• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* -*- mode: C; c-file-style: "gnu" -*-
2  * selinux.c  SELinux security checks for D-Bus
3  *
4  * Author: Matthew Rickard <mjricka@epoch.ncsc.mil>
5  *
6  * Licensed under the Academic Free License version 2.1
7  *
8  * This program is free software; you can redistribute it and/or modify
9  * it under the terms of the GNU General Public License as published by
10  * the Free Software Foundation; either version 2 of the License, or
11  * (at your option) any later version.
12  *
13  * This program is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  * GNU General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with this program; if not, write to the Free Software
20  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
21  *
22  */
23 #include <dbus/dbus-internals.h>
24 #include <dbus/dbus-string.h>
25 #include "selinux.h"
26 #include "services.h"
27 #include "policy.h"
28 #include "utils.h"
29 #include "config-parser.h"
30 
31 #ifdef HAVE_SELINUX
32 #include <errno.h>
33 #include <pthread.h>
34 #include <syslog.h>
35 #include <selinux/selinux.h>
36 #include <selinux/avc.h>
37 #include <selinux/av_permissions.h>
38 #include <selinux/flask.h>
39 #include <signal.h>
40 #include <stdarg.h>
41 #endif /* HAVE_SELINUX */
42 
43 #define BUS_SID_FROM_SELINUX(sid)  ((BusSELinuxID*) (sid))
44 #define SELINUX_SID_FROM_BUS(sid)  ((security_id_t) (sid))
45 
46 #ifdef HAVE_SELINUX
47 /* Store the value telling us if SELinux is enabled in the kernel. */
48 static dbus_bool_t selinux_enabled = FALSE;
49 
50 /* Store an avc_entry_ref to speed AVC decisions. */
51 static struct avc_entry_ref aeref;
52 
53 /* Store the SID of the bus itself to use as the default. */
54 static security_id_t bus_sid = SECSID_WILD;
55 
56 /* Thread to listen for SELinux status changes via netlink. */
57 static pthread_t avc_notify_thread;
58 
59 /* Prototypes for AVC callback functions.  */
60 static void log_callback (const char *fmt, ...);
61 static void log_audit_callback (void *data, security_class_t class, char *buf, size_t bufleft);
62 static void *avc_create_thread (void (*run) (void));
63 static void avc_stop_thread (void *thread);
64 static void *avc_alloc_lock (void);
65 static void avc_get_lock (void *lock);
66 static void avc_release_lock (void *lock);
67 static void avc_free_lock (void *lock);
68 
69 /* AVC callback structures for use in avc_init.  */
70 static const struct avc_memory_callback mem_cb =
71 {
72   .func_malloc = dbus_malloc,
73   .func_free = dbus_free
74 };
75 static const struct avc_log_callback log_cb =
76 {
77   .func_log = log_callback,
78   .func_audit = log_audit_callback
79 };
80 static const struct avc_thread_callback thread_cb =
81 {
82   .func_create_thread = avc_create_thread,
83   .func_stop_thread = avc_stop_thread
84 };
85 static const struct avc_lock_callback lock_cb =
86 {
87   .func_alloc_lock = avc_alloc_lock,
88   .func_get_lock = avc_get_lock,
89   .func_release_lock = avc_release_lock,
90   .func_free_lock = avc_free_lock
91 };
92 #endif /* HAVE_SELINUX */
93 
94 /**
95  * Log callback to log denial messages from the AVC.
96  * This is used in avc_init.  Logs to both standard
97  * error and syslogd.
98  *
99  * @param fmt the format string
100  * @param variable argument list
101  */
102 #ifdef HAVE_SELINUX
103 static void
log_callback(const char * fmt,...)104 log_callback (const char *fmt, ...)
105 {
106   va_list ap;
107   va_start(ap, fmt);
108   vsyslog (LOG_INFO, fmt, ap);
109   va_end(ap);
110 }
111 
112 /**
113  * On a policy reload we need to reparse the SELinux configuration file, since
114  * this could have changed.  Send a SIGHUP to reload all configs.
