, sizeof(*new));
202 new->next = avc_node_freelist;
203 avc_node_freelist = new;
204 }
205
206 audit_log(current->audit_context, "AVC INITIALIZED\n");
207 }
208
209 #if 0
210 static void avc_hash_eval(char *tag)
211 {
212 int i, chain_len, max_chain_len, slots_used;
213 struct avc_node *node;
214 unsigned long flags;
215
216 spin_lock_irqsave(&avc_lock,flags);
217
218 slots_used = 0;
219 max_chain_len = 0;
220 for (i = 0; i < AVC_CACHE_SLOTS; i++) {
221 node = avc_cache.slots[i];
222 if (node) {
223 slots_used++;
224 chain_len = 0;
225 while (node) {
226 chain_len++;
227 node = node->next;
228 }
229 if (chain_len > max_chain_len)
230 max_chain_len = chain_len;
231 }
232 }
233
234 spin_unlock_irqrestore(&avc_lock,flags);
235
236 printk(KERN_INFO "\n");
237 printk(KERN_INFO "%s avc: %d entries and %d/%d buckets used, longest "
238 "chain length %d\n", tag, avc_cache.active_nodes, slots_used,
239 AVC_CACHE_SLOTS, max_chain_len);
240 }
241 #else
242 static inline void avc_hash_eval(char *tag)
243 { }
244 #endif
245
246 static inline struct avc_node *avc_reclaim_node(void)
247 {
248 struct avc_node *prev, *cur;
249 int hvalue, try;
250
251 hvalue = avc_cache.lru_hint;
252 for (try = 0; try < 2; try++) {
253 do {
254 prev = NULL;
255 cur = avc_cache.slots[hvalue];
256 while (cur) {
257 if (!cur->ae.used)
258 goto found;
259
260 cur->ae.used = 0;
261
262 prev = cur;
263 cur = cur->next;
264 }
265 hvalue = (hvalue + 1) & (AVC_CACHE_SLOTS - 1);
266 } while (hvalue != avc_cache.lru_hint);
267 }
268
269 panic("avc_reclaim_node");
270
271 found:
272 avc_cache.lru_hint = hvalue;
273
274 if (prev == NULL)
275 avc_cache.slots[hvalue] = cur->next;
276 else
277 prev->next = cur->next;
278
279 return cur;
280 }
281
282 static inline struct avc_node *avc_claim_node(u32 ssid,
283 u32 tsid, u16 tclass)
284 {
285 struct avc_node *new;
286 int hvalue;
287
288 hvalue = avc_hash(ssid, tsid, tclass);
289 if (avc_node_freelist) {
290 new = avc_node_freelist;
291 avc_node_freelist = avc_node_freelist->next;
292 avc_cache.active_nodes++;
293 } else {
294 new = avc_reclaim_node();
295 if (!new)
296 goto out;
297 }
298
299 new->ae.used = 1;
300 new->ae.ssid = ssid;
301 new->ae.tsid = tsid;
302 new->ae.tclass = tclass;
303 new->next = avc_cache.slots[hvalue];
304 avc_cache.slots[hvalue] = new;
305
306 out:
307 return new;
308 }
309
310 static inline struct avc_node *avc_search_node(u32 ssid, u32 tsid,
311 u16 tclass, int *probes)
312 {
313 struct avc_node *cur;
314 int hvalue;
315 int tprobes = 1;
316
317 hvalue = avc_hash(ssid, tsid, tclass);
318 cur = avc_cache.slots[hvalue];
319 while (cur != NULL &&
320 (ssid != cur->ae.ssid ||
321 tclass != cur->ae.tclass ||
322 tsid != cur->ae.tsid)) {
323 tprobes++;
324 cur = cur->next;
325 }
326
327 if (cur == NULL) {
328 /* cache miss */
329 goto out;
330 }
331
332 /* cache hit */
333 if (probes)
334 *probes = tprobes;
335
336 cur->ae.used = 1;
337
338 out:
339 return cur;
340 }
341
342 /**
343 * avc_lookup - Look up an AVC entry.
344 * @ssid: source security identifier
345 * @tsid: target security identifier
346 * @tclass: target security class
347 * @requested: requested permissions, interpreted based on @tclass
348 * @aeref: AVC entry reference
349 *
350 * Look up an AVC entry that is valid for the
351 * @requested permissions between the SID pair
352 * (@ssid, @tsid), interpreting the permissions
353 * based on @tclass. If a valid AVC entry exists,
354 * then this function updates @aeref to refer to the
355 * entry and returns %0. Otherwise, this function
356 * returns -%ENOENT.
