1*4882a593Smuzhiyun /************************************************************
2*4882a593Smuzhiyun
3*4882a593Smuzhiyun Author: Eamon Walsh <ewalsh@tycho.nsa.gov>
4*4882a593Smuzhiyun
5*4882a593Smuzhiyun Permission to use, copy, modify, distribute, and sell this software and its
6*4882a593Smuzhiyun documentation for any purpose is hereby granted without fee, provided that
7*4882a593Smuzhiyun this permission notice appear in supporting documentation. This permission
8*4882a593Smuzhiyun notice shall be included in all copies or substantial portions of the
9*4882a593Smuzhiyun Software.
10*4882a593Smuzhiyun
11*4882a593Smuzhiyun THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12*4882a593Smuzhiyun IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13*4882a593Smuzhiyun FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14*4882a593Smuzhiyun AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
15*4882a593Smuzhiyun AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
16*4882a593Smuzhiyun CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
17*4882a593Smuzhiyun
18*4882a593Smuzhiyun ********************************************************/
19*4882a593Smuzhiyun
20*4882a593Smuzhiyun #ifdef HAVE_DIX_CONFIG_H
21*4882a593Smuzhiyun #include <dix-config.h>
22*4882a593Smuzhiyun #endif
23*4882a593Smuzhiyun
24*4882a593Smuzhiyun #include <selinux/label.h>
25*4882a593Smuzhiyun
26*4882a593Smuzhiyun #include "registry.h"
27*4882a593Smuzhiyun #include "xselinuxint.h"
28*4882a593Smuzhiyun
29*4882a593Smuzhiyun /* selection and property atom cache */
30*4882a593Smuzhiyun typedef struct {
31*4882a593Smuzhiyun SELinuxObjectRec prp;
32*4882a593Smuzhiyun SELinuxObjectRec sel;
33*4882a593Smuzhiyun } SELinuxAtomRec;
34*4882a593Smuzhiyun
35*4882a593Smuzhiyun /* dynamic array */
36*4882a593Smuzhiyun typedef struct {
37*4882a593Smuzhiyun unsigned size;
38*4882a593Smuzhiyun void **array;
39*4882a593Smuzhiyun } SELinuxArrayRec;
40*4882a593Smuzhiyun
41*4882a593Smuzhiyun /* labeling handle */
42*4882a593Smuzhiyun static struct selabel_handle *label_hnd;
43*4882a593Smuzhiyun
44*4882a593Smuzhiyun /* Array of object classes indexed by resource type */
45*4882a593Smuzhiyun SELinuxArrayRec arr_types;
46*4882a593Smuzhiyun
47*4882a593Smuzhiyun /* Array of event SIDs indexed by event type */
48*4882a593Smuzhiyun SELinuxArrayRec arr_events;
49*4882a593Smuzhiyun
50*4882a593Smuzhiyun /* Array of property and selection SID structures */
51*4882a593Smuzhiyun SELinuxArrayRec arr_atoms;
52*4882a593Smuzhiyun
53*4882a593Smuzhiyun /*
54*4882a593Smuzhiyun * Dynamic array helpers
55*4882a593Smuzhiyun */
56*4882a593Smuzhiyun static void *
SELinuxArrayGet(SELinuxArrayRec * rec,unsigned key)57*4882a593Smuzhiyun SELinuxArrayGet(SELinuxArrayRec * rec, unsigned key)
58*4882a593Smuzhiyun {
59*4882a593Smuzhiyun return (rec->size > key) ? rec->array[key] : 0;