115  */
116 static int
policy_reload_callback(u_int32_t event,security_id_t ssid,security_id_t tsid,security_class_t tclass,access_vector_t perms,access_vector_t * out_retained)117 policy_reload_callback (u_int32_t event, security_id_t ssid,
118                         security_id_t tsid, security_class_t tclass,
119                         access_vector_t perms, access_vector_t *out_retained)
120 {
121   if (event == AVC_CALLBACK_RESET)
122     return raise (SIGHUP);
123 
124   return 0;
125 }
126 
127 /**
128  * Log any auxiliary data
129  */
130 static void
log_audit_callback(void * data,security_class_t class,char * buf,size_t bufleft)131 log_audit_callback (void *data, security_class_t class, char *buf, size_t bufleft)
132 {
133   DBusString *audmsg = data;
134   _dbus_string_copy_to_buffer (audmsg, buf, bufleft);
135 }
136 
137 /**
138  * Create thread to notify the AVC of enforcing and policy reload
139  * changes via netlink.
140  *
141  * @param run the thread run function
142  * @return pointer to the thread
143  */
144 static void *
avc_create_thread(void (* run)(void))145 avc_create_thread (void (*run) (void))
146 {
147   int rc;
148 
149   rc = pthread_create (&avc_notify_thread, NULL, (void *(*) (void *)) run, NULL);
150   if (rc != 0)
151     {
152       _dbus_warn ("Failed to start AVC thread: %s\n", _dbus_strerror (rc));
153       exit (1);
154     }
155   return &avc_notify_thread;
156 }
157 
158 /* Stop AVC netlink thread.  */
159 static void
avc_stop_thread(void * thread)160 avc_stop_thread (void *thread)
161 {
162   pthread_cancel (*(pthread_t *) thread);
163 }
164 
165 /* Allocate a new AVC lock.  */
166 static void *
avc_alloc_lock(void)167 avc_alloc_lock (void)
168 {
169   pthread_mutex_t *avc_mutex;
170 
171   avc_mutex = dbus_new (pthread_mutex_t, 1);
172   if (avc_mutex == NULL)
173     {
174       _dbus_warn ("Could not create mutex: %s\n", _dbus_strerror (errno));
175       exit (1);
176     }
177   pthread_mutex_init (avc_mutex, NULL);
178 
179   return avc_mutex;
180 }
181 
182 /* Acquire an AVC lock.  */
183 static void
avc_get_lock(void * lock)184 avc_get_lock (void *lock)
185 {
186   pthread_mutex_lock (lock);
187 }
188 
189 /* Release an AVC lock.  */
190 static void
avc_release_lock(void * lock)191 avc_release_lock (void *lock)
192 {
193   pthread_mutex_unlock (lock);
194 }
195 
196 /* Free an AVC lock.  */
197 static void
avc_free_lock(void * lock)198 avc_free_lock (void *lock)
199 {
200   pthread_mutex_destroy (lock);
201   dbus_free (lock);
202 }
203 #endif /* HAVE_SELINUX */
204 
205 /**
206  * Return whether or not SELinux is enabled; must be
207  * called after bus_selinux_init.
208  */
209 dbus_bool_t
bus_selinux_enabled(void)210 bus_selinux_enabled (void)
211 {
212 #ifdef HAVE_SELINUX
213   return selinux_enabled;
214 #else
215   return FALSE;
216 #endif /* HAVE_SELINUX */
217 }
218 
219 /**
220  * Do early initialization; determine whether SELinux is enabled.
221  */
222 dbus_bool_t
bus_selinux_pre_init(void)223 bus_selinux_pre_init (void)
224 {
225 #ifdef HAVE_SELINUX
226   int r;
227   _dbus_assert (bus_sid == SECSID_WILD);
228 
229   /* Determine if we are running an SELinux kernel. */
230   r = is_selinux_enabled ();
231   if (r < 0)
232     {
233       _dbus_warn ("Could not tell if SELinux is enabled: %s\n",
234                   _dbus_strerror (errno));
235       return FALSE;
236     }
237 
238   selinux_enabled = r != 0;
239   return TRUE;
240 #else
241   return TRUE;
242 #endif
243 }
244 
245 /**
246  * Initialize the user space access vector cache (AVC) for D-Bus and set up
247  * logging callbacks.
