Commit 7f85565a authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'selinux-pr-20170831' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull selinux updates from Paul Moore:
 "A relatively quiet period for SELinux, 11 patches with only two/three
  having any substantive changes.

  These noteworthy changes include another tweak to the NNP/nosuid
  handling, per-file labeling for cgroups, and an object class fix for
  AF_UNIX/SOCK_RAW sockets; the rest of the changes are minor tweaks or
  administrative updates (Stephen's email update explains the file
  explosion in the diffstat).

  Everything passes the selinux-testsuite"

[ Also a couple of small patches from the security tree from Tetsuo
  Handa for Tomoyo and LSM cleanup. The separation of security policy
  updates wasn't all that clean - Linus ]

* tag 'selinux-pr-20170831' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: constify nf_hook_ops
  selinux: allow per-file labeling for cgroupfs
  lsm_audit: update my email address
  selinux: update my email address
  MAINTAINERS: update the NetLabel and Labeled Networking information
  selinux: use GFP_NOWAIT in the AVC kmem_caches
  selinux: Generalize support for NNP/nosuid SELinux domain transitions
  selinux: genheaders should fail if too many permissions are defined
  selinux: update the selinux info in MAINTAINERS
  credits: update Paul Moore's info
  selinux: Assign proper class to PF_UNIX/SOCK_RAW sockets
  tomoyo: Update URLs in Documentation/admin-guide/LSM/tomoyo.rst
  LSM: Remove security_task_create() hook.
parents 680352bd 0c3014f2
...@@ -2606,11 +2606,9 @@ E: tmolina@cablespeed.com ...@@ -2606,11 +2606,9 @@ E: tmolina@cablespeed.com
D: bug fixes, documentation, minor hackery D: bug fixes, documentation, minor hackery
N: Paul Moore N: Paul Moore
E: paul.moore@hp.com E: paul@paul-moore.com
D: NetLabel author W: http://www.paul-moore.com
S: Hewlett-Packard D: NetLabel, SELinux, audit
S: 110 Spit Brook Road
S: Nashua, NH 03062
N: James Morris N: James Morris
E: jmorris@namei.org E: jmorris@namei.org
......
...@@ -9,8 +9,8 @@ TOMOYO is a name-based MAC extension (LSM module) for the Linux kernel. ...@@ -9,8 +9,8 @@ TOMOYO is a name-based MAC extension (LSM module) for the Linux kernel.
LiveCD-based tutorials are available at LiveCD-based tutorials are available at
http://tomoyo.sourceforge.jp/1.7/1st-step/ubuntu10.04-live/ http://tomoyo.sourceforge.jp/1.8/ubuntu12.04-live.html
http://tomoyo.sourceforge.jp/1.7/1st-step/centos5-live/ http://tomoyo.sourceforge.jp/1.8/centos6-live.html
Though these tutorials use non-LSM version of TOMOYO, they are useful for you Though these tutorials use non-LSM version of TOMOYO, they are useful for you
to know what TOMOYO is. to know what TOMOYO is.
...@@ -21,35 +21,35 @@ How to enable TOMOYO? ...@@ -21,35 +21,35 @@ How to enable TOMOYO?
Build the kernel with ``CONFIG_SECURITY_TOMOYO=y`` and pass ``security=tomoyo`` on Build the kernel with ``CONFIG_SECURITY_TOMOYO=y`` and pass ``security=tomoyo`` on
kernel's command line. kernel's command line.
Please see http://tomoyo.sourceforge.jp/2.3/ for details. Please see http://tomoyo.osdn.jp/2.5/ for details.
Where is documentation? Where is documentation?
======================= =======================
User <-> Kernel interface documentation is available at User <-> Kernel interface documentation is available at
http://tomoyo.sourceforge.jp/2.3/policy-reference.html . http://tomoyo.osdn.jp/2.5/policy-specification/index.html .
