[deb_xorg-server.git] / Xext / xselinux_label.c

/************************************************************

Author: Eamon Walsh <ewalsh@tycho.nsa.gov>

Permission to use, copy, modify, distribute, and sell this software and its
documentation for any purpose is hereby granted without fee, provided that
this permission notice appear in supporting documentation.  This permission
notice shall be included in all copies or substantial portions of the
Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

********************************************************/

#ifdef HAVE_DIX_CONFIG_H
#include <dix-config.h>
#endif

#include <selinux/label.h>

#include "registry.h"
#include "xselinuxint.h"

/* selection and property atom cache */
typedef struct {
    SELinuxObjectRec prp;
    SELinuxObjectRec sel;
} SELinuxAtomRec;

/* dynamic array */
typedef struct {
    unsigned size;
    void **array;
} SELinuxArrayRec;

/* labeling handle */
static struct selabel_handle *label_hnd;

/* Array of object classes indexed by resource type */
SELinuxArrayRec arr_types;

/* Array of event SIDs indexed by event type */
SELinuxArrayRec arr_events;

/* Array of property and selection SID structures */
SELinuxArrayRec arr_atoms;

/*
 * Dynamic array helpers
 */
static void *
SELinuxArrayGet(SELinuxArrayRec * rec, unsigned key)
{
    return (rec->size > key) ? rec->array[key] : 0;
}

static int
SELinuxArraySet(SELinuxArrayRec * rec, unsigned key, void *val)
{
    if (key >= rec->size) {
        /* Need to increase size of array */
        rec->array = realloc(rec->array, (key + 1) * sizeof(val));
        if (!rec->array)
            return FALSE;
        memset(rec->array + rec->size, 0, (key - rec->size + 1) * sizeof(val));
        rec->size = key + 1;
    }

    rec->array[key] = val;
    return TRUE;
}

static void
SELinuxArrayFree(SELinuxArrayRec * rec, int free_elements)
{
    if (free_elements) {
        unsigned i = rec->size;

        while (i)
            free(rec->array[--i]);
    }

    free(rec->array);
    rec->size = 0;
    rec->array = NULL;
}

/*
 * Looks up a name in the selection or property mappings
 */
static int
SELinuxAtomToSIDLookup(Atom atom, SELinuxObjectRec * obj, int map, int polymap)
{
    const char *name = NameForAtom(atom);
    security_context_t ctx;
    int rc = Success;

    obj->poly = 1;

    /* Look in the mappings of names to contexts */
    if (selabel_lookup_raw(label_hnd, &ctx, name, map) == 0) {
        obj->poly = 0;
    }
    else if (errno != ENOENT) {
        ErrorF("SELinux: a property label lookup failed!\n");
        return BadValue;
    }
    else if (selabel_lookup_raw(label_hnd, &ctx, name, polymap) < 0) {
        ErrorF("SELinux: a property label lookup failed!\n");
        return BadValue;
    }

    /* Get a SID for context */
    if (avc_context_to_sid_raw(ctx, &obj->sid) < 0) {
        ErrorF("SELinux: a context_to_SID_raw call failed!\n");
        rc = BadAlloc;
    }

    freecon(ctx);
    return rc;
}

/*
 * Looks up the SID corresponding to the given property or selection atom
 */
int
SELinuxAtomToSID(Atom atom, int prop, SELinuxObjectRec ** obj_rtn)
{
    SELinuxAtomRec *rec;
    SELinuxObjectRec *obj;
    int rc, map, polymap;

    rec = SELinuxArrayGet(&arr_atoms, atom);
    if (!rec) {
        rec = calloc(1, sizeof(SELinuxAtomRec));
        if (!rec || !SELinuxArraySet(&arr_atoms, atom, rec))
            return BadAlloc;
    }

    if (prop) {
        obj = &rec->prp;
        map = SELABEL_X_PROP;
        polymap = SELABEL_X_POLYPROP;
    }
    else {
        obj = &rec->sel;
        map = SELABEL_X_SELN;
        polymap = SELABEL_X_POLYSELN;
    }

    if (!obj->sid) {
        rc = SELinuxAtomToSIDLookup(atom, obj, map, polymap);
        if (rc != Success)
            goto out;
    }

    *obj_rtn = obj;
    rc = Success;
 out:
    return rc;
}

/*
 * Looks up a SID for a selection/subject pair
 */
int
SELinuxSelectionToSID(Atom selection, SELinuxSubjectRec * subj,
                      security_id_t * sid_rtn, int *poly_rtn)
{
    int rc;
    SELinuxObjectRec *obj;
    security_id_t tsid;

    /* Get the default context and polyinstantiation bit */
    rc = SELinuxAtomToSID(selection, 0, &obj);
    if (rc != Success)
        return rc;

    /* Check for an override context next */
    if (subj->sel_use_sid) {
        tsid = subj->sel_use_sid;
        goto out;
    }

    tsid = obj->sid;

    /* Polyinstantiate if necessary to obtain the final SID */
    if (obj->poly && avc_compute_member(subj->sid, obj->sid,
                                        SECCLASS_X_SELECTION, &tsid) < 0) {
        ErrorF("SELinux: a compute_member call failed!\n");
        return BadValue;
    }
 out:
    *sid_rtn = tsid;
    if (poly_rtn)
        *poly_rtn = obj->poly;
    return Success;
}

/*
 * Looks up a SID for a property/subject pair
 */
int
SELinuxPropertyToSID(Atom property, SELinuxSubjectRec * subj,
                     security_id_t * sid_rtn, int *poly_rtn)
{
    int rc;
    SELinuxObjectRec *obj;
    security_id_t tsid, tsid2;

    /* Get the default context and polyinstantiation bit */
    rc = SELinuxAtomToSID(property, 1, &obj);
    if (rc != Success)
        return rc;

    /* Check for an override context next */
    if (subj->prp_use_sid) {
        tsid = subj->prp_use_sid;
        goto out;
    }

    /* Perform a transition */
    if (avc_compute_create(subj->sid, obj->sid, SECCLASS_X_PROPERTY, &tsid) < 0) {
        ErrorF("SELinux: a compute_create call failed!\n");
        return BadValue;
    }

    /* Polyinstantiate if necessary to obtain the final SID */
    if (obj->poly) {
        tsid2 = tsid;
        if (avc_compute_member(subj->sid, tsid2,
                               SECCLASS_X_PROPERTY, &tsid) < 0) {
            ErrorF("SELinux: a compute_member call failed!\n");
            return BadValue;
        }
    }
 out:
    *sid_rtn = tsid;
    if (poly_rtn)
        *poly_rtn = obj->poly;
    return Success;
}

/*
 * Looks up the SID corresponding to the given event type
 */
int
SELinuxEventToSID(unsigned type, security_id_t sid_of_window,
                  SELinuxObjectRec * sid_return)
{
    const char *name = LookupEventName(type);
    security_id_t sid;
    security_context_t ctx;

    type &= 127;

    sid = SELinuxArrayGet(&arr_events, type);
    if (!sid) {
        /* Look in the mappings of event names to contexts */
        if (selabel_lookup_raw(label_hnd, &ctx, name, SELABEL_X_EVENT) < 0) {
            ErrorF("SELinux: an event label lookup failed!\n");
            return BadValue;
        }
        /* Get a SID for context */
        if (avc_context_to_sid_raw(ctx, &sid) < 0) {
            ErrorF("SELinux: a context_to_SID_raw call failed!\n");
            freecon(ctx);
            return BadAlloc;
        }
        freecon(ctx);
        /* Cache the SID value */
        if (!SELinuxArraySet(&arr_events, type, sid))
            return BadAlloc;
    }

    /* Perform a transition to obtain the final SID */
    if (avc_compute_create(sid_of_window, sid, SECCLASS_X_EVENT,
                           &sid_return->sid) < 0) {
        ErrorF("SELinux: a compute_create call failed!\n");
        return BadValue;
    }

    return Success;
}

int
SELinuxExtensionToSID(const char *name, security_id_t * sid_rtn)
{
    security_context_t ctx;

    /* Look in the mappings of extension names to contexts */
    if (selabel_lookup_raw(label_hnd, &ctx, name, SELABEL_X_EXT) < 0) {
        ErrorF("SELinux: a property label lookup failed!\n");
        return BadValue;
    }
    /* Get a SID for context */
    if (avc_context_to_sid_raw(ctx, sid_rtn) < 0) {
        ErrorF("SELinux: a context_to_SID_raw call failed!\n");
        freecon(ctx);
        return BadAlloc;
    }
    freecon(ctx);
    return Success;
}

/*
 * Returns the object class corresponding to the given resource type.
 */
security_class_t
SELinuxTypeToClass(RESTYPE type)
{
    void *tmp;

    tmp = SELinuxArrayGet(&arr_types, type & TypeMask);
    if (!tmp) {
        unsigned long class = SECCLASS_X_RESOURCE;

        if (type & RC_DRAWABLE)
            class = SECCLASS_X_DRAWABLE;
        else if (type == RT_GC)
            class = SECCLASS_X_GC;
        else if (type == RT_FONT)
            class = SECCLASS_X_FONT;
        else if (type == RT_CURSOR)
            class = SECCLASS_X_CURSOR;
        else if (type == RT_COLORMAP)
            class = SECCLASS_X_COLORMAP;
        else {
            /* Need to do a string lookup */
            const char *str = LookupResourceName(type);

            if (!strcmp(str, "PICTURE"))
                class = SECCLASS_X_DRAWABLE;
            else if (!strcmp(str, "GLYPHSET"))
                class = SECCLASS_X_FONT;
        }

        tmp = (void *) class;
        SELinuxArraySet(&arr_types, type & TypeMask, tmp);
    }

    return (security_class_t) (unsigned long) tmp;
}

security_context_t
SELinuxDefaultClientLabel(void)
{
    security_context_t ctx;

    if (selabel_lookup_raw(label_hnd, &ctx, "remote", SELABEL_X_CLIENT) < 0)
        FatalError("SELinux: failed to look up remote-client context\n");

    return ctx;
}

void
SELinuxLabelInit(void)
{
    struct selinux_opt selabel_option = { SELABEL_OPT_VALIDATE, (char *) 1 };

    label_hnd = selabel_open(SELABEL_CTX_X, &selabel_option, 1);
    if (!label_hnd)
        FatalError("SELinux: Failed to open x_contexts mapping in policy\n");
}

void
SELinuxLabelReset(void)
{
    selabel_close(label_hnd);
    label_hnd = NULL;

