diff options
author | Laurent Bigonville <bigon@bigon.be> | 2018-03-03 11:15:23 +0100 |
---|---|---|
committer | Laurent Bigonville <bigon@bigon.be> | 2019-10-22 19:12:13 +0200 |
commit | 6072f8b24153d844a3033108a17bcd0c1a967816 (patch) | |
tree | cbbc00bbbe06f5fba5d690784d191f65c5ed1bb2 /bus | |
parent | baffedbac960d9afd840f335664d9b419123054f (diff) | |
download | dbus-6072f8b24153d844a3033108a17bcd0c1a967816.tar.gz |
Stop using selinux_set_mapping() function
Currently, if the "dbus" security class or the associated AV doesn't
exist, dbus-daemon fails to initialize and exits immediately. Also the
security classes or access vector cannot be reordered in the policy.
This can be a problem for people developing their own policy or trying
to access a machine where, for some reasons, there is not policy defined
at all.
The code here copy the behaviour of the selinux_check_access() function.
We cannot use this function here as it doesn't allow us to define the
AVC entry reference.
See the discussion at https://marc.info/?l=selinux&m=152163374332372&w=2
Resolves: https://gitlab.freedesktop.org/dbus/dbus/issues/198
Diffstat (limited to 'bus')
-rw-r--r-- | bus/selinux.c | 75 |
1 files changed, 42 insertions, 33 deletions
diff --git a/bus/selinux.c b/bus/selinux.c index a005b84f..7e63348c 100644 --- a/bus/selinux.c +++ b/bus/selinux.c @@ -232,24 +232,6 @@ bus_selinux_pre_init (void) #endif } -/* - * Private Flask definitions; the order of these constants must - * exactly match that of the structure array below! - */ -/* security dbus class constants */ -#define SECCLASS_DBUS 1 - -/* dbus's per access vector constants */ -#define DBUS__ACQUIRE_SVC 1 -#define DBUS__SEND_MSG 2 - -#ifdef HAVE_SELINUX -static struct security_class_mapping dbus_map[] = { - { "dbus", { "acquire_svc", "send_msg", NULL } }, - { NULL } -}; -#endif /* HAVE_SELINUX */ - /** * Establish dynamic object class and permission mapping and * initialize the user space access vector cache (AVC) for D-Bus and set up @@ -271,13 +253,6 @@ bus_selinux_full_init (BusContext *context, DBusError *error) _dbus_verbose ("SELinux is enabled in this kernel.\n"); - if (selinux_set_mapping (dbus_map) < 0) - { - _dbus_warn ("Failed to set up security class mapping (selinux_set_mapping():%s).", - strerror (errno)); - return FALSE; - } - avc_entry_ref_init (&aeref); if (avc_open (NULL, 0) < 0) { @@ -392,19 +367,53 @@ error: static dbus_bool_t bus_selinux_check (BusSELinuxID *sender_sid, BusSELinuxID *override_sid, - security_class_t target_class, - access_vector_t requested, - DBusString *auxdata) + const char *target_class, + const char *requested, + DBusString *auxdata) { + int saved_errno; + security_class_t security_class; + access_vector_t requested_access; + if (!selinux_enabled) return TRUE; + security_class = string_to_security_class (target_class); + if (security_class == 0) + { + saved_errno = errno; + log_callback (SELINUX_ERROR, "Unknown class %s", target_class); + if (security_deny_unknown () == 0) + { + return TRUE; + } + + _dbus_verbose ("Unknown class %s\n", target_class); + errno = saved_errno; + return FALSE; + } + + requested_access = string_to_av_perm (security_class, requested); + if (requested_access == 0) + { + saved_errno = errno; + log_callback (SELINUX_ERROR, "Unknown permission %s for class %s", requested, target_class); + if (security_deny_unknown () == 0) + { + return TRUE; + } + + _dbus_verbose ("Unknown permission %s for class %s\n", requested, target_class); + errno = saved_errno; + return FALSE; + } + /* Make the security check. AVC checks enforcing mode here as well. */ if (avc_has_perm (SELINUX_SID_FROM_BUS (sender_sid), override_sid ? SELINUX_SID_FROM_BUS (override_sid) : bus_sid, - target_class, requested, &aeref, auxdata) < 0) + security_class, requested_access, &aeref, auxdata) < 0) { switch (errno) { @@ -471,8 +480,8 @@ bus_selinux_allows_acquire_service (DBusConnection *connection, ret = bus_selinux_check (connection_sid, service_sid, - SECCLASS_DBUS, - DBUS__ACQUIRE_SVC, + "dbus", + "acquire_svc", &auxdata); _dbus_string_free (&auxdata); @@ -600,8 +609,8 @@ bus_selinux_allows_send (DBusConnection *sender, ret = bus_selinux_check (sender_sid, recipient_sid, - SECCLASS_DBUS, - DBUS__SEND_MSG, + "dbus", + "send_msg", &auxdata); _dbus_string_free (&auxdata); |