357 */
358 int avc_lookup(u32 ssid, u32 tsid, u16 tclass,
359 u32 requested, struct avc_entry_ref *aeref)
360 {
361 struct avc_node *node;
362 int probes, rc = 0;
363
364 avc_cache_stats_incr(AVC_CAV_LOOKUPS);
365 node = avc_search_node(ssid, tsid, tclass,&probes);
366
367 if (node && ((node->ae.avd.decided & requested) == requested)) {
368 avc_cache_stats_incr(AVC_CAV_HITS);
369 avc_cache_stats_add(AVC_CAV_PROBES,probes);
370 aeref->ae = &node->ae;
371 goto out;
372 }
373
374 avc_cache_stats_incr(AVC_CAV_MISSES);
375 rc = -ENOENT;
376 out:
377 return rc;
378 }
379
380 /**
381 * avc_insert - Insert an AVC entry.
382 * @ssid: source security identifier
383 * @tsid: target security identifier
384 * @tclass: target security class
385 * @ae: AVC entry
386 * @aeref: AVC entry reference
387 *
388 * Insert an AVC entry for the SID pair
389 * (@ssid, @tsid) and class @tclass.
390 * The access vectors and the sequence number are
391 * normally provided by the security server in
392 * response to a security_compute_av() call. If the
393 * sequence number @ae->avd.seqno is not less than the latest
394 * revocation notification, then the function copies
395 * the access vectors into a cache entry, updates
396 * @aeref to refer to the entry, and returns %0.
397 * Otherwise, this function returns -%EAGAIN.
398 */
399 int avc_insert(u32 ssid, u32 tsid, u16 tclass,
400 struct avc_entry *ae, struct avc_entry_ref *aeref)
401 {
402 struct avc_node *node;
403 int rc = 0;
404
405 if (ae->avd.seqno < avc_cache.latest_notif) {
406 printk(KERN_WARNING "avc: seqno %d < latest_notif %d\n",
407 ae->avd.seqno, avc_cache.latest_notif);
408 rc = -EAGAIN;
409 goto out;
410 }
411
412 node = avc_claim_node(ssid, tsid, tclass);
413 if (!node) {
414 rc = -ENOMEM;
415 goto out;
416 }
417
418 node->ae.avd.allowed = ae->avd.allowed;
419 node->ae.avd.decided = ae->avd.decided;
420 node->ae.avd.auditallow = ae->avd.auditallow;
421 node->ae.avd.auditdeny = ae->avd.auditdeny;
422 node->ae.avd.seqno = ae->avd.seqno;
423 aeref->ae = &node->ae;
424 out:
425 return rc;
426 }
427
428 static inline void avc_print_ipv6_addr(struct audit_buffer *ab,
429 struct in6_addr *addr, u16 port,
430 char *name1, char *name2)
431 {
432 if (!ipv6_addr_any(addr))
433 audit_log_format(ab, " %s=%04x:%04x:%04x:%04x:%04x:"
434 "%04x:%04x:%04x", name1, NIP6(*addr));
435 if (port)
436 audit_log_format(ab, " %s=%d", name2, ntohs(port));
437 }
438
439 static inline void avc_print_ipv4_addr(struct audit_buffer *ab, u32 addr,
440 u16 port, char *name1, char *name2)
441 {
442 if (addr)
443 audit_log_format(ab, " %s=%d.%d.%d.%d", name1, NIPQUAD(addr));
444 if (port)
445 audit_log_format(ab, " %s=%d", name2, ntohs(port));
446 }
447
448 /**
449 * avc_audit - Audit the granting or denial of permissions.
450 * @ssid: source security identifier
451 * @tsid: target security identifier
452 * @tclass: target security class
453 * @requested: requested permissions
454 * @avd: access vector decisions
455 * @result: result from avc_has_perm_noaudit
456 * @a: auxiliary audit data
457 *
458 * Audit the granting or denial of permissions in accordance
459 * with the policy. This function is typically called by
460 * avc_has_perm() after a permission check, but can also be
461 * called directly by callers who use avc_has_perm_noaudit()
462 * in order to separate the permission check from the auditing.
463 * For example, this separation is useful when the permission check must
464 * be performed under a lock, to allow the lock to be released
465 * before calling the auditing code.