60*4882a593Smuzhiyun }
61*4882a593Smuzhiyun
62*4882a593Smuzhiyun static int
SELinuxArraySet(SELinuxArrayRec * rec,unsigned key,void * val)63*4882a593Smuzhiyun SELinuxArraySet(SELinuxArrayRec * rec, unsigned key, void *val)
64*4882a593Smuzhiyun {
65*4882a593Smuzhiyun if (key >= rec->size) {
66*4882a593Smuzhiyun /* Need to increase size of array */
67*4882a593Smuzhiyun rec->array = reallocarray(rec->array, key + 1, sizeof(val));
68*4882a593Smuzhiyun if (!rec->array)
69*4882a593Smuzhiyun return FALSE;
70*4882a593Smuzhiyun memset(rec->array + rec->size, 0, (key - rec->size + 1) * sizeof(val));
71*4882a593Smuzhiyun rec->size = key + 1;
72*4882a593Smuzhiyun }
73*4882a593Smuzhiyun
74*4882a593Smuzhiyun rec->array[key] = val;
75*4882a593Smuzhiyun return TRUE;
76*4882a593Smuzhiyun }
77*4882a593Smuzhiyun
78*4882a593Smuzhiyun static void
SELinuxArrayFree(SELinuxArrayRec * rec,int free_elements)79*4882a593Smuzhiyun SELinuxArrayFree(SELinuxArrayRec * rec, int free_elements)
80*4882a593Smuzhiyun {
81*4882a593Smuzhiyun if (free_elements) {
82*4882a593Smuzhiyun unsigned i = rec->size;
83*4882a593Smuzhiyun
84*4882a593Smuzhiyun while (i)
85*4882a593Smuzhiyun free(rec->array[--i]);
86*4882a593Smuzhiyun }
87*4882a593Smuzhiyun
88*4882a593Smuzhiyun free(rec->array);
89*4882a593Smuzhiyun rec->size = 0;
90*4882a593Smuzhiyun rec->array = NULL;
91*4882a593Smuzhiyun }
92*4882a593Smuzhiyun
93*4882a593Smuzhiyun /*
94*4882a593Smuzhiyun * Looks up a name in the selection or property mappings
95*4882a593Smuzhiyun */
96*4882a593Smuzhiyun static int
SELinuxAtomToSIDLookup(Atom atom,SELinuxObjectRec * obj,int map,int polymap)97*4882a593Smuzhiyun SELinuxAtomToSIDLookup(Atom atom, SELinuxObjectRec * obj, int map, int polymap)
98*4882a593Smuzhiyun {
99*4882a593Smuzhiyun const char *name = NameForAtom(atom);
100*4882a593Smuzhiyun security_context_t ctx;
101*4882a593Smuzhiyun int rc = Success;
102*4882a593Smuzhiyun
103*4882a593Smuzhiyun obj->poly = 1;
104*4882a593Smuzhiyun
105*4882a593Smuzhiyun /* Look in the mappings of names to contexts */
106*4882a593Smuzhiyun if (selabel_lookup_raw(label_hnd, &ctx, name, map) == 0) {
107*4882a593Smuzhiyun obj->poly = 0;
108*4882a593Smuzhiyun }
109*4882a593Smuzhiyun else if (errno != ENOENT) {
110*4882a593Smuzhiyun ErrorF("SELinux: a property label lookup failed!\n");
111*4882a593Smuzhiyun return BadValue;
112*4882a593Smuzhiyun }
113*4882a593Smuzhiyun else if (selabel_lookup_raw(label_hnd, &ctx, name, polymap) < 0) {
114*4882a593Smuzhiyun ErrorF("SELinux: a property label lookup failed!\n");
115*4882a593Smuzhiyun return BadValue;
116*4882a593Smuzhiyun }
117*4882a593Smuzhiyun
118*4882a593Smuzhiyun /* Get a SID for context */
119*4882a593Smuzhiyun if (avc_context_to_sid_raw(ctx, &obj->sid) < 0) {
120*4882a593Smuzhiyun ErrorF("SELinux: a context_to_SID_raw call failed!\n");
121*4882a593Smuzhiyun rc = BadAlloc;
122*4882a593Smuzhiyun }
123*4882a593Smuzhiyun
124*4882a593Smuzhiyun freecon(ctx);
125*4882a593Smuzhiyun return rc;
126*4882a593Smuzhiyun }
127*4882a593Smuzhiyun
128*4882a593Smuzhiyun /*
129*4882a593Smuzhiyun * Looks up the SID corresponding to the given property or selection atom
130*4882a593Smuzhiyun */
131*4882a593Smuzhiyun int
SELinuxAtomToSID(Atom atom,int prop,SELinuxObjectRec ** obj_rtn)132*4882a593Smuzhiyun SELinuxAtomToSID(Atom atom, int prop, SELinuxObjectRec ** obj_rtn)
133*4882a593Smuzhiyun {
134*4882a593Smuzhiyun SELinuxAtomRec *rec;
135*4882a593Smuzhiyun SELinuxObjectRec *obj;
136*4882a593Smuzhiyun int rc, map, polymap;
137*4882a593Smuzhiyun
138*4882a593Smuzhiyun rec = SELinuxArrayGet(&arr_atoms, atom);
139*4882a593Smuzhiyun if (!rec) {
140*4882a593Smuzhiyun rec = calloc(1, sizeof(SELinuxAtomRec));
141*4882a593Smuzhiyun if (!rec || !SELinuxArraySet(&arr_atoms, atom, rec))
142*4882a593Smuzhiyun return BadAlloc;
143*4882a593Smuzhiyun }
144*4882a593Smuzhiyun
145*4882a593Smuzhiyun if (prop) {
146*4882a593Smuzhiyun obj = &rec->prp;
147*4882a593Smuzhiyun map = SELABEL_X_PROP;
148*4882a593Smuzhiyun polymap = SELABEL_X_POLYPROP;
149*4882a593Smuzhiyun }
150*4882a593Smuzhiyun else {
151*4882a593Smuzhiyun obj = &rec->sel;
152*4882a593Smuzhiyun map = SELABEL_X_SELN;
153*4882a593Smuzhiyun polymap = SELABEL_X_POLYSELN;
154*4882a593Smuzhiyun }
155*4882a593Smuzhiyun
156*4882a593Smuzhiyun if (!obj->sid) {
157*4882a593Smuzhiyun rc = SELinuxAtomToSIDLookup(atom, obj, map, polymap);
158*4882a593Smuzhiyun if (rc != Success)
159*4882a593Smuzhiyun goto out;
160*4882a593Smuzhiyun }
161*4882a593Smuzhiyun
162*4882a593Smuzhiyun *obj_rtn = obj;
163*4882a593Smuzhiyun rc = Success;
164*4882a593Smuzhiyun out:
165*4882a593Smuzhiyun return rc;
166*4882a593Smuzhiyun }
167*4882a593Smuzhiyun
168*4882a593Smuzhiyun /*
169*4882a593Smuzhiyun * Looks up a SID for a selection/subject pair
170*4882a593Smuzhiyun */
171*4882a593Smuzhiyun int
SELinuxSelectionToSID(Atom selection,SELinuxSubjectRec * subj,security_id_t * sid_rtn,int * poly_rtn)172*4882a593Smuzhiyun SELinuxSelectionToSID(Atom selection, SELinuxSubjectRec * subj,
173*4882a593Smuzhiyun security_id_t * sid_rtn, int *poly_rtn)
174*4882a593Smuzhiyun {
175*4882a593Smuzhiyun int rc;
176*4882a593Smuzhiyun SELinuxObjectRec *obj;
177*4882a593Smuzhiyun security_id_t tsid;
178*4882a593Smuzhiyun
179*4882a593Smuzhiyun /* Get the default context and polyinstantiation bit */
180*4882a593Smuzhiyun rc = SELinuxAtomToSID(selection, 0, &obj);
181*4882a593Smuzhiyun if (rc != Success)
182*4882a593Smuzhiyun return rc;
183*4882a593Smuzhiyun
184*4882a593Smuzhiyun /* Check for an override context next */
185*4882a593Smuzhiyun if (subj->sel_use_sid) {
186*4882a593Smuzhiyun tsid = subj->sel_use_sid;
187*4882a593Smuzhiyun goto out;
188*4882a593Smuzhiyun }
189*4882a593Smuzhiyun
190*4882a593Smuzhiyun tsid = obj->sid;
191*4882a593Smuzhiyun
192*4882a593Smuzhiyun /* Polyinstantiate if necessary to obtain the final SID */
193*4882a593Smuzhiyun if (obj->poly && avc_compute_member(subj->sid, obj->sid,
194*4882a593Smuzhiyun SECCLASS_X_SELECTION, &tsid) < 0) {
195*4882a593Smuzhiyun ErrorF("SELinux: a compute_member call failed!\n");
196*4882a593Smuzhiyun return BadValue;
197*4882a593Smuzhiyun }
198*4882a593Smuzhiyun out:
199*4882a593Smuzhiyun *sid_rtn = tsid;
200*4882a593Smuzhiyun if (poly_rtn)
201*4882a593Smuzhiyun *poly_rtn = obj->poly;
202*4882a593Smuzhiyun return Success;
203*4882a593Smuzhiyun }
204*4882a593Smuzhiyun
205*4882a593Smuzhiyun /*
206*4882a593Smuzhiyun * Looks up a SID for a property/subject pair
207*4882a593Smuzhiyun */
208*4882a593Smuzhiyun int
SELinuxPropertyToSID(Atom property,SELinuxSubjectRec * subj,security_id_t * sid_rtn,int * poly_rtn)209*4882a593Smuzhiyun SELinuxPropertyToSID(Atom property, SELinuxSubjectRec * subj,
210*4882a593Smuzhiyun security_id_t * sid_rtn, int *poly_rtn)
211*4882a593Smuzhiyun {
212*4882a593Smuzhiyun int rc;
213*4882a593Smuzhiyun SELinuxObjectRec *obj;
214*4882a593Smuzhiyun security_id_t tsid, tsid2;
215*4882a593Smuzhiyun
216*4882a593Smuzhiyun /* Get the default context and polyinstantiation bit */
217*4882a593Smuzhiyun rc = SELinuxAtomToSID(property, 1, &obj);
218*4882a593Smuzhiyun if (rc != Success)
219*4882a593Smuzhiyun return rc;
220*4882a593Smuzhiyun
221*4882a593Smuzhiyun /* Check for an override context next */
222*4882a593Smuzhiyun if (subj->prp_use_sid) {
223*4882a593Smuzhiyun tsid = subj->prp_use_sid;
224*4882a593Smuzhiyun goto out;
225*4882a593Smuzhiyun }
226*4882a593Smuzhiyun
227*4882a593Smuzhiyun /* Perform a transition */
228*4882a593Smuzhiyun if (avc_compute_create(subj->sid, obj->sid, SECCLASS_X_PROPERTY, &tsid) < 0) {
229*4882a593Smuzhiyun ErrorF("SELinux: a compute_create call failed!\n");
230*4882a593Smuzhiyun return BadValue;
231*4882a593Smuzhiyun }
232*4882a593Smuzhiyun
233*4882a593Smuzhiyun /* Polyinstantiate if necessary to obtain the final SID */
234*4882a593Smuzhiyun if (obj->poly) {
235*4882a593Smuzhiyun tsid2 = tsid;
236*4882a593Smuzhiyun if (avc_compute_member(subj->sid, tsid2,
237*4882a593Smuzhiyun SECCLASS_X_PROPERTY, &tsid) < 0) {
238*4882a593Smuzhiyun ErrorF("SELinux: a compute_member call failed!\n");
239*4882a593Smuzhiyun return BadValue;
240*4882a593Smuzhiyun }
241*4882a593Smuzhiyun }
242*4882a593Smuzhiyun out:
243*4882a593Smuzhiyun *sid_rtn = tsid;
244*4882a593Smuzhiyun if (poly_rtn)
245*4882a593Smuzhiyun *poly_rtn = obj->poly;
246*4882a593Smuzhiyun return Success;
247*4882a593Smuzhiyun }
248*4882a593Smuzhiyun
249*4882a593Smuzhiyun /*
250*4882a593Smuzhiyun * Looks up the SID corresponding to the given event type
251*4882a593Smuzhiyun */
252*4882a593Smuzhiyun int
SELinuxEventToSID(unsigned type,security_id_t sid_of_window,SELinuxObjectRec * sid_return)253*4882a593Smuzhiyun SELinuxEventToSID(unsigned type, security_id_t sid_of_window,
254*4882a593Smuzhiyun SELinuxObjectRec * sid_return)
255*4882a593Smuzhiyun {
256*4882a593Smuzhiyun const char *name = LookupEventName(type);
257*4882a593Smuzhiyun security_id_t sid;
258*4882a593Smuzhiyun security_context_t ctx;
259*4882a593Smuzhiyun
260*4882a593Smuzhiyun type &= 127;
261*4882a593Smuzhiyun
262*4882a593Smuzhiyun sid = SELinuxArrayGet(&arr_events, type);
263*4882a593Smuzhiyun if (!sid) {
264*4882a593Smuzhiyun /* Look in the mappings of event names to contexts */
265*4882a593Smuzhiyun if (selabel_lookup_raw(label_hnd, &ctx, name, SELABEL_X_EVENT) < 0) {
266*4882a593Smuzhiyun ErrorF("SELinux: an event label lookup failed!\n");
267*4882a593Smuzhiyun return BadValue;
268*4882a593Smuzhiyun }
269*4882a593Smuzhiyun /* Get a SID for context */
270*4882a593Smuzhiyun if (avc_context_to_sid_raw(ctx, &sid) < 0) {
271*4882a593Smuzhiyun ErrorF("SELinux: a context_to_SID_raw call failed!\n");
272*4882a593Smuzhiyun freecon(ctx);
273*4882a593Smuzhiyun return BadAlloc;
274*4882a593Smuzhiyun }
275*4882a593Smuzhiyun freecon(ctx);
276*4882a593Smuzhiyun /* Cache the SID value */
277*4882a593Smuzhiyun if (!SELinuxArraySet(&arr_events, type, sid))
278*4882a593Smuzhiyun return BadAlloc;
279*4882a593Smuzhiyun }
280*4882a593Smuzhiyun
281*4882a593Smuzhiyun /* Perform a transition to obtain the final SID */
282*4882a593Smuzhiyun if (avc_compute_create(sid_of_window, sid, SECCLASS_X_EVENT,
283*4882a593Smuzhiyun &sid_return->sid) < 0) {
284*4882a593Smuzhiyun ErrorF("SELinux: a compute_create call failed!\n");
285*4882a593Smuzhiyun return BadValue;
286*4882a593Smuzhiyun }
287*4882a593Smuzhiyun
288*4882a593Smuzhiyun return Success;
289*4882a593Smuzhiyun }
290*4882a593Smuzhiyun
291*4882a593Smuzhiyun int
SELinuxExtensionToSID(const char * name,security_id_t * sid_rtn)292*4882a593Smuzhiyun SELinuxExtensionToSID(const char *name, security_id_t * sid_rtn)
293*4882a593Smuzhiyun {
294*4882a593Smuzhiyun security_context_t ctx;
295*4882a593Smuzhiyun
296*4882a593Smuzhiyun /* Look in the mappings of extension names to contexts */
297*4882a593Smuzhiyun if (selabel_lookup_raw(label_hnd, &ctx, name, SELABEL_X_EXT) < 0) {
298*4882a593Smuzhiyun ErrorF("SELinux: a property label lookup failed!\n");
299*4882a593Smuzhiyun return BadValue;
300*4882a593Smuzhiyun }
301*4882a593Smuzhiyun /* Get a SID for context */
302*4882a593Smuzhiyun if (avc_context_to_sid_raw(ctx, sid_rtn) < 0) {
303*4882a593Smuzhiyun ErrorF("SELinux: a context_to_SID_raw call failed!\n");
304*4882a593Smuzhiyun freecon(ctx);
305*4882a593Smuzhiyun return BadAlloc;
306*4882a593Smuzhiyun }
307*4882a593Smuzhiyun freecon(ctx);
308*4882a593Smuzhiyun return Success;
309*4882a593Smuzhiyun }
310*4882a593Smuzhiyun
311*4882a593Smuzhiyun /*
312*4882a593Smuzhiyun * Returns the object class corresponding to the given resource type.