248  */
249 dbus_bool_t
bus_selinux_full_init(void)250 bus_selinux_full_init (void)
251 {
252 #ifdef HAVE_SELINUX
253   char *bus_context;
254 
255   _dbus_assert (bus_sid == SECSID_WILD);
256 
257   if (!selinux_enabled)
258     {
259       _dbus_verbose ("SELinux not enabled in this kernel.\n");
260       return TRUE;
261     }
262 
263   _dbus_verbose ("SELinux is enabled in this kernel.\n");
264 
265   avc_entry_ref_init (&aeref);
266   if (avc_init ("avc", &mem_cb, &log_cb, &thread_cb, &lock_cb) < 0)
267     {
268       _dbus_warn ("Failed to start Access Vector Cache (AVC).\n");
269       return FALSE;
270     }
271   else
272     {
273       openlog ("dbus", LOG_PERROR, LOG_USER);
274       _dbus_verbose ("Access Vector Cache (AVC) started.\n");
275     }
276 
277   if (avc_add_callback (policy_reload_callback, AVC_CALLBACK_RESET,
278                        NULL, NULL, 0, 0) < 0)
279     {
280       _dbus_warn ("Failed to add policy reload callback: %s\n",
281                   _dbus_strerror (errno));
282       avc_destroy ();
283       return FALSE;
284     }
285 
286   bus_context = NULL;
287   bus_sid = SECSID_WILD;
288 
289   if (getcon (&bus_context) < 0)
290     {
291       _dbus_verbose ("Error getting context of bus: %s\n",
292                      _dbus_strerror (errno));
293       return FALSE;
294     }
295 
296   if (avc_context_to_sid (bus_context, &bus_sid) < 0)
297     {
298       _dbus_verbose ("Error getting SID from bus context: %s\n",
299                      _dbus_strerror (errno));
300       freecon (bus_context);
301       return FALSE;
302     }
303 
304   freecon (bus_context);
305 
306   return TRUE;
307 #else
308   return TRUE;
309 #endif /* HAVE_SELINUX */
310 }
311 
312 /**
313  * Decrement SID reference count.
314  *
315  * @param sid the SID to decrement
316  */
317 void
bus_selinux_id_unref(BusSELinuxID * sid)318 bus_selinux_id_unref (BusSELinuxID *sid)
319 {
320 #ifdef HAVE_SELINUX
321   if (!selinux_enabled)
322     return;
323 
324   _dbus_assert (sid != NULL);
325 
326   sidput (SELINUX_SID_FROM_BUS (sid));
327 #endif /* HAVE_SELINUX */
328 }
329 
330 void
bus_selinux_id_ref(BusSELinuxID * sid)331 bus_selinux_id_ref (BusSELinuxID *sid)
332 {
333 #ifdef HAVE_SELINUX
334   if (!selinux_enabled)
335     return;
336 
337   _dbus_assert (sid != NULL);
338 
339   sidget (SELINUX_SID_FROM_BUS (sid));
340 #endif /* HAVE_SELINUX */
341 }
342 
343 /**
344  * Determine if the SELinux security policy allows the given sender
345  * security context to go to the given recipient security context.
346  * This function determines if the requested permissions are to be
347  * granted from the connection to the message bus or to another
348  * optionally supplied security identifier (e.g. for a service
349  * context).  Currently these permissions are either send_msg or
350  * acquire_svc in the dbus class.
351  *
352  * @param sender_sid source security context
353  * @param override_sid is the target security context.  If SECSID_WILD this will
354  *        use the context of the bus itself (e.g. the default).
355  * @param target_class is the target security class.
356  * @param requested is the requested permissions.