466 */
467 void avc_audit(u32 ssid, u32 tsid,
468 u16 tclass, u32 requested,
469 struct av_decision *avd, int result, struct avc_audit_data *a)
470 {
471 struct task_struct *tsk = current;
472 struct inode *inode = NULL;
473 u32 denied, audited;
474 struct audit_buffer *ab;
475
476 denied = requested & ~avd->allowed;
477 if (denied) {
478 audited = denied;
479 if (!(audited & avd->auditdeny))
480 return;
481 } else if (result) {
482 audited = denied = requested;
483 } else {
484 audited = requested;
485 if (!(audited & avd->auditallow))
486 return;
487 }
488
489 ab = audit_log_start(current->audit_context);
490 if (!ab)
491 return; /* audit_panic has been called */
492 audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted");
493 avc_dump_av(ab, tclass,audited);
494 audit_log_format(ab, " for ");
495 if (a && a->tsk)
496 tsk = a->tsk;
497 if (tsk && tsk->pid) {
498 struct mm_struct *mm;
499 struct vm_area_struct *vma;
500 audit_log_format(ab, " pid=%d", tsk->pid);
501 if (tsk == current)
502 mm = current->mm;
503 else
504 mm = get_task_mm(tsk);
505 if (mm) {
506 if (down_read_trylock(&mm->mmap_sem)) {
507 vma = mm->mmap;
508 while (vma) {
509 if ((vma->vm_flags & VM_EXECUTABLE) &&
510 vma->vm_file) {
511 audit_log_d_path(ab, "exe=",
512 vma->vm_file->f_dentry,
513 vma->vm_file->f_vfsmnt);
514 break;
515 }
516 vma = vma->vm_next;
517 }
518 up_read(&mm->mmap_sem);
519 }
520 if (tsk != current)
521 mmput(mm);
522 } else {
523 audit_log_format(ab, " comm=%s", tsk->comm);
524 }
525 }
526 if (a) {
527 switch (a->type) {
528 case AVC_AUDIT_DATA_IPC:
529 audit_log_format(ab, " key=%d", a->u.ipc_id);
530 break;
531 case AVC_AUDIT_DATA_CAP:
532 audit_log_format(ab, " capability=%d", a->u.cap);
533 break;
534 case AVC_AUDIT_DATA_FS:
535 if (a->u.fs.dentry) {
536 struct dentry *dentry = a->u.fs.dentry;
537 if (a->u.fs.mnt) {
538 audit_log_d_path(ab, "path=", dentry,
539 a->u.fs.mnt);
540 } else {
541 audit_log_format(ab, " name=%s",
542 dentry->d_name.name);
543 }
544 inode = dentry->d_inode;
545 } else if (a->u.fs.inode) {
546 struct dentry *dentry;
547 inode = a->u.fs.inode;
548 dentry = d_find_alias(inode);
549 if (dentry) {
550 audit_log_format(ab, " name=%s",
551 dentry->d_name.name);
552 dput(dentry);
553 }
554 }
555 if (inode)
556 audit_log_format(ab, " dev=%s ino=%ld",
557 inode->i_sb->s_id,
558 inode->i_ino);
559 break;
560 case AVC_AUDIT_DATA_NET:
561 if (a->u.net.sk) {
562 struct sock *sk = a->u.net.sk;
563 struct unix_sock *u;
564 int len = 0;
565 char *p = NULL;
566
567 switch (sk->sk_family) {
568 case AF_INET: {
569 struct inet_opt *inet = inet_sk(sk);
570
571 avc_print_ipv4_addr(ab, inet->rcv_saddr,
572 inet->sport,
573 "laddr", "lport");
574 avc_print_ipv4_addr(ab, inet->daddr,
575 inet->dport,
576 "faddr", "fport");
577 break;
578 }
579 case AF_INET6: {
580 struct inet_opt *inet = inet_sk(sk);
581 struct ipv6_pinfo *inet6 = inet6_sk(sk);
582
583 avc_print_ipv6_addr(ab, &inet6->rcv_saddr,
584 inet->sport,
585 "laddr", "lport");
586 avc_print_ipv6_addr(ab, &inet6->daddr,
587 inet->dport,
588 "faddr", "fport");
589 break;
590 }
591 case AF_UNIX:
592 u = unix_sk(sk);
593 if (u->dentry) {
594 audit_log_d_path(ab, "path=",
595 u->dentry, u->mnt);
596 break;
597 }
598 if (!u->addr)
599 break;
600 len = u->addr->len-sizeof(short);
601 p = &u->addr->name->sun_path[0];
602 if (*p)
603 audit_log_format(ab,
604 "path=%*.*s", len,
605 len, p);
606 else
607 audit_log_format(ab,
608 "path=@%*.*s", len-1,
609 len-1, p+1);
610 break;
611 }
612 }
613
614 switch (a->u.net.family) {
615 case AF_INET:
616 avc_print_ipv4_addr(ab, a->u.net.v4info.saddr,
617 a->u.net.sport,
618 "saddr", "src");
619 avc_print_ipv4_addr(ab, a->u.net.v4info.daddr,
620 a->u.net.dport,
621 "daddr", "dest");
622 break;
623 case AF_INET6:
624 avc_print_ipv6_addr(ab, &a->u.net.v6info.saddr,
625 a->u.net.sport,
626 "saddr", "src");
627 avc_print_ipv6_addr(ab, &a->u.net.v6info.daddr,
628 a->u.net.dport,
629 "daddr", "dest");
630 break;
631 }
632 if (a->u.net.netif)
633 audit_log_format(ab, " netif=%s",
634 a->u.net.netif);
635 break;
636 }
637 }
638 audit_log_format(ab, " ");
639 avc_dump_query(ab, ssid, tsid, tclass);
640 audit_log_end(ab);
641 }
642
643 /**
644 * avc_add_callback - Register a callback for security events.
645 * @callback: callback function
646 * @events: security events
647 * @ssid: source security identifier or %SECSID_WILD
648 * @tsid: target security identifier or %SECSID_WILD
649 * @tclass: target security class
650 * @perms: permissions
651 *
652 * Register a callback function for events in the set @events
653 * related to the SID pair (@ssid, @tsid) and
654 * and the permissions @perms, interpreting
655 * @perms based on @tclass. Returns %0 on success or
656 * -%ENOMEM if insufficient memory exists to add the callback.
657 */
658 int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
659 u16 tclass, u32 perms,
660 u32 *out_retained),
661 u32 events, u32 ssid, u32 tsid,
662 u16 tclass, u32 perms)
663 {
664 struct avc_callback_node *c;
665 int rc = 0;
666
667 c = kmalloc(sizeof(*c), GFP_ATOMIC);
668 if (!c) {
669 rc = -ENOMEM;
670 goto out;
671 }
672
673 c->callback = callback;
674 c->events = events;
675 c->ssid = ssid;
676 c->tsid = tsid;
677 c->perms = perms;
678 c->next = avc_callbacks;
679 avc_callbacks = c;
680 out:
681 return rc;
682 }
683
684 static inline int avc_sidcmp(u32 x, u32 y)
685 {
686 return (x == y || x == SECSID_WILD || y == SECSID_WILD);
687 }
688
689 static inline void avc_update_node(u32 event, struct avc_node *node, u32 perms)
690 {
691 switch (event) {
692 case AVC_CALLBACK_GRANT:
693 node->ae.avd.allowed |= perms;
694 break;
695 case AVC_CALLBACK_TRY_REVOKE:
696 case AVC_CALLBACK_REVOKE:
697 node->ae.avd.allowed &= ~perms;
698 break;
699 case AVC_CALLBACK_AUDITALLOW_ENABLE:
700 node->ae.avd.auditallow |= perms;
701 break;
702 case AVC_CALLBACK_AUDITALLOW_DISABLE:
703 node->ae.avd.auditallow &= ~perms;
704 break;
705 case AVC_CALLBACK_AUDITDENY_ENABLE:
706 node->ae.avd.auditdeny |= perms;
707 break;
708 case AVC_CALLBACK_AUDITDENY_DISABLE:
709 node->ae.avd.auditdeny &= ~perms;
710 break;
711 }
712 }
713
714 static int avc_update_cache(u32 event, u32 ssid, u32 tsid,
715 u16 tclass, u32 perms)
716 {
717 struct avc_node *node;
718 int i;
719 unsigned long flags;
720
721 spin_lock_irqsave(&avc_lock,flags);
722
723 if (ssid == SECSID_WILD || tsid == SECSID_WILD) {
724 /* apply to all matching nodes */
725 for (i = 0; i < AVC_CACHE_SLOTS; i++) {
726 for (node = avc_cache.slots[i]; node;
727 node = node->next) {
728 if (avc_sidcmp(ssid, node->ae.ssid) &&
729 avc_sidcmp(tsid, node->ae.tsid) &&
730 tclass == node->ae.tclass) {
731 avc_update_node(event,node,perms);
732 }
733 }
734 }
735 } else {
736 /* apply to one node */
737 node = avc_search_node(ssid, tsid, tclass, NULL);
738 if (node) {
739 avc_update_node(event,node,perms);
740 }
741 }
742
743 spin_unlock_irqrestore(&avc_lock,flags);
744
745 return 0;
746 }
747
748 static int avc_control(u32 event, u32 ssid, u32 tsid,
749 u16 tclass, u32 perms,
750 u32 seqno, u32 *out_retained)
751 {
752 struct avc_callback_node *c;
753 u32 tretained = 0, cretained = 0;
754 int rc = 0;
755 unsigned long flags;
756
757 /*
758 * try_revoke only removes permissions from the cache
759 * state if they are not retained by the object manager.
