selinux/libsemanage/src/seusers_local.c - nest-cam/4320010/selinux - Git at Google

 /* Copyright (C) 2005 Red Hat, Inc. */

 struct semanage_seuser;
 struct semanage_seuser_key;
 typedef struct semanage_seuser_key record_key_t;
 typedef struct semanage_seuser record_t;
 #define DBASE_RECORD_DEFINED

 #include <sepol/policydb.h>
 #include <sepol/context.h>
 #include <libaudit.h>
 #include <errno.h>
 #include "user_internal.h"
 #include "seuser_internal.h"
 #include "handle.h"
 #include "database.h"
 #include "debug.h"
 #include "string.h"
 #include <stdlib.h>

 static char *semanage_user_roles(semanage_handle_t * handle, const char *sename) {
 	char *roles = NULL;
 	unsigned int num_roles;
 	size_t i;
 	size_t size = 0;
 	const char **roles_arr;
 	semanage_user_key_t *key = NULL;
 	semanage_user_t * user;
 	if (semanage_user_key_create(handle, sename, &key) >= 0) {
 		if (semanage_user_query(handle, key, &user) >= 0) {
 			if (semanage_user_get_roles(handle,
 						    user,
 						    &roles_arr,
 						    &num_roles) >= 0) {
 				for (i = 0; i<num_roles; i++) {
 					size += (strlen(roles_arr[i]) + 1);
 				}
 				roles = malloc(size);
 				if (roles) {
 					strcpy(roles,roles_arr[0]);
 					for (i = 1; i<num_roles; i++) {
 						strcat(roles,",");
 						strcat(roles,roles_arr[i]);
 					}
 				}
 			}
 			semanage_user_free(user);
 		}
 		semanage_user_key_free(key);
 	}
 	return roles;
 }

 static int semanage_seuser_audit(semanage_handle_t * handle,
 			  const semanage_seuser_t * seuser,
 			  const semanage_seuser_t * previous,
 			  int audit_type,
 			  int success) {
 	const char *name = NULL;
 	const char *sename = NULL;
 	char *roles = NULL;
 	const char *mls = NULL;
 	const char *psename = NULL;
 	const char *pmls = NULL;
 	char *proles = NULL;
 	char msg[1024];
 	const char *sep = "-";
 	int rc = -1;
 	strcpy(msg, "login");
 	if (seuser) {
 		name = semanage_seuser_get_name(seuser);
 		sename = semanage_seuser_get_sename(seuser);
 		mls = semanage_seuser_get_mlsrange(seuser);
 		roles = semanage_user_roles(handle, sename);
 	}
 	if (previous) {
 		psename = semanage_seuser_get_sename(previous);
 		pmls = semanage_seuser_get_mlsrange(previous);
 		proles = semanage_user_roles(handle, psename);
 	}
 	if (audit_type != AUDIT_ROLE_REMOVE) {
 		if (sename && (!psename || strcmp(psename, sename) != 0)) {
 			strcat(msg,sep);
 			strcat(msg,"sename");
 			sep = ",";
 		}
 		if (roles && (!proles || strcmp(proles, roles) != 0)) {
 			strcat(msg,sep);
 			strcat(msg,"role");
 			sep = ",";
 		}
 		if (mls && (!pmls || strcmp(pmls, mls) != 0)) {
 			strcat(msg,sep);
 			strcat(msg,"range");
 		}
 	}

 	int fd = audit_open();
 	if (fd < 0)
 	{
 		/* If kernel doesn't support audit, bail out */
 		if (errno == EINVAL || errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT) {
 			rc = 0;
 			goto err;
 		}
 		rc = fd;
 		goto err;
 	}
 	audit_log_semanage_message(fd, audit_type, NULL, msg, name, 0, sename, roles, mls, psename, proles, pmls, NULL, NULL,NULL, success);
 	rc = 0;
 err:
 	audit_close(fd);
 	free(roles);
 	free(proles);
 	return rc;
 }

 int semanage_seuser_modify_local(semanage_handle_t * handle,
 				 const semanage_seuser_key_t * key,
 				 const semanage_seuser_t * data)
 {
 	int rc;
 	void *callback = (void *) handle->msg_callback;
 	dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
 	const char *sename = semanage_seuser_get_sename(data);
 	const char *mls_range = semanage_seuser_get_mlsrange(data);
 	semanage_seuser_t *previous = NULL;
 	semanage_seuser_t *new = NULL;

 	if (!sename) {
 		errno=EINVAL;
 		return -1;
 	}
 	rc = semanage_seuser_clone(handle, data, &new);
 	if (rc < 0) {
 		goto err;
 	}

 	if (!mls_range && semanage_mls_enabled(handle)) {
 		semanage_user_key_t *ukey = NULL;
 		semanage_user_t *u = NULL;
 		rc = semanage_user_key_create(handle, sename, &ukey);
 		if (rc < 0)
 			goto err;

 		rc = semanage_user_query(handle, ukey, &u);
 		semanage_user_key_free(ukey);
 		if (rc >= 0 ) {
 			mls_range = semanage_user_get_mlsrange(u);
 			rc = semanage_seuser_set_mlsrange(handle, new, mls_range);
 			semanage_user_free(u);
 		}
 		if (rc < 0)
 			goto err;
 	}

 	handle->msg_callback = NULL;
 	(void) semanage_seuser_query(handle, key, &previous);
 	handle->msg_callback = callback;
 	rc = dbase_modify(handle, dconfig, key, new);
 	if (semanage_seuser_audit(handle, new, previous, AUDIT_ROLE_ASSIGN, rc == 0) < 0)
 		rc = -1;
 err:
 	if (previous)
 		semanage_seuser_free(previous);
 	semanage_seuser_free(new);
 	return rc;
 }

 int semanage_seuser_del_local(semanage_handle_t * handle,
 			      const semanage_seuser_key_t * key)
 {
 	int rc;
 	semanage_seuser_t *seuser = NULL;
 	dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
 	rc = dbase_del(handle, dconfig, key);
 	semanage_seuser_query(handle, key, &seuser);
 	if (semanage_seuser_audit(handle, NULL, seuser, AUDIT_ROLE_REMOVE, rc == 0) < 0)
 		rc = -1;
 	if (seuser)
 		semanage_seuser_free(seuser);
 	return rc;
 }

 int semanage_seuser_query_local(semanage_handle_t * handle,
 				const semanage_seuser_key_t * key,
 				semanage_seuser_t ** response)
 {

 	dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
 	return dbase_query(handle, dconfig, key, response);
 }

 int semanage_seuser_exists_local(semanage_handle_t * handle,
 				 const semanage_seuser_key_t * key,
 				 int *response)
 {

 	dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
 	return dbase_exists(handle, dconfig, key, response);
 }

 int semanage_seuser_count_local(semanage_handle_t * handle,
 				unsigned int *response)
 {

 	dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
 	return dbase_count(handle, dconfig, response);
 }

 int semanage_seuser_iterate_local(semanage_handle_t * handle,
 				  int (*handler) (const semanage_seuser_t *
 						  record, void *varg),
 				  void *handler_arg)
 {

 	dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
 	return dbase_iterate(handle, dconfig, handler, handler_arg);
 }

 hidden_def(semanage_seuser_iterate_local)

 int semanage_seuser_list_local(semanage_handle_t * handle,
 			       semanage_seuser_t *** records,
 			       unsigned int *count)
 {

 	dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
 	return dbase_list(handle, dconfig, records, count);
 }

 struct validate_handler_arg {
 	semanage_handle_t *handle;
 	const sepol_policydb_t *policydb;
 };

 static int validate_handler(const semanage_seuser_t * seuser, void *varg)
 {

 	semanage_user_t *user = NULL;
 	semanage_user_key_t *key = NULL;
 	int exists, mls_ok;

 	/* Unpack varg */
 	struct validate_handler_arg *arg = (struct validate_handler_arg *)varg;
 	semanage_handle_t *handle = arg->handle;
 	const sepol_policydb_t *policydb = arg->policydb;

 	/* Unpack seuser */
 	const char *name = semanage_seuser_get_name(seuser);
 	const char *sename = semanage_seuser_get_sename(seuser);
 	const char *mls_range = semanage_seuser_get_mlsrange(seuser);
 	const char *user_mls_range;

 	/* Make sure the (SElinux) user exists */
 	if (semanage_user_key_create(handle, sename, &key) < 0)
 		goto err;
 	if (semanage_user_exists(handle, key, &exists) < 0)
 		goto err;
 	if (!exists) {
 		ERR(handle, "selinux user %s does not exist", sename);
 		goto invalid;
 	}

 	/* Verify that the mls range is valid, and that it's contained
 	 * within the (SELinux) user mls range. This range is optional */
 	if (mls_range && sepol_policydb_mls_enabled(policydb)) {

 		if (semanage_user_query(handle, key, &user) < 0)
 			goto err;
 		user_mls_range = semanage_user_get_mlsrange(user);

 		if (sepol_mls_check(handle->sepolh, policydb, mls_range) < 0)
 			goto invalid;
 		if (sepol_mls_contains(handle->sepolh, policydb,
 				       user_mls_range, mls_range, &mls_ok) < 0)
 			goto err;

 		if (!mls_ok) {
 			ERR(handle, "MLS range %s for Unix user %s "
 			    "exceeds allowed range %s for SELinux user %s",
 			    mls_range, name, user_mls_range, sename);
 			goto invalid;
 		}

 	} else if (mls_range) {
 		ERR(handle, "MLS is disabled, but MLS range %s "
 		    "was found for Unix user %s", mls_range, name);
 		goto invalid;
 	}

 	semanage_user_key_free(key);
 	semanage_user_free(user);
 	return 0;

       err:
 	ERR(handle, "could not check if seuser mapping for %s is valid", name);
 	semanage_user_key_free(key);
 	semanage_user_free(user);
 	return -1;

       invalid:
 	if (mls_range)
 		ERR(handle, "seuser mapping [%s -> (%s, %s)] is invalid",
 		    name, sename, mls_range);
 	else
 		ERR(handle, "seuser mapping [%s -> %s] is invalid",
 		    name, sename);
 	semanage_user_key_free(key);
 	semanage_user_free(user);
 	return -1;
 }

 /* This function may not be called outside a transaction, or
  * it will (1) deadlock, because iterate is not reentrant outside
  * a transaction, and (2) be racy, because it makes multiple dbase calls */

 int hidden semanage_seuser_validate_local(semanage_handle_t * handle,
 					  const sepol_policydb_t * policydb)
 {

 	struct validate_handler_arg arg;
 	arg.handle = handle;
 	arg.policydb = policydb;
 	return semanage_seuser_iterate_local(handle, validate_handler, &arg);
 }
	/* Copyright (C) 2005 Red Hat, Inc. */

	struct semanage_seuser;
	struct semanage_seuser_key;
	typedef struct semanage_seuser_key record_key_t;
	typedef struct semanage_seuser record_t;
	#define DBASE_RECORD_DEFINED

	#include <sepol/policydb.h>
	#include <sepol/context.h>
	#include <libaudit.h>
	#include <errno.h>
	#include "user_internal.h"
	#include "seuser_internal.h"
	#include "handle.h"
	#include "database.h"
	#include "debug.h"
	#include "string.h"
	#include <stdlib.h>

	static char semanage_user_roles(semanage_handle_t handle, const char *sename) {
	char *roles = NULL;
	unsigned int num_roles;
	size_t i;
	size_t size = 0;
	const char **roles_arr;
	semanage_user_key_t *key = NULL;
	semanage_user_t * user;
	if (semanage_user_key_create(handle, sename, &key) >= 0) {
	if (semanage_user_query(handle, key, &user) >= 0) {
	if (semanage_user_get_roles(handle,
	user,
	&roles_arr,
	&num_roles) >= 0) {
	for (i = 0; i<num_roles; i++) {
	size += (strlen(roles_arr[i]) + 1);
	}
	roles = malloc(size);
	if (roles) {
	strcpy(roles,roles_arr[0]);
	for (i = 1; i<num_roles; i++) {
	strcat(roles,",");
	strcat(roles,roles_arr[i]);
	}
	}
	}
	semanage_user_free(user);
	}
	semanage_user_key_free(key);
	}
	return roles;
	}

	static int semanage_seuser_audit(semanage_handle_t * handle,
	const semanage_seuser_t * seuser,
	const semanage_seuser_t * previous,
	int audit_type,
	int success) {
	const char *name = NULL;
	const char *sename = NULL;
	char *roles = NULL;
	const char *mls = NULL;
	const char *psename = NULL;
	const char *pmls = NULL;
	char *proles = NULL;
	char msg[1024];
	const char *sep = "-";
	int rc = -1;
	strcpy(msg, "login");
	if (seuser) {
	name = semanage_seuser_get_name(seuser);
	sename = semanage_seuser_get_sename(seuser);
	mls = semanage_seuser_get_mlsrange(seuser);
	roles = semanage_user_roles(handle, sename);
	}
	if (previous) {
	psename = semanage_seuser_get_sename(previous);
	pmls = semanage_seuser_get_mlsrange(previous);
	proles = semanage_user_roles(handle, psename);
	}
	if (audit_type != AUDIT_ROLE_REMOVE) {
	if (sename && (!psename \|\| strcmp(psename, sename) != 0)) {
	strcat(msg,sep);
	strcat(msg,"sename");
	sep = ",";
	}
	if (roles && (!proles \|\| strcmp(proles, roles) != 0)) {
	strcat(msg,sep);
	strcat(msg,"role");
	sep = ",";
	}
	if (mls && (!pmls \|\| strcmp(pmls, mls) != 0)) {
	strcat(msg,sep);
	strcat(msg,"range");
	}
	}

	int fd = audit_open();
	if (fd < 0)
	{
	/* If kernel doesn't support audit, bail out */
	if (errno == EINVAL \|\| errno == EPROTONOSUPPORT \|\| errno == EAFNOSUPPORT) {
	rc = 0;
	goto err;
	}
	rc = fd;
	goto err;
	}
	audit_log_semanage_message(fd, audit_type, NULL, msg, name, 0, sename, roles, mls, psename, proles, pmls, NULL, NULL,NULL, success);
	rc = 0;
	err:
	audit_close(fd);
	free(roles);
	free(proles);
	return rc;
	}

	int semanage_seuser_modify_local(semanage_handle_t * handle,
	const semanage_seuser_key_t * key,
	const semanage_seuser_t * data)
	{
	int rc;
	void callback = (void ) handle->msg_callback;
	dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
	const char *sename = semanage_seuser_get_sename(data);
	const char *mls_range = semanage_seuser_get_mlsrange(data);
	semanage_seuser_t *previous = NULL;
	semanage_seuser_t *new = NULL;

	if (!sename) {
	errno=EINVAL;
	return -1;
	}
	rc = semanage_seuser_clone(handle, data, &new);
	if (rc < 0) {
	goto err;
	}

	if (!mls_range && semanage_mls_enabled(handle)) {
	semanage_user_key_t *ukey = NULL;
	semanage_user_t *u = NULL;
	rc = semanage_user_key_create(handle, sename, &ukey);
	if (rc < 0)
	goto err;

	rc = semanage_user_query(handle, ukey, &u);
	semanage_user_key_free(ukey);
	if (rc >= 0 ) {
	mls_range = semanage_user_get_mlsrange(u);
	rc = semanage_seuser_set_mlsrange(handle, new, mls_range);
	semanage_user_free(u);
	}
	if (rc < 0)
	goto err;
	}

	handle->msg_callback = NULL;
	(void) semanage_seuser_query(handle, key, &previous);
	handle->msg_callback = callback;
	rc = dbase_modify(handle, dconfig, key, new);
	if (semanage_seuser_audit(handle, new, previous, AUDIT_ROLE_ASSIGN, rc == 0) < 0)
	rc = -1;
	err:
	if (previous)
	semanage_seuser_free(previous);
	semanage_seuser_free(new);
	return rc;
	}

	int semanage_seuser_del_local(semanage_handle_t * handle,
	const semanage_seuser_key_t * key)
	{
	int rc;
	semanage_seuser_t *seuser = NULL;
	dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
	rc = dbase_del(handle, dconfig, key);
	semanage_seuser_query(handle, key, &seuser);
	if (semanage_seuser_audit(handle, NULL, seuser, AUDIT_ROLE_REMOVE, rc == 0) < 0)
	rc = -1;
	if (seuser)
	semanage_seuser_free(seuser);
	return rc;
	}

