1 // SPDX-License-Identifier: GPL-2.0-only
3  *  NSA Security-Enhanced Linux (SELinux) security module
22  *	CONFIG_SECURITY=y
23  *	CONFIG_SECURITY_NETWORK=y
24  *	CONFIG_SECURITY_NETWORK_XFRM=y
25  *	CONFIG_SECURITY_SELINUX=m/y
58 		(ctx->ctx_doi == XFRM_SC_DOI_LSM) &&  in selinux_authorizable_ctx()
59 		(ctx->ctx_alg == XFRM_SC_ALG_SELINUX));  in selinux_authorizable_ctx()
67 	return selinux_authorizable_ctx(x->security);  in selinux_authorizable_xfrm()
78 	int rc;  in selinux_xfrm_alloc_user()  local
84 	    uctx->ctx_doi != XFRM_SC_DOI_LSM ||  in selinux_xfrm_alloc_user()
85 	    uctx->ctx_alg != XFRM_SC_ALG_SELINUX)  in selinux_xfrm_alloc_user()
86 		return -EINVAL;  in selinux_xfrm_alloc_user()
88 	str_len = uctx->ctx_len;  in selinux_xfrm_alloc_user()
90 		return -ENOMEM;  in selinux_xfrm_alloc_user()
94 		return -ENOMEM;  in selinux_xfrm_alloc_user()
96 	ctx->ctx_doi = XFRM_SC_DOI_LSM;  in selinux_xfrm_alloc_user()
97 	ctx->ctx_alg = XFRM_SC_ALG_SELINUX;  in selinux_xfrm_alloc_user()
98 	ctx->ctx_len = str_len;  in selinux_xfrm_alloc_user()
99 	memcpy(ctx->ctx_str, &uctx[1], str_len);  in selinux_xfrm_alloc_user()
100 	ctx->ctx_str[str_len] = '\0';  in selinux_xfrm_alloc_user()
101 	rc = security_context_to_sid(&selinux_state, ctx->ctx_str, str_len,  in selinux_xfrm_alloc_user()
102 				     &ctx->ctx_sid, gfp);  in selinux_xfrm_alloc_user()
103 	if (rc)  in selinux_xfrm_alloc_user()
106 	rc = avc_has_perm(&selinux_state,  in selinux_xfrm_alloc_user()
107 			  tsec->sid, ctx->ctx_sid,  in selinux_xfrm_alloc_user()
109 	if (rc)  in selinux_xfrm_alloc_user()
118 	return rc;  in selinux_xfrm_alloc_user()
144 			    tsec->sid, ctx->ctx_sid,  in selinux_xfrm_delete()
155 	int rc;  in selinux_xfrm_policy_lookup()  local
158 	 * "non-labeled" policy. This would prevent inadvertent "leaks". */  in selinux_xfrm_policy_lookup()
164 		return -EINVAL;  in selinux_xfrm_policy_lookup()
166 	rc = avc_has_perm(&selinux_state,  in selinux_xfrm_policy_lookup()
167 			  fl_secid, ctx->ctx_sid,  in selinux_xfrm_policy_lookup()
169 	return (rc == -EACCES ? -ESRCH : rc);  in selinux_xfrm_policy_lookup()
183 	if (!xp->security)  in selinux_xfrm_state_pol_flow_match()
184 		if (x->security)  in selinux_xfrm_state_pol_flow_match()
191 		if (!x->security)  in selinux_xfrm_state_pol_flow_match()
196 				/* Not a SELinux-labeled SA */  in selinux_xfrm_state_pol_flow_match()
199 	state_sid = x->security->ctx_sid;  in selinux_xfrm_state_pol_flow_match()
200 	flic_sid = flic->flowic_secid;  in selinux_xfrm_state_pol_flow_match()
220 	x = dst->xfrm;  in selinux_xfrm_skb_sid_egress()
224 	return x->security->ctx_sid;  in selinux_xfrm_skb_sid_egress()
236 		for (i = sp->len - 1; i >= 0; i--) {  in selinux_xfrm_skb_sid_ingress()
237 			struct xfrm_state *x = sp->xvec[i];  in selinux_xfrm_skb_sid_ingress()
239 				struct xfrm_sec_ctx *ctx = x->security;  in selinux_xfrm_skb_sid_ingress()
242 					sid_session = ctx->ctx_sid;  in selinux_xfrm_skb_sid_ingress()
245 				} else if (sid_session != ctx->ctx_sid) {  in selinux_xfrm_skb_sid_ingress()
247 					return -EINVAL;  in selinux_xfrm_skb_sid_ingress()
273 	int rc;  in selinux_xfrm_skb_sid()  local
275 	rc = selinux_xfrm_skb_sid_ingress(skb, sid, 0);  in selinux_xfrm_skb_sid()
276 	if (rc == 0 && *sid == SECSID_NULL)  in selinux_xfrm_skb_sid()
279 	return rc;  in selinux_xfrm_skb_sid()
304 	new_ctx = kmemdup(old_ctx, sizeof(*old_ctx) + old_ctx->ctx_len,  in selinux_xfrm_policy_clone()
307 		return -ENOMEM;  in selinux_xfrm_policy_clone()
337 	return selinux_xfrm_alloc_user(&x->security, uctx, GFP_KERNEL);  in selinux_xfrm_state_alloc()
347 	int rc;  in selinux_xfrm_state_alloc_acquire()  local
356 		return -EINVAL;  in selinux_xfrm_state_alloc_acquire()
358 	rc = security_sid_to_context(&selinux_state, secid, &ctx_str,  in selinux_xfrm_state_alloc_acquire()
360 	if (rc)  in selinux_xfrm_state_alloc_acquire()
361 		return rc;  in selinux_xfrm_state_alloc_acquire()
365 		rc = -ENOMEM;  in selinux_xfrm_state_alloc_acquire()
369 	ctx->ctx_doi = XFRM_SC_DOI_LSM;  in selinux_xfrm_state_alloc_acquire()
370 	ctx->ctx_alg = XFRM_SC_ALG_SELINUX;  in selinux_xfrm_state_alloc_acquire()
371 	ctx->ctx_sid = secid;  in selinux_xfrm_state_alloc_acquire()
372 	ctx->ctx_len = str_len;  in selinux_xfrm_state_alloc_acquire()
373 	memcpy(ctx->ctx_str, ctx_str, str_len);  in selinux_xfrm_state_alloc_acquire()
375 	x->security = ctx;  in selinux_xfrm_state_alloc_acquire()
379 	return rc;  in selinux_xfrm_state_alloc_acquire()
387 	selinux_xfrm_free(x->security);  in selinux_xfrm_state_free()
395 	return selinux_xfrm_delete(x->security);  in selinux_xfrm_state_delete()
413 		for (i = 0; i < sp->len; i++) {  in selinux_xfrm_sock_rcv_skb()
414 			struct xfrm_state *x = sp->xvec[i];  in selinux_xfrm_sock_rcv_skb()
417 				struct xfrm_sec_ctx *ctx = x->security;  in selinux_xfrm_sock_rcv_skb()
418 				peer_sid = ctx->ctx_sid;  in selinux_xfrm_sock_rcv_skb()
426 	 * non-IPsec communication unless explicitly allowed by policy. */  in selinux_xfrm_sock_rcv_skb()
461 			struct xfrm_state *x = iter->xfrm;  in selinux_xfrm_postroute_last()
470 	 * non-IPsec communication unless explicitly allowed by policy. */  in selinux_xfrm_postroute_last()