760 * Hence, try_revoke must wait until after the callbacks have
761 * been invoked to update the cache state.
762 */
763 if (event != AVC_CALLBACK_TRY_REVOKE)
764 avc_update_cache(event,ssid,tsid,tclass,perms);
765
766 for (c = avc_callbacks; c; c = c->next)
767 {
768 if ((c->events & event) &&
769 avc_sidcmp(c->ssid, ssid) &&
770 avc_sidcmp(c->tsid, tsid) &&
771 c->tclass == tclass &&
772 (c->perms & perms)) {
773 cretained = 0;
774 rc = c->callback(event, ssid, tsid, tclass,
775 (c->perms & perms),
776 &cretained);
777 if (rc)
778 goto out;
779 tretained |= cretained;
780 }
781 }
782
783 if (event == AVC_CALLBACK_TRY_REVOKE) {
784 /* revoke any unretained permissions */
785 perms &= ~tretained;
786 avc_update_cache(event,ssid,tsid,tclass,perms);
787 *out_retained = tretained;
788 }
789
790 spin_lock_irqsave(&avc_lock,flags);
791 if (seqno > avc_cache.latest_notif)
792 avc_cache.latest_notif = seqno;
793 spin_unlock_irqrestore(&avc_lock,flags);
794
795 out:
796 return rc;
797 }
798
799 /**
800 * avc_ss_grant - Grant previously denied permissions.
801 * @ssid: source security identifier or %SECSID_WILD
802 * @tsid: target security identifier or %SECSID_WILD
803 * @tclass: target security class
804 * @perms: permissions to grant
805 * @seqno: policy sequence number
806 */
807 int avc_ss_grant(u32 ssid, u32 tsid, u16 tclass,
808 u32 perms, u32 seqno)
809 {
810 return avc_control(AVC_CALLBACK_GRANT,
811 ssid, tsid, tclass, perms, seqno, NULL);
812 }
813
814 /**
815 * avc_ss_try_revoke - Try to revoke previously granted permissions.
816 * @ssid: source security identifier or %SECSID_WILD
817 * @tsid: target security identifier or %SECSID_WILD
818 * @tclass: target security class
819 * @perms: permissions to grant
820 * @seqno: policy sequence number
821 * @out_retained: subset of @perms that are retained
822 *
823 * Try to revoke previously granted permissions, but
824 * only if they are not retained as migrated permissions.
825 * Return the subset of permissions that are retained via @out_retained.
826 */
827 int avc_ss_try_revoke(u32 ssid, u32 tsid, u16 tclass,
828 u32 perms, u32 seqno, u32 *out_retained)
829 {
830 return avc_control(AVC_CALLBACK_TRY_REVOKE,
831 ssid, tsid, tclass, perms, seqno, out_retained);
832 }
833
834 /**
835 * avc_ss_revoke - Revoke previously granted permissions.
836 * @ssid: source security identifier or %SECSID_WILD
837 * @tsid: target security identifier or %SECSID_WILD
838 * @tclass: target security class
839 * @perms: permissions to grant
840 * @seqno: policy sequence number
841 *
842 * Revoke previously granted permissions, even if
843 * they are retained as migrated permissions.