Materials we prepared for seminars and symposiums are available at Materials we prepared for seminars and symposiums are available at
http://sourceforge.jp/projects/tomoyo/docs/?category_id=532&language_id=1 . http://osdn.jp/projects/tomoyo/docs/?category_id=532&language_id=1 .
Below lists are chosen from three aspects. Below lists are chosen from three aspects.
What is TOMOYO? What is TOMOYO?
TOMOYO Linux Overview TOMOYO Linux Overview
http://sourceforge.jp/projects/tomoyo/docs/lca2009-takeda.pdf http://osdn.jp/projects/tomoyo/docs/lca2009-takeda.pdf
TOMOYO Linux: pragmatic and manageable security for Linux TOMOYO Linux: pragmatic and manageable security for Linux
http://sourceforge.jp/projects/tomoyo/docs/freedomhectaipei-tomoyo.pdf http://osdn.jp/projects/tomoyo/docs/freedomhectaipei-tomoyo.pdf
TOMOYO Linux: A Practical Method to Understand and Protect Your Own Linux Box TOMOYO Linux: A Practical Method to Understand and Protect Your Own Linux Box
http://sourceforge.jp/projects/tomoyo/docs/PacSec2007-en-no-demo.pdf http://osdn.jp/projects/tomoyo/docs/PacSec2007-en-no-demo.pdf
What can TOMOYO do? What can TOMOYO do?
Deep inside TOMOYO Linux Deep inside TOMOYO Linux
http://sourceforge.jp/projects/tomoyo/docs/lca2009-kumaneko.pdf http://osdn.jp/projects/tomoyo/docs/lca2009-kumaneko.pdf
The role of "pathname based access control" in security. The role of "pathname based access control" in security.
http://sourceforge.jp/projects/tomoyo/docs/lfj2008-bof.pdf http://osdn.jp/projects/tomoyo/docs/lfj2008-bof.pdf
History of TOMOYO? History of TOMOYO?
Realities of Mainlining Realities of Mainlining
http://sourceforge.jp/projects/tomoyo/docs/lfj2008.pdf http://osdn.jp/projects/tomoyo/docs/lfj2008.pdf
What is future plan? What is future plan?
==================== ====================
...@@ -60,6 +60,6 @@ multiple LSM modules at the same time. We feel sorry that you have to give up ...@@ -60,6 +60,6 @@ multiple LSM modules at the same time. We feel sorry that you have to give up
SELinux/SMACK/AppArmor etc. when you want to use TOMOYO. SELinux/SMACK/AppArmor etc. when you want to use TOMOYO.
We hope that LSM becomes stackable in future. Meanwhile, you can use non-LSM We hope that LSM becomes stackable in future. Meanwhile, you can use non-LSM
version of TOMOYO, available at http://tomoyo.sourceforge.jp/1.7/ . version of TOMOYO, available at http://tomoyo.osdn.jp/1.8/ .
LSM version of TOMOYO is a subset of non-LSM version of TOMOYO. We are planning LSM version of TOMOYO is a subset of non-LSM version of TOMOYO. We are planning
to port non-LSM version's functionalities to LSM versions. to port non-LSM version's functionalities to LSM versions.
