1706f2543Smrg/************************************************************ 2706f2543Smrg 3706f2543SmrgAuthor: Eamon Walsh <ewalsh@tycho.nsa.gov> 4706f2543Smrg 5706f2543SmrgPermission to use, copy, modify, distribute, and sell this software and its 6706f2543Smrgdocumentation for any purpose is hereby granted without fee, provided that 7706f2543Smrgthis permission notice appear in supporting documentation. This permission 8706f2543Smrgnotice shall be included in all copies or substantial portions of the 9706f2543SmrgSoftware. 10706f2543Smrg 11706f2543SmrgTHE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 12706f2543SmrgIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 13706f2543SmrgFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 14706f2543SmrgAUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN 15706f2543SmrgAN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 16706f2543SmrgCONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 17706f2543Smrg 18706f2543Smrg********************************************************/ 19706f2543Smrg 20706f2543Smrg#ifdef HAVE_DIX_CONFIG_H 21706f2543Smrg#include <dix-config.h> 22706f2543Smrg#endif 23706f2543Smrg 24706f2543Smrg#include <selinux/label.h> 25706f2543Smrg 26706f2543Smrg#include "registry.h" 27706f2543Smrg#include "xselinuxint.h" 28706f2543Smrg 29706f2543Smrg/* selection and property atom cache */ 30706f2543Smrgtypedef struct { 31706f2543Smrg SELinuxObjectRec prp; 32706f2543Smrg SELinuxObjectRec sel; 33706f2543Smrg} SELinuxAtomRec; 34706f2543Smrg 35706f2543Smrg/* dynamic array */ 36706f2543Smrgtypedef struct { 37706f2543Smrg unsigned size; 38706f2543Smrg void **array; 39706f2543Smrg} SELinuxArrayRec; 40706f2543Smrg 41706f2543Smrg/* labeling handle */ 42706f2543Smrgstatic struct selabel_handle *label_hnd; 43706f2543Smrg 44706f2543Smrg/* Array of object classes indexed by resource type */ 45706f2543SmrgSELinuxArrayRec arr_types; 46706f2543Smrg/* Array of event SIDs indexed by event type */ 47706f2543SmrgSELinuxArrayRec arr_events; 48706f2543Smrg/* Array of property and selection SID structures */ 49706f2543SmrgSELinuxArrayRec arr_atoms; 50706f2543Smrg 51706f2543Smrg/* 52706f2543Smrg * Dynamic array helpers 53706f2543Smrg */ 54706f2543Smrgstatic void * 55706f2543SmrgSELinuxArrayGet(SELinuxArrayRec *rec, unsigned key) 56706f2543Smrg{ 57706f2543Smrg return (rec->size > key) ? rec->array[key] : 0; 58706f2543Smrg} 59706f2543Smrg 60706f2543Smrgstatic int 61706f2543SmrgSELinuxArraySet(SELinuxArrayRec *rec, unsigned key, void *val) 62706f2543Smrg{ 63706f2543Smrg if (key >= rec->size) { 64706f2543Smrg /* Need to increase size of array */ 65706f2543Smrg rec->array = realloc(rec->array, (key + 1) * sizeof(val)); 66706f2543Smrg if (!rec->array) 67706f2543Smrg return FALSE; 68706f2543Smrg memset(rec->array + rec->size, 0, (key - rec->size + 1) * sizeof(val)); 69706f2543Smrg rec->size = key + 1; 70706f2543Smrg } 71706f2543Smrg 72706f2543Smrg rec->array[key] = val; 73706f2543Smrg return TRUE; 74706f2543Smrg} 75706f2543Smrg 76706f2543Smrgstatic void 77706f2543SmrgSELinuxArrayFree(SELinuxArrayRec *rec, int free_elements) 78706f2543Smrg{ 79706f2543Smrg if (free_elements) { 80706f2543Smrg unsigned i = rec->size; 81706f2543Smrg while (i) 82706f2543Smrg free(rec->array[--i]); 83706f2543Smrg } 84706f2543Smrg 85706f2543Smrg free(rec->array); 86706f2543Smrg rec->size = 0; 87706f2543Smrg rec->array = NULL; 88706f2543Smrg} 89706f2543Smrg 90706f2543Smrg/* 91706f2543Smrg * Looks up a name in the selection or property mappings 92706f2543Smrg */ 93706f2543Smrgstatic int 94706f2543SmrgSELinuxAtomToSIDLookup(Atom atom, SELinuxObjectRec *obj, int map, int polymap) 95706f2543Smrg{ 96706f2543Smrg const char *name = NameForAtom(atom); 97706f2543Smrg security_context_t ctx; 98706f2543Smrg int rc = Success; 99706f2543Smrg 100706f2543Smrg obj->poly = 1; 101706f2543Smrg 102706f2543Smrg /* Look in the mappings of names to contexts */ 103706f2543Smrg if (selabel_lookup_raw(label_hnd, &ctx, name, map) == 0) { 104706f2543Smrg obj->poly = 0; 105706f2543Smrg } else if (errno != ENOENT) { 106706f2543Smrg ErrorF("SELinux: a property label lookup failed!\n"); 107706f2543Smrg return BadValue; 108706f2543Smrg } else if (selabel_lookup_raw(label_hnd, &ctx, name, polymap) < 0) { 109706f2543Smrg ErrorF("SELinux: a property label lookup failed!\n"); 110706f2543Smrg return BadValue; 111706f2543Smrg } 112706f2543Smrg 113706f2543Smrg /* Get a SID for context */ 114706f2543Smrg if (avc_context_to_sid_raw(ctx, &obj->sid) < 0) { 115706f2543Smrg ErrorF("SELinux: a context_to_SID_raw call failed!\n"); 116706f2543Smrg rc = BadAlloc; 117706f2543Smrg } 118706f2543Smrg 119706f2543Smrg freecon(ctx); 120706f2543Smrg return rc; 121706f2543Smrg} 122706f2543Smrg 123706f2543Smrg/* 124706f2543Smrg * Looks up the SID corresponding to the given property or selection atom 125706f2543Smrg */ 126706f2543Smrgint 127706f2543SmrgSELinuxAtomToSID(Atom atom, int prop, SELinuxObjectRec **obj_rtn) 128706f2543Smrg{ 129706f2543Smrg SELinuxAtomRec *rec; 130706f2543Smrg SELinuxObjectRec *obj; 131706f2543Smrg int rc, map, polymap; 132706f2543Smrg 133706f2543Smrg rec = SELinuxArrayGet(&arr_atoms, atom); 134706f2543Smrg if (!rec) { 135706f2543Smrg rec = calloc(1, sizeof(SELinuxAtomRec)); 136706f2543Smrg if (!rec || !SELinuxArraySet(&arr_atoms, atom, rec)) 137706f2543Smrg return BadAlloc; 138706f2543Smrg } 139706f2543Smrg 140706f2543Smrg if (prop) { 141706f2543Smrg obj = &rec->prp; 142706f2543Smrg map = SELABEL_X_PROP; 143706f2543Smrg polymap = SELABEL_X_POLYPROP; 144706f2543Smrg } else { 145706f2543Smrg obj = &rec->sel; 146706f2543Smrg map = SELABEL_X_SELN; 147706f2543Smrg polymap = SELABEL_X_POLYSELN; 148706f2543Smrg } 149706f2543Smrg 150706f2543Smrg if (!obj->sid) { 151706f2543Smrg rc = SELinuxAtomToSIDLookup(atom, obj, map, polymap); 152706f2543Smrg if (rc != Success) 153706f2543Smrg goto out; 154706f2543Smrg } 155706f2543Smrg 156706f2543Smrg *obj_rtn = obj; 157706f2543Smrg rc = Success; 158706f2543Smrgout: 159706f2543Smrg return rc; 160706f2543Smrg} 161706f2543Smrg 162706f2543Smrg/* 163706f2543Smrg * Looks up a SID for a selection/subject pair 164706f2543Smrg */ 165706f2543Smrgint 166706f2543SmrgSELinuxSelectionToSID(Atom selection, SELinuxSubjectRec *subj, 167706f2543Smrg security_id_t *sid_rtn, int *poly_rtn) 168706f2543Smrg{ 169706f2543Smrg int rc; 170706f2543Smrg SELinuxObjectRec *obj; 171706f2543Smrg security_id_t tsid; 172706f2543Smrg 173706f2543Smrg /* Get the default context and polyinstantiation bit */ 174706f2543Smrg rc = SELinuxAtomToSID(selection, 0, &obj); 175706f2543Smrg if (rc != Success) 176706f2543Smrg return rc; 177706f2543Smrg 178706f2543Smrg /* Check for an override context next */ 179706f2543Smrg if (subj->sel_use_sid) { 180706f2543Smrg tsid = subj->sel_use_sid; 181706f2543Smrg goto out; 182706f2543Smrg } 183706f2543Smrg 184706f2543Smrg tsid = obj->sid; 185706f2543Smrg 186706f2543Smrg /* Polyinstantiate if necessary to obtain the final SID */ 187706f2543Smrg if (obj->poly && avc_compute_member(subj->sid, obj->sid, 188706f2543Smrg SECCLASS_X_SELECTION, &tsid) < 0) { 189706f2543Smrg ErrorF("SELinux: a compute_member call failed!\n"); 190706f2543Smrg return BadValue; 191706f2543Smrg } 192706f2543Smrgout: 193706f2543Smrg *sid_rtn = tsid; 194706f2543Smrg if (poly_rtn) 195706f2543Smrg *poly_rtn = obj->poly; 196706f2543Smrg return Success; 197706f2543Smrg} 198706f2543Smrg 199706f2543Smrg/* 200706f2543Smrg * Looks up a SID for a property/subject pair 201706f2543Smrg */ 202706f2543Smrgint 203706f2543SmrgSELinuxPropertyToSID(Atom property, SELinuxSubjectRec *subj, 204706f2543Smrg security_id_t *sid_rtn, int *poly_rtn) 205706f2543Smrg{ 206706f2543Smrg int rc; 207706f2543Smrg SELinuxObjectRec *obj; 208706f2543Smrg security_id_t tsid, tsid2; 209706f2543Smrg 210706f2543Smrg /* Get the default context and polyinstantiation bit */ 211706f2543Smrg rc = SELinuxAtomToSID(property, 1, &obj); 212706f2543Smrg if (rc != Success) 213706f2543Smrg return rc; 214706f2543Smrg 215706f2543Smrg /* Check for an override context next */ 216706f2543Smrg if (subj->prp_use_sid) { 217706f2543Smrg tsid = subj->prp_use_sid; 218706f2543Smrg goto out; 219706f2543Smrg } 220706f2543Smrg 221706f2543Smrg /* Perform a transition */ 222706f2543Smrg if (avc_compute_create(subj->sid, obj->sid, 223706f2543Smrg SECCLASS_X_PROPERTY, &tsid) < 0) { 224706f2543Smrg ErrorF("SELinux: a compute_create call failed!\n"); 225706f2543Smrg return BadValue; 226706f2543Smrg } 227706f2543Smrg 228706f2543Smrg /* Polyinstantiate if necessary to obtain the final SID */ 229706f2543Smrg if (obj->poly) { 230706f2543Smrg tsid2 = tsid; 231706f2543Smrg if (avc_compute_member(subj->sid, tsid2, 232706f2543Smrg SECCLASS_X_PROPERTY, &tsid) < 0) { 233706f2543Smrg ErrorF("SELinux: a compute_member call failed!\n"); 234706f2543Smrg return BadValue; 235706f2543Smrg } 236706f2543Smrg } 237706f2543Smrgout: 238706f2543Smrg *sid_rtn = tsid; 239706f2543Smrg if (poly_rtn) 240706f2543Smrg *poly_rtn = obj->poly; 241706f2543Smrg return Success; 242706f2543Smrg} 243706f2543Smrg 244706f2543Smrg/* 245706f2543Smrg * Looks up the SID corresponding to the given event type 246706f2543Smrg */ 247706f2543Smrgint 248706f2543SmrgSELinuxEventToSID(unsigned type, security_id_t sid_of_window, 249706f2543Smrg SELinuxObjectRec *sid_return) 250706f2543Smrg{ 251706f2543Smrg const char *name = LookupEventName(type); 252706f2543Smrg security_id_t sid; 253706f2543Smrg security_context_t ctx; 254706f2543Smrg type &= 127; 255706f2543Smrg 256706f2543Smrg sid = SELinuxArrayGet(&arr_events, type); 257706f2543Smrg if (!sid) { 258706f2543Smrg /* Look in the mappings of event names to contexts */ 259706f2543Smrg if (selabel_lookup_raw(label_hnd, &ctx, name, SELABEL_X_EVENT) < 0) { 260706f2543Smrg ErrorF("SELinux: an event label lookup failed!\n"); 261706f2543Smrg return BadValue; 262706f2543Smrg } 263706f2543Smrg /* Get a SID for context */ 264706f2543Smrg if (avc_context_to_sid_raw(ctx, &sid) < 0) { 265706f2543Smrg ErrorF("SELinux: a context_to_SID_raw call failed!\n"); 266706f2543Smrg freecon(ctx); 267706f2543Smrg return BadAlloc; 268706f2543Smrg } 269706f2543Smrg freecon(ctx); 270706f2543Smrg /* Cache the SID value */ 271706f2543Smrg if (!SELinuxArraySet(&arr_events, type, sid)) 272706f2543Smrg return BadAlloc; 273706f2543Smrg } 274706f2543Smrg 275706f2543Smrg /* Perform a transition to obtain the final SID */ 276706f2543Smrg if (avc_compute_create(sid_of_window, sid, SECCLASS_X_EVENT, 277706f2543Smrg &sid_return->sid) < 0) { 278706f2543Smrg ErrorF("SELinux: a compute_create call failed!\n"); 279706f2543Smrg return BadValue; 280706f2543Smrg } 281706f2543Smrg 282706f2543Smrg return Success; 283706f2543Smrg} 284706f2543Smrg 285706f2543Smrgint 286706f2543SmrgSELinuxExtensionToSID(const char *name, security_id_t *sid_rtn) 287706f2543Smrg{ 288706f2543Smrg security_context_t ctx; 289706f2543Smrg 290706f2543Smrg /* Look in the mappings of extension names to contexts */ 291706f2543Smrg if (selabel_lookup_raw(label_hnd, &ctx, name, SELABEL_X_EXT) < 0) { 292706f2543Smrg ErrorF("SELinux: a property label lookup failed!\n"); 293706f2543Smrg return BadValue; 294706f2543Smrg } 295706f2543Smrg /* Get a SID for context */ 296706f2543Smrg if (avc_context_to_sid_raw(ctx, sid_rtn) < 0) { 297706f2543Smrg ErrorF("SELinux: a context_to_SID_raw call failed!\n"); 298706f2543Smrg freecon(ctx); 299706f2543Smrg return BadAlloc; 300706f2543Smrg } 301706f2543Smrg freecon(ctx); 302706f2543Smrg return Success; 303706f2543Smrg} 304706f2543Smrg 305706f2543Smrg/* 306706f2543Smrg * Returns the object class corresponding to the given resource type. 307706f2543Smrg */ 308706f2543Smrgsecurity_class_t 309706f2543SmrgSELinuxTypeToClass(RESTYPE type) 310706f2543Smrg{ 311706f2543Smrg void *tmp; 312706f2543Smrg 313706f2543Smrg tmp = SELinuxArrayGet(&arr_types, type & TypeMask); 314706f2543Smrg if (!tmp) { 315706f2543Smrg unsigned long class = SECCLASS_X_RESOURCE; 316706f2543Smrg 317706f2543Smrg if (type & RC_DRAWABLE) 318706f2543Smrg class = SECCLASS_X_DRAWABLE; 319706f2543Smrg else if (type == RT_GC) 320706f2543Smrg class = SECCLASS_X_GC; 321706f2543Smrg else if (type == RT_FONT) 322706f2543Smrg class = SECCLASS_X_FONT; 323706f2543Smrg else if (type == RT_CURSOR) 324706f2543Smrg class = SECCLASS_X_CURSOR; 325706f2543Smrg else if (type == RT_COLORMAP) 326706f2543Smrg class = SECCLASS_X_COLORMAP; 327706f2543Smrg else { 328706f2543Smrg /* Need to do a string lookup */ 329706f2543Smrg const char *str = LookupResourceName(type); 330706f2543Smrg if (!strcmp(str, "PICTURE")) 331706f2543Smrg class = SECCLASS_X_DRAWABLE; 332706f2543Smrg else if (!strcmp(str, "GLYPHSET")) 333706f2543Smrg class = SECCLASS_X_FONT; 334706f2543Smrg } 335706f2543Smrg 336706f2543Smrg tmp = (void *)class; 337706f2543Smrg SELinuxArraySet(&arr_types, type & TypeMask, tmp); 338706f2543Smrg } 339706f2543Smrg 340706f2543Smrg return (security_class_t)(unsigned long)tmp; 341706f2543Smrg} 342706f2543Smrg 343706f2543Smrgsecurity_context_t 344706f2543SmrgSELinuxDefaultClientLabel(void) 345706f2543Smrg{ 346706f2543Smrg security_context_t ctx; 347706f2543Smrg 348706f2543Smrg if (selabel_lookup_raw(label_hnd, &ctx, "remote", SELABEL_X_CLIENT) < 0) 349706f2543Smrg FatalError("SELinux: failed to look up remote-client context\n"); 350706f2543Smrg 351706f2543Smrg return ctx; 352706f2543Smrg} 353706f2543Smrg 354706f2543Smrgvoid 355706f2543SmrgSELinuxLabelInit(void) 356706f2543Smrg{ 357706f2543Smrg struct selinux_opt selabel_option = { SELABEL_OPT_VALIDATE, (char *)1 }; 358706f2543Smrg 359706f2543Smrg label_hnd = selabel_open(SELABEL_CTX_X, &selabel_option, 1); 360706f2543Smrg if (!label_hnd) 361706f2543Smrg FatalError("SELinux: Failed to open x_contexts mapping in policy\n"); 362706f2543Smrg} 363706f2543Smrg 364706f2543Smrgvoid 365706f2543SmrgSELinuxLabelReset(void) 366706f2543Smrg{ 367706f2543Smrg selabel_close(label_hnd); 368706f2543Smrg label_hnd = NULL; 369706f2543Smrg 370706f2543Smrg /* Free local state */ 371706f2543Smrg SELinuxArrayFree(&arr_types, 0); 372706f2543Smrg SELinuxArrayFree(&arr_events, 0); 373706f2543Smrg SELinuxArrayFree(&arr_atoms, 1); 374706f2543Smrg} 375