844 */
845 int avc_ss_revoke(u32 ssid, u32 tsid, u16 tclass,
846 u32 perms, u32 seqno)
847 {
848 return avc_control(AVC_CALLBACK_REVOKE,
849 ssid, tsid, tclass, perms, seqno, NULL);
850 }
851
852 /**
853 * avc_ss_reset - Flush the cache and revalidate migrated permissions.
854 * @seqno: policy sequence number
855 */
856 int avc_ss_reset(u32 seqno)
857 {
858 struct avc_callback_node *c;
859 int i, rc = 0;
860 struct avc_node *node, *tmp;
861 unsigned long flags;
862
863 avc_hash_eval("reset");
864
865 spin_lock_irqsave(&avc_lock,flags);
866
867 for (i = 0; i < AVC_CACHE_SLOTS; i++) {
868 node = avc_cache.slots[i];
869 while (node) {
870 tmp = node;
871 node = node->next;
872 tmp->ae.ssid = tmp->ae.tsid = SECSID_NULL;
873 tmp->ae.tclass = SECCLASS_NULL;
874 tmp->ae.avd.allowed = tmp->ae.avd.decided = 0;
875 tmp->ae.avd.auditallow = tmp->ae.avd.auditdeny = 0;
876 tmp->ae.used = 0;
877 tmp->next = avc_node_freelist;
878 avc_node_freelist = tmp;
879 avc_cache.active_nodes--;
880 }
881 avc_cache.slots[i] = NULL;
882 }
883 avc_cache.lru_hint = 0;
884
885 spin_unlock_irqrestore(&avc_lock,flags);
886
887 for (i = 0; i < AVC_NSTATS; i++)
888 avc_cache_stats[i] = 0;
889
890 for (c = avc_callbacks; c; c = c->next) {
891 if (c->events & AVC_CALLBACK_RESET) {
892 rc = c->callback(AVC_CALLBACK_RESET,
893 0, 0, 0, 0, NULL);
894 if (rc)
895 goto out;
896 }
897 }
898
899 spin_lock_irqsave(&avc_lock,flags);
900 if (seqno > avc_cache.latest_notif)
901 avc_cache.latest_notif = seqno;
902 spin_unlock_irqrestore(&avc_lock,flags);
903 out:
904 return rc;
905 }
906
907 /**
908 * avc_ss_set_auditallow - Enable or disable auditing of granted permissions.
909 * @ssid: source security identifier or %SECSID_WILD
910 * @tsid: target security identifier or %SECSID_WILD
911 * @tclass: target security class
912 * @perms: permissions to grant
913 * @seqno: policy sequence number
914 * @enable: enable flag.
915 */
916 int avc_ss_set_auditallow(u32 ssid, u32 tsid, u16 tclass,
917 u32 perms, u32 seqno, u32 enable)
918 {
919 if (enable)
920 return avc_control(AVC_CALLBACK_AUDITALLOW_ENABLE,
921 ssid, tsid, tclass, perms, seqno, NULL);
922 else
923 return avc_control(AVC_CALLBACK_AUDITALLOW_DISABLE,
924 ssid, tsid, tclass, perms, seqno, NULL);
925 }
926
927 /**
928 * avc_ss_set_auditdeny - Enable or disable auditing of denied permissions.
929 * @ssid: source security identifier or %SECSID_WILD
930 * @tsid: target security identifier or %SECSID_WILD
931 * @tclass: target security class
932 * @perms: permissions to grant
933 * @seqno: policy sequence number
934 * @enable: enable flag.
935 */
936 int avc_ss_set_auditdeny(u32 ssid, u32 tsid, u16 tclass,
937 u32 perms, u32 seqno, u32 enable)
938 {
939 if (enable)
940 return avc_control(AVC_CALLBACK_AUDITDENY_ENABLE,
941 ssid, tsid, tclass, perms, seqno, NULL);
942 else
943 return avc_control(AVC_CALLBACK_AUDITDENY_DISABLE,
944 ssid, tsid, tclass, perms, seqno, NULL);
945 }
946
947 /**
948 * avc_has_perm_noaudit - Check permissions but perform no auditing.