...@@ -9298,15 +9298,6 @@ F: net/*/netfilter/ ...@@ -9298,15 +9298,6 @@ F: net/*/netfilter/
F: net/netfilter/ F: net/netfilter/
F: net/bridge/br_netfilter*.c F: net/bridge/br_netfilter*.c
NETLABEL
M: Paul Moore <paul@paul-moore.com>
W: http://netlabel.sf.net
L: netdev@vger.kernel.org
S: Maintained
F: Documentation/netlabel/
F: include/net/netlabel.h
F: net/netlabel/
NETROM NETWORK LAYER NETROM NETWORK LAYER
M: Ralf Baechle <ralf@linux-mips.org> M: Ralf Baechle <ralf@linux-mips.org>
L: linux-hams@vger.kernel.org L: linux-hams@vger.kernel.org
...@@ -9434,10 +9425,23 @@ F: net/ipv6/ ...@@ -9434,10 +9425,23 @@ F: net/ipv6/
F: include/net/ip* F: include/net/ip*
F: arch/x86/net/* F: arch/x86/net/*
NETWORKING [LABELED] (NetLabel, CIPSO, Labeled IPsec, SECMARK) NETWORKING [LABELED] (NetLabel, Labeled IPsec, SECMARK)
M: Paul Moore <paul@paul-moore.com> M: Paul Moore <paul@paul-moore.com>
W: https://github.com/netlabel
L: netdev@vger.kernel.org L: netdev@vger.kernel.org
L: linux-security-module@vger.kernel.org
S: Maintained S: Maintained
F: Documentation/netlabel/
F: include/net/calipso.h
F: include/net/cipso_ipv4.h
F: include/net/netlabel.h
F: include/uapi/linux/netfilter/xt_SECMARK.h
F: include/uapi/linux/netfilter/xt_CONNSECMARK.h
F: net/netlabel/
F: net/ipv4/cipso_ipv4.c
F: net/ipv6/calipso.c
F: net/netfilter/xt_CONNSECMARK.c
F: net/netfilter/xt_SECMARK.c
NETWORKING [TLS] NETWORKING [TLS]
M: Ilya Lesokhin <ilyal@mellanox.com> M: Ilya Lesokhin <ilyal@mellanox.com>
...@@ -12023,8 +12027,9 @@ M: Paul Moore <paul@paul-moore.com> ...@@ -12023,8 +12027,9 @@ M: Paul Moore <paul@paul-moore.com>
M: Stephen Smalley <sds@tycho.nsa.gov> M: Stephen Smalley <sds@tycho.nsa.gov>
M: Eric Paris <eparis@parisplace.org> M: Eric Paris <eparis@parisplace.org>
L: selinux@tycho.nsa.gov (moderated for non-subscribers) L: selinux@tycho.nsa.gov (moderated for non-subscribers)
W: http://selinuxproject.org W: https://selinuxproject.org
T: git git://git.infradead.org/users/pcmoore/selinux W: https://github.com/SELinuxProject
T: git git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
S: Supported S: Supported
F: include/linux/selinux* F: include/linux/selinux*
F: security/selinux/ F: security/selinux/
......
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
* *
* Author : Etienne BASSET <etienne.basset@ensta.org> * Author : Etienne BASSET <etienne.basset@ensta.org>
* *
* All credits to : Stephen Smalley, <sds@epoch.ncsc.mil> * All credits to : Stephen Smalley, <sds@tycho.nsa.gov>
* All BUGS to : Etienne BASSET <etienne.basset@ensta.org> * All BUGS to : Etienne BASSET <etienne.basset@ensta.org>
*/ */
#ifndef _LSM_COMMON_LOGGING_ #ifndef _LSM_COMMON_LOGGING_
......
...@@ -528,11 +528,6 @@ ...@@ -528,11 +528,6 @@
* *
* Security hooks for task operations. * Security hooks for task operations.
* *
* @task_create:
* Check permission before creating a child process. See the clone(2)
* manual page for definitions of the @clone_flags.
* @clone_flags contains the flags indicating what should be shared.
* Return 0 if permission is granted.
* @task_alloc: * @task_alloc:
* @task task being allocated. * @task task being allocated.
* @clone_flags contains the flags indicating what should be shared. * @clone_flags contains the flags indicating what should be shared.
...@@ -1505,7 +1500,6 @@ union security_list_options { ...@@ -1505,7 +1500,6 @@ union security_list_options {
int (*file_receive)(struct file *file); int (*file_receive)(struct file *file);
int (*file_open)(struct file *file, const struct cred *cred); int (*file_open)(struct file *file, const struct cred *cred);
int (*task_create)(unsigned long clone_flags);
int (*task_alloc)(struct task_struct *task, unsigned long clone_flags); int (*task_alloc)(struct task_struct *task, unsigned long clone_flags);
void (*task_free)(struct task_struct *task); void (*task_free)(struct task_struct *task);
int (*cred_alloc_blank)(struct cred *cred, gfp_t gfp); int (*cred_alloc_blank)(struct cred *cred, gfp_t gfp);
...@@ -1779,7 +1773,6 @@ struct security_hook_heads { ...@@ -1779,7 +1773,6 @@ struct security_hook_heads {
struct list_head file_send_sigiotask; struct list_head file_send_sigiotask;
struct list_head file_receive; struct list_head file_receive;
struct list_head file_open; struct list_head file_open;
struct list_head task_create;
struct list_head task_alloc; struct list_head task_alloc;
struct list_head task_free; struct list_head task_free;
struct list_head cred_alloc_blank; struct list_head cred_alloc_blank;
......
...@@ -318,7 +318,6 @@ int security_file_send_sigiotask(struct task_struct *tsk, ...@@ -318,7 +318,6 @@ int security_file_send_sigiotask(struct task_struct *tsk,
struct fown_struct *fown, int sig); struct fown_struct *fown, int sig);
int security_file_receive(struct file *file); int security_file_receive(struct file *file);
int security_file_open(struct file *file, const struct cred *cred); int security_file_open(struct file *file, const struct cred *cred);
int security_task_create(unsigned long clone_flags);
int security_task_alloc(struct task_struct *task, unsigned long clone_flags); int security_task_alloc(struct task_struct *task, unsigned long clone_flags);
void security_task_free(struct task_struct *task); void security_task_free(struct task_struct *task);
int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
...@@ -880,11 +879,6 @@ static inline int security_file_open(struct file *file, ...@@ -880,11 +879,6 @@ static inline int security_file_open(struct file *file,
return 0; return 0;
} }
static inline int security_task_create(unsigned long clone_flags)
{
return 0;
}
static inline int security_task_alloc(struct task_struct *task, static inline int security_task_alloc(struct task_struct *task,
unsigned long clone_flags) unsigned long clone_flags)
{ {
......
...@@ -1569,10 +1569,6 @@ static __latent_entropy struct task_struct *copy_process( ...@@ -1569,10 +1569,6 @@ static __latent_entropy struct task_struct *copy_process(
return ERR_PTR(-EINVAL); return ERR_PTR(-EINVAL);
} }
retval = security_task_create(clone_flags);
if (retval)
goto fork_out;
retval = -ENOMEM; retval = -ENOMEM;
p = dup_task_struct(current, node); p = dup_task_struct(current, node);
if (!p) if (!p)
......
...@@ -129,11 +129,16 @@ int main(int argc, char *argv[]) ...@@ -129,11 +129,16 @@ int main(int argc, char *argv[])
for (i = 0; secclass_map[i].name; i++) { for (i = 0; secclass_map[i].name; i++) {
struct security_class_mapping *map = &secclass_map[i]; struct security_class_mapping *map = &secclass_map[i];
for (j = 0; map->perms[j]; j++) { for (j = 0; map->perms[j]; j++) {
if (j >= 32) {
fprintf(stderr, "Too many permissions to fit into an access vector at (%s, %s).\n",
map->name, map->perms[j]);
exit(5);
}
fprintf(fout, "#define %s__%s", map->name, fprintf(fout, "#define %s__%s", map->name,
map->perms[j]); map->perms[j]);
for (k = 0; k < max(1, 40 - strlen(map->name) - strlen(map->perms[j])); k++) for (k = 0; k < max(1, 40 - strlen(map->name) - strlen(map->perms[j])); k++)
fprintf(fout, " "); fprintf(fout, " ");
fprintf(fout, "0x%08xUL\n", (1<<j)); fprintf(fout, "0x%08xU\n", (1<<j));
} }
} }
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
* common LSM auditing functions * common LSM auditing functions
* *
* Based on code written for SELinux by : * Based on code written for SELinux by :
* Stephen Smalley, <sds@epoch.ncsc.mil> * Stephen Smalley, <sds@tycho.nsa.gov>
* James Morris <jmorris@redhat.com> * James Morris <jmorris@redhat.com>
* Author : Etienne Basset, <etienne.basset@ensta.org> * Author : Etienne Basset, <etienne.basset@ensta.org>
* *
......
