sl@0: /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- sl@0: * Portion Copyright © 2008 Nokia Corporation and/or its subsidiary(-ies). All rights reserved. sl@0: * selinux.c SELinux security checks for D-Bus sl@0: * sl@0: * Author: Matthew Rickard sl@0: * sl@0: * Licensed under the Academic Free License version 2.1 sl@0: * sl@0: * This program is free software; you can redistribute it and/or modify sl@0: * it under the terms of the GNU General Public License as published by sl@0: * the Free Software Foundation; either version 2 of the License, or sl@0: * (at your option) any later version. sl@0: * sl@0: * This program is distributed in the hope that it will be useful, sl@0: * but WITHOUT ANY WARRANTY; without even the implied warranty of sl@0: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the sl@0: * GNU General Public License for more details. sl@0: * sl@0: * You should have received a copy of the GNU General Public License sl@0: * along with this program; if not, write to the Free Software sl@0: * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA sl@0: * sl@0: */ sl@0: #ifndef __SYMBIAN32__ sl@0: #include sl@0: #include sl@0: #else sl@0: #include "dbus-internals.h" sl@0: #include "dbus-string.h" sl@0: #endif //__SYMBIAN32__ sl@0: #include "selinux.h" sl@0: #include "services.h" sl@0: #include "policy.h" sl@0: #include "utils.h" sl@0: #include "config-parser.h" sl@0: sl@0: #ifdef HAVE_SELINUX sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: #endif /* HAVE_SELINUX */ sl@0: sl@0: #define BUS_SID_FROM_SELINUX(sid) ((BusSELinuxID*) (sid)) sl@0: #define SELINUX_SID_FROM_BUS(sid) ((security_id_t) (sid)) sl@0: sl@0: #ifdef HAVE_SELINUX sl@0: /* Store the value telling us if SELinux is enabled in the kernel. */ sl@0: static dbus_bool_t selinux_enabled = FALSE; sl@0: sl@0: /* Store an avc_entry_ref to speed AVC decisions. */ sl@0: static struct avc_entry_ref aeref; sl@0: sl@0: /* Store the SID of the bus itself to use as the default. */ sl@0: static security_id_t bus_sid = SECSID_WILD; sl@0: sl@0: /* Thread to listen for SELinux status changes via netlink. */ sl@0: static pthread_t avc_notify_thread; sl@0: sl@0: /* Prototypes for AVC callback functions. */ sl@0: static void log_callback (const char *fmt, ...); sl@0: static void log_audit_callback (void *data, security_class_t class, char *buf, size_t bufleft); sl@0: static void *avc_create_thread (void (*run) (void)); sl@0: static void avc_stop_thread (void *thread); sl@0: static void *avc_alloc_lock (void); sl@0: static void avc_get_lock (void *lock); sl@0: static void avc_release_lock (void *lock); sl@0: static void avc_free_lock (void *lock); sl@0: sl@0: /* AVC callback structures for use in avc_init. */ sl@0: static const struct avc_memory_callback mem_cb = sl@0: { sl@0: .func_malloc = dbus_malloc, sl@0: .func_free = dbus_free sl@0: }; sl@0: static const struct avc_log_callback log_cb = sl@0: { sl@0: .func_log = log_callback, sl@0: .func_audit = log_audit_callback sl@0: }; sl@0: static const struct avc_thread_callback thread_cb = sl@0: { sl@0: .func_create_thread = avc_create_thread, sl@0: .func_stop_thread = avc_stop_thread sl@0: }; sl@0: static const struct avc_lock_callback lock_cb = sl@0: { sl@0: .func_alloc_lock = avc_alloc_lock, sl@0: .func_get_lock = avc_get_lock, sl@0: .func_release_lock = avc_release_lock, sl@0: .func_free_lock = avc_free_lock sl@0: }; sl@0: #endif /* HAVE_SELINUX */ sl@0: sl@0: /** sl@0: * Log callback to log denial messages from the AVC. sl@0: * This is used in avc_init. Logs to both standard sl@0: * error and syslogd. sl@0: * sl@0: * @param fmt the format string sl@0: * @param variable argument list sl@0: */ sl@0: #ifdef HAVE_SELINUX sl@0: static void sl@0: log_callback (const char *fmt, ...) sl@0: { sl@0: va_list ap; sl@0: va_start(ap, fmt); sl@0: vsyslog (LOG_INFO, fmt, ap); sl@0: va_end(ap); sl@0: } sl@0: sl@0: /** sl@0: * On a policy reload we need to reparse the SELinux configuration file, since sl@0: * this could have changed. Send a SIGHUP to reload all configs. sl@0: */ sl@0: static int sl@0: policy_reload_callback (u_int32_t event, security_id_t ssid, sl@0: security_id_t tsid, security_class_t tclass, sl@0: access_vector_t perms, access_vector_t *out_retained) sl@0: { sl@0: if (event == AVC_CALLBACK_RESET) sl@0: return raise (SIGHUP); sl@0: sl@0: return 0; sl@0: } sl@0: sl@0: /** sl@0: * Log any auxiliary data sl@0: */ sl@0: static void sl@0: log_audit_callback (void *data, security_class_t class, char *buf, size_t bufleft) sl@0: { sl@0: DBusString *audmsg = data; sl@0: _dbus_string_copy_to_buffer (audmsg, buf, bufleft); sl@0: } sl@0: sl@0: /** sl@0: * Create thread to notify the AVC of enforcing and policy reload sl@0: * changes via netlink. sl@0: * sl@0: * @param run the thread run function sl@0: * @return pointer to the thread sl@0: */ sl@0: static void * sl@0: avc_create_thread (void (*run) (void)) sl@0: { sl@0: int rc; sl@0: sl@0: rc = pthread_create (&avc_notify_thread, NULL, (void *(*) (void *)) run, NULL); sl@0: if (rc != 0) sl@0: { sl@0: _dbus_warn ("Failed to start AVC thread: %s\n", _dbus_strerror (rc)); sl@0: exit (1); sl@0: } sl@0: return &avc_notify_thread; sl@0: } sl@0: sl@0: /* Stop AVC netlink thread. */ sl@0: static void sl@0: avc_stop_thread (void *thread) sl@0: { sl@0: pthread_cancel (*(pthread_t *) thread); sl@0: } sl@0: sl@0: /* Allocate a new AVC lock. */ sl@0: static void * sl@0: avc_alloc_lock (void) sl@0: { sl@0: pthread_mutex_t *avc_mutex; sl@0: sl@0: avc_mutex = dbus_new (pthread_mutex_t, 1); sl@0: if (avc_mutex == NULL) sl@0: { sl@0: _dbus_warn ("Could not create mutex: %s\n", _dbus_strerror (errno)); sl@0: exit (1); sl@0: } sl@0: pthread_mutex_init (avc_mutex, NULL); sl@0: sl@0: return avc_mutex; sl@0: } sl@0: sl@0: /* Acquire an AVC lock. */ sl@0: static void sl@0: avc_get_lock (void *lock) sl@0: { sl@0: pthread_mutex_lock (lock); sl@0: } sl@0: sl@0: /* Release an AVC lock. */ sl@0: static void sl@0: avc_release_lock (void *lock) sl@0: { sl@0: pthread_mutex_unlock (lock); sl@0: } sl@0: sl@0: /* Free an AVC lock. */ sl@0: static void sl@0: avc_free_lock (void *lock) sl@0: { sl@0: pthread_mutex_destroy (lock); sl@0: dbus_free (lock); sl@0: } sl@0: #endif /* HAVE_SELINUX */ sl@0: sl@0: /** sl@0: * Return whether or not SELinux is enabled; must be sl@0: * called after bus_selinux_init. sl@0: */ sl@0: dbus_bool_t sl@0: bus_selinux_enabled (void) sl@0: { sl@0: #ifdef HAVE_SELINUX sl@0: return selinux_enabled; sl@0: #else sl@0: return FALSE; sl@0: #endif /* HAVE_SELINUX */ sl@0: } sl@0: sl@0: /** sl@0: * Do early initialization; determine whether SELinux is enabled. sl@0: */ sl@0: dbus_bool_t sl@0: bus_selinux_pre_init (void) sl@0: { sl@0: #ifdef HAVE_SELINUX sl@0: int r; sl@0: _dbus_assert (bus_sid == SECSID_WILD); sl@0: sl@0: /* Determine if we are running an SELinux kernel. */ sl@0: r = is_selinux_enabled (); sl@0: if (r < 0) sl@0: { sl@0: _dbus_warn ("Could not tell if SELinux is enabled: %s\n", sl@0: _dbus_strerror (errno)); sl@0: return FALSE; sl@0: } sl@0: sl@0: selinux_enabled = r != 0; sl@0: return TRUE; sl@0: #else sl@0: return TRUE; sl@0: #endif sl@0: } sl@0: sl@0: /** sl@0: * Initialize the user space access vector cache (AVC) for D-Bus and set up sl@0: * logging callbacks. sl@0: */ sl@0: dbus_bool_t sl@0: bus_selinux_full_init (void) sl@0: { sl@0: #ifdef HAVE_SELINUX sl@0: char *bus_context; sl@0: sl@0: _dbus_assert (bus_sid == SECSID_WILD); sl@0: sl@0: if (!selinux_enabled) sl@0: { sl@0: _dbus_verbose ("SELinux not enabled in this kernel.\n"); sl@0: return TRUE; sl@0: } sl@0: sl@0: _dbus_verbose ("SELinux is enabled in this kernel.\n"); sl@0: sl@0: avc_entry_ref_init (&aeref); sl@0: if (avc_init ("avc", &mem_cb, &log_cb, &thread_cb, &lock_cb) < 0) sl@0: { sl@0: _dbus_warn ("Failed to start Access Vector Cache (AVC).\n"); sl@0: return FALSE; sl@0: } sl@0: else sl@0: { sl@0: openlog ("dbus", LOG_PERROR, LOG_USER); sl@0: _dbus_verbose ("Access Vector Cache (AVC) started.\n"); sl@0: } sl@0: sl@0: if (avc_add_callback (policy_reload_callback, AVC_CALLBACK_RESET, sl@0: NULL, NULL, 0, 0) < 0) sl@0: { sl@0: _dbus_warn ("Failed to add policy reload callback: %s\n", sl@0: _dbus_strerror (errno)); sl@0: avc_destroy (); sl@0: return FALSE; sl@0: } sl@0: sl@0: bus_context = NULL; sl@0: bus_sid = SECSID_WILD; sl@0: sl@0: if (getcon (&bus_context) < 0) sl@0: { sl@0: _dbus_verbose ("Error getting context of bus: %s\n", sl@0: _dbus_strerror (errno)); sl@0: return FALSE; sl@0: } sl@0: sl@0: if (avc_context_to_sid (bus_context, &bus_sid) < 0) sl@0: { sl@0: _dbus_verbose ("Error getting SID from bus context: %s\n", sl@0: _dbus_strerror (errno)); sl@0: freecon (bus_context); sl@0: return FALSE; sl@0: } sl@0: sl@0: freecon (bus_context); sl@0: sl@0: return TRUE; sl@0: #else sl@0: return TRUE; sl@0: #endif /* HAVE_SELINUX */ sl@0: } sl@0: sl@0: /** sl@0: * Decrement SID reference count. sl@0: * sl@0: * @param sid the SID to decrement sl@0: */ sl@0: void sl@0: bus_selinux_id_unref (BusSELinuxID *sid) sl@0: { sl@0: #ifdef HAVE_SELINUX sl@0: if (!selinux_enabled) sl@0: return; sl@0: sl@0: _dbus_assert (sid != NULL); sl@0: sl@0: sidput (SELINUX_SID_FROM_BUS (sid)); sl@0: #endif /* HAVE_SELINUX */ sl@0: } sl@0: sl@0: void sl@0: bus_selinux_id_ref (BusSELinuxID *sid) sl@0: { sl@0: #ifdef HAVE_SELINUX sl@0: if (!selinux_enabled) sl@0: return; sl@0: sl@0: _dbus_assert (sid != NULL); sl@0: sl@0: sidget (SELINUX_SID_FROM_BUS (sid)); sl@0: #endif /* HAVE_SELINUX */ sl@0: } sl@0: sl@0: /** sl@0: * Determine if the SELinux security policy allows the given sender sl@0: * security context to go to the given recipient security context. sl@0: * This function determines if the requested permissions are to be sl@0: * granted from the connection to the message bus or to another sl@0: * optionally supplied security identifier (e.g. for a service sl@0: * context). Currently these permissions are either send_msg or sl@0: * acquire_svc in the dbus class. sl@0: * sl@0: * @param sender_sid source security context sl@0: * @param override_sid is the target security context. If SECSID_WILD this will sl@0: * use the context of the bus itself (e.g. the default). sl@0: * @param target_class is the target security class. sl@0: * @param requested is the requested permissions. sl@0: * @returns #TRUE if security policy allows the send. sl@0: */ sl@0: #ifdef HAVE_SELINUX sl@0: static dbus_bool_t sl@0: bus_selinux_check (BusSELinuxID *sender_sid, sl@0: BusSELinuxID *override_sid, sl@0: security_class_t target_class, sl@0: access_vector_t requested, sl@0: DBusString *auxdata) sl@0: { sl@0: if (!selinux_enabled) sl@0: return TRUE; sl@0: sl@0: /* Make the security check. AVC checks enforcing mode here as well. */ sl@0: if (avc_has_perm (SELINUX_SID_FROM_BUS (sender_sid), sl@0: override_sid ? sl@0: SELINUX_SID_FROM_BUS (override_sid) : sl@0: SELINUX_SID_FROM_BUS (bus_sid), sl@0: target_class, requested, &aeref, auxdata) < 0) sl@0: { sl@0: _dbus_verbose ("SELinux denying due to security policy.\n"); sl@0: return FALSE; sl@0: } sl@0: else sl@0: return TRUE; sl@0: } sl@0: #endif /* HAVE_SELINUX */ sl@0: sl@0: /** sl@0: * Returns true if the given connection can acquire a service, sl@0: * assuming the given security ID is needed for that service. sl@0: * sl@0: * @param connection connection that wants to own the service sl@0: * @param service_sid the SID of the service from the table sl@0: * @returns #TRUE if acquire is permitted. sl@0: */ sl@0: dbus_bool_t sl@0: bus_selinux_allows_acquire_service (DBusConnection *connection, sl@0: BusSELinuxID *service_sid, sl@0: const char *service_name, sl@0: DBusError *error) sl@0: { sl@0: #ifdef HAVE_SELINUX sl@0: BusSELinuxID *connection_sid; sl@0: unsigned long spid; sl@0: DBusString auxdata; sl@0: dbus_bool_t ret; sl@0: sl@0: if (!selinux_enabled) sl@0: return TRUE; sl@0: sl@0: connection_sid = bus_connection_get_selinux_id (connection); sl@0: if (!dbus_connection_get_unix_process_id (connection, &spid)) sl@0: spid = 0; sl@0: sl@0: if (!_dbus_string_init (&auxdata)) sl@0: goto oom; sl@0: sl@0: if (!_dbus_string_append (&auxdata, "service=")) sl@0: goto oom; sl@0: sl@0: if (!_dbus_string_append (&auxdata, service_name)) sl@0: goto oom; sl@0: sl@0: if (spid) sl@0: { sl@0: if (!_dbus_string_append (&auxdata, " spid=")) sl@0: goto oom; sl@0: sl@0: if (!_dbus_string_append_uint (&auxdata, spid)) sl@0: goto oom; sl@0: } sl@0: sl@0: ret = bus_selinux_check (connection_sid, sl@0: service_sid, sl@0: SECCLASS_DBUS, sl@0: DBUS__ACQUIRE_SVC, sl@0: &auxdata); sl@0: sl@0: _dbus_string_free (&auxdata); sl@0: return ret; sl@0: sl@0: oom: sl@0: _dbus_string_free (&auxdata); sl@0: BUS_SET_OOM (error); sl@0: return FALSE; sl@0: sl@0: #else sl@0: return TRUE; sl@0: #endif /* HAVE_SELINUX */ sl@0: } sl@0: sl@0: /** sl@0: * Check if SELinux security controls allow the message to be sent to a sl@0: * particular connection based on the security context of the sender and sl@0: * that of the receiver. The destination connection need not be the sl@0: * addressed recipient, it could be an "eavesdropper" sl@0: * sl@0: * @param sender the sender of the message. sl@0: * @param proposed_recipient the connection the message is to be sent to. sl@0: * @returns whether to allow the send sl@0: */ sl@0: dbus_bool_t sl@0: bus_selinux_allows_send (DBusConnection *sender, sl@0: DBusConnection *proposed_recipient, sl@0: const char *msgtype, sl@0: const char *interface, sl@0: const char *member, sl@0: const char *error_name, sl@0: const char *destination, sl@0: DBusError *error) sl@0: { sl@0: #ifdef HAVE_SELINUX sl@0: BusSELinuxID *recipient_sid; sl@0: BusSELinuxID *sender_sid; sl@0: unsigned long spid, tpid; sl@0: DBusString auxdata; sl@0: dbus_bool_t ret; sl@0: dbus_bool_t string_alloced; sl@0: sl@0: if (!selinux_enabled) sl@0: return TRUE; sl@0: sl@0: if (!sender || !dbus_connection_get_unix_process_id (sender, &spid)) sl@0: spid = 0; sl@0: if (!proposed_recipient || !dbus_connection_get_unix_process_id (proposed_recipient, &tpid)) sl@0: tpid = 0; sl@0: sl@0: string_alloced = FALSE; sl@0: if (!_dbus_string_init (&auxdata)) sl@0: goto oom; sl@0: string_alloced = TRUE; sl@0: sl@0: if (!_dbus_string_append (&auxdata, "msgtype=")) sl@0: goto oom; sl@0: sl@0: if (!_dbus_string_append (&auxdata, msgtype)) sl@0: goto oom; sl@0: sl@0: if (interface) sl@0: { sl@0: if (!_dbus_string_append (&auxdata, " interface=")) sl@0: goto oom; sl@0: if (!_dbus_string_append (&auxdata, interface)) sl@0: goto oom; sl@0: } sl@0: sl@0: if (member) sl@0: { sl@0: if (!_dbus_string_append (&auxdata, " member=")) sl@0: goto oom; sl@0: if (!_dbus_string_append (&auxdata, member)) sl@0: goto oom; sl@0: } sl@0: sl@0: if (error_name) sl@0: { sl@0: if (!_dbus_string_append (&auxdata, " error_name=")) sl@0: goto oom; sl@0: if (!_dbus_string_append (&auxdata, error_name)) sl@0: goto oom; sl@0: } sl@0: sl@0: if (destination) sl@0: { sl@0: if (!_dbus_string_append (&auxdata, " dest=")) sl@0: goto oom; sl@0: if (!_dbus_string_append (&auxdata, destination)) sl@0: goto oom; sl@0: } sl@0: sl@0: if (spid) sl@0: { sl@0: if (!_dbus_string_append (&auxdata, " spid=")) sl@0: goto oom; sl@0: sl@0: if (!_dbus_string_append_uint (&auxdata, spid)) sl@0: goto oom; sl@0: } sl@0: sl@0: if (tpid) sl@0: { sl@0: if (!_dbus_string_append (&auxdata, " tpid=")) sl@0: goto oom; sl@0: sl@0: if (!_dbus_string_append_uint (&auxdata, tpid)) sl@0: goto oom; sl@0: } sl@0: sl@0: sender_sid = bus_connection_get_selinux_id (sender); sl@0: /* A NULL proposed_recipient means the bus itself. */ sl@0: if (proposed_recipient) sl@0: recipient_sid = bus_connection_get_selinux_id (proposed_recipient); sl@0: else sl@0: recipient_sid = BUS_SID_FROM_SELINUX (bus_sid); sl@0: sl@0: ret = bus_selinux_check (sender_sid, sl@0: recipient_sid, sl@0: SECCLASS_DBUS, sl@0: DBUS__SEND_MSG, sl@0: &auxdata); sl@0: sl@0: _dbus_string_free (&auxdata); sl@0: sl@0: return ret; sl@0: sl@0: oom: sl@0: if (string_alloced) sl@0: _dbus_string_free (&auxdata); sl@0: BUS_SET_OOM (error); sl@0: return FALSE; sl@0: sl@0: #else sl@0: return TRUE; sl@0: #endif /* HAVE_SELINUX */ sl@0: } sl@0: sl@0: dbus_bool_t sl@0: bus_selinux_append_context (DBusMessage *message, sl@0: BusSELinuxID *sid, sl@0: DBusError *error) sl@0: { sl@0: #ifdef HAVE_SELINUX sl@0: char *context; sl@0: sl@0: if (avc_sid_to_context (SELINUX_SID_FROM_BUS (sid), &context) < 0) sl@0: { sl@0: if (errno == ENOMEM) sl@0: BUS_SET_OOM (error); sl@0: else sl@0: dbus_set_error (error, DBUS_ERROR_FAILED, sl@0: "Error getting context from SID: %s\n", sl@0: _dbus_strerror (errno)); sl@0: return FALSE; sl@0: } sl@0: if (!dbus_message_append_args (message, sl@0: DBUS_TYPE_ARRAY, sl@0: DBUS_TYPE_BYTE, sl@0: &context, sl@0: strlen (context), sl@0: DBUS_TYPE_INVALID)) sl@0: { sl@0: _DBUS_SET_OOM (error); sl@0: return FALSE; sl@0: } sl@0: freecon (context); sl@0: return TRUE; sl@0: #else sl@0: return TRUE; sl@0: #endif sl@0: } sl@0: sl@0: /** sl@0: * Gets the security context of a connection to the bus. It is up to sl@0: * the caller to freecon() when they are done. sl@0: * sl@0: * @param connection the connection to get the context of. sl@0: * @param con the location to store the security context. sl@0: * @returns #TRUE if context is successfully obtained. sl@0: */ sl@0: #ifdef HAVE_SELINUX sl@0: static dbus_bool_t sl@0: bus_connection_read_selinux_context (DBusConnection *connection, sl@0: char **con) sl@0: { sl@0: int fd; sl@0: sl@0: if (!selinux_enabled) sl@0: return FALSE; sl@0: sl@0: _dbus_assert (connection != NULL); sl@0: sl@0: if (!dbus_connection_get_unix_fd (connection, &fd)) sl@0: { sl@0: _dbus_verbose ("Failed to get file descriptor of socket.\n"); sl@0: return FALSE; sl@0: } sl@0: sl@0: if (getpeercon (fd, con) < 0) sl@0: { sl@0: _dbus_verbose ("Error getting context of socket peer: %s\n", sl@0: _dbus_strerror (errno)); sl@0: return FALSE; sl@0: } sl@0: sl@0: _dbus_verbose ("Successfully read connection context.\n"); sl@0: return TRUE; sl@0: } sl@0: #endif /* HAVE_SELINUX */ sl@0: sl@0: /** sl@0: * Read the SELinux ID from the connection. sl@0: * sl@0: * @param connection the connection to read from sl@0: * @returns the SID if successfully determined, #NULL otherwise. sl@0: */ sl@0: BusSELinuxID* sl@0: bus_selinux_init_connection_id (DBusConnection *connection, sl@0: DBusError *error) sl@0: { sl@0: #ifdef HAVE_SELINUX sl@0: char *con; sl@0: security_id_t sid; sl@0: sl@0: if (!selinux_enabled) sl@0: return NULL; sl@0: sl@0: if (!bus_connection_read_selinux_context (connection, &con)) sl@0: { sl@0: dbus_set_error (error, DBUS_ERROR_FAILED, sl@0: "Failed to read an SELinux context from connection"); sl@0: _dbus_verbose ("Error getting peer context.\n"); sl@0: return NULL; sl@0: } sl@0: sl@0: _dbus_verbose ("Converting context to SID to store on connection\n"); sl@0: sl@0: if (avc_context_to_sid (con, &sid) < 0) sl@0: { sl@0: if (errno == ENOMEM) sl@0: BUS_SET_OOM (error); sl@0: else sl@0: dbus_set_error (error, DBUS_ERROR_FAILED, sl@0: "Error getting SID from context \"%s\": %s\n", sl@0: con, _dbus_strerror (errno)); sl@0: sl@0: _dbus_warn ("Error getting SID from context \"%s\": %s\n", sl@0: con, _dbus_strerror (errno)); sl@0: sl@0: freecon (con); sl@0: return NULL; sl@0: } sl@0: sl@0: freecon (con); sl@0: return BUS_SID_FROM_SELINUX (sid); sl@0: #else sl@0: return NULL; sl@0: #endif /* HAVE_SELINUX */ sl@0: } sl@0: sl@0: sl@0: /** sl@0: * Function for freeing hash table data. These SIDs sl@0: * should no longer be referenced. sl@0: */ sl@0: static void sl@0: bus_selinux_id_table_free_value (BusSELinuxID *sid) sl@0: { sl@0: #ifdef