diff options
| author | Lennart Poettering <lennart@poettering.net> | 2013-11-28 17:50:02 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2013-11-28 18:42:18 +0100 |
| commit | 5b12334d35eadf1f45cc3d631fd1a2e72ffaea0a (patch) | |
| tree | 55682fbecfeb705adfaf0f78fd76f5c8dc219b1b /src/core/selinux-access.c | |
| parent | 70f75a523b16ad495a7791d595ee3eececf75953 (diff) | |
bus: add new sd_bus_creds object to encapsulate process credentials
This way we can unify handling of credentials that are attached to
messages, or can be queried for bus name owners or connection peers.
This also adds the ability to extend incomplete credential information
with data from /proc,
Also, provide a convenience call that will automatically determine the
most appropriate credential object for an incoming message, by using the
the attached information if possible, the sending name information if
available and otherwise the peer's credentials.
Diffstat (limited to 'src/core/selinux-access.c')
| -rw-r--r-- | src/core/selinux-access.c | 219 |
1 files changed, 41 insertions, 178 deletions
diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c index cca3df652..21c7a8c5b 100644 --- a/src/core/selinux-access.c +++ b/src/core/selinux-access.c @@ -41,91 +41,16 @@ #include "audit.h" #include "selinux-util.h" #include "audit-fd.h" +#include "strv.h" static bool initialized = false; -struct auditstruct { +struct audit_info { + sd_bus_creds *creds; const char *path; - char *cmdline; - uid_t loginuid; - uid_t uid; - gid_t gid; + const char *cmdline; }; -static int bus_get_selinux_security_context( - sd_bus *bus, - const char *name, - sd_bus_error *error, - char **ret) { - - _cleanup_bus_message_unref_ sd_bus_message *m = NULL; - const void *p; - size_t sz; - char *b; - int r; - - assert(bus); - assert(name); - assert(ret); - - r = sd_bus_call_method( - bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionSELinuxSecurityContext", - error, &m, - "s", name); - if (r < 0) - return r; - - r = sd_bus_message_read_array(m, 'y', &p, &sz); - if (r < 0) - return r; - - b = strndup(p, sz); - if (!b) - return -ENOMEM; - - *ret = b; - return 0; -} - -static int bus_get_audit_data( - sd_bus *bus, - const char *name, - struct auditstruct *audit) { - - pid_t pid; - int r; - - assert(bus); - assert(name); - assert(audit); - - r = sd_bus_get_owner_pid(bus, name, &pid); - if (r < 0) - return r; - - r = audit_loginuid_from_pid(pid, &audit->loginuid); - if (r < 0) - return r; - - r = get_process_uid(pid, &audit->uid); - if (r < 0) - return r; - - r = get_process_gid(pid, &audit->gid); - if (r < 0) - return r; - - r = get_process_cmdline(pid, 0, true, &audit->cmdline); - if (r < 0) - return r; - - return 0; -} - /* Any time an access gets denied this callback will be called with the aduit data. We then need to just copy the audit data into the msgbuf. @@ -136,19 +61,19 @@ static int audit_callback( char *msgbuf, size_t msgbufsize) { - struct auditstruct *audit = (struct auditstruct *) auditdata; + const struct audit_info *audit = auditdata; + uid_t uid = 0, login_uid = 0; + gid_t gid = 0; + + sd_bus_creds_get_audit_login_uid(audit->creds, &login_uid); + sd_bus_creds_get_uid(audit->creds, &uid); + sd_bus_creds_get_gid(audit->creds, &gid); snprintf(msgbuf, msgbufsize, "auid=%d uid=%d gid=%d%s%s%s%s%s%s", - audit->loginuid, - audit->uid, - audit->gid, - (audit->path ? " path=\"" : ""), - strempty(audit->path), - (audit->path ? "\"" : ""), - (audit->cmdline ? " cmdline=\"" : ""), - strempty(audit->cmdline), - (audit->cmdline ? "\"" : "")); + login_uid, uid, gid, + audit->path ? " path=\"" : "", strempty(audit->path), audit->path ? "\"" : "", + audit->cmdline ? " cmdline=\"" : "", strempty(audit->cmdline), audit->cmdline ? "\"" : ""); msgbuf[msgbufsize-1] = 0; @@ -164,13 +89,12 @@ static int audit_callback( _printf_(2, 3) static int log_callback(int type, const char *fmt, ...) { va_list ap; - va_start(ap, fmt); - #ifdef HAVE_AUDIT if (get_audit_fd() >= 0) { _cleanup_free_ char *buf = NULL; int r; + va_start(ap, fmt); r = vasprintf(&buf, fmt, ap); va_end(ap); @@ -178,10 +102,10 @@ _printf_(2, 3) static int log_callback(int type, const char *fmt, ...) { audit_log_user_avc_message(get_audit_fd(), AUDIT_USER_AVC, buf, NULL, NULL, NULL, 0); return 0; } - - va_start(ap, fmt); } #endif + + va_start(ap, fmt); log_metav(LOG_USER | LOG_INFO, __FILE__, __LINE__, __FUNCTION__, fmt, ap); va_end(ap); @@ -238,76 +162,6 @@ void selinux_access_free(void) { initialized = false; } -static int get_audit_data( - sd_bus *bus, - sd_bus_message *message, - struct auditstruct *audit) { - - struct ucred ucred; - const char *sender; - socklen_t len; - int r, fd; - - sender = sd_bus_message_get_sender(message); - if (sender) - return bus_get_audit_data(bus, sender, audit); - - fd = sd_bus_get_fd(bus); - if (fd < 0) - return fd; - - len = sizeof(ucred); - r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &len); - if (r < 0) - return -errno; - - audit->uid = ucred.uid; - audit->gid = ucred.gid; - - r = audit_loginuid_from_pid(ucred.pid, &audit->loginuid); - if (r < 0) - return r; - - r = get_process_cmdline(ucred.pid, 0, true, &audit->cmdline); - if (r < 0) - return r; - - return 0; -} - -/* - This function returns the security context of the remote end of the dbus - connections. Whether it is on the bus or a local connection. -*/ -static int get_calling_context( - sd_bus *bus, - sd_bus_message *message, - sd_bus_error *error, - security_context_t *ret) { - - const char *sender; - int r, fd; - - /* - If sender exists then - if sender is NULL this indicates a local connection. Grab the fd - from dbus and do an getpeercon to peers process context - */ - sender = sd_bus_message_get_sender(message); - if (sender) - return bus_get_selinux_security_context(bus, sender, error, ret); - - fd = sd_bus_get_fd(bus); - if (fd < 0) - return fd; - - r = getpeercon(fd, ret); - if (r < 0) - return -errno; - - return 0; -} - /* This function communicates with the kernel to check whether or not it should allow the access. @@ -321,9 +175,12 @@ int selinux_generic_access_check( const char *permission, sd_bus_error *error) { - security_context_t scon = NULL, fcon = NULL; - const char *tclass = NULL; - struct auditstruct audit; + _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL; + const char *tclass = NULL, *scon = NULL; + struct audit_info audit_info = {}; + _cleanup_free_ char *cl = NULL; + security_context_t fcon = NULL; + char **cmdline = NULL; int r = 0; assert(bus); @@ -338,12 +195,16 @@ int selinux_generic_access_check( if (r < 0) return r; - audit.uid = audit.loginuid = (uid_t) -1; - audit.gid = (gid_t) -1; - audit.cmdline = NULL; - audit.path = path; + r = sd_bus_query_sender_creds( + message, + SD_BUS_CREDS_PID|SD_BUS_CREDS_UID|SD_BUS_CREDS_GID| + SD_BUS_CREDS_CMDLINE|SD_BUS_CREDS_AUDIT_LOGIN_UID| + SD_BUS_CREDS_SELINUX_CONTEXT, + &creds); + if (r < 0) + goto finish; - r = get_calling_context(bus, message, error, &scon); + r = sd_bus_creds_get_selinux_context(creds, &scon); if (r < 0) goto finish; @@ -367,21 +228,23 @@ int selinux_generic_access_check( tclass = "system"; } - get_audit_data(bus, message, &audit); + sd_bus_creds_get_cmdline(creds, &cmdline); + cl = strv_join(cmdline, " "); + + audit_info.creds = creds; + audit_info.path = path; + audit_info.cmdline = cl; - errno = 0; - r = selinux_check_access(scon, fcon, tclass, permission, &audit); + r = selinux_check_access((security_context_t) scon, fcon, tclass, permission, &audit_info); if (r < 0) r = sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "SELinux policy denies access."); - log_debug("SELinux access check scon=%s tcon=%s tclass=%s perm=%s path=%s cmdline=%s: %i", scon, fcon, tclass, permission, path, audit.cmdline, r); + log_debug("SELinux access check scon=%s tcon=%s tclass=%s perm=%s path=%s cmdline=%s: %i", scon, fcon, tclass, permission, path, cl, r); finish: - free(audit.cmdline); - freecon(scon); freecon(fcon); - if (r && security_getenforce() != 1) { + if (r < 0 && security_getenforce() != 1) { sd_bus_error_free(error); r = 0; } |