    /* Free local state */
    SELinuxArrayFree(&arr_types, 0);
    SELinuxArrayFree(&arr_events, 0);
    SELinuxArrayFree(&arr_atoms, 1);
}
Commit	Line	Data
a09e091a JB	1	/************************************************************
	2
	3	Author: Eamon Walsh <ewalsh@tycho.nsa.gov>
	4
	5	Permission to use, copy, modify, distribute, and sell this software and its
	6	documentation for any purpose is hereby granted without fee, provided that
	7	this permission notice appear in supporting documentation. This permission
	8	notice shall be included in all copies or substantial portions of the
	9	Software.
	10
	11	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	12	IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	13	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	14	AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
	15	AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
	16	CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
	17
	18	********************************************************/
	19
	20	#ifdef HAVE_DIX_CONFIG_H
	21	#include <dix-config.h>
	22	#endif
	23
	24	#include <selinux/label.h>
	25
	26	#include "registry.h"
	27	#include "xselinuxint.h"
	28
	29	/* selection and property atom cache */
	30	typedef struct {
	31	SELinuxObjectRec prp;
	32	SELinuxObjectRec sel;
	33	} SELinuxAtomRec;
	34
	35	/* dynamic array */
	36	typedef struct {
	37	unsigned size;
	38	void **array;
	39	} SELinuxArrayRec;
	40
	41	/* labeling handle */
	42	static struct selabel_handle *label_hnd;
	43
	44	/* Array of object classes indexed by resource type */
	45	SELinuxArrayRec arr_types;
	46
	47	/* Array of event SIDs indexed by event type */
	48	SELinuxArrayRec arr_events;
	49
	50	/* Array of property and selection SID structures */
	51	SELinuxArrayRec arr_atoms;
	52
	53	/*
	54	* Dynamic array helpers
	55	*/
	56	static void *
	57	SELinuxArrayGet(SELinuxArrayRec * rec, unsigned key)
	58	{
	59	return (rec->size > key) ? rec->array[key] : 0;
	60	}
	61
	62	static int
	63	SELinuxArraySet(SELinuxArrayRec * rec, unsigned key, void *val)
	64	{
65	if (key >= rec->size) {
66	/* Need to increase size of array */
67	rec->array = realloc(rec->array, (key + 1) * sizeof(val));
68	if (!rec->array)
69	return FALSE;
70	memset(rec->array + rec->size, 0, (key - rec->size + 1) * sizeof(val));
71	rec->size = key + 1;
72	}
73
74	rec->array[key] = val;
75	return TRUE;
76	}
77
78	static void
79	SELinuxArrayFree(SELinuxArrayRec * rec, int free_elements)
80	{
81	if (free_elements) {
82	unsigned i = rec->size;
83
84	while (i)
85	free(rec->array[--i]);
86	}
87
88	free(rec->array);
89	rec->size = 0;
90	rec->array = NULL;
91	}
92
93	/*
94	* Looks up a name in the selection or property mappings
95	*/
96	static int
97	SELinuxAtomToSIDLookup(Atom atom, SELinuxObjectRec * obj, int map, int polymap)
98	{
99	const char *name = NameForAtom(atom);
100	security_context_t ctx;
101	int rc = Success;
102
103	obj->poly = 1;
104
105	/* Look in the mappings of names to contexts */
106	if (selabel_lookup_raw(label_hnd, &ctx, name, map) == 0) {
107	obj->poly = 0;
108	}
109	else if (errno != ENOENT) {
110	ErrorF("SELinux: a property label lookup failed!\n");
111	return BadValue;
112	}
113	else if (selabel_lookup_raw(label_hnd, &ctx, name, polymap) < 0) {
114	ErrorF("SELinux: a property label lookup failed!\n");
115	return BadValue;
116	}
117
118	/* Get a SID for context */
119	if (avc_context_to_sid_raw(ctx, &obj->sid) < 0) {
120	ErrorF("SELinux: a context_to_SID_raw call failed!\n");
121	rc = BadAlloc;
122	}
123
124	freecon(ctx);
125	return rc;
126	}
127
128	/*
129	* Looks up the SID corresponding to the given property or selection atom
130	*/
131	int
132	SELinuxAtomToSID(Atom atom, int prop, SELinuxObjectRec ** obj_rtn)
133	{
134	SELinuxAtomRec *rec;
135	SELinuxObjectRec *obj;
136	int rc, map, polymap;
137
138	rec = SELinuxArrayGet(&arr_atoms, atom);
139	if (!rec) {
140	rec = calloc(1, sizeof(SELinuxAtomRec));
141	if (!rec \|\| !SELinuxArraySet(&arr_atoms, atom, rec))
142	return BadAlloc;
143	}
144
145	if (prop) {
146	obj = &rec->prp;
147	map = SELABEL_X_PROP;
148	polymap = SELABEL_X_POLYPROP;
149	}
150	else {
151	obj = &rec->sel;
152	map = SELABEL_X_SELN;
153	polymap = SELABEL_X_POLYSELN;
154	}
155
156	if (!obj->sid) {
157	rc = SELinuxAtomToSIDLookup(atom, obj, map, polymap);
158	if (rc != Success)
159	goto out;
160	}
161
162	*obj_rtn = obj;
163	rc = Success;
164	out:
165	return rc;
166	}
167
168	/*
169	* Looks up a SID for a selection/subject pair
170	*/
171	int
172	SELinuxSelectionToSID(Atom selection, SELinuxSubjectRec * subj,
173	security_id_t * sid_rtn, int *poly_rtn)
174	{
175	int rc;
176	SELinuxObjectRec *obj;
177	security_id_t tsid;
178
179	/* Get the default context and polyinstantiation bit */
180	rc = SELinuxAtomToSID(selection, 0, &obj);
181	if (rc != Success)
182	return rc;
183
184	/* Check for an override context next */
185	if (subj->sel_use_sid) {
186	tsid = subj->sel_use_sid;
187	goto out;
188	}
189
190	tsid = obj->sid;
191
192	/* Polyinstantiate if necessary to obtain the final SID */
193	if (obj->poly && avc_compute_member(subj->sid, obj->sid,
194	SECCLASS_X_SELECTION, &tsid) < 0) {
195	ErrorF("SELinux: a compute_member call failed!\n");
196	return BadValue;
197	}
198	out:
199	*sid_rtn = tsid;
200	if (poly_rtn)
201	*poly_rtn = obj->poly;
202	return Success;
203	}
204
205	/*
206	* Looks up a SID for a property/subject pair
207	*/
208	int
209	SELinuxPropertyToSID(Atom property, SELinuxSubjectRec * subj,
210	security_id_t * sid_rtn, int *poly_rtn)
211	{
212	int rc;
213	SELinuxObjectRec *obj;
214	security_id_t tsid, tsid2;
215
216	/* Get the default context and polyinstantiation bit */
217	rc = SELinuxAtomToSID(property, 1, &obj);
218	if (rc != Success)
219	return rc;
220
221	/* Check for an override context next */
222	if (subj->prp_use_sid) {
223	tsid = subj->prp_use_sid;
224	goto out;
225	}
226
227	/* Perform a transition */
228	if (avc_compute_create(subj->sid, obj->sid, SECCLASS_X_PROPERTY, &tsid) < 0) {
229	ErrorF("SELinux: a compute_create call failed!\n");
230	return BadValue;
231	}
232
233	/* Polyinstantiate if necessary to obtain the final SID */
234	if (obj->poly) {
235	tsid2 = tsid;
236	if (avc_compute_member(subj->sid, tsid2,
237	SECCLASS_X_PROPERTY, &tsid) < 0) {
238	ErrorF("SELinux: a compute_member call failed!\n");
239	return BadValue;
240	}
241	}
242	out:
243	*sid_rtn = tsid;
244	if (poly_rtn)
245	*poly_rtn = obj->poly;
246	return Success;
247	}
248
249	/*
250	* Looks up the SID corresponding to the given event type
251	*/
252	int
253	SELinuxEventToSID(unsigned type, security_id_t sid_of_window,
254	SELinuxObjectRec * sid_return)
255	{