HAVE_SELINUX sl@0: /* NULL sometimes due to how DBusHashTable works */ sl@0: if (sid) sl@0: bus_selinux_id_unref (sid); sl@0: #endif /* HAVE_SELINUX */ sl@0: } sl@0: sl@0: /** sl@0: * Creates a new table mapping service names to security ID. sl@0: * A security ID is a "compiled" security context, a security sl@0: * context is just a string. sl@0: * sl@0: * @returns the new table or #NULL if no memory sl@0: */ sl@0: DBusHashTable* sl@0: bus_selinux_id_table_new (void) sl@0: { sl@0: return _dbus_hash_table_new (DBUS_HASH_STRING, sl@0: (DBusFreeFunction) dbus_free, sl@0: (DBusFreeFunction) bus_selinux_id_table_free_value); sl@0: } sl@0: sl@0: /** sl@0: * Hashes a service name and service context into the service SID sl@0: * table as a string and a SID. sl@0: * sl@0: * @param service_name is the name of the service. sl@0: * @param service_context is the context of the service. sl@0: * @param service_table is the table to hash them into. sl@0: * @return #FALSE if not enough memory sl@0: */ sl@0: dbus_bool_t sl@0: bus_selinux_id_table_insert (DBusHashTable *service_table, sl@0: const char *service_name, sl@0: const char *service_context) sl@0: { sl@0: #ifdef HAVE_SELINUX sl@0: dbus_bool_t retval; sl@0: security_id_t sid; sl@0: char *key; sl@0: sl@0: if (!selinux_enabled) sl@0: return TRUE; sl@0: sl@0: sid = SECSID_WILD; sl@0: retval = FALSE; sl@0: sl@0: key = _dbus_strdup (service_name); sl@0: if (key == NULL) sl@0: return retval; sl@0: sl@0: if (avc_context_to_sid ((char *) service_context, &sid) < 0) sl@0: { sl@0: if (errno == ENOMEM) sl@0: { sl@0: dbus_free (key); sl@0: return FALSE; sl@0: } sl@0: sl@0: _dbus_warn ("Error getting SID from context \"%s\": %s\n", sl@0: (char *) service_context, sl@0: _dbus_strerror (errno)); sl@0: goto out; sl@0: } sl@0: sl@0: if (!_dbus_hash_table_insert_string (service_table, sl@0: key, sl@0: BUS_SID_FROM_SELINUX (sid))) sl@0: goto out; sl@0: sl@0: _dbus_verbose ("Parsed \tservice: %s \n\t\tcontext: %s\n", sl@0: key, sl@0: sid->ctx); sl@0: sl@0: /* These are owned by the hash, so clear them to avoid unref */ sl@0: key = NULL; sl@0: sid = SECSID_WILD; sl@0: sl@0: retval = TRUE; sl@0: sl@0: out: sl@0: if (sid != SECSID_WILD) sl@0: sidput (sid); sl@0: sl@0: if (key) sl@0: dbus_free (key); sl@0: sl@0: return retval; sl@0: #else sl@0: return TRUE; sl@0: #endif /* HAVE_SELINUX */ sl@0: } sl@0: sl@0: sl@0: /** sl@0: * Find the security identifier associated with a particular service sl@0: * name. Return a pointer to this SID, or #NULL/SECSID_WILD if the sl@0: * service is not found in the hash table. This should be nearly a sl@0: * constant time operation. If SELinux support is not available, sl@0: * always return NULL. sl@0: * sl@0: * @param service_table the hash table to check for service name. sl@0: * @param service_name the name of the service to look for. sl@0: * @returns the SELinux ID associated with the service sl@0: */ sl@0: BusSELinuxID* sl@0: bus_selinux_id_table_lookup (DBusHashTable *service_table, sl@0: const DBusString *service_name) sl@0: { sl@0: #ifdef HAVE_SELINUX sl@0: security_id_t sid; sl@0: sl@0: sid = SECSID_WILD; /* default context */ sl@0: sl@0: if (!selinux_enabled) sl@0: return NULL; sl@0: sl@0: _dbus_verbose ("Looking up service SID for %s\n", sl@0: _dbus_string_get_const_data (service_name)); sl@0: sl@0: sid = _dbus_hash_table_lookup_string (service_table, sl@0: _dbus_string_get_const_data (service_name)); sl@0: sl@0: if (sid == SECSID_WILD) sl@0: _dbus_verbose ("Service %s not found\n", sl@0: _dbus_string_get_const_data (service_name)); sl@0: else sl@0: _dbus_verbose ("Service %s found\n", sl@0: _dbus_string_get_const_data (service_name)); sl@0: sl@0: return BUS_SID_FROM_SELINUX (sid); sl@0: #endif /* HAVE_SELINUX */ sl@0: return NULL; sl@0: } sl@0: sl@0: /** sl@0: * Get the SELinux policy root. This is used to find the D-Bus sl@0: * specific config file within the policy. sl@0: */ sl@0: const char * sl@0: bus_selinux_get_policy_root (void) sl@0: { sl@0: #ifdef HAVE_SELINUX sl@0: return selinux_policy_root (); sl@0: #else sl@0: return NULL; sl@0: #endif /* HAVE_SELINUX */ sl@0: } sl@0: sl@0: /** sl@0: * For debugging: Print out the current hash table of service SIDs. sl@0: */ sl@0: void sl@0: bus_selinux_id_table_print (DBusHashTable *service_table) sl@0: { sl@0: #ifdef DBUS_ENABLE_VERBOSE_MODE sl@0: #ifdef HAVE_SELINUX sl@0: DBusHashIter iter; sl@0: sl@0: if (!selinux_enabled) sl@0: return; sl@0: sl@0: _dbus_verbose ("Service SID Table:\n"); sl@0: _dbus_hash_iter_init (service_table, &iter); sl@0: while (_dbus_hash_iter_next (&iter)) sl@0: { sl@0: const char *key = _dbus_hash_iter_get_string_key (&iter); sl@0: security_id_t sid = _dbus_hash_iter_get_value (&iter); sl@0: _dbus_verbose ("The key is %s\n", key); sl@0: _dbus_verbose ("The context is %s\n", sid->ctx); sl@0: _dbus_verbose ("The refcount is %d\n", sid->refcnt); sl@0: } sl@0: #endif /* HAVE_SELINUX */ sl@0: #endif /* DBUS_ENABLE_VERBOSE_MODE */ sl@0: } sl@0: sl@0: sl@0: #ifdef DBUS_ENABLE_VERBOSE_MODE sl@0: #ifdef HAVE_SELINUX sl@0: /** sl@0: * Print out some AVC statistics. sl@0: */ sl@0: static void sl@0: bus_avc_print_stats (void) sl@0: { sl@0: struct avc_cache_stats cstats; sl@0: sl@0: if (!selinux_enabled) sl@0: return; sl@0: sl@0: _dbus_verbose ("AVC Statistics:\n"); sl@0: avc_cache_stats (&cstats); sl@0: avc_av_stats (); sl@0: _dbus_verbose ("AVC Cache Statistics:\n"); sl@0: _dbus_verbose ("Entry lookups: %d\n", cstats.entry_lookups); sl@0: _dbus_verbose ("Entry hits: %d\n", cstats.entry_hits); sl@0: _dbus_verbose ("Entry misses %d\n", cstats.entry_misses); sl@0: _dbus_verbose ("Entry discards: %d\n", cstats.entry_discards); sl@0: _dbus_verbose ("CAV lookups: %d\n", cstats.cav_lookups); sl@0: _dbus_verbose ("CAV hits: %d\n", cstats.cav_hits); sl@0: _dbus_verbose ("CAV probes: %d\n", cstats.cav_probes); sl@0: _dbus_verbose ("CAV misses: %d\n", cstats.cav_misses); sl@0: } sl@0: #endif /* HAVE_SELINUX */ sl@0: #endif /* DBUS_ENABLE_VERBOSE_MODE */ sl@0: sl@0: sl@0: /** sl@0: * Destroy the AVC before we terminate. sl@0: */ sl@0: void sl@0: bus_selinux_shutdown (void) sl@0: { sl@0: #ifdef HAVE_SELINUX sl@0: if (!selinux_enabled) sl@0: return; sl@0: sl@0: _dbus_verbose ("AVC shutdown\n"); sl@0: sl@0: if (bus_sid != SECSID_WILD) sl@0: { sl@0: sidput (bus_sid); sl@0: bus_sid = SECSID_WILD; sl@0: sl@0: #ifdef DBUS_ENABLE_VERBOSE_MODE sl@0: bus_avc_print_stats (); sl@0: #endif /* DBUS_ENABLE_VERBOSE_MODE */ sl@0: sl@0: avc_destroy (); sl@0: } sl@0: #endif /* HAVE_SELINUX */ sl@0: } sl@0: