| Patrick Williams | 0ca19cc | 2021-08-16 14:03:13 -0500 | [diff] [blame] | 1 | From 6072f8b24153d844a3033108a17bcd0c1a967816 Mon Sep 17 00:00:00 2001 |
| 2 | From: Laurent Bigonville <bigon@bigon.be> |
| 3 | Date: Sat, 3 Mar 2018 11:15:23 +0100 |
| 4 | Subject: [PATCH] Stop using selinux_set_mapping() function |
| 5 | |
| 6 | Currently, if the "dbus" security class or the associated AV doesn't |
| 7 | exist, dbus-daemon fails to initialize and exits immediately. Also the |
| 8 | security classes or access vector cannot be reordered in the policy. |
| 9 | This can be a problem for people developing their own policy or trying |
| 10 | to access a machine where, for some reasons, there is not policy defined |
| 11 | at all. |
| 12 | |
| 13 | The code here copy the behaviour of the selinux_check_access() function. |
| 14 | We cannot use this function here as it doesn't allow us to define the |
| 15 | AVC entry reference. |
| 16 | |
| 17 | See the discussion at https://marc.info/?l=selinux&m=152163374332372&w=2 |
| 18 | |
| 19 | Resolves: https://gitlab.freedesktop.org/dbus/dbus/issues/198 |
| 20 | --- |
| 21 | bus/selinux.c | 75 ++++++++++++++++++++++++++++----------------------- |
| 22 | 1 file changed, 42 insertions(+), 33 deletions(-) |
| 23 | |
| 24 | |
| 25 | Upstream-Status: Backport |
| 26 | Signed-off-by: Nisha.Parrakat <Nisha.Parrakat@kpit.com> |
| 27 | diff --git a/bus/selinux.c b/bus/selinux.c |
| 28 | |
| 29 | --- a/bus/selinux.c 2021-08-11 14:45:59.048513026 +0000 |
| 30 | +++ b/bus/selinux.c 2021-08-11 14:57:47.144846966 +0000 |
| 31 | @@ -311,24 +311,6 @@ |
| 32 | #endif |
| 33 | } |
| 34 | |
| 35 | -/* |
| 36 | - * Private Flask definitions; the order of these constants must |
| 37 | - * exactly match that of the structure array below! |
| 38 | - */ |
| 39 | -/* security dbus class constants */ |
| 40 | -#define SECCLASS_DBUS 1 |
| 41 | - |
| 42 | -/* dbus's per access vector constants */ |
| 43 | -#define DBUS__ACQUIRE_SVC 1 |
| 44 | -#define DBUS__SEND_MSG 2 |
| 45 | - |
| 46 | -#ifdef HAVE_SELINUX |
| 47 | -static struct security_class_mapping dbus_map[] = { |
| 48 | - { "dbus", { "acquire_svc", "send_msg", NULL } }, |
| 49 | - { NULL } |
| 50 | -}; |
| 51 | -#endif /* HAVE_SELINUX */ |
| 52 | - |
| 53 | /** |
| 54 | * Establish dynamic object class and permission mapping and |
| 55 | * initialize the user space access vector cache (AVC) for D-Bus and set up |
| 56 | @@ -350,13 +332,6 @@ |
| 57 | |
| 58 | _dbus_verbose ("SELinux is enabled in this kernel.\n"); |
| 59 | |
| 60 | - if (selinux_set_mapping (dbus_map) < 0) |
| 61 | - { |
| 62 | - _dbus_warn ("Failed to set up security class mapping (selinux_set_mapping():%s).", |
| 63 | - strerror (errno)); |
| 64 | - return FALSE; |
| 65 | - } |
| 66 | - |
| 67 | avc_entry_ref_init (&aeref); |
| 68 | if (avc_init ("avc", &mem_cb, &log_cb, &thread_cb, &lock_cb) < 0) |
| 69 | { |
| 70 | @@ -421,19 +396,53 @@ |
| 71 | static dbus_bool_t |
| 72 | bus_selinux_check (BusSELinuxID *sender_sid, |
| 73 | BusSELinuxID *override_sid, |
| 74 | - security_class_t target_class, |
| 75 | - access_vector_t requested, |
| 76 | + const char *target_class, |
| 77 | + const char *requested, |
| 78 | DBusString *auxdata) |
| 79 | { |
| 80 | + int saved_errno; |
| 81 | + security_class_t security_class; |
| 82 | + access_vector_t requested_access; |
| 83 | + |
| 84 | if (!selinux_enabled) |
| 85 | return TRUE; |
| 86 | |
| 87 | + security_class = string_to_security_class (target_class); |
| 88 | + if (security_class == 0) |
| 89 | + { |
| 90 | + saved_errno = errno; |
| 91 | + log_callback (SELINUX_ERROR, "Unknown class %s", target_class); |
| 92 | + if (security_deny_unknown () == 0) |
| 93 | + { |
| 94 | + return TRUE; |
| 95 | + } |
| 96 | + |
| 97 | + _dbus_verbose ("Unknown class %s\n", target_class); |
| 98 | + errno = saved_errno; |
| 99 | + return FALSE; |
| 100 | + } |
| 101 | + |
| 102 | + requested_access = string_to_av_perm (security_class, requested); |
| 103 | + if (requested_access == 0) |
| 104 | + { |
| 105 | + saved_errno = errno; |
| 106 | + log_callback (SELINUX_ERROR, "Unknown permission %s for class %s", requested, target_class); |
| 107 | + if (security_deny_unknown () == 0) |
| 108 | + { |
| 109 | + return TRUE; |
| 110 | + } |
| 111 | + |
| 112 | + _dbus_verbose ("Unknown permission %s for class %s\n", requested, target_class); |
| 113 | + errno = saved_errno; |
| 114 | + return FALSE; |
| 115 | + } |
| 116 | + |
| 117 | /* Make the security check. AVC checks enforcing mode here as well. */ |
| 118 | if (avc_has_perm (SELINUX_SID_FROM_BUS (sender_sid), |
| 119 | override_sid ? |
| 120 | SELINUX_SID_FROM_BUS (override_sid) : |
| 121 | bus_sid, |
| 122 | - target_class, requested, &aeref, auxdata) < 0) |
| 123 | + security_class, requested_access, &aeref, auxdata) < 0) |
| 124 | { |
| 125 | switch (errno) |
| 126 | { |
| 127 | @@ -500,8 +509,8 @@ |
| 128 | |
| 129 | ret = bus_selinux_check (connection_sid, |
| 130 | service_sid, |
| 131 | - SECCLASS_DBUS, |
| 132 | - DBUS__ACQUIRE_SVC, |
| 133 | + "dbus", |
| 134 | + "acquire_svc", |
| 135 | &auxdata); |
| 136 | |
| 137 | _dbus_string_free (&auxdata); |
| 138 | @@ -629,8 +638,8 @@ |
| 139 | |
| 140 | ret = bus_selinux_check (sender_sid, |
| 141 | recipient_sid, |
| 142 | - SECCLASS_DBUS, |
| 143 | - DBUS__SEND_MSG, |
| 144 | + "dbus", |
| 145 | + "send_msg", |
| 146 | &auxdata); |
| 147 | |
| 148 | _dbus_string_free (&auxdata); |