selinux 0.6.0

Flexible Mandatory Access Control for Linux
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237

#[cfg(test)]
mod tests;

use alloc::sync::{Arc, Weak};
use core::marker::PhantomData;
use core::ptr;
use std::io;
use std::os::raw::{c_char, c_int, c_uint, c_void};

//use reference_counted_singleton::{RCSRef, RefCountedSingleton};

use parking_lot::Mutex;

use crate::SecurityContext;
use crate::errors::{Error, Result};
use crate::utils::{ret_val_to_result, str_to_c_string};

#[derive(Debug, PartialEq, Eq, PartialOrd, Ord)]
#[repr(transparent)]
struct SELinuxOption(selinux_sys::selinux_opt);

// SAFETY: `selinux_sys::selinux_opt` is treated as an opaque byte sequence.
// In particular, the pointer inside `selinux_sys::selinux_opt` is never dereferenced.
unsafe impl Send for SELinuxOption {}
unsafe impl Sync for SELinuxOption {}

/// Access vector cache.
#[derive(Debug, PartialEq, Eq)]
pub struct AccessVectorCache {
    options: Box<[SELinuxOption]>,
}

impl AccessVectorCache {
    /// Initialize the user space access vector cache.
    ///
    /// The `options` parameter produces zero or more `(type, value)` tuples, where:
    /// - `type` is one of `selinux_sys::AVC_OPT_*` values,
    ///   *e.g.*, [`selinux_sys::AVC_OPT_SETENFORCE`].
    /// - `value` is a pointer whose semantics are specific to `type`.
    ///
    /// Attempting to initialize the access vector cache while it is still
    /// initialized succeeds only if the subsequent initialization uses the same
    /// set of options as the previous, still in scope, one.
    ///
    /// See: `avc_open()`.
    #[doc(alias = "avc_open")]
    pub fn initialize(options: &[(c_int, *const c_void)]) -> Result<Arc<Self>> {
        static AVC: Mutex<Weak<AccessVectorCache>> = Mutex::new(Weak::new());

        let mut options: Vec<SELinuxOption> = options
            .iter()
            .map(|&(type_, value)| {
                SELinuxOption(selinux_sys::selinux_opt {
                    type_,
                    value: value.cast(),
                })
            })
            .collect();
        options.sort_unstable();
        options.dedup();
        let mut options = options.into_boxed_slice();

        let count = c_uint::try_from(options.len())?;
        let options_ptr = if count == 0 {
            ptr::null_mut()
        } else {
            options.as_mut_ptr().cast()
        };

        let mut avc = AVC.lock();
        if let Some(existing_avc) = Weak::upgrade(&*avc) {
            if *existing_avc.options == *options {
                // Initializing, while still initialized, using the same set of options.
                Ok(existing_avc)
            } else {
                // Initializing, while still initialized, with a different set of options,
                // is an error.
                let err = io::ErrorKind::AlreadyExists.into();
                Err(Error::from_io("AccessVectorCache::initialize()", err))
            }
        } else {
            // First initialization, or reinitialization.
            if unsafe { selinux_sys::avc_open(options_ptr, count) } == -1 {
                Err(Error::last_io_error("avc_open()"))
            } else {
                let new_avc = Arc::new(AccessVectorCache { options });
                *avc = Arc::downgrade(&new_avc);
                Ok(new_avc)
            }
        }
    }

    /// Flush the user space access vector cache, causing it to forget any
    /// cached access decisions.
    ///
    /// See: `avc_reset()`.
    #[doc(alias = "avc_reset")]
    pub fn reset(&self) -> Result<()> {
        ret_val_to_result("avc_reset()", unsafe { selinux_sys::avc_reset() })
    }

    /// Attempt to free unused memory within the user space access vector
    /// cache, but do not flush any cached access decisions.
    ///
    /// See: `avc_cleanup()`.
    #[doc(alias = "avc_cleanup")]
    pub fn clean_up(&self) {
        unsafe { selinux_sys::avc_cleanup() }
    }

    /// Return a security identifier for the kernel initial security identifier
    /// specified by `security_identifier_name`.
    ///
    /// See: `avc_get_initial_sid()`.
    #[doc(alias = "avc_get_initial_sid")]
    pub fn kernel_initial_security_id<'context>(
        &'context self,
        security_id_name: &str,
        raw_format: bool,
    ) -> Result<SecurityID<'context>> {
        let c_name = str_to_c_string(security_id_name)?;
        let mut security_id: *mut selinux_sys::security_id = ptr::null_mut();
        if unsafe { selinux_sys::avc_get_initial_sid(c_name.as_ptr(), &raw mut security_id) }
            == -1_i32
        {
            Err(Error::last_io_error("avc_get_initial_sid()"))
        } else {
            Ok(SecurityID {
                security_id,
                is_raw: raw_format,
                _phantom_data: PhantomData,
            })
        }
    }

    /// Return a security context for the given security identifier.
    ///
    /// See: `avc_sid_to_context()`.
    #[doc(alias = "avc_sid_to_context")]
    pub fn security_context_from_security_id<'context>(
        &'context self,
        mut security_id: SecurityID,
    ) -> Result<SecurityContext<'context>> {
        let is_raw = security_id.is_raw_format();
        let (proc, proc_name): (unsafe extern "C" fn(_, _) -> _, _) = if is_raw {
            let proc_name = "avc_sid_to_context_raw()";
            (selinux_sys::avc_sid_to_context_raw, proc_name)
        } else {
            let proc_name = "avc_sid_to_context()";
            (selinux_sys::avc_sid_to_context, proc_name)
        };

        let mut context: *mut c_char = ptr::null_mut();
        let r = unsafe { proc(security_id.as_mut_ptr(), &raw mut context) };
        SecurityContext::from_result(proc_name, r, context, is_raw)
    }

    /// Return a security identifier for the given security context.
    ///
    /// See: `avc_context_to_sid()`.
    #[doc(alias = "avc_context_to_sid")]
    pub fn security_id_from_security_context<'context>(
        &'context self,
        context: SecurityContext,
    ) -> Result<SecurityID<'context>> {
        let is_raw = context.is_raw_format();
        let (proc, proc_name): (unsafe extern "C" fn(_, _) -> _, _) = if is_raw {
            let proc_name = "avc_context_to_sid_raw()";
            (selinux_sys::avc_context_to_sid_raw, proc_name)
        } else {
            let proc_name = "avc_context_to_sid()";
            (selinux_sys::avc_context_to_sid, proc_name)
        };

        let mut security_id: *mut selinux_sys::security_id = ptr::null_mut();
        if unsafe { proc(context.as_ptr(), &raw mut security_id) } == -1_i32 {
            Err(Error::last_io_error(proc_name))
        } else {
            Ok(SecurityID {
                security_id,
                is_raw,
                _phantom_data: PhantomData,
            })
        }
    }
}

impl Drop for AccessVectorCache {
    fn drop(&mut self) {
        unsafe { selinux_sys::avc_destroy() };
    }
}

/// SELinux security identifier.
#[derive(Debug)]
pub struct SecurityID<'id> {
    security_id: *mut selinux_sys::security_id,
    is_raw: bool,
    _phantom_data: PhantomData<&'id selinux_sys::security_id>,
}

impl SecurityID<'_> {
    /// Return `true` if the security identifier is unspecified.
    #[must_use]
    pub fn is_unspecified(&self) -> bool {
        self.security_id.is_null()
    }

    /// Return `false` if security context translation must be performed.
    #[must_use]
    pub fn is_raw_format(&self) -> bool {
        self.is_raw
    }

    /// Return the managed raw pointer to [`selinux_sys::security_id`].
    #[must_use]
    pub fn as_ptr(&self) -> *const selinux_sys::security_id {
        self.security_id.cast()
    }

    /// Return the managed raw pointer to [`selinux_sys::security_id`].
    #[must_use]
    pub fn as_mut_ptr(&mut self) -> *mut selinux_sys::security_id {
        self.security_id
    }
}

impl Default for SecurityID<'_> {
    /// Return an unspecified security identifier.
    fn default() -> Self {
        Self {
            security_id: ptr::null_mut(),
            is_raw: false,
            _phantom_data: PhantomData,
        }
    }
}