	int semanage_seuser_query_local(semanage_handle_t * handle,
	const semanage_seuser_key_t * key,
	semanage_seuser_t ** response)
	{

	dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
	return dbase_query(handle, dconfig, key, response);
	}

	int semanage_seuser_exists_local(semanage_handle_t * handle,
	const semanage_seuser_key_t * key,
	int *response)
	{

	dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
	return dbase_exists(handle, dconfig, key, response);
	}

	int semanage_seuser_count_local(semanage_handle_t * handle,
	unsigned int *response)
	{

	dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
	return dbase_count(handle, dconfig, response);
	}

	int semanage_seuser_iterate_local(semanage_handle_t * handle,
	int (handler) (const semanage_seuser_t
	record, void *varg),
	void *handler_arg)
	{

	dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
	return dbase_iterate(handle, dconfig, handler, handler_arg);
	}

	hidden_def(semanage_seuser_iterate_local)

	int semanage_seuser_list_local(semanage_handle_t * handle,
	semanage_seuser_t *** records,
	unsigned int *count)
	{

	dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
	return dbase_list(handle, dconfig, records, count);
	}

	struct validate_handler_arg {
	semanage_handle_t *handle;
	const sepol_policydb_t *policydb;
	};

	static int validate_handler(const semanage_seuser_t * seuser, void *varg)
	{

	semanage_user_t *user = NULL;
	semanage_user_key_t *key = NULL;
	int exists, mls_ok;

	/* Unpack varg */
	struct validate_handler_arg arg = (struct validate_handler_arg )varg;
	semanage_handle_t *handle = arg->handle;
	const sepol_policydb_t *policydb = arg->policydb;

	/* Unpack seuser */
	const char *name = semanage_seuser_get_name(seuser);
	const char *sename = semanage_seuser_get_sename(seuser);
	const char *mls_range = semanage_seuser_get_mlsrange(seuser);
	const char *user_mls_range;

	/* Make sure the (SElinux) user exists */
	if (semanage_user_key_create(handle, sename, &key) < 0)
	goto err;
	if (semanage_user_exists(handle, key, &exists) < 0)
	goto err;
	if (!exists) {
	ERR(handle, "selinux user %s does not exist", sename);
	goto invalid;
	}

	/* Verify that the mls range is valid, and that it's contained
	* within the (SELinux) user mls range. This range is optional */
	if (mls_range && sepol_policydb_mls_enabled(policydb)) {

	if (semanage_user_query(handle, key, &user) < 0)
	goto err;
	user_mls_range = semanage_user_get_mlsrange(user);

	if (sepol_mls_check(handle->sepolh, policydb, mls_range) < 0)
	goto invalid;
	if (sepol_mls_contains(handle->sepolh, policydb,
	user_mls_range, mls_range, &mls_ok) < 0)
	goto err;

	if (!mls_ok) {
	ERR(handle, "MLS range %s for Unix user %s "
	"exceeds allowed range %s for SELinux user %s",
	mls_range, name, user_mls_range, sename);
	goto invalid;
	}

	} else if (mls_range) {
	ERR(handle, "MLS is disabled, but MLS range %s "
	"was found for Unix user %s", mls_range, name);
	goto invalid;
	}

	semanage_user_key_free(key);
	semanage_user_free(user);
	return 0;

	err:
	ERR(handle, "could not check if seuser mapping for %s is valid", name);
	semanage_user_key_free(key);
	semanage_user_free(user);
	return -1;

	invalid:
	if (mls_range)
	ERR(handle, "seuser mapping [%s -> (%s, %s)] is invalid",
	name, sename, mls_range);
	else
	ERR(handle, "seuser mapping [%s -> %s] is invalid",
	name, sename);
	semanage_user_key_free(key);
	semanage_user_free(user);
	return -1;
	}

	/* This function may not be called outside a transaction, or
	* it will (1) deadlock, because iterate is not reentrant outside
	* a transaction, and (2) be racy, because it makes multiple dbase calls */

	int hidden semanage_seuser_validate_local(semanage_handle_t * handle,
	const sepol_policydb_t * policydb)
	{

	struct validate_handler_arg arg;
	arg.handle = handle;
	arg.policydb = policydb;
	return semanage_seuser_iterate_local(handle, validate_handler, &arg);
	}