313*4882a593Smuzhiyun */
314*4882a593Smuzhiyun security_class_t
SELinuxTypeToClass(RESTYPE type)315*4882a593Smuzhiyun SELinuxTypeToClass(RESTYPE type)
316*4882a593Smuzhiyun {
317*4882a593Smuzhiyun void *tmp;
318*4882a593Smuzhiyun
319*4882a593Smuzhiyun tmp = SELinuxArrayGet(&arr_types, type & TypeMask);
320*4882a593Smuzhiyun if (!tmp) {
321*4882a593Smuzhiyun unsigned long class = SECCLASS_X_RESOURCE;
322*4882a593Smuzhiyun
323*4882a593Smuzhiyun if (type & RC_DRAWABLE)
324*4882a593Smuzhiyun class = SECCLASS_X_DRAWABLE;
325*4882a593Smuzhiyun else if (type == RT_GC)
326*4882a593Smuzhiyun class = SECCLASS_X_GC;
327*4882a593Smuzhiyun else if (type == RT_FONT)
328*4882a593Smuzhiyun class = SECCLASS_X_FONT;
329*4882a593Smuzhiyun else if (type == RT_CURSOR)
330*4882a593Smuzhiyun class = SECCLASS_X_CURSOR;
331*4882a593Smuzhiyun else if (type == RT_COLORMAP)
332*4882a593Smuzhiyun class = SECCLASS_X_COLORMAP;
333*4882a593Smuzhiyun else {
334*4882a593Smuzhiyun /* Need to do a string lookup */
335*4882a593Smuzhiyun const char *str = LookupResourceName(type);
336*4882a593Smuzhiyun
337*4882a593Smuzhiyun if (!strcmp(str, "PICTURE"))
338*4882a593Smuzhiyun class = SECCLASS_X_DRAWABLE;
339*4882a593Smuzhiyun else if (!strcmp(str, "GLYPHSET"))
340*4882a593Smuzhiyun class = SECCLASS_X_FONT;
341*4882a593Smuzhiyun }
342*4882a593Smuzhiyun
343*4882a593Smuzhiyun tmp = (void *) class;
344*4882a593Smuzhiyun SELinuxArraySet(&arr_types, type & TypeMask, tmp);
345*4882a593Smuzhiyun }
346*4882a593Smuzhiyun
347*4882a593Smuzhiyun return (security_class_t) (unsigned long) tmp;
348*4882a593Smuzhiyun }
349*4882a593Smuzhiyun
350*4882a593Smuzhiyun security_context_t
SELinuxDefaultClientLabel(void)351*4882a593Smuzhiyun SELinuxDefaultClientLabel(void)
352*4882a593Smuzhiyun {
353*4882a593Smuzhiyun security_context_t ctx;
354*4882a593Smuzhiyun
355*4882a593Smuzhiyun if (selabel_lookup_raw(label_hnd, &ctx, "remote", SELABEL_X_CLIENT) < 0)
356*4882a593Smuzhiyun FatalError("SELinux: failed to look up remote-client context\n");
357*4882a593Smuzhiyun
358*4882a593Smuzhiyun return ctx;
359*4882a593Smuzhiyun }
360*4882a593Smuzhiyun
361*4882a593Smuzhiyun void
SELinuxLabelInit(void)362*4882a593Smuzhiyun SELinuxLabelInit(void)
363*4882a593Smuzhiyun {
364*4882a593Smuzhiyun struct selinux_opt selabel_option = { SELABEL_OPT_VALIDATE, (char *) 1 };
365*4882a593Smuzhiyun
366*4882a593Smuzhiyun label_hnd = selabel_open(SELABEL_CTX_X, &selabel_option, 1);
367*4882a593Smuzhiyun if (!label_hnd)
368*4882a593Smuzhiyun FatalError("SELinux: Failed to open x_contexts mapping in policy\n");
369*4882a593Smuzhiyun }
370*4882a593Smuzhiyun
371*4882a593Smuzhiyun void
SELinuxLabelReset(void)372*4882a593Smuzhiyun SELinuxLabelReset(void)
373*4882a593Smuzhiyun {
374*4882a593Smuzhiyun selabel_close(label_hnd);
375*4882a593Smuzhiyun label_hnd = NULL;
376*4882a593Smuzhiyun
377*4882a593Smuzhiyun /* Free local state */
378*4882a593Smuzhiyun SELinuxArrayFree(&arr_types, 0);
379*4882a593Smuzhiyun SELinuxArrayFree(&arr_events, 0);
380*4882a593Smuzhiyun SELinuxArrayFree(&arr_atoms, 1);
381*4882a593Smuzhiyun }
382