Commit a2a15479 authored by James Morris's avatar James Morris

Merge branch 'stable-4.11' of git://git.infradead.org/users/pcmoore/selinux into next

parents e2241be6 1ea0ce40
......@@ -2488,6 +2488,12 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf,
length = -ESRCH;
if (!task)
goto out_no_task;
/* A task may only write its own attributes. */
length = -EACCES;
if (current != task)
goto out;
if (count > PAGE_SIZE)
count = PAGE_SIZE;
......@@ -2503,14 +2509,13 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf,
}
/* Guard against adverse ptrace interaction */
length = mutex_lock_interruptible(&task->signal->cred_guard_mutex);
length = mutex_lock_interruptible(&current->signal->cred_guard_mutex);
if (length < 0)
goto out_free;
length = security_setprocattr(task,
(char*)file->f_path.dentry->d_name.name,
length = security_setprocattr(file->f_path.dentry->d_name.name,
page, count);
mutex_unlock(&task->signal->cred_guard_mutex);
mutex_unlock(&current->signal->cred_guard_mutex);
out_free:
kfree(page);
out:
......
......@@ -665,11 +665,6 @@
* @sig contains the signal value.
* @secid contains the sid of the process where the signal originated
* Return 0 if permission is granted.
* @task_wait:
* Check permission before allowing a process to reap a child process @p
* and collect its status information.
* @p contains the task_struct for process.
* Return 0 if permission is granted.
* @task_prctl:
* Check permission before performing a process control operation on the
* current process.
......@@ -1506,7 +1501,6 @@ union security_list_options {
int (*task_movememory)(struct task_struct *p);
int (*task_kill)(struct task_struct *p, struct siginfo *info,
int sig, u32 secid);
int (*task_wait)(struct task_struct *p);
int (*task_prctl)(int option, unsigned long arg2, unsigned long arg3,
unsigned long arg4, unsigned long arg5);
void (*task_to_inode)(struct task_struct *p, struct inode *inode);
......@@ -1546,8 +1540,7 @@ union security_list_options {
void (*d_instantiate)(struct dentry *dentry, struct inode *inode);
int (*getprocattr)(struct task_struct *p, char *name, char **value);
int (*setprocattr)(struct task_struct *p, char *name, void *value,
size_t size);
int (*setprocattr)(const char *name, void *value, size_t size);
int (*ismaclabel)(const char *name);
int (*secid_to_secctx)(u32 secid, char **secdata, u32 *seclen);
int (*secctx_to_secid)(const char *secdata, u32 seclen, u32 *secid);
......@@ -1767,7 +1760,6 @@ struct security_hook_heads {
struct list_head task_getscheduler;
struct list_head task_movememory;
struct list_head task_kill;
struct list_head task_wait;
struct list_head task_prctl;
struct list_head task_to_inode;
struct list_head ipc_permission;
......
......@@ -332,7 +332,6 @@ int security_task_getscheduler(struct task_struct *p);
int security_task_movememory(struct task_struct *p);
int security_task_kill(struct task_struct *p, struct siginfo *info,
int sig, u32 secid);
int security_task_wait(struct task_struct *p);
int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
unsigned long arg4, unsigned long arg5);
void security_task_to_inode(struct task_struct *p, struct inode *inode);
......@@ -361,7 +360,7 @@ int security_sem_semop(struct sem_array *sma, struct sembuf *sops,
unsigned nsops, int alter);
void security_d_instantiate(struct dentry *dentry, struct inode *inode);
int security_getprocattr(struct task_struct *p, char *name, char **value);
int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size);
int security_setprocattr(const char *name, void *value, size_t size);
int security_netlink_send(struct sock *sk, struct sk_buff *skb);
int security_ismaclabel(const char *name);
int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
......@@ -980,11 +979,6 @@ static inline int security_task_kill(struct task_struct *p,
return 0;
}
static inline int security_task_wait(struct task_struct *p)
{
return 0;
}
static inline int security_task_prctl(int option, unsigned long arg2,
unsigned long arg3,
unsigned long arg4,
......@@ -1106,7 +1100,7 @@ static inline int security_getprocattr(struct task_struct *p, char *name, char *
return -EINVAL;
}
static inline int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
static inline int security_setprocattr(char *name, void *value, size_t size)
{
return -EINVAL;
}
......
......@@ -14,7 +14,6 @@
#include <linux/tty.h>
#include <linux/iocontext.h>
#include <linux/key.h>
#include <linux/security.h>
#include <linux/cpu.h>
#include <linux/acct.h>
#include <linux/tsacct_kern.h>
......@@ -1360,7 +1359,7 @@ static int wait_task_continued(struct wait_opts *wo, struct task_struct *p)
* Returns nonzero for a final return, when we have unlocked tasklist_lock.
