forked from luck/tmp_suning_uos_patched
c7c556f1e8
Refactor the logic for changing SELinux policy booleans in a similar manner to the refactoring of policy load, thereby reducing the size of the critical section when the policy write-lock is held and making it easier to convert the policy rwlock to RCU in the future. Instead of directly modifying the policydb in place, modify a copy and then swap it into place through a single pointer update. Only fully copy the portions of the policydb that are affected by boolean changes to avoid the full cost of a deep policydb copy. Introduce another level of indirection for the sidtab since changing booleans does not require updating the sidtab, unlike policy load. While we are here, create a common helper for notifying other kernel components and userspace of a policy change and call it from both security_set_bools() and selinux_policy_commit(). Based on an old (2004) patch by Kaigai Kohei [1] to convert the policy rwlock to RCU that was deferred at the time since it did not significantly improve performance and introduced complexity. Peter Enderborg later submitted a patch series to convert to RCU [2] that would have made changing booleans a much more expensive operation by requiring a full policydb_write();policydb_read(); sequence to deep copy the entire policydb and also had concerns regarding atomic allocations. This change is now simplified by the earlier work to encapsulate policy state in the selinux_policy struct and to refactor policy load. After this change, the last major obstacle to converting the policy rwlock to RCU is likely the sidtab live convert support. [1] https://lore.kernel.org/selinux/6e2f9128-e191-ebb3-0e87-74bfccb0767f@tycho.nsa.gov/ [2] https://lore.kernel.org/selinux/20180530141104.28569-1-peter.enderborg@sony.com/ Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
119 lines
3.7 KiB
C
119 lines
3.7 KiB
C
/* SPDX-License-Identifier: GPL-2.0-only */
|
|
/*
|
|
* An access vector table (avtab) is a hash table
|
|
* of access vectors and transition types indexed
|
|
* by a type pair and a class. An access vector
|
|
* table is used to represent the type enforcement
|
|
* tables.
|
|
*
|
|
* Author : Stephen Smalley, <sds@tycho.nsa.gov>
|
|
*/
|
|
|
|
/* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
|
|
*
|
|
* Added conditional policy language extensions
|
|
*
|
|
* Copyright (C) 2003 Tresys Technology, LLC
|
|
*
|
|
* Updated: Yuichi Nakamura <ynakam@hitachisoft.jp>
|
|
* Tuned number of hash slots for avtab to reduce memory usage
|
|
*/
|
|
#ifndef _SS_AVTAB_H_
|
|
#define _SS_AVTAB_H_
|
|
|
|
#include "security.h"
|
|
|
|
struct avtab_key {
|
|
u16 source_type; /* source type */
|
|
u16 target_type; /* target type */
|
|
u16 target_class; /* target object class */
|
|
#define AVTAB_ALLOWED 0x0001
|
|
#define AVTAB_AUDITALLOW 0x0002
|
|
#define AVTAB_AUDITDENY 0x0004
|
|
#define AVTAB_AV (AVTAB_ALLOWED | AVTAB_AUDITALLOW | AVTAB_AUDITDENY)
|
|
#define AVTAB_TRANSITION 0x0010
|
|
#define AVTAB_MEMBER 0x0020
|
|
#define AVTAB_CHANGE 0x0040
|
|
#define AVTAB_TYPE (AVTAB_TRANSITION | AVTAB_MEMBER | AVTAB_CHANGE)
|
|
/* extended permissions */
|
|
#define AVTAB_XPERMS_ALLOWED 0x0100
|
|
#define AVTAB_XPERMS_AUDITALLOW 0x0200
|
|
#define AVTAB_XPERMS_DONTAUDIT 0x0400
|
|
#define AVTAB_XPERMS (AVTAB_XPERMS_ALLOWED | \
|
|
AVTAB_XPERMS_AUDITALLOW | \
|
|
AVTAB_XPERMS_DONTAUDIT)
|
|
#define AVTAB_ENABLED_OLD 0x80000000 /* reserved for used in cond_avtab */
|
|
#define AVTAB_ENABLED 0x8000 /* reserved for used in cond_avtab */
|
|
u16 specified; /* what field is specified */
|
|
};
|
|
|
|
/*
|
|
* For operations that require more than the 32 permissions provided by the avc
|
|
* extended permissions may be used to provide 256 bits of permissions.
|
|
*/
|
|
struct avtab_extended_perms {
|
|
/* These are not flags. All 256 values may be used */
|
|
#define AVTAB_XPERMS_IOCTLFUNCTION 0x01
|
|
#define AVTAB_XPERMS_IOCTLDRIVER 0x02
|
|
/* extension of the avtab_key specified */
|
|
u8 specified; /* ioctl, netfilter, ... */
|
|
/*
|
|
* if 256 bits is not adequate as is often the case with ioctls, then
|
|
* multiple extended perms may be used and the driver field
|
|
* specifies which permissions are included.
|
|
*/
|
|
u8 driver;
|
|
/* 256 bits of permissions */
|
|
struct extended_perms_data perms;
|
|
};
|
|
|
|
struct avtab_datum {
|
|
union {
|
|
u32 data; /* access vector or type value */
|
|
struct avtab_extended_perms *xperms;
|
|
} u;
|
|
};
|
|
|
|
struct avtab_node {
|
|
struct avtab_key key;
|
|
struct avtab_datum datum;
|
|
struct avtab_node *next;
|
|
};
|
|
|
|
struct avtab {
|
|
struct avtab_node **htable;
|
|
u32 nel; /* number of elements */
|
|
u32 nslot; /* number of hash slots */
|
|
u32 mask; /* mask to compute hash func */
|
|
};
|
|
|
|
void avtab_init(struct avtab *h);
|
|
int avtab_alloc(struct avtab *, u32);
|
|
int avtab_duplicate(struct avtab *new, struct avtab *orig);
|
|
struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *k);
|
|
void avtab_destroy(struct avtab *h);
|
|
void avtab_hash_eval(struct avtab *h, char *tag);
|
|
|
|
struct policydb;
|
|
int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
|
|
int (*insert)(struct avtab *a, struct avtab_key *k,
|
|
struct avtab_datum *d, void *p),
|
|
void *p);
|
|
|
|
int avtab_read(struct avtab *a, void *fp, struct policydb *pol);
|
|
int avtab_write_item(struct policydb *p, struct avtab_node *cur, void *fp);
|
|
int avtab_write(struct policydb *p, struct avtab *a, void *fp);
|
|
|
|
struct avtab_node *avtab_insert_nonunique(struct avtab *h, struct avtab_key *key,
|
|
struct avtab_datum *datum);
|
|
|
|
struct avtab_node *avtab_search_node(struct avtab *h, struct avtab_key *key);
|
|
|
|
struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified);
|
|
|
|
#define MAX_AVTAB_HASH_BITS 16
|
|
#define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS)
|
|
|
|
#endif /* _SS_AVTAB_H_ */
|
|
|