[deliverable/linux.git] / security / selinux / ss / mls.c

/*
 * Implementation of the multi-level security (MLS) policy.
 *
 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
 */
/*
 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
 *
 *	Support for enhanced MLS infrastructure.
 *
 * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc.
 */
/*
 * Updated: Hewlett-Packard <paul.moore@hp.com>
 *
 *      Added support to import/export the MLS label from NetLabel
 *
 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
 */

#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/string.h>
#include <linux/errno.h>
#include <net/netlabel.h>
#include "sidtab.h"
#include "mls.h"
#include "policydb.h"
#include "services.h"

/*
 * Return the length in bytes for the MLS fields of the
 * security context string representation of `context'.
 */
int mls_compute_context_len(struct context * context)
{
	int i, l, len, head, prev;
	char *nm;
	struct ebitmap *e;
	struct ebitmap_node *node;

	if (!selinux_mls_enabled)
		return 0;

	len = 1; /* for the beginning ":" */
	for (l = 0; l < 2; l++) {
		int index_sens = context->range.level[l].sens;
		len += strlen(policydb.p_sens_val_to_name[index_sens - 1]);

		/* categories */
		head = -2;
		prev = -2;
		e = &context->range.level[l].cat;
		ebitmap_for_each_positive_bit(e, node, i) {
			if (i - prev > 1) {
				/* one or more negative bits are skipped */
				if (head != prev) {
					nm = policydb.p_cat_val_to_name[prev];
					len += strlen(nm) + 1;
				}
				nm = policydb.p_cat_val_to_name[i];
				len += strlen(nm) + 1;
				head = i;
			}
			prev = i;
		}
		if (prev != head) {
			nm = policydb.p_cat_val_to_name[prev];
			len += strlen(nm) + 1;
		}
		if (l == 0) {
			if (mls_level_eq(&context->range.level[0],
					 &context->range.level[1]))
				break;
			else
				len++;
		}
	}

	return len;
}

/*
 * Write the security context string representation of
 * the MLS fields of `context' into the string `*scontext'.
 * Update `*scontext' to point to the end of the MLS fields.
 */
void mls_sid_to_context(struct context *context,
                        char **scontext)
{
	char *scontextp, *nm;
	int i, l, head, prev;
	struct ebitmap *e;
	struct ebitmap_node *node;

	if (!selinux_mls_enabled)
		return;

	scontextp = *scontext;

	*scontextp = ':';
	scontextp++;

	for (l = 0; l < 2; l++) {
		strcpy(scontextp,
		       policydb.p_sens_val_to_name[context->range.level[l].sens - 1]);
		scontextp += strlen(scontextp);

		/* categories */
		head = -2;
		prev = -2;
		e = &context->range.level[l].cat;
		ebitmap_for_each_positive_bit(e, node, i) {
			if (i - prev > 1) {
				/* one or more negative bits are skipped */
				if (prev != head) {
					if (prev - head > 1)
						*scontextp++ = '.';
					else
						*scontextp++ = ',';
					nm = policydb.p_cat_val_to_name[prev];
					strcpy(scontextp, nm);
					scontextp += strlen(nm);
				}
				if (prev < 0)
					*scontextp++ = ':';
				else
					*scontextp++ = ',';
				nm = policydb.p_cat_val_to_name[i];
				strcpy(scontextp, nm);
				scontextp += strlen(nm);
				head = i;
			}
			prev = i;
		}

		if (prev != head) {
			if (prev - head > 1)
				*scontextp++ = '.';
			else
				*scontextp++ = ',';
			nm = policydb.p_cat_val_to_name[prev];
			strcpy(scontextp, nm);
			scontextp += strlen(nm);
		}

		if (l == 0) {
			if (mls_level_eq(&context->range.level[0],
			                 &context->range.level[1]))
				break;
			else
				*scontextp++ = '-';
		}
	}

	*scontext = scontextp;
	return;
}

int mls_level_isvalid(struct policydb *p, struct mls_level *l)
{
	struct level_datum *levdatum;
	struct ebitmap_node *node;
	int i;

	if (!l->sens || l->sens > p->p_levels.nprim)
		return 0;
	levdatum = hashtab_search(p->p_levels.table,
				  p->p_sens_val_to_name[l->sens - 1]);
	if (!levdatum)
		return 0;

	ebitmap_for_each_positive_bit(&l->cat, node, i) {
		if (i > p->p_cats.nprim)
			return 0;
		if (!ebitmap_get_bit(&levdatum->level->cat, i)) {
			/*
			 * Category may not be associated with
			 * sensitivity.
			 */
			return 0;
		}
	}

	return 1;
}

int mls_range_isvalid(struct policydb *p, struct mls_range *r)
{
	return (mls_level_isvalid(p, &r->level[0]) &&
		mls_level_isvalid(p, &r->level[1]) &&
		mls_level_dom(&r->level[1], &r->level[0]));
}

/*
 * Return 1 if the MLS fields in the security context
 * structure `c' are valid.  Return 0 otherwise.
 */
int mls_context_isvalid(struct policydb *p, struct context *c)
{
	struct user_datum *usrdatum;

	if (!selinux_mls_enabled)
		return 1;

	if (!mls_range_isvalid(p, &c->range))
		return 0;

	if (c->role == OBJECT_R_VAL)
		return 1;

	/*
	 * User must be authorized for the MLS range.
	 */
	if (!c->user || c->user > p->p_users.nprim)
		return 0;
	usrdatum = p->user_val_to_struct[c->user - 1];
	if (!mls_range_contains(usrdatum->range, c->range))
		return 0; /* user may not be associated with range */

	return 1;
}

/*
 * Set the MLS fields in the security context structure
 * `context' based on the string representation in
 * the string `*scontext'.  Update `*scontext' to
 * point to the end of the string representation of
 * the MLS fields.
 *
 * This function modifies the string in place, inserting
 * NULL characters to terminate the MLS fields.
 *
 * If a def_sid is provided and no MLS field is present,
 * copy the MLS field of the associated default context.
 * Used for upgraded to MLS systems where objects may lack
 * MLS fields.
 *
 * Policy read-lock must be held for sidtab lookup.
 *
 */
int mls_context_to_sid(char oldc,
		       char **scontext,
		       struct context *context,
		       struct sidtab *s,
		       u32 def_sid)
{

	char delim;
	char *scontextp, *p, *rngptr;
	struct level_datum *levdatum;
	struct cat_datum *catdatum, *rngdatum;
	int l, rc = -EINVAL;

	if (!selinux_mls_enabled) {
		if (def_sid != SECSID_NULL && oldc)
			*scontext += strlen(*scontext)+1;
		return 0;
	}

	/*
	 * No MLS component to the security context, try and map to
	 * default if provided.
	 */
	if (!oldc) {
		struct context *defcon;

		if (def_sid == SECSID_NULL)
			goto out;

		defcon = sidtab_search(s, def_sid);
		if (!defcon)
			goto out;

		rc = mls_context_cpy(context, defcon);
		goto out;
	}

	/* Extract low sensitivity. */
	scontextp = p = *scontext;
	while (*p && *p != ':' && *p != '-')
		p++;

	delim = *p;
	if (delim != 0)
		*p++ = 0;

	for (l = 0; l < 2; l++) {
		levdatum = hashtab_search(policydb.p_levels.table, scontextp);
		if (!levdatum) {
			rc = -EINVAL;
			goto out;
		}

		context->range.level[l].sens = levdatum->level->sens;

		if (delim == ':') {
			/* Extract category set. */
			while (1) {
				scontextp = p;
				while (*p && *p != ',' && *p != '-')
					p++;
				delim = *p;
				if (delim != 0)
					*p++ = 0;

				/* Separate into range if exists */
				if ((rngptr = strchr(scontextp, '.')) != NULL) {
					/* Remove '.' */
					*rngptr++ = 0;
				}

				catdatum = hashtab_search(policydb.p_cats.table,
				                          scontextp);
				if (!catdatum) {
					rc = -EINVAL;
					goto out;
				}

				rc = ebitmap_set_bit(&context->range.level[l].cat,
				                     catdatum->value - 1, 1);
				if (rc)
					goto out;

				/* If range, set all categories in range */
				if (rngptr) {
					int i;

					rngdatum = hashtab_search(policydb.p_cats.table, rngptr);
					if (!rngdatum) {
						rc = -EINVAL;
						goto out;
					}

					if (catdatum->value >= rngdatum->value) {
						rc = -EINVAL;
						goto out;
					}

					for (i = catdatum->value; i < rngdatum->value; i++) {
						rc = ebitmap_set_bit(&context->range.level[l].cat, i, 1);
						if (rc)
							goto out;
					}
				}

				if (delim != ',')
					break;
			}
		}
		if (delim == '-') {
			/* Extract high sensitivity. */
			scontextp = p;
			while (*p && *p != ':')
				p++;

			delim = *p;
			if (delim != 0)
				*p++ = 0;
		} else
			break;
	}

	if (l == 0) {
		context->range.level[1].sens = context->range.level[0].sens;
		rc = ebitmap_cpy(&context->range.level[1].cat,
				 &context->range.level[0].cat);
		if (rc)
			goto out;
	}
	*scontext = ++p;
	rc = 0;
out:
	return rc;
}

/*
 * Set the MLS fields in the security context structure
 * `context' based on the string representation in
 * the string `str'.  This function will allocate temporary memory with the
 * given constraints of gfp_mask.
 */
int mls_from_string(char *str, struct context *context, gfp_t gfp_mask)
{
	char *tmpstr, *freestr;
	int rc;

	if (!selinux_mls_enabled)
		return -EINVAL;

	/* we need freestr because mls_context_to_sid will change
	   the value of tmpstr */
	tmpstr = freestr = kstrdup(str, gfp_mask);
	if (!tmpstr) {
		rc = -ENOMEM;
	} else {
		rc = mls_context_to_sid(':', &tmpstr, context,
		                        NULL, SECSID_NULL);
		kfree(freestr);
	}

	return rc;
}

/*
 * Copies the MLS range `range' into `context'.
 */
static inline int mls_range_set(struct context *context,
                                struct mls_range *range)
{
	int l, rc = 0;