357  * @returns #TRUE if security policy allows the send.
358  */
359 #ifdef HAVE_SELINUX
360 static dbus_bool_t
bus_selinux_check(BusSELinuxID * sender_sid,BusSELinuxID * override_sid,security_class_t target_class,access_vector_t requested,DBusString * auxdata)361 bus_selinux_check (BusSELinuxID        *sender_sid,
362                    BusSELinuxID        *override_sid,
363                    security_class_t     target_class,
364                    access_vector_t      requested,
365 		   DBusString          *auxdata)
366 {
367   if (!selinux_enabled)
368     return TRUE;
369 
370   /* Make the security check.  AVC checks enforcing mode here as well. */
371   if (avc_has_perm (SELINUX_SID_FROM_BUS (sender_sid),
372                     override_sid ?
373                     SELINUX_SID_FROM_BUS (override_sid) :
374                     SELINUX_SID_FROM_BUS (bus_sid),
375                     target_class, requested, &aeref, auxdata) < 0)
376     {
377       _dbus_verbose ("SELinux denying due to security policy.\n");
378       return FALSE;
379     }
380   else
381     return TRUE;
382 }
383 #endif /* HAVE_SELINUX */
384 
385 /**
386  * Returns true if the given connection can acquire a service,
387  * assuming the given security ID is needed for that service.
388  *
389  * @param connection connection that wants to own the service
390  * @param service_sid the SID of the service from the table
391  * @returns #TRUE if acquire is permitted.
392  */
393 dbus_bool_t
bus_selinux_allows_acquire_service(DBusConnection * connection,BusSELinuxID * service_sid,const char * service_name,DBusError * error)394 bus_selinux_allows_acquire_service (DBusConnection     *connection,
395                                     BusSELinuxID       *service_sid,
396 				    const char         *service_name,
397 				    DBusError          *error)
398 {
399 #ifdef HAVE_SELINUX
400   BusSELinuxID *connection_sid;
401   unsigned long spid;
402   DBusString auxdata;
403   dbus_bool_t ret;
404 
405   if (!selinux_enabled)
406     return TRUE;
407 
408   connection_sid = bus_connection_get_selinux_id (connection);
409   if (!dbus_connection_get_unix_process_id (connection, &spid))
410     spid = 0;
411 
412   if (!_dbus_string_init (&auxdata))
413     goto oom;
414 
415   if (!_dbus_string_append (&auxdata, "service="))
416     goto oom;
417 
418   if (!_dbus_string_append (&auxdata, service_name))
419     goto oom;
420 
421   if (spid)
422     {
423       if (!_dbus_string_append (&auxdata, " spid="))
424 	goto oom;
425 
426       if (!_dbus_string_append_uint (&auxdata, spid))
427 	goto oom;
428     }
429 
430   ret = bus_selinux_check (connection_sid,
431 			   service_sid,
432 			   SECCLASS_DBUS,
433 			   DBUS__ACQUIRE_SVC,
434 			   &auxdata);
435 
436   _dbus_string_free (&auxdata);
437   return ret;
438 
439  oom:
440   _dbus_string_free (&auxdata);
441   BUS_SET_OOM (error);
442   return FALSE;
443 
444 #else
445   return TRUE;
446 #endif /* HAVE_SELINUX */
447 }
448 
449 /**
450  * Check if SELinux security controls allow the message to be sent to a
451  * particular connection based on the security context of the sender and
452  * that of the receiver. The destination connection need not be the
453  * addressed recipient, it could be an "eavesdropper"
454  *
455  * @param sender the sender of the message.
456  * @param proposed_recipient the connection the message is to be sent to.
457  * @returns whether to allow the send
458  */
459 dbus_bool_t
bus_selinux_allows_send(DBusConnection * sender,DBusConnection * proposed_recipient,const char * msgtype,const char * interface,const char * member,const char * error_name,const char * destination,DBusError * error)460 bus_selinux_allows_send (DBusConnection     *sender,
461                          DBusConnection     *proposed_recipient,
462 			 const char         *msgtype,
463 			 const char         *interface,
464 			 const char         *member,
465 			 const char         *error_name,
466 			 const char         *destination,
467 			 DBusError          *error)
468 {
469 #ifdef HAVE_SELINUX
470   BusSELinuxID *recipient_sid;
471   BusSELinuxID *sender_sid;
472   unsigned long spid, tpid;
473   DBusString auxdata;
474   dbus_bool_t ret;
475   dbus_bool_t string_alloced;
476 
477   if (!selinux_enabled)
478     return TRUE;
479 
480   if (!sender || !dbus_connection_get_unix_process_id (sender, &spid))
481     spid = 0;
482   if (!proposed_recipient || !dbus_connection_get_unix_process_id (proposed_recipient, &tpid))
483     tpid = 0;
484 
485   string_alloced = FALSE;
486   if (!_dbus_string_init (&auxdata))
487     goto oom;
488   string_alloced = TRUE;
489 
490   if (!_dbus_string_append (&auxdata, "msgtype="))
491     goto oom;
492 
493   if (!_dbus_string_append (&auxdata, msgtype))
494     goto oom;
495 
496   if (interface)
497     {
498       if (!_dbus_string_append (&auxdata, " interface="))
499 	goto oom;
500       if (!_dbus_string_append (&auxdata, interface))
501 	goto oom;
502     }
503 
504   if (member)
505     {
506       if (!_dbus_string_append (&auxdata, " member="))
507 	goto oom;
508       if (!_dbus_string_append (&auxdata, member))
509 	goto oom;
510     }
511 
512   if (error_name)
513     {
514       if (!_dbus_string_append (&auxdata, " error_name="))
515 	goto oom;
516       if (!_dbus_string_append (&auxdata, error_name))
517 	goto oom;
518     }
519 
520   if (destination)
521     {
522       if (!_dbus_string_append (&auxdata, " dest="))
523 	goto oom;
524       if (!_dbus_string_append (&auxdata, destination))
525 	goto oom;
526     }
527 
528   if (spid)
529     {
530       if (!_dbus_string_append (&auxdata, " spid="))
531 	goto oom;
532 
533       if (!_dbus_string_append_uint (&auxdata, spid))
534 	goto oom;
535     }
536 
537   if (tpid)
538     {
539       if (!_dbus_string_append (&auxdata, " tpid="))
540 	goto oom;
541 
542       if (!_dbus_string_append_uint (&auxdata, tpid))
543 	goto oom;
544     }
545 
546   sender_sid = bus_connection_get_selinux_id (sender);
547   /* A NULL proposed_recipient means the bus itself. */
548   if (proposed_recipient)
549     recipient_sid = bus_connection_get_selinux_id (proposed_recipient);
550   else
551     recipient_sid = BUS_SID_FROM_SELINUX (bus_sid);
552 
553   ret = bus_selinux_check (sender_sid,
554 			   recipient_sid,
555 			   SECCLASS_DBUS,
556 			   DBUS__SEND_MSG,
557 			   &auxdata);
558 
559   _dbus_string_free (&auxdata);
560 
561   return ret;
562 
563  oom:
564   if (string_alloced)
565     _dbus_string_free (&auxdata);
566   BUS_SET_OOM (error);
567   return FALSE;
568 
569 #else
570   return TRUE;
571 #endif /* HAVE_SELINUX */
572 }
573 
574 dbus_bool_t
bus_selinux_append_context(DBusMessage * message,BusSELinuxID * sid,DBusError * error)575 bus_selinux_append_context (DBusMessage    *message,
576 			    BusSELinuxID   *sid,
577 			    DBusError      *error)
578 {
579 #ifdef HAVE_SELINUX
580   char *context;
581 
582   if (avc_sid_to_context (SELINUX_SID_FROM_BUS (sid), &context) < 0)
583     {
584       if (errno == ENOMEM)
585         BUS_SET_OOM (error);
586       else
587         dbus_set_error (error, DBUS_ERROR_FAILED,
588                         "Error getting context from SID: %s\n",
589 			_dbus_strerror (errno));
590       return FALSE;
591     }
592   if (!dbus_message_append_args (message,
593 				 DBUS_TYPE_ARRAY,
594 				 DBUS_TYPE_BYTE,
595 				 &context,
596 				 strlen (context),
597 				 DBUS_TYPE_INVALID))
598     {
599       _DBUS_SET_OOM (error);
600       return FALSE;
601     }
602   freecon (context);
603   return TRUE;
604 #else
605   return TRUE;
606 #endif
607 }
608 
609 /**
610  * Gets the security context of a connection to the bus. It is up to
611  * the caller to freecon() when they are done.
612  *
613  * @param connection the connection to get the context of.
614  * @param con the location to store the security context.
615  * @returns #TRUE if context is successfully obtained.
616  */
617 #ifdef HAVE_SELINUX
618 static dbus_bool_t
bus_connection_read_selinux_context(DBusConnection * connection,char ** con)619 bus_connection_read_selinux_context (DBusConnection     *connection,
620                                      char              **con)
621 {
622   int fd;
623 
624   if (!selinux_enabled)
625     return FALSE;
626 
627   _dbus_assert (connection != NULL);
628 
629   if (!dbus_connection_get_unix_fd (connection, &fd))
630     {
631       _dbus_verbose ("Failed to get file descriptor of socket.\n");
632       return FALSE;
633     }
634 
635   if (getpeercon (fd, con) < 0)
636     {
637       _dbus_verbose ("Error getting context of socket peer: %s\n",
638                      _dbus_strerror (errno));
639       return FALSE;
640     }
641 
642   _dbus_verbose ("Successfully read connection context.\n");
643   return TRUE;
644 }
645 #endif /* HAVE_SELINUX */
646 
647 /**
648  * Read the SELinux ID from the connection.
649  *
650  * @param connection the connection to read from
651  * @returns the SID if successfully determined, #NULL otherwise.
652  */
653 BusSELinuxID*
bus_selinux_init_connection_id(DBusConnection * connection,DBusError * error)654 bus_selinux_init_connection_id (DBusConnection *connection,
655                                 DBusError      *error)
656 {
657 #ifdef HAVE_SELINUX
658   char *con;
659   security_id_t sid;
660 
661   if (!selinux_enabled)
662     return NULL;
663 
664   if (!bus_connection_read_selinux_context (connection, &con))
665     {
666       dbus_set_error (error, DBUS_ERROR_FAILED,
667                       "Failed to read an SELinux context from connection");
668       _dbus_verbose ("Error getting peer context.\n");
669       return NULL;
670     }
671 
672   _dbus_verbose ("Converting context to SID to store on connection\n");
673 
674   if (avc_context_to_sid (con, &sid) < 0)
675     {
676       if (errno == ENOMEM)
677         BUS_SET_OOM (error);
678       else
679         dbus_set_error (error, DBUS_ERROR_FAILED,
680                         "Error getting SID from context \"%s\": %s\n",
681 			con, _dbus_strerror (errno));
682 
683       _dbus_warn ("Error getting SID from context \"%s\": %s\n",
684 		  con, _dbus_strerror (errno));
685 
686       freecon (con);
687       return NULL;
688     }
689 
690   freecon (con);
691   return BUS_SID_FROM_SELINUX (sid);
692 #else
693   return NULL;
694 #endif /* HAVE_SELINUX */
695 }
696 
697 
698 /**
699  * Function for freeing hash table data.  These SIDs
700  * should no longer be referenced.
701  */
702 static void
bus_selinux_id_table_free_value(BusSELinuxID * sid)703 bus_selinux_id_table_free_value (BusSELinuxID *sid)
704 {
705 #ifdef HAVE_SELINUX
706   /* NULL sometimes due to how DBusHashTable works */
707   if (sid)
708     bus_selinux_id_unref (sid);
709 #endif /* HAVE_SELINUX */
710 }
711 
712 /**
713  * Creates a new table mapping service names to security ID.
714  * A security ID is a "compiled" security context, a security
715  * context is just a string.
716  *
717  * @returns the new table or #NULL if no memory
718  */
719 DBusHashTable*
bus_selinux_id_table_new(void)720 bus_selinux_id_table_new (void)
721 {
722   return _dbus_hash_table_new (DBUS_HASH_STRING,
723                                (DBusFreeFunction) dbus_free,
724                                (DBusFreeFunction) bus_selinux_id_table_free_value);
725 }
726 
727 /**
728  * Hashes a service name and service context into the service SID
729  * table as a string and a SID.
730  *
731  * @param service_name is the name of the service.
732  * @param service_context is the context of the service.
733  * @param service_table is the table to hash them into.
734  * @return #FALSE if not enough memory
735  */
736 dbus_bool_t
bus_selinux_id_table_insert(DBusHashTable * service_table,const char * service_name,const char * service_context)737 bus_selinux_id_table_insert (DBusHashTable *service_table,
738                              const char    *service_name,
739                              const char    *service_context)
740 {
741 #ifdef HAVE_SELINUX
742   dbus_bool_t retval;
743   security_id_t sid;
744   char *key;
745 
746   if (!selinux_enabled)
747     return TRUE;
748 
749   sid = SECSID_WILD;
750   retval = FALSE;
751 
752   key = _dbus_strdup (service_name);
753   if (key == NULL)
754     return retval;
755 
756   if (avc_context_to_sid ((char *) service_context, &sid) < 0)
757     {
758       if (errno == ENOMEM)
759         {
760 	  dbus_free (key);
761           return FALSE;
762 	}
763 
764       _dbus_warn ("Error getting SID from context \"%s\": %s\n",
765 		  (char *) service_context,
766                   _dbus_strerror (errno));
767       goto out;
768     }
769 
770   if (!_dbus_hash_table_insert_string (service_table,
771                                        key,
772                                        BUS_SID_FROM_SELINUX (sid)))
773     goto out;
774 
775   _dbus_verbose ("Parsed \tservice: %s \n\t\tcontext: %s\n",
776                   key,
777                   sid->ctx);
778 
779   /* These are owned by the hash, so clear them to avoid unref */
780   key = NULL;
781   sid = SECSID_WILD;
782 
783   retval = TRUE;
784 
785  out:
786   if (sid != SECSID_WILD)
787     sidput (sid);
788 
789   if (key)
790     dbus_free (key);
791 
792   return retval;
793 #else
794   return TRUE;
795 #endif /* HAVE_SELINUX */
796 }
797 
798 
799 /**
800  * Find the security identifier associated with a particular service
801  * name.  Return a pointer to this SID, or #NULL/SECSID_WILD if the
802  * service is not found in the hash table.  This should be nearly a
803  * constant time operation.  If SELinux support is not available,
804  * always return NULL.
805  *
806  * @param service_table the hash table to check for service name.
807  * @param service_name the name of the service to look for.
808  * @returns the SELinux ID associated with the service
809  */
810 BusSELinuxID*
bus_selinux_id_table_lookup(DBusHashTable * service_table,const DBusString * service_name)811 bus_selinux_id_table_lookup (DBusHashTable    *service_table,
812                              const DBusString *service_name)
813 {
814 #ifdef HAVE_SELINUX
815   security_id_t sid;
816 
817   sid = SECSID_WILD;     /* default context */
818 
819   if (!selinux_enabled)
820     return NULL;
821 
822   _dbus_verbose ("Looking up service SID for %s\n",
823                  _dbus_string_get_const_data (service_name));
824 
825   sid = _dbus_hash_table_lookup_string (service_table,
826                                         _dbus_string_get_const_data (service_name));
827 
828   if (sid == SECSID_WILD)
829     _dbus_verbose ("Service %s not found\n",
830                    _dbus_string_get_const_data (service_name));
831   else
832     _dbus_verbose ("Service %s found\n",
833                    _dbus_string_get_const_data (service_name));
834 
835   return BUS_SID_FROM_SELINUX (sid);
836 #endif /* HAVE_SELINUX */
837   return NULL;
838 }
839 
840 /**
841  * Get the SELinux policy root.  This is used to find the D-Bus
842  * specific config file within the policy.