949 * @ssid: source security identifier
950 * @tsid: target security identifier
951 * @tclass: target security class
952 * @requested: requested permissions, interpreted based on @tclass
953 * @aeref: AVC entry reference
954 * @avd: access vector decisions
955 *
956 * Check the AVC to determine whether the @requested permissions are granted
957 * for the SID pair (@ssid, @tsid), interpreting the permissions
958 * based on @tclass, and call the security server on a cache miss to obtain
959 * a new decision and add it to the cache. Update @aeref to refer to an AVC
960 * entry with the resulting decisions, and return a copy of the decisions
961 * in @avd. Return %0 if all @requested permissions are granted,
962 * -%EACCES if any permissions are denied, or another -errno upon
963 * other errors. This function is typically called by avc_has_perm(),
964 * but may also be called directly to separate permission checking from
965 * auditing, e.g. in cases where a lock must be held for the check but
966 * should be released for the auditing.
967 */
968 int avc_has_perm_noaudit(u32 ssid, u32 tsid,
969 u16 tclass, u32 requested,
970 struct avc_entry_ref *aeref, struct av_decision *avd)
971 {
972 struct avc_entry *ae;
973 int rc = 0;
974 unsigned long flags;
975 struct avc_entry entry;
976 u32 denied;
977 struct avc_entry_ref ref;
978
979 if (!aeref) {
980 avc_entry_ref_init(&ref);
981 aeref = &ref;
982 }
983
984 spin_lock_irqsave(&avc_lock, flags);
985 avc_cache_stats_incr(AVC_ENTRY_LOOKUPS);
986 ae = aeref->ae;
987 if (ae) {
988 if (ae->ssid == ssid &&
989 ae->tsid == tsid &&
990 ae->tclass == tclass &&
991 ((ae->avd.decided & requested) == requested)) {
992 avc_cache_stats_incr(AVC_ENTRY_HITS);
993 ae->used = 1;
994 } else {
995 avc_cache_stats_incr(AVC_ENTRY_DISCARDS);
996 ae = NULL;
997 }
998 }
999
1000 if (!ae) {
1001 avc_cache_stats_incr(AVC_ENTRY_MISSES);
1002 rc = avc_lookup(ssid, tsid, tclass, requested, aeref);
1003 if (rc) {
1004 spin_unlock_irqrestore(&avc_lock,flags);
1005 rc = security_compute_av(ssid,tsid,tclass,requested,&entry.avd);
1006 if (rc)
1007 goto out;
1008 spin_lock_irqsave(&avc_lock, flags);
1009 rc = avc_insert(ssid,tsid,tclass,&entry,aeref);
1010 if (rc) {
1011 spin_unlock_irqrestore(&avc_lock,flags);
1012 goto out;
1013 }
1014 }
1015 ae = aeref->ae;
1016 }
1017
1018 if (avd)
1019 memcpy(avd, &ae->avd, sizeof(*avd));
1020
1021 denied = requested & ~(ae->avd.allowed);
1022
1023 if (!requested || denied) {
1024 if (selinux_enforcing) {
1025 spin_unlock_irqrestore(&avc_lock,flags);
1026 rc = -EACCES;
1027 goto out;
1028 } else {
1029 ae->avd.allowed |= requested;
1030 spin_unlock_irqrestore(&avc_lock,flags);
1031 goto out;
1032 }
1033 }
1034
1035 spin_unlock_irqrestore(&avc_lock,flags);
1036 out:
1037 return rc;
1038 }
1039
1040 /**
1041 * avc_has_perm - Check permissions and perform any appropriate auditing.
1042 * @ssid: source security identifier
1043 * @tsid: target security identifier
1044 * @tclass: target security class
1045 * @requested: requested permissions, interpreted based on @tclass
1046 * @aeref: AVC entry reference
1047 * @auditdata: auxiliary audit data
1048 *
1049 * Check the AVC to determine whether the @requested permissions are granted
1050 * for the SID pair (@ssid, @tsid), interpreting the permissions
1051 * based on @tclass, and call the security server on a cache miss to obtain
1052 * a new decision and add it to the cache. Update @aeref to refer to an AVC
1053 * entry with the resulting decisions. Audit the granting or denial of
1054 * permissions in accordance with the policy. Return %0 if all @requested
1055 * permissions are granted, -%EACCES if any permissions are denied, or
1056 * another -errno upon other errors.
1057 */
1058 int avc_has_perm(u32 ssid, u32 tsid, u16 tclass,
1059 u32 requested, struct avc_entry_ref *aeref,
1060 struct avc_audit_data *auditdata)
1061 {
1062 struct av_decision avd;
1063 int rc;
1064
1065 rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, aeref, &avd);
1066 avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata);
1067 return rc;
1068 }
MOXA 2.6.9 from sdlinux-moxaart.tgz