	/* Copy the MLS range into the  context */
	for (l = 0; l < 2; l++) {
		context->range.level[l].sens = range->level[l].sens;
		rc = ebitmap_cpy(&context->range.level[l].cat,
				 &range->level[l].cat);
		if (rc)
			break;
	}

	return rc;
}

int mls_setup_user_range(struct context *fromcon, struct user_datum *user,
                         struct context *usercon)
{
	if (selinux_mls_enabled) {
		struct mls_level *fromcon_sen = &(fromcon->range.level[0]);
		struct mls_level *fromcon_clr = &(fromcon->range.level[1]);
		struct mls_level *user_low = &(user->range.level[0]);
		struct mls_level *user_clr = &(user->range.level[1]);
		struct mls_level *user_def = &(user->dfltlevel);
		struct mls_level *usercon_sen = &(usercon->range.level[0]);
		struct mls_level *usercon_clr = &(usercon->range.level[1]);

		/* Honor the user's default level if we can */
		if (mls_level_between(user_def, fromcon_sen, fromcon_clr)) {
			*usercon_sen = *user_def;
		} else if (mls_level_between(fromcon_sen, user_def, user_clr)) {
			*usercon_sen = *fromcon_sen;
		} else if (mls_level_between(fromcon_clr, user_low, user_def)) {
			*usercon_sen = *user_low;
		} else
			return -EINVAL;

		/* Lower the clearance of available contexts
		   if the clearance of "fromcon" is lower than
		   that of the user's default clearance (but
		   only if the "fromcon" clearance dominates
		   the user's computed sensitivity level) */
		if (mls_level_dom(user_clr, fromcon_clr)) {
			*usercon_clr = *fromcon_clr;
		} else if (mls_level_dom(fromcon_clr, user_clr)) {
			*usercon_clr = *user_clr;
		} else
			return -EINVAL;
	}

	return 0;
}

/*
 * Convert the MLS fields in the security context
 * structure `c' from the values specified in the
 * policy `oldp' to the values specified in the policy `newp'.
 */
int mls_convert_context(struct policydb *oldp,
			struct policydb *newp,
			struct context *c)
{
	struct level_datum *levdatum;
	struct cat_datum *catdatum;
	struct ebitmap bitmap;
	struct ebitmap_node *node;
	int l, i;

	if (!selinux_mls_enabled)
		return 0;

	for (l = 0; l < 2; l++) {
		levdatum = hashtab_search(newp->p_levels.table,
			oldp->p_sens_val_to_name[c->range.level[l].sens - 1]);

		if (!levdatum)
			return -EINVAL;
		c->range.level[l].sens = levdatum->level->sens;

		ebitmap_init(&bitmap);
		ebitmap_for_each_positive_bit(&c->range.level[l].cat, node, i) {
			int rc;

			catdatum = hashtab_search(newp->p_cats.table,
						  oldp->p_cat_val_to_name[i]);
			if (!catdatum)
				return -EINVAL;
			rc = ebitmap_set_bit(&bitmap, catdatum->value - 1, 1);
			if (rc)
				return rc;
		}
		ebitmap_destroy(&c->range.level[l].cat);
		c->range.level[l].cat = bitmap;
	}

	return 0;
}

int mls_compute_sid(struct context *scontext,
		    struct context *tcontext,
		    u16 tclass,
		    u32 specified,
		    struct context *newcontext)
{
	struct range_trans *rtr;

	if (!selinux_mls_enabled)
		return 0;

	switch (specified) {
	case AVTAB_TRANSITION:
		/* Look for a range transition rule. */
		for (rtr = policydb.range_tr; rtr; rtr = rtr->next) {
			if (rtr->source_type == scontext->type &&
			    rtr->target_type == tcontext->type &&
			    rtr->target_class == tclass) {
				/* Set the range from the rule */
				return mls_range_set(newcontext,
				                     &rtr->target_range);
			}
		}
		/* Fallthrough */
	case AVTAB_CHANGE:
		if (tclass == SECCLASS_PROCESS)
			/* Use the process MLS attributes. */
			return mls_context_cpy(newcontext, scontext);
		else
			/* Use the process effective MLS attributes. */
			return mls_context_cpy_low(newcontext, scontext);
	case AVTAB_MEMBER:
		/* Use the process effective MLS attributes. */
		return mls_context_cpy_low(newcontext, scontext);
	default:
		return -EINVAL;
	}
	return -EINVAL;
}

#ifdef CONFIG_NETLABEL
/**
 * mls_export_netlbl_lvl - Export the MLS sensitivity levels to NetLabel
 * @context: the security context
 * @secattr: the NetLabel security attributes
 *
 * Description:
 * Given the security context copy the low MLS sensitivity level into the
 * NetLabel MLS sensitivity level field.
 *
 */
void mls_export_netlbl_lvl(struct context *context,
			   struct netlbl_lsm_secattr *secattr)
{
	if (!selinux_mls_enabled)
		return;

	secattr->attr.mls.lvl = context->range.level[0].sens - 1;
	secattr->flags |= NETLBL_SECATTR_MLS_LVL;
}

/**
 * mls_import_netlbl_lvl - Import the NetLabel MLS sensitivity levels
 * @context: the security context
 * @secattr: the NetLabel security attributes
 *
 * Description:
 * Given the security context and the NetLabel security attributes, copy the
 * NetLabel MLS sensitivity level into the context.
 *
 */
void mls_import_netlbl_lvl(struct context *context,
			   struct netlbl_lsm_secattr *secattr)
{
	if (!selinux_mls_enabled)
		return;

	context->range.level[0].sens = secattr->attr.mls.lvl + 1;
	context->range.level[1].sens = context->range.level[0].sens;
}

/**
 * mls_export_netlbl_cat - Export the MLS categories to NetLabel
 * @context: the security context
 * @secattr: the NetLabel security attributes
 *
 * Description:
 * Given the security context copy the low MLS categories into the NetLabel
 * MLS category field.  Returns zero on success, negative values on failure.
 *
 */
int mls_export_netlbl_cat(struct context *context,
			  struct netlbl_lsm_secattr *secattr)
{
	int rc;

	if (!selinux_mls_enabled)
		return 0;

	rc = ebitmap_netlbl_export(&context->range.level[0].cat,
				   &secattr->attr.mls.cat);
	if (rc == 0 && secattr->attr.mls.cat != NULL)
		secattr->flags |= NETLBL_SECATTR_MLS_CAT;

	return rc;
}

/**
 * mls_import_netlbl_cat - Import the MLS categories from NetLabel
 * @context: the security context
 * @secattr: the NetLabel security attributes
 *
 * Description:
 * Copy the NetLabel security attributes into the SELinux context; since the
 * NetLabel security attribute only contains a single MLS category use it for
 * both the low and high categories of the context.  Returns zero on success,
 * negative values on failure.
 *
 */
int mls_import_netlbl_cat(struct context *context,
			  struct netlbl_lsm_secattr *secattr)
{
	int rc;

	if (!selinux_mls_enabled)
		return 0;

	rc = ebitmap_netlbl_import(&context->range.level[0].cat,
				   secattr->attr.mls.cat);
	if (rc != 0)
		goto import_netlbl_cat_failure;

	rc = ebitmap_cpy(&context->range.level[1].cat,
			 &context->range.level[0].cat);
	if (rc != 0)
		goto import_netlbl_cat_failure;

	return 0;

import_netlbl_cat_failure:
	ebitmap_destroy(&context->range.level[0].cat);
	ebitmap_destroy(&context->range.level[1].cat);
	return rc;
}
#endif /* CONFIG_NETLABEL */
Commit	Line	Data
1da177e4 LT	1	/*
	2	* Implementation of the multi-level security (MLS) policy.
	3	*
	4	* Author : Stephen Smalley, <sds@epoch.ncsc.mil>
	5	*/
	6	/*
	7	* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
	8	*
	9	* Support for enhanced MLS infrastructure.
	10	*
376bd9cb	11	* Copyright (C) 2004-2006 Trusted Computer Solutions, Inc.
1da177e4	12	*/
7420ed23 VY	13	/*
	14	* Updated: Hewlett-Packard <paul.moore@hp.com>
	15	*
02752760	16	* Added support to import/export the MLS label from NetLabel
7420ed23 VY	17	*
	18	* (c) Copyright Hewlett-Packard Development Company, L.P., 2006
	19	*/
1da177e4 LT	20
	21	#include <linux/kernel.h>
	22	#include <linux/slab.h>
	23	#include <linux/string.h>
	24	#include <linux/errno.h>
02752760	25	#include <net/netlabel.h>
f5c1d5b2	26	#include "sidtab.h"
1da177e4 LT	27	#include "mls.h"
	28	#include "policydb.h"
	29	#include "services.h"
	30
	31	/*
	32	* Return the length in bytes for the MLS fields of the
	33	* security context string representation of `context'.
	34	*/
	35	int mls_compute_context_len(struct context * context)
	36	{
9fe79ad1 KK	37	int i, l, len, head, prev;
	38	char *nm;
	39	struct ebitmap *e;
782ebb99	40	struct ebitmap_node *node;
1da177e4 LT	41
	42	if (!selinux_mls_enabled)
	43	return 0;
	44
	45	len = 1; /* for the beginning ":" */
	46	for (l = 0; l < 2; l++) {
9fe79ad1 KK	47	int index_sens = context->range.level[l].sens;
9fe79ad1 KK	48	len += strlen(policydb.p_sens_val_to_name[index_sens - 1]);
1da177e4	49
9fe79ad1 KK	50	/* categories */
	51	head = -2;
	52	prev = -2;
	53	e = &context->range.level[l].cat;
	54	ebitmap_for_each_positive_bit(e, node, i) {
	55	if (i - prev > 1) {
	56	/* one or more negative bits are skipped */
	57	if (head != prev) {
	58	nm = policydb.p_cat_val_to_name[prev];
	59	len += strlen(nm) + 1;
	60	}
	61	nm = policydb.p_cat_val_to_name[i];
	62	len += strlen(nm) + 1;
	63	head = i;
1da177e4	64	}
9fe79ad1 KK	65	prev = i;
	66	}
	67	if (prev != head) {
	68	nm = policydb.p_cat_val_to_name[prev];
	69	len += strlen(nm) + 1;
1da177e4	70	}
1da177e4 LT	71	if (l == 0) {
1da177e4 LT	72	if (mls_level_eq(&context->range.level[0],
9fe79ad1	73	&context->range.level[1]))
1da177e4 LT	74	break;
	75	else
	76	len++;
	77	}
	78	}
	79
	80	return len;
	81	}
	82
	83	/*
	84	* Write the security context string representation of
	85	* the MLS fields of `context' into the string `*scontext'.
	86	* Update `*scontext' to point to the end of the MLS fields.
	87	*/
	88	void mls_sid_to_context(struct context *context,
	89	char **scontext)
	90	{
9fe79ad1 KK	91	char scontextp, nm;
	92	int i, l, head, prev;
	93	struct ebitmap *e;
782ebb99	94	struct ebitmap_node *node;
1da177e4 LT	95
	96	if (!selinux_mls_enabled)
	97	return;
	98
	99	scontextp = *scontext;
	100
	101	*scontextp = ':';
	102	scontextp++;
	103
	104	for (l = 0; l < 2; l++) {
1da177e4 LT	105	strcpy(scontextp,
1da177e4 LT	106	policydb.p_sens_val_to_name[context->range.level[l].sens - 1]);
9fe79ad1	107	scontextp += strlen(scontextp);
1da177e4 LT	108
1da177e4 LT	109	/* categories */
9fe79ad1 KK	110	head = -2;
	111	prev = -2;
	112	e = &context->range.level[l].cat;
	113	ebitmap_for_each_positive_bit(e, node, i) {
	114	if (i - prev > 1) {
	115	/* one or more negative bits are skipped */
	116	if (prev != head) {
	117	if (prev - head > 1)
1da177e4 LT	118	*scontextp++ = '.';
	119	else
	120	*scontextp++ = ',';
9fe79ad1 KK	121	nm = policydb.p_cat_val_to_name[prev];
	122	strcpy(scontextp, nm);
	123	scontextp += strlen(nm);
1da177e4	124	}
9fe79ad1 KK	125	if (prev < 0)
	126	*scontextp++ = ':';
	127	else
	128	*scontextp++ = ',';
	129	nm = policydb.p_cat_val_to_name[i];
	130	strcpy(scontextp, nm);
	131	scontextp += strlen(nm);
	132	head = i;
1da177e4	133	}
9fe79ad1	134	prev = i;
1da177e4 LT	135	}
1da177e4 LT	136
9fe79ad1 KK	137	if (prev != head) {
9fe79ad1 KK	138	if (prev - head > 1)
1da177e4 LT	139	*scontextp++ = '.';
	140	else
	141	*scontextp++ = ',';
9fe79ad1 KK	142	nm = policydb.p_cat_val_to_name[prev];
	143	strcpy(scontextp, nm);
	144	scontextp += strlen(nm);
1da177e4 LT	145	}
	146
	147	if (l == 0) {
	148	if (mls_level_eq(&context->range.level[0],
	149	&context->range.level[1]))
	150	break;
9fe79ad1 KK	151	else
9fe79ad1 KK	152	*scontextp++ = '-';
1da177e4 LT	153	}
	154	}
	155
	156	*scontext = scontextp;
	157	return;
	158	}
	159
45e5421e SS	160	int mls_level_isvalid(struct policydb p, struct mls_level l)
	161	{
	162	struct level_datum *levdatum;
	163	struct ebitmap_node *node;
	164	int i;
	165
	166	if (!l->sens \|\| l->sens > p->p_levels.nprim)
	167	return 0;
	168	levdatum = hashtab_search(p->p_levels.table,
	169	p->p_sens_val_to_name[l->sens - 1]);
	170	if (!levdatum)
	171	return 0;
	172
	173	ebitmap_for_each_positive_bit(&l->cat, node, i) {
	174	if (i > p->p_cats.nprim)
	175	return 0;
	176	if (!ebitmap_get_bit(&levdatum->level->cat, i)) {
	177	/*
	178	* Category may not be associated with
	179	* sensitivity.
	180	*/
	181	return 0;
	182	}
	183	}
	184
	185	return 1;
	186	}
	187
	188	int mls_range_isvalid(struct policydb p, struct mls_range r)
	189	{
	190	return (mls_level_isvalid(p, &r->level[0]) &&
	191	mls_level_isvalid(p, &r->level[1]) &&
	192	mls_level_dom(&r->level[1], &r->level[0]));
	193	}
	194
1da177e4 LT	195	/*
	196	* Return 1 if the MLS fields in the security context
	197	* structure `c' are valid. Return 0 otherwise.
	198	*/
	199	int mls_context_isvalid(struct policydb p, struct context c)
	200	{
1da177e4	201	struct user_datum *usrdatum;
1da177e4 LT	202
	203	if (!selinux_mls_enabled)
	204	return 1;
	205
45e5421e	206	if (!mls_range_isvalid(p, &c->range))
1da177e4 LT	207	return 0;
1da177e4 LT	208
1da177e4 LT	209	if (c->role == OBJECT_R_VAL)
	210	return 1;
	211
	212	/*
	213	* User must be authorized for the MLS range.
	214	*/
	215	if (!c->user \|\| c->user > p->p_users.nprim)
	216	return 0;
	217	usrdatum = p->user_val_to_struct[c->user - 1];
	218	if (!mls_range_contains(usrdatum->range, c->range))
	219	return 0; /* user may not be associated with range */
	220
	221	return 1;
	222	}
	223
	224	/*
	225	* Set the MLS fields in the security context structure
	226	* `context' based on the string representation in
	227	* the string `scontext'. Update `scontext' to
	228	* point to the end of the string representation of
	229	* the MLS fields.
	230	*
	231	* This function modifies the string in place, inserting
	232	* NULL characters to terminate the MLS fields.
f5c1d5b2 JM	233	*
	234	* If a def_sid is provided and no MLS field is present,
	235	* copy the MLS field of the associated default context.
	236	* Used for upgraded to MLS systems where objects may lack
	237	* MLS fields.
	238	*
	239	* Policy read-lock must be held for sidtab lookup.
	240	*
1da177e4 LT	241	*/
	242	int mls_context_to_sid(char oldc,
	243	char **scontext,
f5c1d5b2 JM	244	struct context *context,
	245	struct sidtab *s,
	246	u32 def_sid)
1da177e4 LT	247	{
	248
	249	char delim;
	250	char scontextp, p, *rngptr;
	251	struct level_datum *levdatum;
	252	struct cat_datum catdatum, rngdatum;
	253	int l, rc = -EINVAL;
	254
e517a0cd SS	255	if (!selinux_mls_enabled) {
e517a0cd SS	256	if (def_sid != SECSID_NULL && oldc)
ab5703b3	257	scontext += strlen(scontext)+1;
1da177e4	258	return 0;
e517a0cd	259	}
1da177e4	260
f5c1d5b2 JM	261	/*
	262	* No MLS component to the security context, try and map to
	263	* default if provided.
	264	*/
	265	if (!oldc) {
	266	struct context *defcon;
	267
	268	if (def_sid == SECSID_NULL)
	269	goto out;
	270
	271	defcon = sidtab_search(s, def_sid);
	272	if (!defcon)
	273	goto out;
	274
0efc61ea	275	rc = mls_context_cpy(context, defcon);
1da177e4	276	goto out;
f5c1d5b2	277	}
1da177e4 LT	278
	279	/* Extract low sensitivity. */
	280	scontextp = p = *scontext;
	281	while (p && p != ':' && *p != '-')
	282	p++;
	283
	284	delim = *p;
	285	if (delim != 0)
	286	*p++ = 0;
	287
	288	for (l = 0; l < 2; l++) {
	289	levdatum = hashtab_search(policydb.p_levels.table, scontextp);
	290	if (!levdatum) {
	291	rc = -EINVAL;
	292	goto out;
	293	}
	294
	295	context->range.level[l].sens = levdatum->level->sens;
	296
	297	if (delim == ':') {
	298	/* Extract category set. */
	299	while (1) {
	300	scontextp = p;
	301	while (p && p != ',' && *p != '-')
	302	p++;
	303	delim = *p;
	304	if (delim != 0)
	305	*p++ = 0;
	306
	307	/* Separate into range if exists */
	308	if ((rngptr = strchr(scontextp, '.')) != NULL) {
	309	/* Remove '.' */
	310	*rngptr++ = 0;
	311	}
	312
	313	catdatum = hashtab_search(policydb.p_cats.table,
	314	scontextp);
	315	if (!catdatum) {
	316	rc = -EINVAL;
	317	goto out;
	318	}
	319
	320	rc = ebitmap_set_bit(&context->range.level[l].cat,
	321	catdatum->value - 1, 1);
	322	if (rc)
	323	goto out;
	324
	325	/* If range, set all categories in range */
	326	if (rngptr) {
	327	int i;
	328
	329	rngdatum = hashtab_search(policydb.p_cats.table, rngptr);
	330	if (!rngdatum) {
	331	rc = -EINVAL;
	332	goto out;
	333	}
	334
	335	if (catdatum->value >= rngdatum->value) {
	336	rc = -EINVAL;
	337	goto out;
	338	}
	339
	340	for (i = catdatum->value; i < rngdatum->value; i++) {
	341	rc = ebitmap_set_bit(&context->range.level[l].cat, i, 1);
342	if (rc)
343	goto out;
344	}
345	}
346
347	if (delim != ',')
348	break;
349	}
350	}
351	if (delim == '-') {
352	/* Extract high sensitivity. */
353	scontextp = p;
354	while (p && p != ':')
355	p++;
356
357	delim = *p;
358	if (delim != 0)
359	*p++ = 0;
360	} else
361	break;
362	}
363
364	if (l == 0) {
365	context->range.level[1].sens = context->range.level[0].sens;
366	rc = ebitmap_cpy(&context->range.level[1].cat,
367	&context->range.level[0].cat);
368	if (rc)
369	goto out;
370	}
371	*scontext = ++p;
372	rc = 0;
373	out:
374	return rc;
375	}
376
376bd9cb DG	377	/*
	378	* Set the MLS fields in the security context structure
	379	* `context' based on the string representation in
	380	* the string `str'. This function will allocate temporary memory with the
	381	* given constraints of gfp_mask.
	382	*/
	383	int mls_from_string(char str, struct context context, gfp_t gfp_mask)
	384	{
	385	char tmpstr, freestr;
	386	int rc;
	387
	388	if (!selinux_mls_enabled)
	389	return -EINVAL;
	390
	391	/* we need freestr because mls_context_to_sid will change
	392	the value of tmpstr */
	393	tmpstr = freestr = kstrdup(str, gfp_mask);
	394	if (!tmpstr) {
	395	rc = -ENOMEM;
	396	} else {
	397	rc = mls_context_to_sid(':', &tmpstr, context,
	398	NULL, SECSID_NULL);
	399	kfree(freestr);
	400	}
	401
	402	return rc;
	403	}
	404
1da177e4 LT	405	/*
	406	* Copies the MLS range `range' into `context'.
	407	*/
	408	static inline int mls_range_set(struct context *context,
	409	struct mls_range *range)
	410	{
	411	int l, rc = 0;
	412
	413	/* Copy the MLS range into the context */
	414	for (l = 0; l < 2; l++) {
	415	context->range.level[l].sens = range->level[l].sens;
	416	rc = ebitmap_cpy(&context->range.level[l].cat,
	417	&range->level[l].cat);
	418	if (rc)
	419	break;
	420	}
	421
	422	return rc;
	423	}
	424
	425	int mls_setup_user_range(struct context fromcon, struct user_datum user,
	426	struct context *usercon)
	427	{
	428	if (selinux_mls_enabled) {
	429	struct mls_level *fromcon_sen = &(fromcon->range.level[0]);
	430	struct mls_level *fromcon_clr = &(fromcon->range.level[1]);
	431	struct mls_level *user_low = &(user->range.level[0]);
	432	struct mls_level *user_clr = &(user->range.level[1]);
	433	struct mls_level *user_def = &(user->dfltlevel);
	434	struct mls_level *usercon_sen = &(usercon->range.level[0]);
	435	struct mls_level *usercon_clr = &(usercon->range.level[1]);
	436
	437	/* Honor the user's default level if we can */
	438	if (mls_level_between(user_def, fromcon_sen, fromcon_clr)) {
	439	usercon_sen = user_def;
	440	} else if (mls_level_between(fromcon_sen, user_def, user_clr)) {
	441	usercon_sen = fromcon_sen;
	442	} else if (mls_level_between(fromcon_clr, user_low, user_def)) {
	443	usercon_sen = user_low;
	444	} else
	445	return -EINVAL;
	446
	447	/* Lower the clearance of available contexts
	448	if the clearance of "fromcon" is lower than
	449	that of the user's default clearance (but
	450	only if the "fromcon" clearance dominates
	451	the user's computed sensitivity level) */
	452	if (mls_level_dom(user_clr, fromcon_clr)) {
	453	usercon_clr = fromcon_clr;
	454	} else if (mls_level_dom(fromcon_clr, user_clr)) {
	455	usercon_clr = user_clr;
	456	} else
	457	return -EINVAL;
	458	}
	459
	460	return 0;
	461	}
	462
	463	/*
	464	* Convert the MLS fields in the security context
	465	* structure `c' from the values specified in the
	466	* policy `oldp' to the values specified in the policy `newp'.
	467	*/
	468	int mls_convert_context(struct policydb *oldp,
469	struct policydb *newp,
470	struct context *c)
471	{
472	struct level_datum *levdatum;
473	struct cat_datum *catdatum;
474	struct ebitmap bitmap;
782ebb99	475	struct ebitmap_node *node;
1da177e4 LT	476	int l, i;
	477
	478	if (!selinux_mls_enabled)
	479	return 0;
	480
	481	for (l = 0; l < 2; l++) {
	482	levdatum = hashtab_search(newp->p_levels.table,
	483	oldp->p_sens_val_to_name[c->range.level[l].sens - 1]);
	484
	485	if (!levdatum)
	486	return -EINVAL;
	487	c->range.level[l].sens = levdatum->level->sens;
	488
	489	ebitmap_init(&bitmap);
9fe79ad1 KK	490	ebitmap_for_each_positive_bit(&c->range.level[l].cat, node, i) {
	491	int rc;
	492
	493	catdatum = hashtab_search(newp->p_cats.table,
	494	oldp->p_cat_val_to_name[i]);
	495	if (!catdatum)
	496	return -EINVAL;
	497	rc = ebitmap_set_bit(&bitmap, catdatum->value - 1, 1);
	498	if (rc)
	499	return rc;
1da177e4 LT	500	}
	501	ebitmap_destroy(&c->range.level[l].cat);
	502	c->range.level[l].cat = bitmap;
	503	}
	504
	505	return 0;
	506	}
	507
	508	int mls_compute_sid(struct context *scontext,
	509	struct context *tcontext,
	510	u16 tclass,
	511	u32 specified,
	512	struct context *newcontext)
	513	{
f3f87714 DG	514	struct range_trans *rtr;
f3f87714 DG	515
1da177e4 LT	516	if (!selinux_mls_enabled)
	517	return 0;
	518
	519	switch (specified) {
	520	case AVTAB_TRANSITION:
f3f87714 DG	521	/* Look for a range transition rule. */
	522	for (rtr = policydb.range_tr; rtr; rtr = rtr->next) {
	523	if (rtr->source_type == scontext->type &&
	524	rtr->target_type == tcontext->type &&
	525	rtr->target_class == tclass) {
	526	/* Set the range from the rule */
	527	return mls_range_set(newcontext,
	528	&rtr->target_range);
1da177e4 LT	529	}
	530	}
	531	/* Fallthrough */
	532	case AVTAB_CHANGE:
	533	if (tclass == SECCLASS_PROCESS)
	534	/* Use the process MLS attributes. */
0efc61ea	535	return mls_context_cpy(newcontext, scontext);
1da177e4 LT	536	else
1da177e4 LT	537	/* Use the process effective MLS attributes. */
0efc61ea	538	return mls_context_cpy_low(newcontext, scontext);
1da177e4	539	case AVTAB_MEMBER:
2e08c0c1 EW	540	/* Use the process effective MLS attributes. */
2e08c0c1 EW	541	return mls_context_cpy_low(newcontext, scontext);
1da177e4 LT	542	default:
	543	return -EINVAL;
	544	}
	545	return -EINVAL;
	546	}
	547
02752760	548	#ifdef CONFIG_NETLABEL
7420ed23	549	/**
02752760	550	* mls_export_netlbl_lvl - Export the MLS sensitivity levels to NetLabel
7420ed23	551	* @context: the security context
02752760	552	* @secattr: the NetLabel security attributes
7420ed23 VY	553	*
7420ed23 VY	554	* Description:
02752760 PM	555	* Given the security context copy the low MLS sensitivity level into the
02752760 PM	556	* NetLabel MLS sensitivity level field.
7420ed23 VY	557	*
7420ed23 VY	558	*/
02752760 PM	559	void mls_export_netlbl_lvl(struct context *context,
02752760 PM	560	struct netlbl_lsm_secattr *secattr)
7420ed23 VY	561	{
	562	if (!selinux_mls_enabled)
	563	return;
	564
16efd454	565	secattr->attr.mls.lvl = context->range.level[0].sens - 1;
02752760	566	secattr->flags \|= NETLBL_SECATTR_MLS_LVL;
7420ed23 VY	567	}
	568
	569	/**
02752760	570	* mls_import_netlbl_lvl - Import the NetLabel MLS sensitivity levels
7420ed23	571	* @context: the security context
02752760	572	* @secattr: the NetLabel security attributes
7420ed23 VY	573	*
7420ed23 VY	574	* Description:
02752760 PM	575	* Given the security context and the NetLabel security attributes, copy the
02752760 PM	576	* NetLabel MLS sensitivity level into the context.
7420ed23 VY	577	*
7420ed23 VY	578	*/
02752760 PM	579	void mls_import_netlbl_lvl(struct context *context,
02752760 PM	580	struct netlbl_lsm_secattr *secattr)
7420ed23 VY	581	{
	582	if (!selinux_mls_enabled)
	583	return;
	584
16efd454	585	context->range.level[0].sens = secattr->attr.mls.lvl + 1;
02752760	586	context->range.level[1].sens = context->range.level[0].sens;
7420ed23 VY	587	}
	588
	589	/**
02752760	590	* mls_export_netlbl_cat - Export the MLS categories to NetLabel
7420ed23	591	* @context: the security context
02752760	592	* @secattr: the NetLabel security attributes
7420ed23 VY	593	*
7420ed23 VY	594	* Description:
02752760 PM	595	* Given the security context copy the low MLS categories into the NetLabel
02752760 PM	596	* MLS category field. Returns zero on success, negative values on failure.
7420ed23 VY	597	*
7420ed23 VY	598	*/
02752760 PM	599	int mls_export_netlbl_cat(struct context *context,
02752760 PM	600	struct netlbl_lsm_secattr *secattr)
7420ed23	601	{
02752760	602	int rc;
7420ed23	603
02752760	604	if (!selinux_mls_enabled)
7420ed23 VY	605	return 0;
7420ed23 VY	606
02752760	607	rc = ebitmap_netlbl_export(&context->range.level[0].cat,
16efd454 PM	608	&secattr->attr.mls.cat);
16efd454 PM	609	if (rc == 0 && secattr->attr.mls.cat != NULL)
02752760	610	secattr->flags \|= NETLBL_SECATTR_MLS_CAT;
7420ed23	611
7420ed23 VY	612	return rc;
	613	}
	614
	615	/**
02752760	616	* mls_import_netlbl_cat - Import the MLS categories from NetLabel
7420ed23	617	* @context: the security context
02752760	618	* @secattr: the NetLabel security attributes
7420ed23 VY	619	*
7420ed23 VY	620	* Description:
02752760 PM	621	* Copy the NetLabel security attributes into the SELinux context; since the
	622	* NetLabel security attribute only contains a single MLS category use it for
	623	* both the low and high categories of the context. Returns zero on success,
	624	* negative values on failure.
7420ed23 VY	625	*
7420ed23 VY	626	*/
02752760 PM	627	int mls_import_netlbl_cat(struct context *context,
02752760 PM	628	struct netlbl_lsm_secattr *secattr)
7420ed23	629	{
02752760	630	int rc;
7420ed23 VY	631
	632	if (!selinux_mls_enabled)
	633	return 0;
	634
02752760	635	rc = ebitmap_netlbl_import(&context->range.level[0].cat,
16efd454	636	secattr->attr.mls.cat);
02752760 PM	637	if (rc != 0)
	638	goto import_netlbl_cat_failure;
	639
	640	rc = ebitmap_cpy(&context->range.level[1].cat,
	641	&context->range.level[0].cat);
	642	if (rc != 0)
	643	goto import_netlbl_cat_failure;
7420ed23 VY	644
	645	return 0;
	646
02752760	647	import_netlbl_cat_failure:
7420ed23 VY	648	ebitmap_destroy(&context->range.level[0].cat);
	649	ebitmap_destroy(&context->range.level[1].cat);
	650	return rc;
	651	}
02752760	652	#endif /* CONFIG_NETLABEL */