* Returns zero if the search for a child should continue;
* then ->notask_error is 0 if @p is an eligible child,
* or another error from security_task_wait(), or still -ECHILD.
* or still -ECHILD.
*/
static int wait_consider_task(struct wait_opts *wo, int ptrace,
struct task_struct *p)
......@@ -1380,20 +1379,6 @@ static int wait_consider_task(struct wait_opts *wo, int ptrace,
if (!ret)
return ret;
ret = security_task_wait(p);
if (unlikely(ret < 0)) {
/*
* If we have not yet seen any eligible child,
* then let this error code replace -ECHILD.
* A permission error will give the user a clue
* to look for security policy problems, rather
* than for mysterious wait bugs.
*/
if (wo->notask_error)
wo->notask_error = ret;
return 0;
}
if (unlikely(exit_state == EXIT_TRACE)) {
/*
* ptrace == 0 means we are the natural parent. In this case
......@@ -1486,7 +1471,7 @@ static int wait_consider_task(struct wait_opts *wo, int ptrace,
* Returns nonzero for a final return, when we have unlocked tasklist_lock.
* Returns zero if the search for a child should continue; then
* ->notask_error is 0 if there were any eligible children,
* or another error from security_task_wait(), or still -ECHILD.
* or still -ECHILD.
*/
static int do_wait_thread(struct wait_opts *wo, struct task_struct *tsk)
{
......
......@@ -505,8 +505,8 @@ static int apparmor_getprocattr(struct task_struct *task, char *name,
return error;
}
static int apparmor_setprocattr(struct task_struct *task, char *name,
void *value, size_t size)
static int apparmor_setprocattr(const char *name, void *value,
size_t size)
{
char *command, *largs = NULL, *args = value;
size_t arg_size;
......@@ -515,9 +515,6 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
if (size == 0)
return -EINVAL;
/* task can only write its own attributes */
if (current != task)
return -EACCES;
/* AppArmor requires that the buffer must be null terminated atm */
if (args[size - 1] != '\0') {
......
......@@ -1063,11 +1063,6 @@ int security_task_kill(struct task_struct *p, struct siginfo *info,
return call_int_hook(task_kill, 0, p, info, sig, secid);
}
int security_task_wait(struct task_struct *p)
{
return call_int_hook(task_wait, 0, p);
}
int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
unsigned long arg4, unsigned long arg5)
{
......@@ -1208,9 +1203,9 @@ int security_getprocattr(struct task_struct *p, char *name, char **value)
return call_int_hook(getprocattr, -EINVAL, p, name, value);
}
int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
int security_setprocattr(const char *name, void *value, size_t size)
{
return call_int_hook(setprocattr, -EINVAL, p, name, value, size);
return call_int_hook(setprocattr, -EINVAL, name, value, size);
}
int security_netlink_send(struct sock *sk, struct sk_buff *skb)
......@@ -1807,7 +1802,6 @@ struct security_hook_heads security_hook_heads = {
.task_movememory =
LIST_HEAD_INIT(security_hook_heads.task_movememory),
.task_kill = LIST_HEAD_INIT(security_hook_heads.task_kill),
.task_wait = LIST_HEAD_INIT(security_hook_heads.task_wait),
.task_prctl = LIST_HEAD_INIT(security_hook_heads.task_prctl),
.task_to_inode =
LIST_HEAD_INIT(security_hook_heads.task_to_inode),
......
This diff is collapsed.
......@@ -171,5 +171,67 @@ struct security_class_mapping secclass_map[] = {
{ COMMON_CAP_PERMS, NULL } },
{ "cap2_userns",
{ COMMON_CAP2_PERMS, NULL } },
{ "sctp_socket",
{ COMMON_SOCK_PERMS,
"node_bind", NULL } },
{ "icmp_socket",
{ COMMON_SOCK_PERMS,
"node_bind", NULL } },
{ "ax25_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "ipx_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "netrom_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "atmpvc_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "x25_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "rose_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "decnet_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "atmsvc_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "rds_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "irda_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "pppox_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "llc_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "can_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "tipc_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "bluetooth_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "iucv_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "rxrpc_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "isdn_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "phonet_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "ieee802154_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "caif_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "alg_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "nfc_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "vsock_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "kcm_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ "qipcrtr_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ NULL }
};
#if PF_MAX > 43
#error New address family defined, please update secclass_map.
#endif
......@@ -37,6 +37,16 @@ struct task_security_struct {
u32 sockcreate_sid; /* fscreate SID */
};
/*
* get the subjective security ID of the current task
*/
static inline u32 current_sid(void)
{
const struct task_security_struct *tsec = current_security();
return tsec->sid;
}
enum label_initialized {
LABEL_INVALID, /* invalid or not initialized */
LABEL_INITIALIZED, /* initialized */
......