...@@ -974,11 +974,6 @@ int security_file_open(struct file *file, const struct cred *cred) ...@@ -974,11 +974,6 @@ int security_file_open(struct file *file, const struct cred *cred)
return fsnotify_perm(file, MAY_OPEN); return fsnotify_perm(file, MAY_OPEN);
} }
int security_task_create(unsigned long clone_flags)
{
return call_int_hook(task_create, 0, clone_flags);
}
int security_task_alloc(struct task_struct *task, unsigned long clone_flags) int security_task_alloc(struct task_struct *task, unsigned long clone_flags)
{ {
return call_int_hook(task_alloc, 0, task, clone_flags); return call_int_hook(task_alloc, 0, task, clone_flags);
......
/* /*
* Implementation of the kernel access vector cache (AVC). * Implementation of the kernel access vector cache (AVC).
* *
* Authors: Stephen Smalley, <sds@epoch.ncsc.mil> * Authors: Stephen Smalley, <sds@tycho.nsa.gov>
* James Morris <jmorris@redhat.com> * James Morris <jmorris@redhat.com>
* *
* Update: KaiGai, Kohei <kaigai@ak.jp.nec.com> * Update: KaiGai, Kohei <kaigai@ak.jp.nec.com>
...@@ -346,27 +346,26 @@ static struct avc_xperms_decision_node ...@@ -346,27 +346,26 @@ static struct avc_xperms_decision_node
struct avc_xperms_decision_node *xpd_node; struct avc_xperms_decision_node *xpd_node;
struct extended_perms_decision *xpd; struct extended_perms_decision *xpd;
xpd_node = kmem_cache_zalloc(avc_xperms_decision_cachep, xpd_node = kmem_cache_zalloc(avc_xperms_decision_cachep, GFP_NOWAIT);
GFP_ATOMIC | __GFP_NOMEMALLOC);
if (!xpd_node) if (!xpd_node)
return NULL; return NULL;
xpd = &xpd_node->xpd; xpd = &xpd_node->xpd;
if (which & XPERMS_ALLOWED) { if (which & XPERMS_ALLOWED) {
xpd->allowed = kmem_cache_zalloc(avc_xperms_data_cachep, xpd->allowed = kmem_cache_zalloc(avc_xperms_data_cachep,
GFP_ATOMIC | __GFP_NOMEMALLOC); GFP_NOWAIT);
if (!xpd->allowed) if (!xpd->allowed)
goto error; goto error;
} }
if (which & XPERMS_AUDITALLOW) { if (which & XPERMS_AUDITALLOW) {
xpd->auditallow = kmem_cache_zalloc(avc_xperms_data_cachep, xpd->auditallow = kmem_cache_zalloc(avc_xperms_data_cachep,
GFP_ATOMIC | __GFP_NOMEMALLOC); GFP_NOWAIT);
if (!xpd->auditallow) if (!xpd->auditallow)
goto error; goto error;
} }
if (which & XPERMS_DONTAUDIT) { if (which & XPERMS_DONTAUDIT) {
xpd->dontaudit = kmem_cache_zalloc(avc_xperms_data_cachep, xpd->dontaudit = kmem_cache_zalloc(avc_xperms_data_cachep,
GFP_ATOMIC | __GFP_NOMEMALLOC); GFP_NOWAIT);
if (!xpd->dontaudit) if (!xpd->dontaudit)
goto error; goto error;
} }
...@@ -394,8 +393,7 @@ static struct avc_xperms_node *avc_xperms_alloc(void) ...@@ -394,8 +393,7 @@ static struct avc_xperms_node *avc_xperms_alloc(void)
{ {
struct avc_xperms_node *xp_node; struct avc_xperms_node *xp_node;
xp_node = kmem_cache_zalloc(avc_xperms_cachep, xp_node = kmem_cache_zalloc(avc_xperms_cachep, GFP_NOWAIT);
GFP_ATOMIC|__GFP_NOMEMALLOC);
if (!xp_node) if (!xp_node)
return xp_node; return xp_node;
INIT_LIST_HEAD(&xp_node->xpd_head); INIT_LIST_HEAD(&xp_node->xpd_head);
...@@ -548,7 +546,7 @@ static struct avc_node *avc_alloc_node(void) ...@@ -548,7 +546,7 @@ static struct avc_node *avc_alloc_node(void)
{ {
struct avc_node *node; struct avc_node *node;
node = kmem_cache_zalloc(avc_node_cachep, GFP_ATOMIC|__GFP_NOMEMALLOC); node = kmem_cache_zalloc(avc_node_cachep, GFP_NOWAIT);
if (!node) if (!node)
goto out; goto out;
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
* *
* This file contains the SELinux hook function implementations. * This file contains the SELinux hook function implementations.
* *
* Authors: Stephen Smalley, <sds@epoch.ncsc.mil> * Authors: Stephen Smalley, <sds@tycho.nsa.gov>
* Chris Vance, <cvance@nai.com> * Chris Vance, <cvance@nai.com>
* Wayne Salamon, <wsalamon@nai.com> * Wayne Salamon, <wsalamon@nai.com>
* James Morris <jmorris@redhat.com> * James Morris <jmorris@redhat.com>
...@@ -815,7 +815,9 @@ static int selinux_set_mnt_opts(struct super_block *sb, ...@@ -815,7 +815,9 @@ static int selinux_set_mnt_opts(struct super_block *sb,
if (!strcmp(sb->s_type->name, "debugfs") || if (!strcmp(sb->s_type->name, "debugfs") ||
!strcmp(sb->s_type->name, "tracefs") || !strcmp(sb->s_type->name, "tracefs") ||
!strcmp(sb->s_type->name, "sysfs") || !strcmp(sb->s_type->name, "sysfs") ||
!strcmp(sb->s_type->name, "pstore")) !strcmp(sb->s_type->name, "pstore") ||
!strcmp(sb->s_type->name, "cgroup") ||
!strcmp(sb->s_type->name, "cgroup2"))
sbsec->flags |= SE_SBGENFS; sbsec->flags |= SE_SBGENFS;
if (!sbsec->behavior) { if (!sbsec->behavior) {
...@@ -1303,6 +1305,7 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc ...@@ -1303,6 +1305,7 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
case SOCK_SEQPACKET: case SOCK_SEQPACKET:
return SECCLASS_UNIX_STREAM_SOCKET; return SECCLASS_UNIX_STREAM_SOCKET;
case SOCK_DGRAM: case SOCK_DGRAM:
case SOCK_RAW:
return SECCLASS_UNIX_DGRAM_SOCKET; return SECCLASS_UNIX_DGRAM_SOCKET;
} }
break; break;
...@@ -2317,6 +2320,7 @@ static int check_nnp_nosuid(const struct linux_binprm *bprm, ...@@ -2317,6 +2320,7 @@ static int check_nnp_nosuid(const struct linux_binprm *bprm,
int nnp = (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS); int nnp = (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS);
int nosuid = !mnt_may_suid(bprm->file->f_path.mnt); int nosuid = !mnt_may_suid(bprm->file->f_path.mnt);
int rc; int rc;
u32 av;
if (!nnp && !nosuid) if (!nnp && !nosuid)
return 0; /* neither NNP nor nosuid */ return 0; /* neither NNP nor nosuid */
...@@ -2325,24 +2329,40 @@ static int check_nnp_nosuid(const struct linux_binprm *bprm, ...@@ -2325,24 +2329,40 @@ static int check_nnp_nosuid(const struct linux_binprm *bprm,
return 0; /* No change in credentials */ return 0; /* No change in credentials */
/* /*
* The only transitions we permit under NNP or nosuid * If the policy enables the nnp_nosuid_transition policy capability,
* are transitions to bounded SIDs, i.e. SIDs that are * then we permit transitions under NNP or nosuid if the
* guaranteed to only be allowed a subset of the permissions * policy allows the corresponding permission between
* of the current SID. * the old and new contexts.
*/ */
rc = security_bounded_transition(old_tsec->sid, new_tsec->sid); if (selinux_policycap_nnp_nosuid_transition) {
if (rc) { av = 0;
/*
* On failure, preserve the errno values for NNP vs nosuid.
* NNP: Operation not permitted for caller.
* nosuid: Permission denied to file.
*/
if (nnp) if (nnp)
return -EPERM; av |= PROCESS2__NNP_TRANSITION;
else if (nosuid)
return -EACCES; av |= PROCESS2__NOSUID_TRANSITION;
rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
SECCLASS_PROCESS2, av, NULL);
if (!rc)
return 0;
} }
return 0;
/*
* We also permit NNP or nosuid transitions to bounded SIDs,
* i.e. SIDs that are guaranteed to only be allowed a subset
* of the permissions of the current SID.
*/
rc = security_bounded_transition(old_tsec->sid, new_tsec->sid);
if (!rc)
return 0;
/*
* On failure, preserve the errno values for NNP vs nosuid.
* NNP: Operation not permitted for caller.
* nosuid: Permission denied to file.
*/
if (nnp)
return -EPERM;
return -EACCES;
} }
static int selinux_bprm_set_creds(struct linux_binprm *bprm) static int selinux_bprm_set_creds(struct linux_binprm *bprm)
......
/* /*
* Access vector cache interface for object managers. * Access vector cache interface for object managers.
* *
* Author : Stephen Smalley, <sds@epoch.ncsc.mil> * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/ */
#ifndef _SELINUX_AVC_H_ #ifndef _SELINUX_AVC_H_
#define _SELINUX_AVC_H_ #define _SELINUX_AVC_H_
......
/* /*
* Access vector cache interface for the security server. * Access vector cache interface for the security server.
* *
* Author : Stephen Smalley, <sds@epoch.ncsc.mil> * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/ */
#ifndef _SELINUX_AVC_SS_H_ #ifndef _SELINUX_AVC_SS_H_
#define _SELINUX_AVC_SS_H_ #define _SELINUX_AVC_SS_H_
......
...@@ -48,6 +48,8 @@ struct security_class_mapping secclass_map[] = { ...@@ -48,6 +48,8 @@ struct security_class_mapping secclass_map[] = {
"setrlimit", "rlimitinh", "dyntransition", "setcurrent", "setrlimit", "rlimitinh", "dyntransition", "setcurrent",
"execmem", "execstack", "execheap", "setkeycreate", "execmem", "execstack", "execheap", "setkeycreate",
"setsockcreate", "getrlimit", NULL } }, "setsockcreate", "getrlimit", NULL } },
{ "process2",
{ "nnp_transition", "nosuid_transition", NULL } },
{ "system", { "system",
{ "ipc_info", "syslog_read", "syslog_mod", { "ipc_info", "syslog_read", "syslog_mod",
"syslog_console", "module_request", "module_load", NULL } }, "syslog_console", "module_request", "module_load", NULL } },
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
* *
* This file contains the SELinux security data structures for kernel objects. * This file contains the SELinux security data structures for kernel objects.