256	const char *name = LookupEventName(type);
257	security_id_t sid;
258	security_context_t ctx;
259
260	type &= 127;
261
262	sid = SELinuxArrayGet(&arr_events, type);
263	if (!sid) {
264	/* Look in the mappings of event names to contexts */
265	if (selabel_lookup_raw(label_hnd, &ctx, name, SELABEL_X_EVENT) < 0) {
266	ErrorF("SELinux: an event label lookup failed!\n");
267	return BadValue;
268	}
269	/* Get a SID for context */
270	if (avc_context_to_sid_raw(ctx, &sid) < 0) {
271	ErrorF("SELinux: a context_to_SID_raw call failed!\n");
272	freecon(ctx);
273	return BadAlloc;
274	}
275	freecon(ctx);
276	/* Cache the SID value */
277	if (!SELinuxArraySet(&arr_events, type, sid))
278	return BadAlloc;
279	}
280
281	/* Perform a transition to obtain the final SID */
282	if (avc_compute_create(sid_of_window, sid, SECCLASS_X_EVENT,
283	&sid_return->sid) < 0) {
284	ErrorF("SELinux: a compute_create call failed!\n");
285	return BadValue;
286	}
287
288	return Success;
289	}
290
291	int
292	SELinuxExtensionToSID(const char name, security_id_t sid_rtn)
293	{
294	security_context_t ctx;
295
296	/* Look in the mappings of extension names to contexts */
297	if (selabel_lookup_raw(label_hnd, &ctx, name, SELABEL_X_EXT) < 0) {
298	ErrorF("SELinux: a property label lookup failed!\n");
299	return BadValue;
300	}
301	/* Get a SID for context */
302	if (avc_context_to_sid_raw(ctx, sid_rtn) < 0) {
303	ErrorF("SELinux: a context_to_SID_raw call failed!\n");
304	freecon(ctx);
305	return BadAlloc;
306	}
307	freecon(ctx);
308	return Success;
309	}
310
311	/*
312	* Returns the object class corresponding to the given resource type.
313	*/
314	security_class_t
315	SELinuxTypeToClass(RESTYPE type)
316	{
317	void *tmp;
318
319	tmp = SELinuxArrayGet(&arr_types, type & TypeMask);
320	if (!tmp) {
321	unsigned long class = SECCLASS_X_RESOURCE;
322
323	if (type & RC_DRAWABLE)
324	class = SECCLASS_X_DRAWABLE;
325	else if (type == RT_GC)
326	class = SECCLASS_X_GC;
327	else if (type == RT_FONT)
328	class = SECCLASS_X_FONT;
329	else if (type == RT_CURSOR)
330	class = SECCLASS_X_CURSOR;
331	else if (type == RT_COLORMAP)
332	class = SECCLASS_X_COLORMAP;
333	else {
334	/* Need to do a string lookup */
335	const char *str = LookupResourceName(type);
336
337	if (!strcmp(str, "PICTURE"))
338	class = SECCLASS_X_DRAWABLE;
339	else if (!strcmp(str, "GLYPHSET"))
340	class = SECCLASS_X_FONT;
341	}
342
343	tmp = (void *) class;
344	SELinuxArraySet(&arr_types, type & TypeMask, tmp);
345	}
346
347	return (security_class_t) (unsigned long) tmp;
348	}
349
350	security_context_t
351	SELinuxDefaultClientLabel(void)
352	{
353	security_context_t ctx;
354
355	if (selabel_lookup_raw(label_hnd, &ctx, "remote", SELABEL_X_CLIENT) < 0)
356	FatalError("SELinux: failed to look up remote-client context\n");
357
358	return ctx;
359	}
360
361	void
362	SELinuxLabelInit(void)
363	{
364	struct selinux_opt selabel_option = { SELABEL_OPT_VALIDATE, (char *) 1 };
365
366	label_hnd = selabel_open(SELABEL_CTX_X, &selabel_option, 1);
367	if (!label_hnd)
368	FatalError("SELinux: Failed to open x_contexts mapping in policy\n");
369	}
370
371	void
372	SELinuxLabelReset(void)
373	{
374	selabel_close(label_hnd);
375	label_hnd = NULL;
376
377	/* Free local state */
378	SELinuxArrayFree(&arr_types, 0);
379	SELinuxArrayFree(&arr_events, 0);
380	SELinuxArrayFree(&arr_atoms, 1);
381	}