843  */
844 const char *
bus_selinux_get_policy_root(void)845 bus_selinux_get_policy_root (void)
846 {
847 #ifdef HAVE_SELINUX
848   return selinux_policy_root ();
849 #else
850   return NULL;
851 #endif /* HAVE_SELINUX */
852 }
853 
854 /**
855  * For debugging:  Print out the current hash table of service SIDs.
856  */
857 void
bus_selinux_id_table_print(DBusHashTable * service_table)858 bus_selinux_id_table_print (DBusHashTable *service_table)
859 {
860 #ifdef DBUS_ENABLE_VERBOSE_MODE
861 #ifdef HAVE_SELINUX
862   DBusHashIter iter;
863 
864   if (!selinux_enabled)
865     return;
866 
867   _dbus_verbose ("Service SID Table:\n");
868   _dbus_hash_iter_init (service_table, &iter);
869   while (_dbus_hash_iter_next (&iter))
870     {
871       const char *key = _dbus_hash_iter_get_string_key (&iter);
872       security_id_t sid = _dbus_hash_iter_get_value (&iter);
873       _dbus_verbose ("The key is %s\n", key);
874       _dbus_verbose ("The context is %s\n", sid->ctx);
875       _dbus_verbose ("The refcount is %d\n", sid->refcnt);
876     }
877 #endif /* HAVE_SELINUX */
878 #endif /* DBUS_ENABLE_VERBOSE_MODE */
879 }
880 
881 
882 #ifdef DBUS_ENABLE_VERBOSE_MODE
883 #ifdef HAVE_SELINUX
884 /**
885  * Print out some AVC statistics.
886  */
887 static void
bus_avc_print_stats(void)888 bus_avc_print_stats (void)
889 {
890   struct avc_cache_stats cstats;
891 
892   if (!selinux_enabled)
893     return;
894 
895   _dbus_verbose ("AVC Statistics:\n");
896   avc_cache_stats (&cstats);
897   avc_av_stats ();
898   _dbus_verbose ("AVC Cache Statistics:\n");
899   _dbus_verbose ("Entry lookups: %d\n", cstats.entry_lookups);
900   _dbus_verbose ("Entry hits: %d\n", cstats.entry_hits);
901   _dbus_verbose ("Entry misses %d\n", cstats.entry_misses);
902   _dbus_verbose ("Entry discards: %d\n", cstats.entry_discards);
903   _dbus_verbose ("CAV lookups: %d\n", cstats.cav_lookups);
904   _dbus_verbose ("CAV hits: %d\n", cstats.cav_hits);
905   _dbus_verbose ("CAV probes: %d\n", cstats.cav_probes);
906   _dbus_verbose ("CAV misses: %d\n", cstats.cav_misses);
907 }
908 #endif /* HAVE_SELINUX */
909 #endif /* DBUS_ENABLE_VERBOSE_MODE */
910 
911 
912 /**
913  * Destroy the AVC before we terminate.
914  */
915 void
bus_selinux_shutdown(void)916 bus_selinux_shutdown (void)
917 {
918 #ifdef HAVE_SELINUX
919   if (!selinux_enabled)
920     return;
921 
922   _dbus_verbose ("AVC shutdown\n");
923 
924   if (bus_sid != SECSID_WILD)
925     {
926       sidput (bus_sid);
927       bus_sid = SECSID_WILD;
928 
929 #ifdef DBUS_ENABLE_VERBOSE_MODE
930       bus_avc_print_stats ();
931 #endif /* DBUS_ENABLE_VERBOSE_MODE */
932 
933       avc_destroy ();
934     }
935 #endif /* HAVE_SELINUX */
936 }
937 
938