* *
* Author(s): Stephen Smalley, <sds@epoch.ncsc.mil> * Author(s): Stephen Smalley, <sds@tycho.nsa.gov>
* Chris Vance, <cvance@nai.com> * Chris Vance, <cvance@nai.com>
* Wayne Salamon, <wsalamon@nai.com> * Wayne Salamon, <wsalamon@nai.com>
* James Morris <jmorris@redhat.com> * James Morris <jmorris@redhat.com>
......
/* /*
* Security server interface. * Security server interface.
* *
* Author : Stephen Smalley, <sds@epoch.ncsc.mil> * Author : Stephen Smalley, <sds@tycho.nsa.gov>
* *
*/ */
...@@ -73,6 +73,7 @@ enum { ...@@ -73,6 +73,7 @@ enum {
POLICYDB_CAPABILITY_EXTSOCKCLASS, POLICYDB_CAPABILITY_EXTSOCKCLASS,
POLICYDB_CAPABILITY_ALWAYSNETWORK, POLICYDB_CAPABILITY_ALWAYSNETWORK,
POLICYDB_CAPABILITY_CGROUPSECLABEL, POLICYDB_CAPABILITY_CGROUPSECLABEL,
POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION,
__POLICYDB_CAPABILITY_MAX __POLICYDB_CAPABILITY_MAX
}; };
#define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1) #define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1)
...@@ -84,6 +85,7 @@ extern int selinux_policycap_openperm; ...@@ -84,6 +85,7 @@ extern int selinux_policycap_openperm;
extern int selinux_policycap_extsockclass; extern int selinux_policycap_extsockclass;
extern int selinux_policycap_alwaysnetwork; extern int selinux_policycap_alwaysnetwork;
extern int selinux_policycap_cgroupseclabel; extern int selinux_policycap_cgroupseclabel;
extern int selinux_policycap_nnp_nosuid_transition;
/* /*
* type_datum properties * type_datum properties
......
/* /*
* Implementation of the access vector table type. * Implementation of the access vector table type.
* *
* Author : Stephen Smalley, <sds@epoch.ncsc.mil> * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/ */
/* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> /* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
......
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
* table is used to represent the type enforcement * table is used to represent the type enforcement
* tables. * tables.
* *
* Author : Stephen Smalley, <sds@epoch.ncsc.mil> * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/ */
/* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> /* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
......
...@@ -10,7 +10,7 @@ ...@@ -10,7 +10,7 @@
* process from labeling an object with a different user * process from labeling an object with a different user
* identity. * identity.
* *
* Author : Stephen Smalley, <sds@epoch.ncsc.mil> * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/ */
#ifndef _SS_CONSTRAINT_H_ #ifndef _SS_CONSTRAINT_H_
#define _SS_CONSTRAINT_H_ #define _SS_CONSTRAINT_H_
......
...@@ -10,7 +10,7 @@ ...@@ -10,7 +10,7 @@
* security server and can be changed without affecting * security server and can be changed without affecting
* clients of the security server. * clients of the security server.
* *
* Author : Stephen Smalley, <sds@epoch.ncsc.mil> * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/ */
#ifndef _SS_CONTEXT_H_ #ifndef _SS_CONTEXT_H_
#define _SS_CONTEXT_H_ #define _SS_CONTEXT_H_
......
/* /*
* Implementation of the extensible bitmap type. * Implementation of the extensible bitmap type.
* *
* Author : Stephen Smalley, <sds@epoch.ncsc.mil> * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/ */
/* /*
* Updated: Hewlett-Packard <paul@paul-moore.com> * Updated: Hewlett-Packard <paul@paul-moore.com>
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
* an explicitly specified starting bit position within * an explicitly specified starting bit position within
* the total bitmap. * the total bitmap.
* *
* Author : Stephen Smalley, <sds@epoch.ncsc.mil> * Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/ */
#ifndef _SS_EBITMAP_H_ #ifndef _SS_EBITMAP_H_