|
|
|
|
@ -155,42 +155,30 @@ static int selinux_xfrm_delete(struct xfrm_sec_ctx *ctx) |
|
|
|
|
int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir) |
|
|
|
|
{ |
|
|
|
|
int rc; |
|
|
|
|
u32 sel_sid; |
|
|
|
|
|
|
|
|
|
/* Context sid is either set to label or ANY_ASSOC */ |
|
|
|
|
if (ctx) { |
|
|
|
|
if (!selinux_authorizable_ctx(ctx)) |
|
|
|
|
return -EINVAL; |
|
|
|
|
|
|
|
|
|
sel_sid = ctx->ctx_sid; |
|
|
|
|
} else |
|
|
|
|
/*
|
|
|
|
|
* All flows should be treated as polmatch'ing an |
|
|
|
|
* otherwise applicable "non-labeled" policy. This |
|
|
|
|
* would prevent inadvertent "leaks". |
|
|
|
|
*/ |
|
|
|
|
/* All flows should be treated as polmatch'ing an otherwise applicable
|
|
|
|
|
* "non-labeled" policy. This would prevent inadvertent "leaks". */ |
|
|
|
|
if (!ctx) |
|
|
|
|
return 0; |
|
|
|
|
|
|
|
|
|
rc = avc_has_perm(fl_secid, sel_sid, SECCLASS_ASSOCIATION, |
|
|
|
|
ASSOCIATION__POLMATCH, |
|
|
|
|
NULL); |
|
|
|
|
|
|
|
|
|
if (rc == -EACCES) |
|
|
|
|
return -ESRCH; |
|
|
|
|
/* Context sid is either set to label or ANY_ASSOC */ |
|
|
|
|
if (!selinux_authorizable_ctx(ctx)) |
|
|
|
|
return -EINVAL; |
|
|
|
|
|
|
|
|
|
return rc; |
|
|
|
|
rc = avc_has_perm(fl_secid, ctx->ctx_sid, |
|
|
|
|
SECCLASS_ASSOCIATION, ASSOCIATION__POLMATCH, NULL); |
|
|
|
|
return (rc == -EACCES ? -ESRCH : rc); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* LSM hook implementation that authorizes that a state matches |
|
|
|
|
* the given policy, flow combo. |
|
|
|
|
*/ |
|
|
|
|
|
|
|
|
|
int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, struct xfrm_policy *xp, |
|
|
|
|
const struct flowi *fl) |
|
|
|
|
int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, |
|
|
|
|
struct xfrm_policy *xp, |
|
|
|
|
const struct flowi *fl) |
|
|
|
|
{ |
|
|
|
|
u32 state_sid; |
|
|
|
|
int rc; |
|
|
|
|
|
|
|
|
|
if (!xp->security) |
|
|
|
|
if (x->security) |
|
|
|
|
@ -213,18 +201,12 @@ int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, struct xfrm_policy * |
|
|
|
|
if (fl->flowi_secid != state_sid) |
|
|
|
|
return 0; |
|
|
|
|
|
|
|
|
|
rc = avc_has_perm(fl->flowi_secid, state_sid, SECCLASS_ASSOCIATION, |
|
|
|
|
ASSOCIATION__SENDTO, |
|
|
|
|
NULL)? 0:1; |
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* We don't need a separate SA Vs. policy polmatch check |
|
|
|
|
* since the SA is now of the same label as the flow and |
|
|
|
|
* a flow Vs. policy polmatch check had already happened |
|
|
|
|
* in selinux_xfrm_policy_lookup() above. |
|
|
|
|
*/ |
|
|
|
|
|
|
|
|
|
return rc; |
|
|
|
|
/* We don't need a separate SA Vs. policy polmatch check since the SA
|
|
|
|
|
* is now of the same label as the flow and a flow Vs. policy polmatch |
|
|
|
|
* check had already happened in selinux_xfrm_policy_lookup() above. */ |
|
|
|
|
return (avc_has_perm(fl->flowi_secid, state_sid, |
|
|
|
|
SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, |
|
|
|
|
NULL) ? 0 : 1); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
|
Paul Moore
12 years ago
committed by