• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 #include <stdlib.h>
2 #include <string.h>
3 #include <errno.h>
4 
5 #include <sepol/policydb/policydb.h>
6 #include <sepol/policydb/services.h>
7 #include "context_internal.h"
8 
9 #include "debug.h"
10 #include "context.h"
11 #include "handle.h"
12 #include "mls.h"
13 #include "private.h"
14 
15 /* ----- Compatibility ---- */
policydb_context_isvalid(const policydb_t * p,const context_struct_t * c)16 int policydb_context_isvalid(const policydb_t * p, const context_struct_t * c)
17 {
18 
19 	return context_is_valid(p, c);
20 }
21 
sepol_check_context(const char * context)22 int sepol_check_context(const char *context)
23 {
24 
25 	return sepol_context_to_sid(context,
26 				    strlen(context) + 1, NULL);
27 }
28 
29 /* ---- End compatibility --- */
30 
31 /*
32  * Return 1 if the fields in the security context
33  * structure `c' are valid.  Return 0 otherwise.
34  */
context_is_valid(const policydb_t * p,const context_struct_t * c)35 int context_is_valid(const policydb_t * p, const context_struct_t * c)
36 {
37 
38 	role_datum_t *role;
39 	user_datum_t *usrdatum;
40 	ebitmap_t types, roles;
41 
42 	ebitmap_init(&types);
43 	ebitmap_init(&roles);
44 	if (!c->role || c->role > p->p_roles.nprim)
45 		return 0;
46 
47 	if (!c->user || c->user > p->p_users.nprim)
48 		return 0;
49 
50 	if (!c->type || c->type > p->p_types.nprim)
51 		return 0;
52 
53 	if (c->role != OBJECT_R_VAL) {
54 		/*
55 		 * Role must be authorized for the type.
56 		 */
57 		role = p->role_val_to_struct[c->role - 1];
58 		if (!role || !ebitmap_get_bit(&role->cache, c->type - 1))
59 			/* role may not be associated with type */
60 			return 0;
61 
62 		/*
63 		 * User must be authorized for the role.
64 		 */
65 		usrdatum = p->user_val_to_struct[c->user - 1];
66 		if (!usrdatum)
67 			return 0;
68 
69 		if (!ebitmap_get_bit(&usrdatum->cache, c->role - 1))
70 			/* user may not be associated with role */
71 			return 0;
72 	}
73 
74 	if (!mls_context_isvalid(p, c))
75 		return 0;
76 
77 	return 1;
78 }
79 
80 /*
81  * Write the security context string representation of
82  * the context structure `context' into a dynamically
83  * allocated string of the correct size.  Set `*scontext'
84  * to point to this string and set `*scontext_len' to
85  * the length of the string.
86  */
context_to_string(sepol_handle_t * handle,const policydb_t * policydb,const context_struct_t * context,char ** result,size_t * result_len)87 int context_to_string(sepol_handle_t * handle,
88 		      const policydb_t * policydb,
89 		      const context_struct_t * context,
90 		      char **result, size_t * result_len)
91 {
92 
93 	char *scontext = NULL;
94 	size_t scontext_len = 0;
95 	char *ptr;
96 
97 	/* Compute the size of the context. */
98 	scontext_len +=
99 	    strlen(policydb->p_user_val_to_name[context->user - 1]) + 1;
100 	scontext_len +=
101 	    strlen(policydb->p_role_val_to_name[context->role - 1]) + 1;
102 	scontext_len += strlen(policydb->p_type_val_to_name[context->type - 1]);
103 	scontext_len += mls_compute_context_len(policydb, context);
104 
105 	/* We must null terminate the string */
106 	scontext_len += 1;
107 
108 	/* Allocate space for the context; caller must free this space. */
109 	scontext = malloc(scontext_len);
110 	if (!scontext)
111 		goto omem;
112 	scontext[scontext_len - 1] = '\0';
113 
114 	/*
115 	 * Copy the user name, role name and type name into the context.