......@@ -69,7 +69,7 @@ extern int selinux_enabled;
enum {
POLICYDB_CAPABILITY_NETPEER,
POLICYDB_CAPABILITY_OPENPERM,
POLICYDB_CAPABILITY_REDHAT1,
POLICYDB_CAPABILITY_EXTSOCKCLASS,
POLICYDB_CAPABILITY_ALWAYSNETWORK,
__POLICYDB_CAPABILITY_MAX
};
......@@ -77,6 +77,7 @@ enum {
extern int selinux_policycap_netpeer;
extern int selinux_policycap_openperm;
extern int selinux_policycap_extsockclass;
extern int selinux_policycap_alwaysnetwork;
/*
......
......@@ -45,7 +45,7 @@
static char *policycap_names[] = {
"network_peer_controls",
"open_perms",
"redhat1",
"extended_socket_class",
"always_check_network"
};
......@@ -77,25 +77,6 @@ static char policy_opened;
/* global data for policy capabilities */
static struct dentry *policycap_dir;
/* Check whether a task is allowed to use a security operation. */
static int task_has_security(struct task_struct *tsk,
u32 perms)
{
const struct task_security_struct *tsec;
u32 sid = 0;
rcu_read_lock();
tsec = __task_cred(tsk)->security;
if (tsec)
sid = tsec->sid;
rcu_read_unlock();
if (!tsec)
return -EACCES;
return avc_has_perm(sid, SECINITSID_SECURITY,
SECCLASS_SECURITY, perms, NULL);
}
enum sel_inos {
SEL_ROOT_INO = 2,
SEL_LOAD, /* load policy */
......@@ -166,7 +147,9 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
new_value = !!new_value;
if (new_value != selinux_enforcing) {
length = task_has_security(current, SECURITY__SETENFORCE);
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__SETENFORCE,
NULL);
if (length)
goto out;
audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
......@@ -368,7 +351,8 @@ static int sel_open_policy(struct inode *inode, struct file *filp)
mutex_lock(&sel_mutex);
rc = task_has_security(current, SECURITY__READ_POLICY);
rc = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL);
if (rc)
goto err;
......@@ -429,7 +413,8 @@ static ssize_t sel_read_policy(struct file *filp, char __user *buf,
mutex_lock(&sel_mutex);
ret = task_has_security(current, SECURITY__READ_POLICY);
ret = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL);
if (ret)
goto out;
......@@ -499,7 +484,8 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf,
mutex_lock(&sel_mutex);
length = task_has_security(current, SECURITY__LOAD_POLICY);
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__LOAD_POLICY, NULL);
if (length)
goto out;
......@@ -522,20 +508,28 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf,
goto out;
length = security_load_policy(data, count);
if (length)
if (length) {
pr_warn_ratelimited("SELinux: failed to load policy\n");
goto out;
}
length = sel_make_bools();
if (length)
if (length) {
pr_err("SELinux: failed to load policy booleans\n");
goto out1;
}
length = sel_make_classes();
if (length)
if (length) {
pr_err("SELinux: failed to load policy classes\n");
goto out1;
}
length = sel_make_policycap();
if (length)
if (length) {
pr_err("SELinux: failed to load policy capabilities\n");
goto out1;
}
length = count;
......@@ -561,7 +555,8 @@ static ssize_t sel_write_context(struct file *file, char *buf, size_t size)
u32 sid, len;
ssize_t length;
length = task_has_security(current, SECURITY__CHECK_CONTEXT);
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, NULL);
if (length)
goto out;
......@@ -604,7 +599,9 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
ssize_t length;
unsigned int new_value;
length = task_has_security(current, SECURITY__SETCHECKREQPROT);
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT,
NULL);
if (length)
return length;
......@@ -645,7 +642,8 @@ static ssize_t sel_write_validatetrans(struct file *file,
u16 tclass;
int rc;
rc = task_has_security(current, SECURITY__VALIDATE_TRANS);
rc = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__VALIDATE_TRANS, NULL);
if (rc)
goto out;
......@@ -772,7 +770,8 @@ static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
struct av_decision avd;
ssize_t length;
length = task_has_security(current, SECURITY__COMPUTE_AV);
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__COMPUTE_AV, NULL);
if (length)
goto out;
......@@ -822,7 +821,9 @@ static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
u32 len;
int nargs;
length = task_has_security(current, SECURITY__COMPUTE_CREATE);
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE,
NULL);
if (length)
goto out;
......@@ -919,7 +920,9 @@ static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size)
char *newcon = NULL;
u32 len;
length = task_has_security(current, SECURITY__COMPUTE_RELABEL);