116 	 */
117 	ptr = scontext;
118 	sprintf(ptr, "%s:%s:%s",
119 		policydb->p_user_val_to_name[context->user - 1],
120 		policydb->p_role_val_to_name[context->role - 1],
121 		policydb->p_type_val_to_name[context->type - 1]);
122 
123 	ptr +=
124 	    strlen(policydb->p_user_val_to_name[context->user - 1]) + 1 +
125 	    strlen(policydb->p_role_val_to_name[context->role - 1]) + 1 +
126 	    strlen(policydb->p_type_val_to_name[context->type - 1]);
127 
128 	mls_sid_to_context(policydb, context, &ptr);
129 
130 	*result = scontext;
131 	*result_len = scontext_len;
132 	return STATUS_SUCCESS;
133 
134       omem:
135 	ERR(handle, "out of memory, could not convert " "context to string");
136 	free(scontext);
137 	return STATUS_ERR;
138 }
139 
140 /*
141  * Create a context structure from the given record
142  */
context_from_record(sepol_handle_t * handle,const policydb_t * policydb,context_struct_t ** cptr,const sepol_context_t * record)143 int context_from_record(sepol_handle_t * handle,
144 			const policydb_t * policydb,
145 			context_struct_t ** cptr,
146 			const sepol_context_t * record)
147 {
148 
149 	context_struct_t *scontext = NULL;
150 	user_datum_t *usrdatum;
151 	role_datum_t *roldatum;
152 	type_datum_t *typdatum;
153 
154 	/* Hashtab keys are not constant - suppress warnings */
155 	char *user = strdup(sepol_context_get_user(record));
156 	char *role = strdup(sepol_context_get_role(record));
157 	char *type = strdup(sepol_context_get_type(record));
158 	const char *mls = sepol_context_get_mls(record);
159 
160 	scontext = (context_struct_t *) malloc(sizeof(context_struct_t));
161 	if (!user || !role || !type || !scontext) {
162 		ERR(handle, "out of memory");
163 		goto err;
164 	}
165 	context_init(scontext);
166 
167 	/* User */
168 	usrdatum = (user_datum_t *) hashtab_search(policydb->p_users.table,
169 						   (hashtab_key_t) user);
170 	if (!usrdatum) {
171 		ERR(handle, "user %s is not defined", user);
172 		goto err_destroy;
173 	}
174 	scontext->user = usrdatum->s.value;
175 
176 	/* Role */
177 	roldatum = (role_datum_t *) hashtab_search(policydb->p_roles.table,
178 						   (hashtab_key_t) role);
179 	if (!roldatum) {
180 		ERR(handle, "role %s is not defined", role);
181 		goto err_destroy;
182 	}
183 	scontext->role = roldatum->s.value;
184 
185 	/* Type */
186 	typdatum = (type_datum_t *) hashtab_search(policydb->p_types.table,
187 						   (hashtab_key_t) type);
188 	if (!typdatum || typdatum->flavor == TYPE_ATTRIB) {
189 		ERR(handle, "type %s is not defined", type);
190 		goto err_destroy;
191 	}
192 	scontext->type = typdatum->s.value;
193 
194 	/* MLS */
195 	if (mls && !policydb->mls) {
196 		ERR(handle, "MLS is disabled, but MLS context \"%s\" found",
197 		    mls);
198 		goto err_destroy;
199 	} else if (!mls && policydb->mls) {
200 		ERR(handle, "MLS is enabled, but no MLS context found");
201 		goto err_destroy;
202 	}
203 	if (mls && (mls_from_string(handle, policydb, mls, scontext) < 0))
204 		goto err_destroy;
205 
206 	/* Validity check */
207 	if (!context_is_valid(policydb, scontext)) {
208 		if (mls) {
209 			ERR(handle,
210 			    "invalid security context: \"%s:%s:%s:%s\"",
211 			    user, role, type, mls);
212 		} else {
213 			ERR(handle,
214 			    "invalid security context: \"%s:%s:%s\"",
215 			    user, role, type);
216 		}
217 		goto err_destroy;
218 	}
219 
220 	*cptr = scontext;
221 	free(user);
222 	free(type);
223 	free(role);
224 	return STATUS_SUCCESS;
225 
226       err_destroy:
227 	errno = EINVAL;
228 	context_destroy(scontext);
229 
230       err:
231 	free(scontext);
232 	free(user);
233 	free(type);
234 	free(role);
235 	ERR(handle, "could not create context structure");
236 	return STATUS_ERR;
237 }
238 
239 /*
240  * Create a record from the given context structure
241  */
context_to_record(sepol_handle_t * handle,const policydb_t * policydb,const context_struct_t * context,sepol_context_t ** record)242 int context_to_record(sepol_handle_t * handle,
243 		      const policydb_t * policydb,
244 		      const context_struct_t * context,
245 		      sepol_context_t ** record)
246 {
247 
248 	sepol_context_t *tmp_record = NULL;
249 	char *mls = NULL;
250 
251 	if (sepol_context_create(handle, &tmp_record) < 0)
252 		goto err;
253 
254 	if (sepol_context_set_user(handle, tmp_record,
255 				   policydb->p_user_val_to_name[context->user -
256 								1]) < 0)
257 		goto err;
258 
259 	if (sepol_context_set_role(handle, tmp_record,
260 				   policydb->p_role_val_to_name[context->role -
261 								1]) < 0)
262 		goto err;
263 
264 	if (sepol_context_set_type(handle, tmp_record,
265 				   policydb->p_type_val_to_name[context->type -
266 								1]) < 0)
267 		goto err;
268 
269 	if (policydb->mls) {
270 		if (mls_to_string(handle, policydb, context, &mls) < 0)
271 			goto err;
272 
273 		if (sepol_context_set_mls(handle, tmp_record, mls) < 0)
274 			goto err;
275 	}
276 
277 	free(mls);
278 	*record = tmp_record;
279 	return STATUS_SUCCESS;
280 
281       err:
282 	ERR(handle, "could not create context record");
283 	sepol_context_free(tmp_record);
284 	free(mls);
285 	return STATUS_ERR;
286 }
287 
288 /*
289  * Create a context structure from the provided string.
290  */
context_from_string(sepol_handle_t * handle,const policydb_t * policydb,context_struct_t ** cptr,const char * con_str,size_t con_str_len)291 int context_from_string(sepol_handle_t * handle,
292 			const policydb_t * policydb,
293 			context_struct_t ** cptr,
294 			const char *con_str, size_t con_str_len)
295 {
296 
297 	char *con_cpy = NULL;
298 	sepol_context_t *ctx_record = NULL;
299 
300 	if (zero_or_saturated(con_str_len)) {
301 		ERR(handle, "Invalid context length");
302 		goto err;
303 	}
304 
305 	/* sepol_context_from_string expects a NULL-terminated string */
306 	con_cpy = malloc(con_str_len + 1);
307 	if (!con_cpy) {
308 		ERR(handle, "out of memory");
309 		goto err;
310 	}
311 
312 	memcpy(con_cpy, con_str, con_str_len);
313 	con_cpy[con_str_len] = '\0';
314 
315 	if (sepol_context_from_string(handle, con_cpy, &ctx_record) < 0)
316 		goto err;
317 
318 	/* Now create from the data structure */
319 	if (context_from_record(handle, policydb, cptr, ctx_record) < 0)
320 		goto err;
321 
322 	free(con_cpy);
323 	sepol_context_free(ctx_record);
324 	return STATUS_SUCCESS;
325 
326       err:
327 	ERR(handle, "could not create context structure");
328 	free(con_cpy);
329 	sepol_context_free(ctx_record);
330 	return STATUS_ERR;
331 }
332 
sepol_context_check(sepol_handle_t * handle,const sepol_policydb_t * policydb,const sepol_context_t * context)333 int sepol_context_check(sepol_handle_t * handle,
334 			const sepol_policydb_t * policydb,
335 			const sepol_context_t * context)
336 {
337 
338 	context_struct_t *con = NULL;
339 	int ret = context_from_record(handle, &policydb->p, &con, context);
340 	context_destroy(con);
341 	free(con);
342 	return ret;
343 }
344