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL,
NULL);
if (length)
goto out;
......@@ -975,7 +978,9 @@ static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
int i, rc;
u32 len, nsids;
length = task_has_security(current, SECURITY__COMPUTE_USER);
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__COMPUTE_USER,
NULL);
if (length)
goto out;
......@@ -1035,7 +1040,9 @@ static ssize_t sel_write_member(struct file *file, char *buf, size_t size)
char *newcon = NULL;
u32 len;
length = task_has_security(current, SECURITY__COMPUTE_MEMBER);
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER,
NULL);
if (length)
goto out;
......@@ -1142,7 +1149,9 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
mutex_lock(&sel_mutex);
length = task_has_security(current, SECURITY__SETBOOL);
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__SETBOOL,
NULL);
if (length)
goto out;
......@@ -1198,7 +1207,9 @@ static ssize_t sel_commit_bools_write(struct file *filep,
mutex_lock(&sel_mutex);
length = task_has_security(current, SECURITY__SETBOOL);
length = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__SETBOOL,
NULL);
if (length)
goto out;
......@@ -1299,8 +1310,11 @@ static int sel_make_bools(void)
isec = (struct inode_security_struct *)inode->i_security;
ret = security_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid);
if (ret)
goto out;
if (ret) {
pr_warn_ratelimited("SELinux: no sid found, defaulting to security isid for %s\n",
page);
sid = SECINITSID_SECURITY;
}
isec->sid = sid;
isec->initialized = LABEL_INITIALIZED;
......@@ -1351,7 +1365,9 @@ static ssize_t sel_write_avc_cache_threshold(struct file *file,
ssize_t ret;
unsigned int new_value;
ret = task_has_security(current, SECURITY__SETSECPARAM);
ret = avc_has_perm(current_sid(), SECINITSID_SECURITY,
SECCLASS_SECURITY, SECURITY__SETSECPARAM,
NULL);
if (ret)
return ret;
......
......@@ -72,6 +72,7 @@
int selinux_policycap_netpeer;
int selinux_policycap_openperm;
int selinux_policycap_extsockclass;
int selinux_policycap_alwaysnetwork;
static DEFINE_RWLOCK(policy_rwlock);
......@@ -1988,6 +1989,8 @@ static void security_load_policycaps(void)
POLICYDB_CAPABILITY_NETPEER);
selinux_policycap_openperm = ebitmap_get_bit(&policydb.policycaps,
POLICYDB_CAPABILITY_OPENPERM);
selinux_policycap_extsockclass = ebitmap_get_bit(&policydb.policycaps,
POLICYDB_CAPABILITY_EXTSOCKCLASS);
selinux_policycap_alwaysnetwork = ebitmap_get_bit(&policydb.policycaps,
POLICYDB_CAPABILITY_ALWAYSNETWORK);
}
......
......@@ -2301,25 +2301,6 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info,
return rc;
}
/**
* smack_task_wait - Smack access check for waiting
* @p: task to wait for
*
* Returns 0
*/
static int smack_task_wait(struct task_struct *p)
{
/*
* Allow the operation to succeed.
* Zombies are bad.
* In userless environments (e.g. phones) programs
* get marked with SMACK64EXEC and even if the parent
* and child shouldn't be talking the parent still
* may expect to know when the child exits.
*/
return 0;
}
/**
* smack_task_to_inode - copy task smack into the inode blob
* @p: task to copy from
......@@ -3680,7 +3661,6 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value)
/**
* smack_setprocattr - Smack process attribute setting
* @p: the object task
* @name: the name of the attribute in /proc/.../attr
* @value: the value to set
* @size: the size of the value
......@@ -3690,8 +3670,7 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value)
*
* Returns the length of the smack label or an error code
*/
static int smack_setprocattr(struct task_struct *p, char *name,
void *value, size_t size)
static int smack_setprocattr(const char *name, void *value, size_t size)
{
struct task_smack *tsp = current_security();
struct cred *new;
......@@ -3699,13 +3678,6 @@ static int smack_setprocattr(struct task_struct *p, char *name,
struct smack_known_list_elem *sklep;
int rc;
/*
* Changing another process' Smack value is too dangerous
* and supports no sane use case.
*/
if (p != current)
return -EPERM;
if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel))
return -EPERM;
......@@ -4727,7 +4699,6 @@ static struct security_hook_list smack_hooks[] = {
LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
LSM_HOOK_INIT(task_movememory, smack_task_movememory),
LSM_HOOK_INIT(task_kill, smack_task_kill),
LSM_HOOK_INIT(task_wait, smack_task_wait),
LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment