1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25#include <linux/init.h>
26#include <linux/kernel.h>
27#include <linux/ptrace.h>
28#include <linux/errno.h>
29#include <linux/sched.h>
30#include <linux/security.h>
31#include <linux/xattr.h>
32#include <linux/capability.h>
33#include <linux/unistd.h>
34#include <linux/mm.h>
35#include <linux/mman.h>
36#include <linux/slab.h>
37#include <linux/pagemap.h>
38#include <linux/swap.h>
39#include <linux/spinlock.h>
40#include <linux/syscalls.h>
41#include <linux/file.h>
42#include <linux/namei.h>
43#include <linux/mount.h>
44#include <linux/ext2_fs.h>
45#include <linux/proc_fs.h>
46#include <linux/kd.h>
47#include <linux/netfilter_ipv4.h>
48#include <linux/netfilter_ipv6.h>
49#include <linux/tty.h>
50#include <net/icmp.h>
51#include <net/ip.h>
52#include <net/tcp.h>
53#include <asm/uaccess.h>
54#include <asm/ioctls.h>
55#include <linux/bitops.h>
56#include <linux/interrupt.h>
57#include <linux/netdevice.h>
58#include <linux/netlink.h>
59#include <linux/tcp.h>
60#include <linux/udp.h>
61#include <linux/dccp.h>
62#include <linux/quota.h>
63#include <linux/un.h>
64#include <net/af_unix.h>
65#include <linux/parser.h>
66#include <linux/nfs_mount.h>
67#include <net/ipv6.h>
68#include <linux/hugetlb.h>
69#include <linux/personality.h>
70#include <linux/sysctl.h>
71#include <linux/audit.h>
72#include <linux/string.h>
73#include <linux/selinux.h>
74#include <linux/mutex.h>
75
76#include "avc.h"
77#include "objsec.h"
78#include "netif.h"
79#include "xfrm.h"
80#include "netlabel.h"
81
82#define XATTR_SELINUX_SUFFIX "selinux"
83#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
84
85extern unsigned int policydb_loaded_version;
86extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
87extern int selinux_compat_net;
88extern struct security_operations *security_ops;
89
90#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
91int selinux_enforcing = 0;
92
93static int __init enforcing_setup(char *str)
94{
95 selinux_enforcing = simple_strtol(str,NULL,0);
96 return 1;
97}
98__setup("enforcing=", enforcing_setup);
99#endif
100
101#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
102int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
103
104static int __init selinux_enabled_setup(char *str)
105{
106 selinux_enabled = simple_strtol(str, NULL, 0);
107 return 1;
108}
109__setup("selinux=", selinux_enabled_setup);
110#else
111int selinux_enabled = 1;
112#endif
113
114
115static struct security_operations *original_ops = NULL;
116
117
118
119
120
121static struct security_operations *secondary_ops = NULL;
122
123
124
125static LIST_HEAD(superblock_security_head);
126static DEFINE_SPINLOCK(sb_security_lock);
127
128static struct kmem_cache *sel_inode_cache;
129
130
131
132static int selinux_getsecurity(u32 sid, void *buffer, size_t size)
133{
134 char *context;
135 unsigned len;
136 int rc;
137
138 rc = security_sid_to_context(sid, &context, &len);
139 if (rc)
140 return rc;
141
142 if (!buffer || !size)
143 goto getsecurity_exit;
144
145 if (size < len) {
146 len = -ERANGE;
147 goto getsecurity_exit;
148 }
149 memcpy(buffer, context, len);
150
151getsecurity_exit:
152 kfree(context);
153 return len;
154}
155
156
157
158static int task_alloc_security(struct task_struct *task)
159{
160 struct task_security_struct *tsec;
161
162 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
163 if (!tsec)
164 return -ENOMEM;
165
166 tsec->task = task;
167 tsec->osid = tsec->sid = tsec->ptrace_sid = SECINITSID_UNLABELED;
168 task->security = tsec;
169
170 return 0;
171}
172
173static void task_free_security(struct task_struct *task)
174{
175 struct task_security_struct *tsec = task->security;
176 task->security = NULL;
177 kfree(tsec);
178}
179
180static int inode_alloc_security(struct inode *inode)
181{
182 struct task_security_struct *tsec = current->security;
183 struct inode_security_struct *isec;
184
185 isec = kmem_cache_zalloc(sel_inode_cache, GFP_KERNEL);
186 if (!isec)
187 return -ENOMEM;
188
189 mutex_init(&isec->lock);
190 INIT_LIST_HEAD(&isec->list);
191 isec->inode = inode;
192 isec->sid = SECINITSID_UNLABELED;
193 isec->sclass = SECCLASS_FILE;
194 isec->task_sid = tsec->sid;
195 inode->i_security = isec;
196
197 return 0;
198}
199
200static void inode_free_security(struct inode *inode)
201{
202 struct inode_security_struct *isec = inode->i_security;
203 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
204
205 spin_lock(&sbsec->isec_lock);
206 if (!list_empty(&isec->list))
207 list_del_init(&isec->list);
208 spin_unlock(&sbsec->isec_lock);
209
210 inode->i_security = NULL;
211 kmem_cache_free(sel_inode_cache, isec);
212}
213
214static int file_alloc_security(struct file *file)
215{
216 struct task_security_struct *tsec = current->security;
217 struct file_security_struct *fsec;
218
219 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
220 if (!fsec)
221 return -ENOMEM;
222
223 fsec->file = file;
224 fsec->sid = tsec->sid;
225 fsec->fown_sid = tsec->sid;
226 file->f_security = fsec;
227
228 return 0;
229}
230
231static void file_free_security(struct file *file)
232{
233 struct file_security_struct *fsec = file->f_security;
234 file->f_security = NULL;
235 kfree(fsec);
236}
237
238static int superblock_alloc_security(struct super_block *sb)
239{
240 struct superblock_security_struct *sbsec;
241
242 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
243 if (!sbsec)
244 return -ENOMEM;
245
246 mutex_init(&sbsec->lock);
247 INIT_LIST_HEAD(&sbsec->list);
248 INIT_LIST_HEAD(&sbsec->isec_head);
249 spin_lock_init(&sbsec->isec_lock);
250 sbsec->sb = sb;
251 sbsec->sid = SECINITSID_UNLABELED;
252 sbsec->def_sid = SECINITSID_FILE;
253 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
254 sb->s_security = sbsec;
255
256 return 0;
257}
258
259static void superblock_free_security(struct super_block *sb)
260{
261 struct superblock_security_struct *sbsec = sb->s_security;
262
263 spin_lock(&sb_security_lock);
264 if (!list_empty(&sbsec->list))
265 list_del_init(&sbsec->list);
266 spin_unlock(&sb_security_lock);
267
268 sb->s_security = NULL;
269 kfree(sbsec);
270}
271
272static int sk_alloc_security(struct sock *sk, int family, gfp_t priority)
273{
274 struct sk_security_struct *ssec;
275
276 ssec = kzalloc(sizeof(*ssec), priority);
277 if (!ssec)
278 return -ENOMEM;
279
280 ssec->sk = sk;
281 ssec->peer_sid = SECINITSID_UNLABELED;
282 ssec->sid = SECINITSID_UNLABELED;
283 sk->sk_security = ssec;
284
285 selinux_netlbl_sk_security_init(ssec, family);
286
287 return 0;
288}
289
290static void sk_free_security(struct sock *sk)
291{
292 struct sk_security_struct *ssec = sk->sk_security;
293
294 sk->sk_security = NULL;
295 kfree(ssec);
296}
297
298
299
300extern int ss_initialized;
301
302
303
304static char *labeling_behaviors[6] = {
305 "uses xattr",
306 "uses transition SIDs",
307 "uses task SIDs",
308 "uses genfs_contexts",
309 "not configured for labeling",
310 "uses mountpoint labeling",
311};
312
313static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
314
315static inline int inode_doinit(struct inode *inode)
316{
317 return inode_doinit_with_dentry(inode, NULL);
318}
319
320enum {
321 Opt_error = -1,
322 Opt_context = 1,
323 Opt_fscontext = 2,
324 Opt_defcontext = 4,
325 Opt_rootcontext = 8,
326};
327
328static match_table_t tokens = {
329 {Opt_context, "context=%s"},
330 {Opt_fscontext, "fscontext=%s"},
331 {Opt_defcontext, "defcontext=%s"},
332 {Opt_rootcontext, "rootcontext=%s"},
333 {Opt_error, NULL},
334};
335
336#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
337
338static int may_context_mount_sb_relabel(u32 sid,
339 struct superblock_security_struct *sbsec,
340 struct task_security_struct *tsec)
341{
342 int rc;
343
344 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
345 FILESYSTEM__RELABELFROM, NULL);
346 if (rc)
347 return rc;
348
349 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
350 FILESYSTEM__RELABELTO, NULL);
351 return rc;
352}
353
354static int may_context_mount_inode_relabel(u32 sid,
355 struct superblock_security_struct *sbsec,
356 struct task_security_struct *tsec)
357{
358 int rc;
359 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
360 FILESYSTEM__RELABELFROM, NULL);
361 if (rc)
362 return rc;
363
364 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
365 FILESYSTEM__ASSOCIATE, NULL);
366 return rc;
367}
368
369static int try_context_mount(struct super_block *sb, void *data)
370{
371 char *context = NULL, *defcontext = NULL;
372 char *fscontext = NULL, *rootcontext = NULL;
373 const char *name;
374 u32 sid;
375 int alloc = 0, rc = 0, seen = 0;
376 struct task_security_struct *tsec = current->security;
377 struct superblock_security_struct *sbsec = sb->s_security;
378
379 if (!data)
380 goto out;
381
382 name = sb->s_type->name;
383
384 if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA) {
385
386
387 if (!strcmp(name, "nfs")) {
388 struct nfs_mount_data *d = data;
389
390 if (d->version < NFS_MOUNT_VERSION)
391 goto out;
392
393 if (d->context[0]) {
394 context = d->context;
395 seen |= Opt_context;
396 }
397 } else
398 goto out;
399
400 } else {
401
402 char *p, *options = data;
403
404 while ((p = strsep(&options, "|")) != NULL) {
405 int token;
406 substring_t args[MAX_OPT_ARGS];
407
408 if (!*p)
409 continue;
410
411 token = match_token(p, tokens, args);
412
413 switch (token) {
414 case Opt_context:
415 if (seen & (Opt_context|Opt_defcontext)) {
416 rc = -EINVAL;
417 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
418 goto out_free;
419 }
420 context = match_strdup(&args[0]);
421 if (!context) {
422 rc = -ENOMEM;
423 goto out_free;
424 }
425 if (!alloc)
426 alloc = 1;
427 seen |= Opt_context;
428 break;
429
430 case Opt_fscontext:
431 if (seen & Opt_fscontext) {
432 rc = -EINVAL;
433 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
434 goto out_free;
435 }
436 fscontext = match_strdup(&args[0]);
437 if (!fscontext) {
438 rc = -ENOMEM;
439 goto out_free;
440 }
441 if (!alloc)
442 alloc = 1;
443 seen |= Opt_fscontext;
444 break;
445
446 case Opt_rootcontext:
447 if (seen & Opt_rootcontext) {
448 rc = -EINVAL;
449 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
450 goto out_free;
451 }
452 rootcontext = match_strdup(&args[0]);
453 if (!rootcontext) {
454 rc = -ENOMEM;
455 goto out_free;
456 }
457 if (!alloc)
458 alloc = 1;
459 seen |= Opt_rootcontext;
460 break;
461
462 case Opt_defcontext:
463 if (sbsec->behavior != SECURITY_FS_USE_XATTR) {
464 rc = -EINVAL;
465 printk(KERN_WARNING "SELinux: "
466 "defcontext option is invalid "
467 "for this filesystem type\n");
468 goto out_free;
469 }
470 if (seen & (Opt_context|Opt_defcontext)) {
471 rc = -EINVAL;
472 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
473 goto out_free;
474 }
475 defcontext = match_strdup(&args[0]);
476 if (!defcontext) {
477 rc = -ENOMEM;
478 goto out_free;
479 }
480 if (!alloc)
481 alloc = 1;
482 seen |= Opt_defcontext;
483 break;
484
485 default:
486 rc = -EINVAL;
487 printk(KERN_WARNING "SELinux: unknown mount "
488 "option\n");
489 goto out_free;
490
491 }
492 }
493 }
494
495 if (!seen)
496 goto out;
497
498
499 if (fscontext) {
500 rc = security_context_to_sid(fscontext, strlen(fscontext), &sid);
501 if (rc) {
502 printk(KERN_WARNING "SELinux: security_context_to_sid"
503 "(%s) failed for (dev %s, type %s) errno=%d\n",
504 fscontext, sb->s_id, name, rc);
505 goto out_free;
506 }
507
508 rc = may_context_mount_sb_relabel(sid, sbsec, tsec);
509 if (rc)
510 goto out_free;
511
512 sbsec->sid = sid;
513 }
514
515
516
517
518
519
520 if (context) {
521 rc = security_context_to_sid(context, strlen(context), &sid);
522 if (rc) {
523 printk(KERN_WARNING "SELinux: security_context_to_sid"
524 "(%s) failed for (dev %s, type %s) errno=%d\n",
525 context, sb->s_id, name, rc);
526 goto out_free;
527 }
528
529 if (!fscontext) {
530 rc = may_context_mount_sb_relabel(sid, sbsec, tsec);
531 if (rc)
532 goto out_free;
533 sbsec->sid = sid;
534 } else {
535 rc = may_context_mount_inode_relabel(sid, sbsec, tsec);
536 if (rc)
537 goto out_free;
538 }
539 sbsec->mntpoint_sid = sid;
540
541 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
542 }
543
544 if (rootcontext) {
545 struct inode *inode = sb->s_root->d_inode;
546 struct inode_security_struct *isec = inode->i_security;
547 rc = security_context_to_sid(rootcontext, strlen(rootcontext), &sid);
548 if (rc) {
549 printk(KERN_WARNING "SELinux: security_context_to_sid"
550 "(%s) failed for (dev %s, type %s) errno=%d\n",
551 rootcontext, sb->s_id, name, rc);
552 goto out_free;
553 }
554
555 rc = may_context_mount_inode_relabel(sid, sbsec, tsec);
556 if (rc)
557 goto out_free;
558
559 isec->sid = sid;
560 isec->initialized = 1;
561 }
562
563 if (defcontext) {
564 rc = security_context_to_sid(defcontext, strlen(defcontext), &sid);
565 if (rc) {
566 printk(KERN_WARNING "SELinux: security_context_to_sid"
567 "(%s) failed for (dev %s, type %s) errno=%d\n",
568 defcontext, sb->s_id, name, rc);
569 goto out_free;
570 }
571
572 if (sid == sbsec->def_sid)
573 goto out_free;
574
575 rc = may_context_mount_inode_relabel(sid, sbsec, tsec);
576 if (rc)
577 goto out_free;
578
579 sbsec->def_sid = sid;
580 }
581
582out_free:
583 if (alloc) {
584 kfree(context);
585 kfree(defcontext);
586 kfree(fscontext);
587 kfree(rootcontext);
588 }
589out:
590 return rc;
591}
592
593static int superblock_doinit(struct super_block *sb, void *data)
594{
595 struct superblock_security_struct *sbsec = sb->s_security;
596 struct dentry *root = sb->s_root;
597 struct inode *inode = root->d_inode;
598 int rc = 0;
599
600 mutex_lock(&sbsec->lock);
601 if (sbsec->initialized)
602 goto out;
603
604 if (!ss_initialized) {
605
606
607
608 spin_lock(&sb_security_lock);
609 if (list_empty(&sbsec->list))
610 list_add(&sbsec->list, &superblock_security_head);
611 spin_unlock(&sb_security_lock);
612 goto out;
613 }
614
615
616 rc = security_fs_use(sb->s_type->name, &sbsec->behavior, &sbsec->sid);
617 if (rc) {
618 printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
619 __FUNCTION__, sb->s_type->name, rc);
620 goto out;
621 }
622
623 rc = try_context_mount(sb, data);
624 if (rc)
625 goto out;
626
627 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
628
629
630
631
632
633 if (!inode->i_op->getxattr) {
634 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
635 "xattr support\n", sb->s_id, sb->s_type->name);
636 rc = -EOPNOTSUPP;
637 goto out;
638 }
639 rc = inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
640 if (rc < 0 && rc != -ENODATA) {
641 if (rc == -EOPNOTSUPP)
642 printk(KERN_WARNING "SELinux: (dev %s, type "
643 "%s) has no security xattr handler\n",
644 sb->s_id, sb->s_type->name);
645 else
646 printk(KERN_WARNING "SELinux: (dev %s, type "
647 "%s) getxattr errno %d\n", sb->s_id,
648 sb->s_type->name, -rc);
649 goto out;
650 }
651 }
652
653 if (strcmp(sb->s_type->name, "proc") == 0)
654 sbsec->proc = 1;
655
656 sbsec->initialized = 1;
657
658 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) {
659 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
660 sb->s_id, sb->s_type->name);
661 }
662 else {
663 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
664 sb->s_id, sb->s_type->name,
665 labeling_behaviors[sbsec->behavior-1]);
666 }
667
668
669 rc = inode_doinit_with_dentry(sb->s_root->d_inode, sb->s_root);
670
671
672
673
674
675 spin_lock(&sbsec->isec_lock);
676next_inode:
677 if (!list_empty(&sbsec->isec_head)) {
678 struct inode_security_struct *isec =
679 list_entry(sbsec->isec_head.next,
680 struct inode_security_struct, list);
681 struct inode *inode = isec->inode;
682 spin_unlock(&sbsec->isec_lock);
683 inode = igrab(inode);
684 if (inode) {
685 if (!IS_PRIVATE (inode))
686 inode_doinit(inode);
687 iput(inode);
688 }
689 spin_lock(&sbsec->isec_lock);
690 list_del_init(&isec->list);
691 goto next_inode;
692 }
693 spin_unlock(&sbsec->isec_lock);
694out:
695 mutex_unlock(&sbsec->lock);
696 return rc;
697}
698
699static inline u16 inode_mode_to_security_class(umode_t mode)
700{
701 switch (mode & S_IFMT) {
702 case S_IFSOCK:
703 return SECCLASS_SOCK_FILE;
704 case S_IFLNK:
705 return SECCLASS_LNK_FILE;
706 case S_IFREG:
707 return SECCLASS_FILE;
708 case S_IFBLK:
709 return SECCLASS_BLK_FILE;
710 case S_IFDIR:
711 return SECCLASS_DIR;
712 case S_IFCHR:
713 return SECCLASS_CHR_FILE;
714 case S_IFIFO:
715 return SECCLASS_FIFO_FILE;
716
717 }
718
719 return SECCLASS_FILE;
720}
721
722static inline int default_protocol_stream(int protocol)
723{
724 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
725}
726
727static inline int default_protocol_dgram(int protocol)
728{
729 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
730}
731
732static inline u16 socket_type_to_security_class(int family, int type, int protocol)
733{
734 switch (family) {
735 case PF_UNIX:
736 switch (type) {
737 case SOCK_STREAM:
738 case SOCK_SEQPACKET:
739 return SECCLASS_UNIX_STREAM_SOCKET;
740 case SOCK_DGRAM:
741 return SECCLASS_UNIX_DGRAM_SOCKET;
742 }
743 break;
744 case PF_INET:
745 case PF_INET6:
746 switch (type) {
747 case SOCK_STREAM:
748 if (default_protocol_stream(protocol))
749 return SECCLASS_TCP_SOCKET;
750 else
751 return SECCLASS_RAWIP_SOCKET;
752 case SOCK_DGRAM:
753 if (default_protocol_dgram(protocol))
754 return SECCLASS_UDP_SOCKET;
755 else
756 return SECCLASS_RAWIP_SOCKET;
757 case SOCK_DCCP:
758 return SECCLASS_DCCP_SOCKET;
759 default:
760 return SECCLASS_RAWIP_SOCKET;
761 }
762 break;
763 case PF_NETLINK:
764 switch (protocol) {
765 case NETLINK_ROUTE:
766 return SECCLASS_NETLINK_ROUTE_SOCKET;
767 case NETLINK_FIREWALL:
768 return SECCLASS_NETLINK_FIREWALL_SOCKET;
769 case NETLINK_INET_DIAG:
770 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
771 case NETLINK_NFLOG:
772 return SECCLASS_NETLINK_NFLOG_SOCKET;
773 case NETLINK_XFRM:
774 return SECCLASS_NETLINK_XFRM_SOCKET;
775 case NETLINK_SELINUX:
776 return SECCLASS_NETLINK_SELINUX_SOCKET;
777 case NETLINK_AUDIT:
778 return SECCLASS_NETLINK_AUDIT_SOCKET;
779 case NETLINK_IP6_FW:
780 return SECCLASS_NETLINK_IP6FW_SOCKET;
781 case NETLINK_DNRTMSG:
782 return SECCLASS_NETLINK_DNRT_SOCKET;
783 case NETLINK_KOBJECT_UEVENT:
784 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
785 default:
786 return SECCLASS_NETLINK_SOCKET;
787 }
788 case PF_PACKET:
789 return SECCLASS_PACKET_SOCKET;
790 case PF_KEY:
791 return SECCLASS_KEY_SOCKET;
792 case PF_APPLETALK:
793 return SECCLASS_APPLETALK_SOCKET;
794 }
795
796 return SECCLASS_SOCKET;
797}
798
799#ifdef CONFIG_PROC_FS
800static int selinux_proc_get_sid(struct proc_dir_entry *de,
801 u16 tclass,
802 u32 *sid)
803{
804 int buflen, rc;
805 char *buffer, *path, *end;
806
807 buffer = (char*)__get_free_page(GFP_KERNEL);
808 if (!buffer)
809 return -ENOMEM;
810
811 buflen = PAGE_SIZE;
812 end = buffer+buflen;
813 *--end = '\0';
814 buflen--;
815 path = end-1;
816 *path = '/';
817 while (de && de != de->parent) {
818 buflen -= de->namelen + 1;
819 if (buflen < 0)
820 break;
821 end -= de->namelen;
822 memcpy(end, de->name, de->namelen);
823 *--end = '/';
824 path = end;
825 de = de->parent;
826 }
827 rc = security_genfs_sid("proc", path, tclass, sid);
828 free_page((unsigned long)buffer);
829 return rc;
830}
831#else
832static int selinux_proc_get_sid(struct proc_dir_entry *de,
833 u16 tclass,
834 u32 *sid)
835{
836 return -EINVAL;
837}
838#endif
839
840
841static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
842{
843 struct superblock_security_struct *sbsec = NULL;
844 struct inode_security_struct *isec = inode->i_security;
845 u32 sid;
846 struct dentry *dentry;
847#define INITCONTEXTLEN 255
848 char *context = NULL;
849 unsigned len = 0;
850 int rc = 0;
851
852 if (isec->initialized)
853 goto out;
854
855 mutex_lock(&isec->lock);
856 if (isec->initialized)
857 goto out_unlock;
858
859 sbsec = inode->i_sb->s_security;
860 if (!sbsec->initialized) {
861
862
863
864 spin_lock(&sbsec->isec_lock);
865 if (list_empty(&isec->list))
866 list_add(&isec->list, &sbsec->isec_head);
867 spin_unlock(&sbsec->isec_lock);
868 goto out_unlock;
869 }
870
871 switch (sbsec->behavior) {
872 case SECURITY_FS_USE_XATTR:
873 if (!inode->i_op->getxattr) {
874 isec->sid = sbsec->def_sid;
875 break;
876 }
877
878
879
880 if (opt_dentry) {
881
882 dentry = dget(opt_dentry);
883 } else {
884
885 dentry = d_find_alias(inode);
886 }
887 if (!dentry) {
888 printk(KERN_WARNING "%s: no dentry for dev=%s "
889 "ino=%ld\n", __FUNCTION__, inode->i_sb->s_id,
890 inode->i_ino);
891 goto out_unlock;
892 }
893
894 len = INITCONTEXTLEN;
895 context = kmalloc(len, GFP_KERNEL);
896 if (!context) {
897 rc = -ENOMEM;
898 dput(dentry);
899 goto out_unlock;
900 }
901 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
902 context, len);
903 if (rc == -ERANGE) {
904
905 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
906 NULL, 0);
907 if (rc < 0) {
908 dput(dentry);
909 goto out_unlock;
910 }
911 kfree(context);
912 len = rc;
913 context = kmalloc(len, GFP_KERNEL);
914 if (!context) {
915 rc = -ENOMEM;
916 dput(dentry);
917 goto out_unlock;
918 }
919 rc = inode->i_op->getxattr(dentry,
920 XATTR_NAME_SELINUX,
921 context, len);
922 }
923 dput(dentry);
924 if (rc < 0) {
925 if (rc != -ENODATA) {
926 printk(KERN_WARNING "%s: getxattr returned "
927 "%d for dev=%s ino=%ld\n", __FUNCTION__,
928 -rc, inode->i_sb->s_id, inode->i_ino);
929 kfree(context);
930 goto out_unlock;
931 }
932
933 sid = sbsec->def_sid;
934 rc = 0;
935 } else {
936 rc = security_context_to_sid_default(context, rc, &sid,
937 sbsec->def_sid);
938 if (rc) {
939 printk(KERN_WARNING "%s: context_to_sid(%s) "
940 "returned %d for dev=%s ino=%ld\n",
941 __FUNCTION__, context, -rc,
942 inode->i_sb->s_id, inode->i_ino);
943 kfree(context);
944
945 rc = 0;
946 break;
947 }
948 }
949 kfree(context);
950 isec->sid = sid;
951 break;
952 case SECURITY_FS_USE_TASK:
953 isec->sid = isec->task_sid;
954 break;
955 case SECURITY_FS_USE_TRANS:
956
957 isec->sid = sbsec->sid;
958
959
960 isec->sclass = inode_mode_to_security_class(inode->i_mode);
961 rc = security_transition_sid(isec->task_sid,
962 sbsec->sid,
963 isec->sclass,
964 &sid);
965 if (rc)
966 goto out_unlock;
967 isec->sid = sid;
968 break;
969 case SECURITY_FS_USE_MNTPOINT:
970 isec->sid = sbsec->mntpoint_sid;
971 break;
972 default:
973
974 isec->sid = sbsec->sid;
975
976 if (sbsec->proc) {
977 struct proc_inode *proci = PROC_I(inode);
978 if (proci->pde) {
979 isec->sclass = inode_mode_to_security_class(inode->i_mode);
980 rc = selinux_proc_get_sid(proci->pde,
981 isec->sclass,
982 &sid);
983 if (rc)
984 goto out_unlock;
985 isec->sid = sid;
986 }
987 }
988 break;
989 }
990
991 isec->initialized = 1;
992
993out_unlock:
994 mutex_unlock(&isec->lock);
995out:
996 if (isec->sclass == SECCLASS_FILE)
997 isec->sclass = inode_mode_to_security_class(inode->i_mode);
998 return rc;
999}
1000
1001
1002static inline u32 signal_to_av(int sig)
1003{
1004 u32 perm = 0;
1005
1006 switch (sig) {
1007 case SIGCHLD:
1008
1009 perm = PROCESS__SIGCHLD;
1010 break;
1011 case SIGKILL:
1012
1013 perm = PROCESS__SIGKILL;
1014 break;
1015 case SIGSTOP:
1016
1017 perm = PROCESS__SIGSTOP;
1018 break;
1019 default:
1020
1021 perm = PROCESS__SIGNAL;
1022 break;
1023 }
1024
1025 return perm;
1026}
1027
1028
1029
1030static int task_has_perm(struct task_struct *tsk1,
1031 struct task_struct *tsk2,
1032 u32 perms)
1033{
1034 struct task_security_struct *tsec1, *tsec2;
1035
1036 tsec1 = tsk1->security;
1037 tsec2 = tsk2->security;
1038 return avc_has_perm(tsec1->sid, tsec2->sid,
1039 SECCLASS_PROCESS, perms, NULL);
1040}
1041
1042
1043static int task_has_capability(struct task_struct *tsk,
1044 int cap)
1045{
1046 struct task_security_struct *tsec;
1047 struct avc_audit_data ad;
1048
1049 tsec = tsk->security;
1050
1051 AVC_AUDIT_DATA_INIT(&ad,CAP);
1052 ad.tsk = tsk;
1053 ad.u.cap = cap;
1054
1055 return avc_has_perm(tsec->sid, tsec->sid,
1056 SECCLASS_CAPABILITY, CAP_TO_MASK(cap), &ad);
1057}
1058
1059
1060static int task_has_system(struct task_struct *tsk,
1061 u32 perms)
1062{
1063 struct task_security_struct *tsec;
1064
1065 tsec = tsk->security;
1066
1067 return avc_has_perm(tsec->sid, SECINITSID_KERNEL,
1068 SECCLASS_SYSTEM, perms, NULL);
1069}
1070
1071
1072
1073
1074static int inode_has_perm(struct task_struct *tsk,
1075 struct inode *inode,
1076 u32 perms,
1077 struct avc_audit_data *adp)
1078{
1079 struct task_security_struct *tsec;
1080 struct inode_security_struct *isec;
1081 struct avc_audit_data ad;
1082
1083 if (unlikely (IS_PRIVATE (inode)))
1084 return 0;
1085
1086 tsec = tsk->security;
1087 isec = inode->i_security;
1088
1089 if (!adp) {
1090 adp = &ad;
1091 AVC_AUDIT_DATA_INIT(&ad, FS);
1092 ad.u.fs.inode = inode;
1093 }
1094
1095 return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, adp);
1096}
1097
1098
1099
1100
1101static inline int dentry_has_perm(struct task_struct *tsk,
1102 struct vfsmount *mnt,
1103 struct dentry *dentry,
1104 u32 av)
1105{
1106 struct inode *inode = dentry->d_inode;
1107 struct avc_audit_data ad;
1108 AVC_AUDIT_DATA_INIT(&ad,FS);
1109 ad.u.fs.mnt = mnt;
1110 ad.u.fs.dentry = dentry;
1111 return inode_has_perm(tsk, inode, av, &ad);
1112}
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122static int file_has_perm(struct task_struct *tsk,
1123 struct file *file,
1124 u32 av)
1125{
1126 struct task_security_struct *tsec = tsk->security;
1127 struct file_security_struct *fsec = file->f_security;
1128 struct vfsmount *mnt = file->f_path.mnt;
1129 struct dentry *dentry = file->f_path.dentry;
1130 struct inode *inode = dentry->d_inode;
1131 struct avc_audit_data ad;
1132 int rc;
1133
1134 AVC_AUDIT_DATA_INIT(&ad, FS);
1135 ad.u.fs.mnt = mnt;
1136 ad.u.fs.dentry = dentry;
1137
1138 if (tsec->sid != fsec->sid) {
1139 rc = avc_has_perm(tsec->sid, fsec->sid,
1140 SECCLASS_FD,
1141 FD__USE,
1142 &ad);
1143 if (rc)
1144 return rc;
1145 }
1146
1147
1148 if (av)
1149 return inode_has_perm(tsk, inode, av, &ad);
1150
1151 return 0;
1152}
1153
1154
1155static int may_create(struct inode *dir,
1156 struct dentry *dentry,
1157 u16 tclass)
1158{
1159 struct task_security_struct *tsec;
1160 struct inode_security_struct *dsec;
1161 struct superblock_security_struct *sbsec;
1162 u32 newsid;
1163 struct avc_audit_data ad;
1164 int rc;
1165
1166 tsec = current->security;
1167 dsec = dir->i_security;
1168 sbsec = dir->i_sb->s_security;
1169
1170 AVC_AUDIT_DATA_INIT(&ad, FS);
1171 ad.u.fs.dentry = dentry;
1172
1173 rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR,
1174 DIR__ADD_NAME | DIR__SEARCH,
1175 &ad);
1176 if (rc)
1177 return rc;
1178
1179 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
1180 newsid = tsec->create_sid;
1181 } else {
1182 rc = security_transition_sid(tsec->sid, dsec->sid, tclass,
1183 &newsid);
1184 if (rc)
1185 return rc;
1186 }
1187
1188 rc = avc_has_perm(tsec->sid, newsid, tclass, FILE__CREATE, &ad);
1189 if (rc)
1190 return rc;
1191
1192 return avc_has_perm(newsid, sbsec->sid,
1193 SECCLASS_FILESYSTEM,
1194 FILESYSTEM__ASSOCIATE, &ad);
1195}
1196
1197
1198static int may_create_key(u32 ksid,
1199 struct task_struct *ctx)
1200{
1201 struct task_security_struct *tsec;
1202
1203 tsec = ctx->security;
1204
1205 return avc_has_perm(tsec->sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1206}
1207
1208#define MAY_LINK 0
1209#define MAY_UNLINK 1
1210#define MAY_RMDIR 2
1211
1212
1213static int may_link(struct inode *dir,
1214 struct dentry *dentry,
1215 int kind)
1216
1217{
1218 struct task_security_struct *tsec;
1219 struct inode_security_struct *dsec, *isec;
1220 struct avc_audit_data ad;
1221 u32 av;
1222 int rc;
1223
1224 tsec = current->security;
1225 dsec = dir->i_security;
1226 isec = dentry->d_inode->i_security;
1227
1228 AVC_AUDIT_DATA_INIT(&ad, FS);
1229 ad.u.fs.dentry = dentry;
1230
1231 av = DIR__SEARCH;
1232 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1233 rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR, av, &ad);
1234 if (rc)
1235 return rc;
1236
1237 switch (kind) {
1238 case MAY_LINK:
1239 av = FILE__LINK;
1240 break;
1241 case MAY_UNLINK:
1242 av = FILE__UNLINK;
1243 break;
1244 case MAY_RMDIR:
1245 av = DIR__RMDIR;
1246 break;
1247 default:
1248 printk(KERN_WARNING "may_link: unrecognized kind %d\n", kind);
1249 return 0;
1250 }
1251
1252 rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, av, &ad);
1253 return rc;
1254}
1255
1256static inline int may_rename(struct inode *old_dir,
1257 struct dentry *old_dentry,
1258 struct inode *new_dir,
1259 struct dentry *new_dentry)
1260{
1261 struct task_security_struct *tsec;
1262 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1263 struct avc_audit_data ad;
1264 u32 av;
1265 int old_is_dir, new_is_dir;
1266 int rc;
1267
1268 tsec = current->security;
1269 old_dsec = old_dir->i_security;
1270 old_isec = old_dentry->d_inode->i_security;
1271 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
1272 new_dsec = new_dir->i_security;
1273
1274 AVC_AUDIT_DATA_INIT(&ad, FS);
1275
1276 ad.u.fs.dentry = old_dentry;
1277 rc = avc_has_perm(tsec->sid, old_dsec->sid, SECCLASS_DIR,
1278 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1279 if (rc)
1280 return rc;
1281 rc = avc_has_perm(tsec->sid, old_isec->sid,
1282 old_isec->sclass, FILE__RENAME, &ad);
1283 if (rc)
1284 return rc;
1285 if (old_is_dir && new_dir != old_dir) {
1286 rc = avc_has_perm(tsec->sid, old_isec->sid,
1287 old_isec->sclass, DIR__REPARENT, &ad);
1288 if (rc)
1289 return rc;
1290 }
1291
1292 ad.u.fs.dentry = new_dentry;
1293 av = DIR__ADD_NAME | DIR__SEARCH;
1294 if (new_dentry->d_inode)
1295 av |= DIR__REMOVE_NAME;
1296 rc = avc_has_perm(tsec->sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1297 if (rc)
1298 return rc;
1299 if (new_dentry->d_inode) {
1300 new_isec = new_dentry->d_inode->i_security;
1301 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
1302 rc = avc_has_perm(tsec->sid, new_isec->sid,
1303 new_isec->sclass,
1304 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1305 if (rc)
1306 return rc;
1307 }
1308
1309 return 0;
1310}
1311
1312
1313static int superblock_has_perm(struct task_struct *tsk,
1314 struct super_block *sb,
1315 u32 perms,
1316 struct avc_audit_data *ad)
1317{
1318 struct task_security_struct *tsec;
1319 struct superblock_security_struct *sbsec;
1320
1321 tsec = tsk->security;
1322 sbsec = sb->s_security;
1323 return avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
1324 perms, ad);
1325}
1326
1327
1328static inline u32 file_mask_to_av(int mode, int mask)
1329{
1330 u32 av = 0;
1331
1332 if ((mode & S_IFMT) != S_IFDIR) {
1333 if (mask & MAY_EXEC)
1334 av |= FILE__EXECUTE;
1335 if (mask & MAY_READ)
1336 av |= FILE__READ;
1337
1338 if (mask & MAY_APPEND)
1339 av |= FILE__APPEND;
1340 else if (mask & MAY_WRITE)
1341 av |= FILE__WRITE;
1342
1343 } else {
1344 if (mask & MAY_EXEC)
1345 av |= DIR__SEARCH;
1346 if (mask & MAY_WRITE)
1347 av |= DIR__WRITE;
1348 if (mask & MAY_READ)
1349 av |= DIR__READ;
1350 }
1351
1352 return av;
1353}
1354
1355
1356static inline u32 file_to_av(struct file *file)
1357{
1358 u32 av = 0;
1359
1360 if (file->f_mode & FMODE_READ)
1361 av |= FILE__READ;
1362 if (file->f_mode & FMODE_WRITE) {
1363 if (file->f_flags & O_APPEND)
1364 av |= FILE__APPEND;
1365 else
1366 av |= FILE__WRITE;
1367 }
1368
1369 return av;
1370}
1371
1372
1373
1374static int selinux_ptrace(struct task_struct *parent, struct task_struct *child)
1375{
1376 struct task_security_struct *psec = parent->security;
1377 struct task_security_struct *csec = child->security;
1378 int rc;
1379
1380 rc = secondary_ops->ptrace(parent,child);
1381 if (rc)
1382 return rc;
1383
1384 rc = task_has_perm(parent, child, PROCESS__PTRACE);
1385
1386 if (!(child->ptrace & PT_PTRACED) && !rc)
1387 csec->ptrace_sid = psec->sid;
1388 return rc;
1389}
1390
1391static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
1392 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1393{
1394 int error;
1395
1396 error = task_has_perm(current, target, PROCESS__GETCAP);
1397 if (error)
1398 return error;
1399
1400 return secondary_ops->capget(target, effective, inheritable, permitted);
1401}
1402
1403static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effective,
1404 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1405{
1406 int error;
1407
1408 error = secondary_ops->capset_check(target, effective, inheritable, permitted);
1409 if (error)
1410 return error;
1411
1412 return task_has_perm(current, target, PROCESS__SETCAP);
1413}
1414
1415static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective,
1416 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1417{
1418 secondary_ops->capset_set(target, effective, inheritable, permitted);
1419}
1420
1421static int selinux_capable(struct task_struct *tsk, int cap)
1422{
1423 int rc;
1424
1425 rc = secondary_ops->capable(tsk, cap);
1426 if (rc)
1427 return rc;
1428
1429 return task_has_capability(tsk,cap);
1430}
1431
1432static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid)
1433{
1434 int buflen, rc;
1435 char *buffer, *path, *end;
1436
1437 rc = -ENOMEM;
1438 buffer = (char*)__get_free_page(GFP_KERNEL);
1439 if (!buffer)
1440 goto out;
1441
1442 buflen = PAGE_SIZE;
1443 end = buffer+buflen;
1444 *--end = '\0';
1445 buflen--;
1446 path = end-1;
1447 *path = '/';
1448 while (table) {
1449 const char *name = table->procname;
1450 size_t namelen = strlen(name);
1451 buflen -= namelen + 1;
1452 if (buflen < 0)
1453 goto out_free;
1454 end -= namelen;
1455 memcpy(end, name, namelen);
1456 *--end = '/';
1457 path = end;
1458 table = table->parent;
1459 }
1460 buflen -= 4;
1461 if (buflen < 0)
1462 goto out_free;
1463 end -= 4;
1464 memcpy(end, "/sys", 4);
1465 path = end;
1466 rc = security_genfs_sid("proc", path, tclass, sid);
1467out_free:
1468 free_page((unsigned long)buffer);
1469out:
1470 return rc;
1471}
1472
1473static int selinux_sysctl(ctl_table *table, int op)
1474{
1475 int error = 0;
1476 u32 av;
1477 struct task_security_struct *tsec;
1478 u32 tsid;
1479 int rc;
1480
1481 rc = secondary_ops->sysctl(table, op);
1482 if (rc)
1483 return rc;
1484
1485 tsec = current->security;
1486
1487 rc = selinux_sysctl_get_sid(table, (op == 0001) ?
1488 SECCLASS_DIR : SECCLASS_FILE, &tsid);
1489 if (rc) {
1490
1491 tsid = SECINITSID_SYSCTL;
1492 }
1493
1494
1495
1496 if(op == 001) {
1497 error = avc_has_perm(tsec->sid, tsid,
1498 SECCLASS_DIR, DIR__SEARCH, NULL);
1499 } else {
1500 av = 0;
1501 if (op & 004)
1502 av |= FILE__READ;
1503 if (op & 002)
1504 av |= FILE__WRITE;
1505 if (av)
1506 error = avc_has_perm(tsec->sid, tsid,
1507 SECCLASS_FILE, av, NULL);
1508 }
1509
1510 return error;
1511}
1512
1513static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1514{
1515 int rc = 0;
1516
1517 if (!sb)
1518 return 0;
1519
1520 switch (cmds) {
1521 case Q_SYNC:
1522 case Q_QUOTAON:
1523 case Q_QUOTAOFF:
1524 case Q_SETINFO:
1525 case Q_SETQUOTA:
1526 rc = superblock_has_perm(current,
1527 sb,
1528 FILESYSTEM__QUOTAMOD, NULL);
1529 break;
1530 case Q_GETFMT:
1531 case Q_GETINFO:
1532 case Q_GETQUOTA:
1533 rc = superblock_has_perm(current,
1534 sb,
1535 FILESYSTEM__QUOTAGET, NULL);
1536 break;
1537 default:
1538 rc = 0;
1539 break;
1540 }
1541 return rc;
1542}
1543
1544static int selinux_quota_on(struct dentry *dentry)
1545{
1546 return dentry_has_perm(current, NULL, dentry, FILE__QUOTAON);
1547}
1548
1549static int selinux_syslog(int type)
1550{
1551 int rc;
1552
1553 rc = secondary_ops->syslog(type);
1554 if (rc)
1555 return rc;
1556
1557 switch (type) {
1558 case 3:
1559 case 10:
1560 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
1561 break;
1562 case 6:
1563 case 7:
1564 case 8:
1565 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
1566 break;
1567 case 0:
1568 case 1:
1569 case 2:
1570 case 4:
1571 case 5:
1572 default:
1573 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
1574 break;
1575 }
1576 return rc;
1577}
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
1592{
1593 int rc, cap_sys_admin = 0;
1594 struct task_security_struct *tsec = current->security;
1595
1596 rc = secondary_ops->capable(current, CAP_SYS_ADMIN);
1597 if (rc == 0)
1598 rc = avc_has_perm_noaudit(tsec->sid, tsec->sid,
1599 SECCLASS_CAPABILITY,
1600 CAP_TO_MASK(CAP_SYS_ADMIN),
1601 0,
1602 NULL);
1603
1604 if (rc == 0)
1605 cap_sys_admin = 1;
1606
1607 return __vm_enough_memory(mm, pages, cap_sys_admin);
1608}
1609
1610
1611
1612static int selinux_bprm_alloc_security(struct linux_binprm *bprm)
1613{
1614 struct bprm_security_struct *bsec;
1615
1616 bsec = kzalloc(sizeof(struct bprm_security_struct), GFP_KERNEL);
1617 if (!bsec)
1618 return -ENOMEM;
1619
1620 bsec->bprm = bprm;
1621 bsec->sid = SECINITSID_UNLABELED;
1622 bsec->set = 0;
1623
1624 bprm->security = bsec;
1625 return 0;
1626}
1627
1628static int selinux_bprm_set_security(struct linux_binprm *bprm)
1629{
1630 struct task_security_struct *tsec;
1631 struct inode *inode = bprm->file->f_path.dentry->d_inode;
1632 struct inode_security_struct *isec;
1633 struct bprm_security_struct *bsec;
1634 u32 newsid;
1635 struct avc_audit_data ad;
1636 int rc;
1637
1638 rc = secondary_ops->bprm_set_security(bprm);
1639 if (rc)
1640 return rc;
1641
1642 bsec = bprm->security;
1643
1644 if (bsec->set)
1645 return 0;
1646
1647 tsec = current->security;
1648 isec = inode->i_security;
1649
1650
1651 bsec->sid = tsec->sid;
1652
1653
1654 tsec->create_sid = 0;
1655 tsec->keycreate_sid = 0;
1656 tsec->sockcreate_sid = 0;
1657
1658 if (tsec->exec_sid) {
1659 newsid = tsec->exec_sid;
1660
1661 tsec->exec_sid = 0;
1662 } else {
1663
1664 rc = security_transition_sid(tsec->sid, isec->sid,
1665 SECCLASS_PROCESS, &newsid);
1666 if (rc)
1667 return rc;
1668 }
1669
1670 AVC_AUDIT_DATA_INIT(&ad, FS);
1671 ad.u.fs.mnt = bprm->file->f_path.mnt;
1672 ad.u.fs.dentry = bprm->file->f_path.dentry;
1673
1674 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
1675 newsid = tsec->sid;
1676
1677 if (tsec->sid == newsid) {
1678 rc = avc_has_perm(tsec->sid, isec->sid,
1679 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
1680 if (rc)
1681 return rc;
1682 } else {
1683
1684 rc = avc_has_perm(tsec->sid, newsid,
1685 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
1686 if (rc)
1687 return rc;
1688
1689 rc = avc_has_perm(newsid, isec->sid,
1690 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
1691 if (rc)
1692 return rc;
1693
1694
1695 current->personality &= ~PER_CLEAR_ON_SETID;
1696
1697
1698 bsec->sid = newsid;
1699 }
1700
1701 bsec->set = 1;
1702 return 0;
1703}
1704
1705static int selinux_bprm_check_security (struct linux_binprm *bprm)
1706{
1707 return secondary_ops->bprm_check_security(bprm);
1708}
1709
1710
1711static int selinux_bprm_secureexec (struct linux_binprm *bprm)
1712{
1713 struct task_security_struct *tsec = current->security;
1714 int atsecure = 0;
1715
1716 if (tsec->osid != tsec->sid) {
1717
1718
1719
1720 atsecure = avc_has_perm(tsec->osid, tsec->sid,
1721 SECCLASS_PROCESS,
1722 PROCESS__NOATSECURE, NULL);
1723 }
1724
1725 return (atsecure || secondary_ops->bprm_secureexec(bprm));
1726}
1727
1728static void selinux_bprm_free_security(struct linux_binprm *bprm)
1729{
1730 kfree(bprm->security);
1731 bprm->security = NULL;
1732}
1733
1734extern struct vfsmount *selinuxfs_mount;
1735extern struct dentry *selinux_null;
1736
1737
1738static inline void flush_unauthorized_files(struct files_struct * files)
1739{
1740 struct avc_audit_data ad;
1741 struct file *file, *devnull = NULL;
1742 struct tty_struct *tty;
1743 struct fdtable *fdt;
1744 long j = -1;
1745 int drop_tty = 0;
1746
1747 mutex_lock(&tty_mutex);
1748 tty = get_current_tty();
1749 if (tty) {
1750 file_list_lock();
1751 file = list_entry(tty->tty_files.next, typeof(*file), f_u.fu_list);
1752 if (file) {
1753
1754
1755
1756
1757
1758 struct inode *inode = file->f_path.dentry->d_inode;
1759 if (inode_has_perm(current, inode,
1760 FILE__READ | FILE__WRITE, NULL)) {
1761 drop_tty = 1;
1762 }
1763 }
1764 file_list_unlock();
1765 }
1766 mutex_unlock(&tty_mutex);
1767
1768 if (drop_tty)
1769 no_tty();
1770
1771
1772
1773 AVC_AUDIT_DATA_INIT(&ad,FS);
1774
1775 spin_lock(&files->file_lock);
1776 for (;;) {
1777 unsigned long set, i;
1778 int fd;
1779
1780 j++;
1781 i = j * __NFDBITS;
1782 fdt = files_fdtable(files);
1783 if (i >= fdt->max_fds)
1784 break;
1785 set = fdt->open_fds->fds_bits[j];
1786 if (!set)
1787 continue;
1788 spin_unlock(&files->file_lock);
1789 for ( ; set ; i++,set >>= 1) {
1790 if (set & 1) {
1791 file = fget(i);
1792 if (!file)
1793 continue;
1794 if (file_has_perm(current,
1795 file,
1796 file_to_av(file))) {
1797 sys_close(i);
1798 fd = get_unused_fd();
1799 if (fd != i) {
1800 if (fd >= 0)
1801 put_unused_fd(fd);
1802 fput(file);
1803 continue;
1804 }
1805 if (devnull) {
1806 get_file(devnull);
1807 } else {
1808 devnull = dentry_open(dget(selinux_null), mntget(selinuxfs_mount), O_RDWR);
1809 if (IS_ERR(devnull)) {
1810 devnull = NULL;
1811 put_unused_fd(fd);
1812 fput(file);
1813 continue;
1814 }
1815 }
1816 fd_install(fd, devnull);
1817 }
1818 fput(file);
1819 }
1820 }
1821 spin_lock(&files->file_lock);
1822
1823 }
1824 spin_unlock(&files->file_lock);
1825}
1826
1827static void selinux_bprm_apply_creds(struct linux_binprm *bprm, int unsafe)
1828{
1829 struct task_security_struct *tsec;
1830 struct bprm_security_struct *bsec;
1831 u32 sid;
1832 int rc;
1833
1834 secondary_ops->bprm_apply_creds(bprm, unsafe);
1835
1836 tsec = current->security;
1837
1838 bsec = bprm->security;
1839 sid = bsec->sid;
1840
1841 tsec->osid = tsec->sid;
1842 bsec->unsafe = 0;
1843 if (tsec->sid != sid) {
1844
1845
1846 if (unsafe & LSM_UNSAFE_SHARE) {
1847 rc = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
1848 PROCESS__SHARE, NULL);
1849 if (rc) {
1850 bsec->unsafe = 1;
1851 return;
1852 }
1853 }
1854
1855
1856
1857 if (unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
1858 rc = avc_has_perm(tsec->ptrace_sid, sid,
1859 SECCLASS_PROCESS, PROCESS__PTRACE,
1860 NULL);
1861 if (rc) {
1862 bsec->unsafe = 1;
1863 return;
1864 }
1865 }
1866 tsec->sid = sid;
1867 }
1868}
1869
1870
1871
1872
1873static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm)
1874{
1875 struct task_security_struct *tsec;
1876 struct rlimit *rlim, *initrlim;
1877 struct itimerval itimer;
1878 struct bprm_security_struct *bsec;
1879 int rc, i;
1880
1881 tsec = current->security;
1882 bsec = bprm->security;
1883
1884 if (bsec->unsafe) {
1885 force_sig_specific(SIGKILL, current);
1886 return;
1887 }
1888 if (tsec->osid == tsec->sid)
1889 return;
1890
1891
1892 flush_unauthorized_files(current->files);
1893
1894
1895
1896
1897
1898
1899
1900 rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS,
1901 PROCESS__SIGINH, NULL);
1902 if (rc) {
1903 memset(&itimer, 0, sizeof itimer);
1904 for (i = 0; i < 3; i++)
1905 do_setitimer(i, &itimer, NULL);
1906 flush_signals(current);
1907 spin_lock_irq(¤t->sighand->siglock);
1908 flush_signal_handlers(current, 1);
1909 sigemptyset(¤t->blocked);
1910 recalc_sigpending();
1911 spin_unlock_irq(¤t->sighand->siglock);
1912 }
1913
1914
1915 current->pdeath_signal = 0;
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927 rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS,
1928 PROCESS__RLIMITINH, NULL);
1929 if (rc) {
1930 for (i = 0; i < RLIM_NLIMITS; i++) {
1931 rlim = current->signal->rlim + i;
1932 initrlim = init_task.signal->rlim+i;
1933 rlim->rlim_cur = min(rlim->rlim_max,initrlim->rlim_cur);
1934 }
1935 if (current->signal->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) {
1936
1937
1938
1939
1940 current->it_prof_expires = jiffies_to_cputime(1);
1941 }
1942 }
1943
1944
1945
1946 wake_up_interruptible(¤t->parent->signal->wait_chldexit);
1947}
1948
1949
1950
1951static int selinux_sb_alloc_security(struct super_block *sb)
1952{
1953 return superblock_alloc_security(sb);
1954}
1955
1956static void selinux_sb_free_security(struct super_block *sb)
1957{
1958 superblock_free_security(sb);
1959}
1960
1961static inline int match_prefix(char *prefix, int plen, char *option, int olen)
1962{
1963 if (plen > olen)
1964 return 0;
1965
1966 return !memcmp(prefix, option, plen);
1967}
1968
1969static inline int selinux_option(char *option, int len)
1970{
1971 return (match_prefix("context=", sizeof("context=")-1, option, len) ||
1972 match_prefix("fscontext=", sizeof("fscontext=")-1, option, len) ||
1973 match_prefix("defcontext=", sizeof("defcontext=")-1, option, len) ||
1974 match_prefix("rootcontext=", sizeof("rootcontext=")-1, option, len));
1975}
1976
1977static inline void take_option(char **to, char *from, int *first, int len)
1978{
1979 if (!*first) {
1980 **to = ',';
1981 *to += 1;
1982 } else
1983 *first = 0;
1984 memcpy(*to, from, len);
1985 *to += len;
1986}
1987
1988static inline void take_selinux_option(char **to, char *from, int *first,
1989 int len)
1990{
1991 int current_size = 0;
1992
1993 if (!*first) {
1994 **to = '|';
1995 *to += 1;
1996 }
1997 else
1998 *first = 0;
1999
2000 while (current_size < len) {
2001 if (*from != '"') {
2002 **to = *from;
2003 *to += 1;
2004 }
2005 from += 1;
2006 current_size += 1;
2007 }
2008}
2009
2010static int selinux_sb_copy_data(struct file_system_type *type, void *orig, void *copy)
2011{
2012 int fnosec, fsec, rc = 0;
2013 char *in_save, *in_curr, *in_end;
2014 char *sec_curr, *nosec_save, *nosec;
2015 int open_quote = 0;
2016
2017 in_curr = orig;
2018 sec_curr = copy;
2019
2020
2021 if (type->fs_flags & FS_BINARY_MOUNTDATA) {
2022 copy_page(sec_curr, in_curr);
2023 goto out;
2024 }
2025
2026 nosec = (char *)get_zeroed_page(GFP_KERNEL);
2027 if (!nosec) {
2028 rc = -ENOMEM;
2029 goto out;
2030 }
2031
2032 nosec_save = nosec;
2033 fnosec = fsec = 1;
2034 in_save = in_end = orig;
2035
2036 do {
2037 if (*in_end == '"')
2038 open_quote = !open_quote;
2039 if ((*in_end == ',' && open_quote == 0) ||
2040 *in_end == '\0') {
2041 int len = in_end - in_curr;
2042
2043 if (selinux_option(in_curr, len))
2044 take_selinux_option(&sec_curr, in_curr, &fsec, len);
2045 else
2046 take_option(&nosec, in_curr, &fnosec, len);
2047
2048 in_curr = in_end + 1;
2049 }
2050 } while (*in_end++);
2051
2052 strcpy(in_save, nosec_save);
2053 free_page((unsigned long)nosec_save);
2054out:
2055 return rc;
2056}
2057
2058static int selinux_sb_kern_mount(struct super_block *sb, void *data)
2059{
2060 struct avc_audit_data ad;
2061 int rc;
2062
2063 rc = superblock_doinit(sb, data);
2064 if (rc)
2065 return rc;
2066
2067 AVC_AUDIT_DATA_INIT(&ad,FS);
2068 ad.u.fs.dentry = sb->s_root;
2069 return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad);
2070}
2071
2072static int selinux_sb_statfs(struct dentry *dentry)
2073{
2074 struct avc_audit_data ad;
2075
2076 AVC_AUDIT_DATA_INIT(&ad,FS);
2077 ad.u.fs.dentry = dentry->d_sb->s_root;
2078 return superblock_has_perm(current, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2079}
2080
2081static int selinux_mount(char * dev_name,
2082 struct nameidata *nd,
2083 char * type,
2084 unsigned long flags,
2085 void * data)
2086{
2087 int rc;
2088
2089 rc = secondary_ops->sb_mount(dev_name, nd, type, flags, data);
2090 if (rc)
2091 return rc;
2092
2093 if (flags & MS_REMOUNT)
2094 return superblock_has_perm(current, nd->mnt->mnt_sb,
2095 FILESYSTEM__REMOUNT, NULL);
2096 else
2097 return dentry_has_perm(current, nd->mnt, nd->dentry,
2098 FILE__MOUNTON);
2099}
2100
2101static int selinux_umount(struct vfsmount *mnt, int flags)
2102{
2103 int rc;
2104
2105 rc = secondary_ops->sb_umount(mnt, flags);
2106 if (rc)
2107 return rc;
2108
2109 return superblock_has_perm(current,mnt->mnt_sb,
2110 FILESYSTEM__UNMOUNT,NULL);
2111}
2112
2113
2114
2115static int selinux_inode_alloc_security(struct inode *inode)
2116{
2117 return inode_alloc_security(inode);
2118}
2119
2120static void selinux_inode_free_security(struct inode *inode)
2121{
2122 inode_free_security(inode);
2123}
2124
2125static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2126 char **name, void **value,
2127 size_t *len)
2128{
2129 struct task_security_struct *tsec;
2130 struct inode_security_struct *dsec;
2131 struct superblock_security_struct *sbsec;
2132 u32 newsid, clen;
2133 int rc;
2134 char *namep = NULL, *context;
2135
2136 tsec = current->security;
2137 dsec = dir->i_security;
2138 sbsec = dir->i_sb->s_security;
2139
2140 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
2141 newsid = tsec->create_sid;
2142 } else {
2143 rc = security_transition_sid(tsec->sid, dsec->sid,
2144 inode_mode_to_security_class(inode->i_mode),
2145 &newsid);
2146 if (rc) {
2147 printk(KERN_WARNING "%s: "
2148 "security_transition_sid failed, rc=%d (dev=%s "
2149 "ino=%ld)\n",
2150 __FUNCTION__,
2151 -rc, inode->i_sb->s_id, inode->i_ino);
2152 return rc;
2153 }
2154 }
2155
2156
2157 if (sbsec->initialized) {
2158 struct inode_security_struct *isec = inode->i_security;
2159 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2160 isec->sid = newsid;
2161 isec->initialized = 1;
2162 }
2163
2164 if (!ss_initialized || sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
2165 return -EOPNOTSUPP;
2166
2167 if (name) {
2168 namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_KERNEL);
2169 if (!namep)
2170 return -ENOMEM;
2171 *name = namep;
2172 }
2173
2174 if (value && len) {
2175 rc = security_sid_to_context(newsid, &context, &clen);
2176 if (rc) {
2177 kfree(namep);
2178 return rc;
2179 }
2180 *value = context;
2181 *len = clen;
2182 }
2183
2184 return 0;
2185}
2186
2187static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask)
2188{
2189 return may_create(dir, dentry, SECCLASS_FILE);
2190}
2191
2192static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2193{
2194 int rc;
2195
2196 rc = secondary_ops->inode_link(old_dentry,dir,new_dentry);
2197 if (rc)
2198 return rc;
2199 return may_link(dir, old_dentry, MAY_LINK);
2200}
2201
2202static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2203{
2204 int rc;
2205
2206 rc = secondary_ops->inode_unlink(dir, dentry);
2207 if (rc)
2208 return rc;
2209 return may_link(dir, dentry, MAY_UNLINK);
2210}
2211
2212static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2213{
2214 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2215}
2216
2217static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask)
2218{
2219 return may_create(dir, dentry, SECCLASS_DIR);
2220}
2221
2222static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2223{
2224 return may_link(dir, dentry, MAY_RMDIR);
2225}
2226
2227static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
2228{
2229 int rc;
2230
2231 rc = secondary_ops->inode_mknod(dir, dentry, mode, dev);
2232 if (rc)
2233 return rc;
2234
2235 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2236}
2237
2238static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2239 struct inode *new_inode, struct dentry *new_dentry)
2240{
2241 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2242}
2243
2244static int selinux_inode_readlink(struct dentry *dentry)
2245{
2246 return dentry_has_perm(current, NULL, dentry, FILE__READ);
2247}
2248
2249static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
2250{
2251 int rc;
2252
2253 rc = secondary_ops->inode_follow_link(dentry,nameidata);
2254 if (rc)
2255 return rc;
2256 return dentry_has_perm(current, NULL, dentry, FILE__READ);
2257}
2258
2259static int selinux_inode_permission(struct inode *inode, int mask,
2260 struct nameidata *nd)
2261{
2262 int rc;
2263
2264 rc = secondary_ops->inode_permission(inode, mask, nd);
2265 if (rc)
2266 return rc;
2267
2268 if (!mask) {
2269
2270 return 0;
2271 }
2272
2273 return inode_has_perm(current, inode,
2274 file_mask_to_av(inode->i_mode, mask), NULL);
2275}
2276
2277static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2278{
2279 int rc;
2280
2281 rc = secondary_ops->inode_setattr(dentry, iattr);
2282 if (rc)
2283 return rc;
2284
2285 if (iattr->ia_valid & ATTR_FORCE)
2286 return 0;
2287
2288 if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
2289 ATTR_ATIME_SET | ATTR_MTIME_SET))
2290 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
2291
2292 return dentry_has_perm(current, NULL, dentry, FILE__WRITE);
2293}
2294
2295static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
2296{
2297 return dentry_has_perm(current, mnt, dentry, FILE__GETATTR);
2298}
2299
2300static int selinux_inode_setotherxattr(struct dentry *dentry, char *name)
2301{
2302 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2303 sizeof XATTR_SECURITY_PREFIX - 1)) {
2304 if (!strcmp(name, XATTR_NAME_CAPS)) {
2305 if (!capable(CAP_SETFCAP))
2306 return -EPERM;
2307 } else if (!capable(CAP_SYS_ADMIN)) {
2308
2309
2310 return -EPERM;
2311 }
2312 }
2313
2314
2315
2316 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
2317}
2318
2319static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags)
2320{
2321 struct task_security_struct *tsec = current->security;
2322 struct inode *inode = dentry->d_inode;
2323 struct inode_security_struct *isec = inode->i_security;
2324 struct superblock_security_struct *sbsec;
2325 struct avc_audit_data ad;
2326 u32 newsid;
2327 int rc = 0;
2328
2329 if (strcmp(name, XATTR_NAME_SELINUX))
2330 return selinux_inode_setotherxattr(dentry, name);
2331
2332 sbsec = inode->i_sb->s_security;
2333 if (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
2334 return -EOPNOTSUPP;
2335
2336 if (!is_owner_or_cap(inode))
2337 return -EPERM;
2338
2339 AVC_AUDIT_DATA_INIT(&ad,FS);
2340 ad.u.fs.dentry = dentry;
2341
2342 rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
2343 FILE__RELABELFROM, &ad);
2344 if (rc)
2345 return rc;
2346
2347 rc = security_context_to_sid(value, size, &newsid);
2348 if (rc)
2349 return rc;
2350
2351 rc = avc_has_perm(tsec->sid, newsid, isec->sclass,
2352 FILE__RELABELTO, &ad);
2353 if (rc)
2354 return rc;
2355
2356 rc = security_validate_transition(isec->sid, newsid, tsec->sid,
2357 isec->sclass);
2358 if (rc)
2359 return rc;
2360
2361 return avc_has_perm(newsid,
2362 sbsec->sid,
2363 SECCLASS_FILESYSTEM,
2364 FILESYSTEM__ASSOCIATE,
2365 &ad);
2366}
2367
2368static void selinux_inode_post_setxattr(struct dentry *dentry, char *name,
2369 void *value, size_t size, int flags)
2370{
2371 struct inode *inode = dentry->d_inode;
2372 struct inode_security_struct *isec = inode->i_security;
2373 u32 newsid;
2374 int rc;
2375
2376 if (strcmp(name, XATTR_NAME_SELINUX)) {
2377
2378 return;
2379 }
2380
2381 rc = security_context_to_sid(value, size, &newsid);
2382 if (rc) {
2383 printk(KERN_WARNING "%s: unable to obtain SID for context "
2384 "%s, rc=%d\n", __FUNCTION__, (char*)value, -rc);
2385 return;
2386 }
2387
2388 isec->sid = newsid;
2389 return;
2390}
2391
2392static int selinux_inode_getxattr (struct dentry *dentry, char *name)
2393{
2394 return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
2395}
2396
2397static int selinux_inode_listxattr (struct dentry *dentry)
2398{
2399 return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
2400}
2401
2402static int selinux_inode_removexattr (struct dentry *dentry, char *name)
2403{
2404 if (strcmp(name, XATTR_NAME_SELINUX))
2405 return selinux_inode_setotherxattr(dentry, name);
2406
2407
2408
2409 return -EACCES;
2410}
2411
2412
2413
2414
2415
2416
2417
2418
2419static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
2420{
2421 struct inode_security_struct *isec = inode->i_security;
2422
2423 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2424 return -EOPNOTSUPP;
2425
2426 return selinux_getsecurity(isec->sid, buffer, size);
2427}
2428
2429static int selinux_inode_setsecurity(struct inode *inode, const char *name,
2430 const void *value, size_t size, int flags)
2431{
2432 struct inode_security_struct *isec = inode->i_security;
2433 u32 newsid;
2434 int rc;
2435
2436 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2437 return -EOPNOTSUPP;
2438
2439 if (!value || !size)
2440 return -EACCES;
2441
2442 rc = security_context_to_sid((void*)value, size, &newsid);
2443 if (rc)
2444 return rc;
2445
2446 isec->sid = newsid;
2447 return 0;
2448}
2449
2450static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
2451{
2452 const int len = sizeof(XATTR_NAME_SELINUX);
2453 if (buffer && len <= buffer_size)
2454 memcpy(buffer, XATTR_NAME_SELINUX, len);
2455 return len;
2456}
2457
2458static int selinux_inode_need_killpriv(struct dentry *dentry)
2459{
2460 return secondary_ops->inode_need_killpriv(dentry);
2461}
2462
2463static int selinux_inode_killpriv(struct dentry *dentry)
2464{
2465 return secondary_ops->inode_killpriv(dentry);
2466}
2467
2468
2469
2470static int selinux_revalidate_file_permission(struct file *file, int mask)
2471{
2472 int rc;
2473 struct inode *inode = file->f_path.dentry->d_inode;
2474
2475 if (!mask) {
2476
2477 return 0;
2478 }
2479
2480
2481 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
2482 mask |= MAY_APPEND;
2483
2484 rc = file_has_perm(current, file,
2485 file_mask_to_av(inode->i_mode, mask));
2486 if (rc)
2487 return rc;
2488
2489 return selinux_netlbl_inode_permission(inode, mask);
2490}
2491
2492static int selinux_file_permission(struct file *file, int mask)
2493{
2494 struct inode *inode = file->f_path.dentry->d_inode;
2495 struct task_security_struct *tsec = current->security;
2496 struct file_security_struct *fsec = file->f_security;
2497 struct inode_security_struct *isec = inode->i_security;
2498
2499 if (!mask) {
2500
2501 return 0;
2502 }
2503
2504 if (tsec->sid == fsec->sid && fsec->isid == isec->sid
2505 && fsec->pseqno == avc_policy_seqno())
2506 return selinux_netlbl_inode_permission(inode, mask);
2507
2508 return selinux_revalidate_file_permission(file, mask);
2509}
2510
2511static int selinux_file_alloc_security(struct file *file)
2512{
2513 return file_alloc_security(file);
2514}
2515
2516static void selinux_file_free_security(struct file *file)
2517{
2518 file_free_security(file);
2519}
2520
2521static int selinux_file_ioctl(struct file *file, unsigned int cmd,
2522 unsigned long arg)
2523{
2524 int error = 0;
2525
2526 switch (cmd) {
2527 case FIONREAD:
2528
2529 case FIBMAP:
2530
2531 case FIGETBSZ:
2532
2533 case EXT2_IOC_GETFLAGS:
2534
2535 case EXT2_IOC_GETVERSION:
2536 error = file_has_perm(current, file, FILE__GETATTR);
2537 break;
2538
2539 case EXT2_IOC_SETFLAGS:
2540
2541 case EXT2_IOC_SETVERSION:
2542 error = file_has_perm(current, file, FILE__SETATTR);
2543 break;
2544
2545
2546 case FIONBIO:
2547
2548 case FIOASYNC:
2549 error = file_has_perm(current, file, 0);
2550 break;
2551
2552 case KDSKBENT:
2553 case KDSKBSENT:
2554 error = task_has_capability(current,CAP_SYS_TTY_CONFIG);
2555 break;
2556
2557
2558
2559
2560 default:
2561 error = file_has_perm(current, file, FILE__IOCTL);
2562
2563 }
2564 return error;
2565}
2566
2567static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
2568{
2569#ifndef CONFIG_PPC32
2570 if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
2571
2572
2573
2574
2575
2576 int rc = task_has_perm(current, current, PROCESS__EXECMEM);
2577 if (rc)
2578 return rc;
2579 }
2580#endif
2581
2582 if (file) {
2583
2584 u32 av = FILE__READ;
2585
2586
2587 if (shared && (prot & PROT_WRITE))
2588 av |= FILE__WRITE;
2589
2590 if (prot & PROT_EXEC)
2591 av |= FILE__EXECUTE;
2592
2593 return file_has_perm(current, file, av);
2594 }
2595 return 0;
2596}
2597
2598static int selinux_file_mmap(struct file *file, unsigned long reqprot,
2599 unsigned long prot, unsigned long flags,
2600 unsigned long addr, unsigned long addr_only)
2601{
2602 int rc = 0;
2603 u32 sid = ((struct task_security_struct*)(current->security))->sid;
2604
2605 if (addr < mmap_min_addr)
2606 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
2607 MEMPROTECT__MMAP_ZERO, NULL);
2608 if (rc || addr_only)
2609 return rc;
2610
2611 if (selinux_checkreqprot)
2612 prot = reqprot;
2613
2614 return file_map_prot_check(file, prot,
2615 (flags & MAP_TYPE) == MAP_SHARED);
2616}
2617
2618static int selinux_file_mprotect(struct vm_area_struct *vma,
2619 unsigned long reqprot,
2620 unsigned long prot)
2621{
2622 int rc;
2623
2624 rc = secondary_ops->file_mprotect(vma, reqprot, prot);
2625 if (rc)
2626 return rc;
2627
2628 if (selinux_checkreqprot)
2629 prot = reqprot;
2630
2631#ifndef CONFIG_PPC32
2632 if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
2633 rc = 0;
2634 if (vma->vm_start >= vma->vm_mm->start_brk &&
2635 vma->vm_end <= vma->vm_mm->brk) {
2636 rc = task_has_perm(current, current,
2637 PROCESS__EXECHEAP);
2638 } else if (!vma->vm_file &&
2639 vma->vm_start <= vma->vm_mm->start_stack &&
2640 vma->vm_end >= vma->vm_mm->start_stack) {
2641 rc = task_has_perm(current, current, PROCESS__EXECSTACK);
2642 } else if (vma->vm_file && vma->anon_vma) {
2643
2644
2645
2646
2647
2648
2649
2650 rc = file_has_perm(current, vma->vm_file,
2651 FILE__EXECMOD);
2652 }
2653 if (rc)
2654 return rc;
2655 }
2656#endif
2657
2658 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
2659}
2660
2661static int selinux_file_lock(struct file *file, unsigned int cmd)
2662{
2663 return file_has_perm(current, file, FILE__LOCK);
2664}
2665
2666static int selinux_file_fcntl(struct file *file, unsigned int cmd,
2667 unsigned long arg)
2668{
2669 int err = 0;
2670
2671 switch (cmd) {
2672 case F_SETFL:
2673 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
2674 err = -EINVAL;
2675 break;
2676 }
2677
2678 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
2679 err = file_has_perm(current, file,FILE__WRITE);
2680 break;
2681 }
2682
2683 case F_SETOWN:
2684 case F_SETSIG:
2685 case F_GETFL:
2686 case F_GETOWN:
2687 case F_GETSIG:
2688
2689 err = file_has_perm(current, file, 0);
2690 break;
2691 case F_GETLK:
2692 case F_SETLK:
2693 case F_SETLKW:
2694#if BITS_PER_LONG == 32
2695 case F_GETLK64:
2696 case F_SETLK64:
2697 case F_SETLKW64:
2698#endif
2699 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
2700 err = -EINVAL;
2701 break;
2702 }
2703 err = file_has_perm(current, file, FILE__LOCK);
2704 break;
2705 }
2706
2707 return err;
2708}
2709
2710static int selinux_file_set_fowner(struct file *file)
2711{
2712 struct task_security_struct *tsec;
2713 struct file_security_struct *fsec;
2714
2715 tsec = current->security;
2716 fsec = file->f_security;
2717 fsec->fown_sid = tsec->sid;
2718
2719 return 0;
2720}
2721
2722static int selinux_file_send_sigiotask(struct task_struct *tsk,
2723 struct fown_struct *fown, int signum)
2724{
2725 struct file *file;
2726 u32 perm;
2727 struct task_security_struct *tsec;
2728 struct file_security_struct *fsec;
2729
2730
2731 file = container_of(fown, struct file, f_owner);
2732
2733 tsec = tsk->security;
2734 fsec = file->f_security;
2735
2736 if (!signum)
2737 perm = signal_to_av(SIGIO);
2738 else
2739 perm = signal_to_av(signum);
2740
2741 return avc_has_perm(fsec->fown_sid, tsec->sid,
2742 SECCLASS_PROCESS, perm, NULL);
2743}
2744
2745static int selinux_file_receive(struct file *file)
2746{
2747 return file_has_perm(current, file, file_to_av(file));
2748}
2749
2750static int selinux_dentry_open(struct file *file)
2751{
2752 struct file_security_struct *fsec;
2753 struct inode *inode;
2754 struct inode_security_struct *isec;
2755 inode = file->f_path.dentry->d_inode;
2756 fsec = file->f_security;
2757 isec = inode->i_security;
2758
2759
2760
2761
2762
2763
2764
2765 fsec->isid = isec->sid;
2766 fsec->pseqno = avc_policy_seqno();
2767
2768
2769
2770
2771
2772
2773
2774
2775 return inode_has_perm(current, inode, file_to_av(file), NULL);
2776}
2777
2778
2779
2780static int selinux_task_create(unsigned long clone_flags)
2781{
2782 int rc;
2783
2784 rc = secondary_ops->task_create(clone_flags);
2785 if (rc)
2786 return rc;
2787
2788 return task_has_perm(current, current, PROCESS__FORK);
2789}
2790
2791static int selinux_task_alloc_security(struct task_struct *tsk)
2792{
2793 struct task_security_struct *tsec1, *tsec2;
2794 int rc;
2795
2796 tsec1 = current->security;
2797
2798 rc = task_alloc_security(tsk);
2799 if (rc)
2800 return rc;
2801 tsec2 = tsk->security;
2802
2803 tsec2->osid = tsec1->osid;
2804 tsec2->sid = tsec1->sid;
2805
2806
2807 tsec2->exec_sid = tsec1->exec_sid;
2808 tsec2->create_sid = tsec1->create_sid;
2809 tsec2->keycreate_sid = tsec1->keycreate_sid;
2810 tsec2->sockcreate_sid = tsec1->sockcreate_sid;
2811
2812
2813
2814
2815 tsec2->ptrace_sid = tsec1->ptrace_sid;
2816
2817 return 0;
2818}
2819
2820static void selinux_task_free_security(struct task_struct *tsk)
2821{
2822 task_free_security(tsk);
2823}
2824
2825static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
2826{
2827
2828
2829
2830
2831
2832
2833 return 0;
2834}
2835
2836static int selinux_task_post_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
2837{
2838 return secondary_ops->task_post_setuid(id0,id1,id2,flags);
2839}
2840
2841static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags)
2842{
2843
2844 return 0;
2845}
2846
2847static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
2848{
2849 return task_has_perm(current, p, PROCESS__SETPGID);
2850}
2851
2852static int selinux_task_getpgid(struct task_struct *p)
2853{
2854 return task_has_perm(current, p, PROCESS__GETPGID);
2855}
2856
2857static int selinux_task_getsid(struct task_struct *p)
2858{
2859 return task_has_perm(current, p, PROCESS__GETSESSION);
2860}
2861
2862static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
2863{
2864 selinux_get_task_sid(p, secid);
2865}
2866
2867static int selinux_task_setgroups(struct group_info *group_info)
2868{
2869
2870 return 0;
2871}
2872
2873static int selinux_task_setnice(struct task_struct *p, int nice)
2874{
2875 int rc;
2876
2877 rc = secondary_ops->task_setnice(p, nice);
2878 if (rc)
2879 return rc;
2880
2881 return task_has_perm(current,p, PROCESS__SETSCHED);
2882}
2883
2884static int selinux_task_setioprio(struct task_struct *p, int ioprio)
2885{
2886 int rc;
2887
2888 rc = secondary_ops->task_setioprio(p, ioprio);
2889 if (rc)
2890 return rc;
2891
2892 return task_has_perm(current, p, PROCESS__SETSCHED);
2893}
2894
2895static int selinux_task_getioprio(struct task_struct *p)
2896{
2897 return task_has_perm(current, p, PROCESS__GETSCHED);
2898}
2899
2900static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim)
2901{
2902 struct rlimit *old_rlim = current->signal->rlim + resource;
2903 int rc;
2904
2905 rc = secondary_ops->task_setrlimit(resource, new_rlim);
2906 if (rc)
2907 return rc;
2908
2909
2910
2911
2912
2913 if (old_rlim->rlim_max != new_rlim->rlim_max)
2914 return task_has_perm(current, current, PROCESS__SETRLIMIT);
2915
2916 return 0;
2917}
2918
2919static int selinux_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp)
2920{
2921 int rc;
2922
2923 rc = secondary_ops->task_setscheduler(p, policy, lp);
2924 if (rc)
2925 return rc;
2926
2927 return task_has_perm(current, p, PROCESS__SETSCHED);
2928}
2929
2930static int selinux_task_getscheduler(struct task_struct *p)
2931{
2932 return task_has_perm(current, p, PROCESS__GETSCHED);
2933}
2934
2935static int selinux_task_movememory(struct task_struct *p)
2936{
2937 return task_has_perm(current, p, PROCESS__SETSCHED);
2938}
2939
2940static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
2941 int sig, u32 secid)
2942{
2943 u32 perm;
2944 int rc;
2945 struct task_security_struct *tsec;
2946
2947 rc = secondary_ops->task_kill(p, info, sig, secid);
2948 if (rc)
2949 return rc;
2950
2951 if (info != SEND_SIG_NOINFO && (is_si_special(info) || SI_FROMKERNEL(info)))
2952 return 0;
2953
2954 if (!sig)
2955 perm = PROCESS__SIGNULL;
2956 else
2957 perm = signal_to_av(sig);
2958 tsec = p->security;
2959 if (secid)
2960 rc = avc_has_perm(secid, tsec->sid, SECCLASS_PROCESS, perm, NULL);
2961 else
2962 rc = task_has_perm(current, p, perm);
2963 return rc;
2964}
2965
2966static int selinux_task_prctl(int option,
2967 unsigned long arg2,
2968 unsigned long arg3,
2969 unsigned long arg4,
2970 unsigned long arg5)
2971{
2972
2973
2974
2975 return 0;
2976}
2977
2978static int selinux_task_wait(struct task_struct *p)
2979{
2980 return task_has_perm(p, current, PROCESS__SIGCHLD);
2981}
2982
2983static void selinux_task_reparent_to_init(struct task_struct *p)
2984{
2985 struct task_security_struct *tsec;
2986
2987 secondary_ops->task_reparent_to_init(p);
2988
2989 tsec = p->security;
2990 tsec->osid = tsec->sid;
2991 tsec->sid = SECINITSID_KERNEL;
2992 return;
2993}
2994
2995static void selinux_task_to_inode(struct task_struct *p,
2996 struct inode *inode)
2997{
2998 struct task_security_struct *tsec = p->security;
2999 struct inode_security_struct *isec = inode->i_security;
3000
3001 isec->sid = tsec->sid;
3002 isec->initialized = 1;
3003 return;
3004}
3005
3006
3007static int selinux_parse_skb_ipv4(struct sk_buff *skb,
3008 struct avc_audit_data *ad, u8 *proto)
3009{
3010 int offset, ihlen, ret = -EINVAL;
3011 struct iphdr _iph, *ih;
3012
3013 offset = skb_network_offset(skb);
3014 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
3015 if (ih == NULL)
3016 goto out;
3017
3018 ihlen = ih->ihl * 4;
3019 if (ihlen < sizeof(_iph))
3020 goto out;
3021
3022 ad->u.net.v4info.saddr = ih->saddr;
3023 ad->u.net.v4info.daddr = ih->daddr;
3024 ret = 0;
3025
3026 if (proto)
3027 *proto = ih->protocol;
3028
3029 switch (ih->protocol) {
3030 case IPPROTO_TCP: {
3031 struct tcphdr _tcph, *th;
3032
3033 if (ntohs(ih->frag_off) & IP_OFFSET)
3034 break;
3035
3036 offset += ihlen;
3037 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3038 if (th == NULL)
3039 break;
3040
3041 ad->u.net.sport = th->source;
3042 ad->u.net.dport = th->dest;
3043 break;
3044 }
3045
3046 case IPPROTO_UDP: {
3047 struct udphdr _udph, *uh;
3048
3049 if (ntohs(ih->frag_off) & IP_OFFSET)
3050 break;
3051
3052 offset += ihlen;
3053 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3054 if (uh == NULL)
3055 break;
3056
3057 ad->u.net.sport = uh->source;
3058 ad->u.net.dport = uh->dest;
3059 break;
3060 }
3061
3062 case IPPROTO_DCCP: {
3063 struct dccp_hdr _dccph, *dh;
3064
3065 if (ntohs(ih->frag_off) & IP_OFFSET)
3066 break;
3067
3068 offset += ihlen;
3069 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3070 if (dh == NULL)
3071 break;
3072
3073 ad->u.net.sport = dh->dccph_sport;
3074 ad->u.net.dport = dh->dccph_dport;
3075 break;
3076 }
3077
3078 default:
3079 break;
3080 }
3081out:
3082 return ret;
3083}
3084
3085#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3086
3087
3088static int selinux_parse_skb_ipv6(struct sk_buff *skb,
3089 struct avc_audit_data *ad, u8 *proto)
3090{
3091 u8 nexthdr;
3092 int ret = -EINVAL, offset;
3093 struct ipv6hdr _ipv6h, *ip6;
3094
3095 offset = skb_network_offset(skb);
3096 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3097 if (ip6 == NULL)
3098 goto out;
3099
3100 ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr);
3101 ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr);
3102 ret = 0;
3103
3104 nexthdr = ip6->nexthdr;
3105 offset += sizeof(_ipv6h);
3106 offset = ipv6_skip_exthdr(skb, offset, &nexthdr);
3107 if (offset < 0)
3108 goto out;
3109
3110 if (proto)
3111 *proto = nexthdr;
3112
3113 switch (nexthdr) {
3114 case IPPROTO_TCP: {
3115 struct tcphdr _tcph, *th;
3116
3117 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3118 if (th == NULL)
3119 break;
3120
3121 ad->u.net.sport = th->source;
3122 ad->u.net.dport = th->dest;
3123 break;
3124 }
3125
3126 case IPPROTO_UDP: {
3127 struct udphdr _udph, *uh;
3128
3129 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3130 if (uh == NULL)
3131 break;
3132
3133 ad->u.net.sport = uh->source;
3134 ad->u.net.dport = uh->dest;
3135 break;
3136 }
3137
3138 case IPPROTO_DCCP: {
3139 struct dccp_hdr _dccph, *dh;
3140
3141 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3142 if (dh == NULL)
3143 break;
3144
3145 ad->u.net.sport = dh->dccph_sport;
3146 ad->u.net.dport = dh->dccph_dport;
3147 break;
3148 }
3149
3150
3151 default:
3152 break;
3153 }
3154out:
3155 return ret;
3156}
3157
3158#endif
3159
3160static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad,
3161 char **addrp, int *len, int src, u8 *proto)
3162{
3163 int ret = 0;
3164
3165 switch (ad->u.net.family) {
3166 case PF_INET:
3167 ret = selinux_parse_skb_ipv4(skb, ad, proto);
3168 if (ret || !addrp)
3169 break;
3170 *len = 4;
3171 *addrp = (char *)(src ? &ad->u.net.v4info.saddr :
3172 &ad->u.net.v4info.daddr);
3173 break;
3174
3175#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3176 case PF_INET6:
3177 ret = selinux_parse_skb_ipv6(skb, ad, proto);
3178 if (ret || !addrp)
3179 break;
3180 *len = 16;
3181 *addrp = (char *)(src ? &ad->u.net.v6info.saddr :
3182 &ad->u.net.v6info.daddr);
3183 break;
3184#endif
3185 default:
3186 break;
3187 }
3188
3189 return ret;
3190}
3191
3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203
3204
3205
3206
3207static void selinux_skb_extlbl_sid(struct sk_buff *skb, u32 *sid)
3208{
3209 u32 xfrm_sid;
3210 u32 nlbl_sid;
3211
3212 selinux_skb_xfrm_sid(skb, &xfrm_sid);
3213 if (selinux_netlbl_skbuff_getsid(skb,
3214 (xfrm_sid == SECSID_NULL ?
3215 SECINITSID_NETMSG : xfrm_sid),
3216 &nlbl_sid) != 0)
3217 nlbl_sid = SECSID_NULL;
3218 *sid = (nlbl_sid == SECSID_NULL ? xfrm_sid : nlbl_sid);
3219}
3220
3221
3222static int socket_has_perm(struct task_struct *task, struct socket *sock,
3223 u32 perms)
3224{
3225 struct inode_security_struct *isec;
3226 struct task_security_struct *tsec;
3227 struct avc_audit_data ad;
3228 int err = 0;
3229
3230 tsec = task->security;
3231 isec = SOCK_INODE(sock)->i_security;
3232
3233 if (isec->sid == SECINITSID_KERNEL)
3234 goto out;
3235
3236 AVC_AUDIT_DATA_INIT(&ad,NET);
3237 ad.u.net.sk = sock->sk;
3238 err = avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad);
3239
3240out:
3241 return err;
3242}
3243
3244static int selinux_socket_create(int family, int type,
3245 int protocol, int kern)
3246{
3247 int err = 0;
3248 struct task_security_struct *tsec;
3249 u32 newsid;
3250
3251 if (kern)
3252 goto out;
3253
3254 tsec = current->security;
3255 newsid = tsec->sockcreate_sid ? : tsec->sid;
3256 err = avc_has_perm(tsec->sid, newsid,
3257 socket_type_to_security_class(family, type,
3258 protocol), SOCKET__CREATE, NULL);
3259
3260out:
3261 return err;
3262}
3263
3264static int selinux_socket_post_create(struct socket *sock, int family,
3265 int type, int protocol, int kern)
3266{
3267 int err = 0;
3268 struct inode_security_struct *isec;
3269 struct task_security_struct *tsec;
3270 struct sk_security_struct *sksec;
3271 u32 newsid;
3272
3273 isec = SOCK_INODE(sock)->i_security;
3274
3275 tsec = current->security;
3276 newsid = tsec->sockcreate_sid ? : tsec->sid;
3277 isec->sclass = socket_type_to_security_class(family, type, protocol);
3278 isec->sid = kern ? SECINITSID_KERNEL : newsid;
3279 isec->initialized = 1;
3280
3281 if (sock->sk) {
3282 sksec = sock->sk->sk_security;
3283 sksec->sid = isec->sid;
3284 err = selinux_netlbl_socket_post_create(sock);
3285 }
3286
3287 return err;
3288}
3289
3290
3291
3292
3293
3294static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
3295{
3296 u16 family;
3297 int err;
3298
3299 err = socket_has_perm(current, sock, SOCKET__BIND);
3300 if (err)
3301 goto out;
3302
3303
3304
3305
3306
3307
3308 family = sock->sk->sk_family;
3309 if (family == PF_INET || family == PF_INET6) {
3310 char *addrp;
3311 struct inode_security_struct *isec;
3312 struct task_security_struct *tsec;
3313 struct avc_audit_data ad;
3314 struct sockaddr_in *addr4 = NULL;
3315 struct sockaddr_in6 *addr6 = NULL;
3316 unsigned short snum;
3317 struct sock *sk = sock->sk;
3318 u32 sid, node_perm, addrlen;
3319
3320 tsec = current->security;
3321 isec = SOCK_INODE(sock)->i_security;
3322
3323 if (family == PF_INET) {
3324 addr4 = (struct sockaddr_in *)address;
3325 snum = ntohs(addr4->sin_port);
3326 addrlen = sizeof(addr4->sin_addr.s_addr);
3327 addrp = (char *)&addr4->sin_addr.s_addr;
3328 } else {
3329 addr6 = (struct sockaddr_in6 *)address;
3330 snum = ntohs(addr6->sin6_port);
3331 addrlen = sizeof(addr6->sin6_addr.s6_addr);
3332 addrp = (char *)&addr6->sin6_addr.s6_addr;
3333 }
3334
3335 if (snum) {
3336 int low, high;
3337
3338 inet_get_local_port_range(&low, &high);
3339
3340 if (snum < max(PROT_SOCK, low) || snum > high) {
3341 err = security_port_sid(sk->sk_family,
3342 sk->sk_type,
3343 sk->sk_protocol, snum,
3344 &sid);
3345 if (err)
3346 goto out;
3347 AVC_AUDIT_DATA_INIT(&ad,NET);
3348 ad.u.net.sport = htons(snum);
3349 ad.u.net.family = family;
3350 err = avc_has_perm(isec->sid, sid,
3351 isec->sclass,
3352 SOCKET__NAME_BIND, &ad);
3353 if (err)
3354 goto out;
3355 }
3356 }
3357
3358 switch(isec->sclass) {
3359 case SECCLASS_TCP_SOCKET:
3360 node_perm = TCP_SOCKET__NODE_BIND;
3361 break;
3362
3363 case SECCLASS_UDP_SOCKET:
3364 node_perm = UDP_SOCKET__NODE_BIND;
3365 break;
3366
3367 case SECCLASS_DCCP_SOCKET:
3368 node_perm = DCCP_SOCKET__NODE_BIND;
3369 break;
3370
3371 default:
3372 node_perm = RAWIP_SOCKET__NODE_BIND;
3373 break;
3374 }
3375
3376 err = security_node_sid(family, addrp, addrlen, &sid);
3377 if (err)
3378 goto out;
3379
3380 AVC_AUDIT_DATA_INIT(&ad,NET);
3381 ad.u.net.sport = htons(snum);
3382 ad.u.net.family = family;
3383
3384 if (family == PF_INET)
3385 ad.u.net.v4info.saddr = addr4->sin_addr.s_addr;
3386 else
3387 ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr);
3388
3389 err = avc_has_perm(isec->sid, sid,
3390 isec->sclass, node_perm, &ad);
3391 if (err)
3392 goto out;
3393 }
3394out:
3395 return err;
3396}
3397
3398static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
3399{
3400 struct inode_security_struct *isec;
3401 int err;
3402
3403 err = socket_has_perm(current, sock, SOCKET__CONNECT);
3404 if (err)
3405 return err;
3406
3407
3408
3409
3410 isec = SOCK_INODE(sock)->i_security;
3411 if (isec->sclass == SECCLASS_TCP_SOCKET ||
3412 isec->sclass == SECCLASS_DCCP_SOCKET) {
3413 struct sock *sk = sock->sk;
3414 struct avc_audit_data ad;
3415 struct sockaddr_in *addr4 = NULL;
3416 struct sockaddr_in6 *addr6 = NULL;
3417 unsigned short snum;
3418 u32 sid, perm;
3419
3420 if (sk->sk_family == PF_INET) {
3421 addr4 = (struct sockaddr_in *)address;
3422 if (addrlen < sizeof(struct sockaddr_in))
3423 return -EINVAL;
3424 snum = ntohs(addr4->sin_port);
3425 } else {
3426 addr6 = (struct sockaddr_in6 *)address;
3427 if (addrlen < SIN6_LEN_RFC2133)
3428 return -EINVAL;
3429 snum = ntohs(addr6->sin6_port);
3430 }
3431
3432 err = security_port_sid(sk->sk_family, sk->sk_type,
3433 sk->sk_protocol, snum, &sid);
3434 if (err)
3435 goto out;
3436
3437 perm = (isec->sclass == SECCLASS_TCP_SOCKET) ?
3438 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
3439
3440 AVC_AUDIT_DATA_INIT(&ad,NET);
3441 ad.u.net.dport = htons(snum);
3442 ad.u.net.family = sk->sk_family;
3443 err = avc_has_perm(isec->sid, sid, isec->sclass, perm, &ad);
3444 if (err)
3445 goto out;
3446 }
3447
3448out:
3449 return err;
3450}
3451
3452static int selinux_socket_listen(struct socket *sock, int backlog)
3453{
3454 return socket_has_perm(current, sock, SOCKET__LISTEN);
3455}
3456
3457static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
3458{
3459 int err;
3460 struct inode_security_struct *isec;
3461 struct inode_security_struct *newisec;
3462
3463 err = socket_has_perm(current, sock, SOCKET__ACCEPT);
3464 if (err)
3465 return err;
3466
3467 newisec = SOCK_INODE(newsock)->i_security;
3468
3469 isec = SOCK_INODE(sock)->i_security;
3470 newisec->sclass = isec->sclass;
3471 newisec->sid = isec->sid;
3472 newisec->initialized = 1;
3473
3474 return 0;
3475}
3476
3477static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3478 int size)
3479{
3480 int rc;
3481
3482 rc = socket_has_perm(current, sock, SOCKET__WRITE);
3483 if (rc)
3484 return rc;
3485
3486 return selinux_netlbl_inode_permission(SOCK_INODE(sock), MAY_WRITE);
3487}
3488
3489static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
3490 int size, int flags)
3491{
3492 return socket_has_perm(current, sock, SOCKET__READ);
3493}
3494
3495static int selinux_socket_getsockname(struct socket *sock)
3496{
3497 return socket_has_perm(current, sock, SOCKET__GETATTR);
3498}
3499
3500static int selinux_socket_getpeername(struct socket *sock)
3501{
3502 return socket_has_perm(current, sock, SOCKET__GETATTR);
3503}
3504
3505static int selinux_socket_setsockopt(struct socket *sock,int level,int optname)
3506{
3507 int err;
3508
3509 err = socket_has_perm(current, sock, SOCKET__SETOPT);
3510 if (err)
3511 return err;
3512
3513 return selinux_netlbl_socket_setsockopt(sock, level, optname);
3514}
3515
3516static int selinux_socket_getsockopt(struct socket *sock, int level,
3517 int optname)
3518{
3519 return socket_has_perm(current, sock, SOCKET__GETOPT);
3520}
3521
3522static int selinux_socket_shutdown(struct socket *sock, int how)
3523{
3524 return socket_has_perm(current, sock, SOCKET__SHUTDOWN);
3525}
3526
3527static int selinux_socket_unix_stream_connect(struct socket *sock,
3528 struct socket *other,
3529 struct sock *newsk)
3530{
3531 struct sk_security_struct *ssec;
3532 struct inode_security_struct *isec;
3533 struct inode_security_struct *other_isec;
3534 struct avc_audit_data ad;
3535 int err;
3536
3537 err = secondary_ops->unix_stream_connect(sock, other, newsk);
3538 if (err)
3539 return err;
3540
3541 isec = SOCK_INODE(sock)->i_security;
3542 other_isec = SOCK_INODE(other)->i_security;
3543
3544 AVC_AUDIT_DATA_INIT(&ad,NET);
3545 ad.u.net.sk = other->sk;
3546
3547 err = avc_has_perm(isec->sid, other_isec->sid,
3548 isec->sclass,
3549 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
3550 if (err)
3551 return err;
3552
3553
3554 ssec = sock->sk->sk_security;
3555 ssec->peer_sid = other_isec->sid;
3556
3557
3558 ssec = newsk->sk_security;
3559 ssec->peer_sid = isec->sid;
3560 err = security_sid_mls_copy(other_isec->sid, ssec->peer_sid, &ssec->sid);
3561
3562 return err;
3563}
3564
3565static int selinux_socket_unix_may_send(struct socket *sock,
3566 struct socket *other)
3567{
3568 struct inode_security_struct *isec;
3569 struct inode_security_struct *other_isec;
3570 struct avc_audit_data ad;
3571 int err;
3572
3573 isec = SOCK_INODE(sock)->i_security;
3574 other_isec = SOCK_INODE(other)->i_security;
3575
3576 AVC_AUDIT_DATA_INIT(&ad,NET);
3577 ad.u.net.sk = other->sk;
3578
3579 err = avc_has_perm(isec->sid, other_isec->sid,
3580 isec->sclass, SOCKET__SENDTO, &ad);
3581 if (err)
3582 return err;
3583
3584 return 0;
3585}
3586
3587static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
3588 struct avc_audit_data *ad, u16 family, char *addrp, int len)
3589{
3590 int err = 0;
3591 u32 netif_perm, node_perm, node_sid, if_sid, recv_perm = 0;
3592 struct socket *sock;
3593 u16 sock_class = 0;
3594 u32 sock_sid = 0;
3595
3596 read_lock_bh(&sk->sk_callback_lock);
3597 sock = sk->sk_socket;
3598 if (sock) {
3599 struct inode *inode;
3600 inode = SOCK_INODE(sock);
3601 if (inode) {
3602 struct inode_security_struct *isec;
3603 isec = inode->i_security;
3604 sock_sid = isec->sid;
3605 sock_class = isec->sclass;
3606 }
3607 }
3608 read_unlock_bh(&sk->sk_callback_lock);
3609 if (!sock_sid)
3610 goto out;
3611
3612 if (!skb->dev)
3613 goto out;
3614
3615 err = sel_netif_sids(skb->dev, &if_sid, NULL);
3616 if (err)
3617 goto out;
3618
3619 switch (sock_class) {
3620 case SECCLASS_UDP_SOCKET:
3621 netif_perm = NETIF__UDP_RECV;
3622 node_perm = NODE__UDP_RECV;
3623 recv_perm = UDP_SOCKET__RECV_MSG;
3624 break;
3625
3626 case SECCLASS_TCP_SOCKET:
3627 netif_perm = NETIF__TCP_RECV;
3628 node_perm = NODE__TCP_RECV;
3629 recv_perm = TCP_SOCKET__RECV_MSG;
3630 break;
3631
3632 case SECCLASS_DCCP_SOCKET:
3633 netif_perm = NETIF__DCCP_RECV;
3634 node_perm = NODE__DCCP_RECV;
3635 recv_perm = DCCP_SOCKET__RECV_MSG;
3636 break;
3637
3638 default:
3639 netif_perm = NETIF__RAWIP_RECV;
3640 node_perm = NODE__RAWIP_RECV;
3641 break;
3642 }
3643
3644 err = avc_has_perm(sock_sid, if_sid, SECCLASS_NETIF, netif_perm, ad);
3645 if (err)
3646 goto out;
3647
3648 err = security_node_sid(family, addrp, len, &node_sid);
3649 if (err)
3650 goto out;
3651
3652 err = avc_has_perm(sock_sid, node_sid, SECCLASS_NODE, node_perm, ad);
3653 if (err)
3654 goto out;
3655
3656 if (recv_perm) {
3657 u32 port_sid;
3658
3659 err = security_port_sid(sk->sk_family, sk->sk_type,
3660 sk->sk_protocol, ntohs(ad->u.net.sport),
3661 &port_sid);
3662 if (err)
3663 goto out;
3664
3665 err = avc_has_perm(sock_sid, port_sid,
3666 sock_class, recv_perm, ad);
3667 }
3668
3669out:
3670 return err;
3671}
3672
3673static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3674{
3675 u16 family;
3676 char *addrp;
3677 int len, err = 0;
3678 struct avc_audit_data ad;
3679 struct sk_security_struct *sksec = sk->sk_security;
3680
3681 family = sk->sk_family;
3682 if (family != PF_INET && family != PF_INET6)
3683 goto out;
3684
3685
3686 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
3687 family = PF_INET;
3688
3689 AVC_AUDIT_DATA_INIT(&ad, NET);
3690 ad.u.net.netif = skb->dev ? skb->dev->name : "[unknown]";
3691 ad.u.net.family = family;
3692
3693 err = selinux_parse_skb(skb, &ad, &addrp, &len, 1, NULL);
3694 if (err)
3695 goto out;
3696
3697 if (selinux_compat_net)
3698 err = selinux_sock_rcv_skb_compat(sk, skb, &ad, family,
3699 addrp, len);
3700 else
3701 err = avc_has_perm(sksec->sid, skb->secmark, SECCLASS_PACKET,
3702 PACKET__RECV, &ad);
3703 if (err)
3704 goto out;
3705
3706 err = selinux_netlbl_sock_rcv_skb(sksec, skb, &ad);
3707 if (err)
3708 goto out;
3709
3710 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
3711out:
3712 return err;
3713}
3714
3715static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
3716 int __user *optlen, unsigned len)
3717{
3718 int err = 0;
3719 char *scontext;
3720 u32 scontext_len;
3721 struct sk_security_struct *ssec;
3722 struct inode_security_struct *isec;
3723 u32 peer_sid = SECSID_NULL;
3724
3725 isec = SOCK_INODE(sock)->i_security;
3726
3727 if (isec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
3728 isec->sclass == SECCLASS_TCP_SOCKET) {
3729 ssec = sock->sk->sk_security;
3730 peer_sid = ssec->peer_sid;
3731 }
3732 if (peer_sid == SECSID_NULL) {
3733 err = -ENOPROTOOPT;
3734 goto out;
3735 }
3736
3737 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
3738
3739 if (err)
3740 goto out;
3741
3742 if (scontext_len > len) {
3743 err = -ERANGE;
3744 goto out_len;
3745 }
3746
3747 if (copy_to_user(optval, scontext, scontext_len))
3748 err = -EFAULT;
3749
3750out_len:
3751 if (put_user(scontext_len, optlen))
3752 err = -EFAULT;
3753
3754 kfree(scontext);
3755out:
3756 return err;
3757}
3758
3759static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
3760{
3761 u32 peer_secid = SECSID_NULL;
3762 int err = 0;
3763
3764 if (sock && sock->sk->sk_family == PF_UNIX)
3765 selinux_get_inode_sid(SOCK_INODE(sock), &peer_secid);
3766 else if (skb)
3767 selinux_skb_extlbl_sid(skb, &peer_secid);
3768
3769 if (peer_secid == SECSID_NULL)
3770 err = -EINVAL;
3771 *secid = peer_secid;
3772
3773 return err;
3774}
3775
3776static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
3777{
3778 return sk_alloc_security(sk, family, priority);
3779}
3780
3781static void selinux_sk_free_security(struct sock *sk)
3782{
3783 sk_free_security(sk);
3784}
3785
3786static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
3787{
3788 struct sk_security_struct *ssec = sk->sk_security;
3789 struct sk_security_struct *newssec = newsk->sk_security;
3790
3791 newssec->sid = ssec->sid;
3792 newssec->peer_sid = ssec->peer_sid;
3793
3794 selinux_netlbl_sk_security_clone(ssec, newssec);
3795}
3796
3797static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
3798{
3799 if (!sk)
3800 *secid = SECINITSID_ANY_SOCKET;
3801 else {
3802 struct sk_security_struct *sksec = sk->sk_security;
3803
3804 *secid = sksec->sid;
3805 }
3806}
3807
3808static void selinux_sock_graft(struct sock* sk, struct socket *parent)
3809{
3810 struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
3811 struct sk_security_struct *sksec = sk->sk_security;
3812
3813 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
3814 sk->sk_family == PF_UNIX)
3815 isec->sid = sksec->sid;
3816
3817 selinux_netlbl_sock_graft(sk, parent);
3818}
3819
3820static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
3821 struct request_sock *req)
3822{
3823 struct sk_security_struct *sksec = sk->sk_security;
3824 int err;
3825 u32 newsid;
3826 u32 peersid;
3827
3828 selinux_skb_extlbl_sid(skb, &peersid);
3829 if (peersid == SECSID_NULL) {
3830 req->secid = sksec->sid;
3831 req->peer_secid = SECSID_NULL;
3832 return 0;
3833 }
3834
3835 err = security_sid_mls_copy(sksec->sid, peersid, &newsid);
3836 if (err)
3837 return err;
3838
3839 req->secid = newsid;
3840 req->peer_secid = peersid;
3841 return 0;
3842}
3843
3844static void selinux_inet_csk_clone(struct sock *newsk,
3845 const struct request_sock *req)
3846{
3847 struct sk_security_struct *newsksec = newsk->sk_security;
3848
3849 newsksec->sid = req->secid;
3850 newsksec->peer_sid = req->peer_secid;
3851
3852
3853
3854
3855
3856
3857
3858 selinux_netlbl_sk_security_reset(newsksec, req->rsk_ops->family);
3859}
3860
3861static void selinux_inet_conn_established(struct sock *sk,
3862 struct sk_buff *skb)
3863{
3864 struct sk_security_struct *sksec = sk->sk_security;
3865
3866 selinux_skb_extlbl_sid(skb, &sksec->peer_sid);
3867}
3868
3869static void selinux_req_classify_flow(const struct request_sock *req,
3870 struct flowi *fl)
3871{
3872 fl->secid = req->secid;
3873}
3874
3875static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
3876{
3877 int err = 0;
3878 u32 perm;
3879 struct nlmsghdr *nlh;
3880 struct socket *sock = sk->sk_socket;
3881 struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;
3882
3883 if (skb->len < NLMSG_SPACE(0)) {
3884 err = -EINVAL;
3885 goto out;
3886 }
3887 nlh = nlmsg_hdr(skb);
3888
3889 err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
3890 if (err) {
3891 if (err == -EINVAL) {
3892 audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR,
3893 "SELinux: unrecognized netlink message"
3894 " type=%hu for sclass=%hu\n",
3895 nlh->nlmsg_type, isec->sclass);
3896 if (!selinux_enforcing)
3897 err = 0;
3898 }
3899
3900
3901 if (err == -ENOENT)
3902 err = 0;
3903 goto out;
3904 }
3905
3906 err = socket_has_perm(current, sock, perm);
3907out:
3908 return err;
3909}
3910
3911#ifdef CONFIG_NETFILTER
3912
3913static int selinux_ip_postroute_last_compat(struct sock *sk, struct net_device *dev,
3914 struct avc_audit_data *ad,
3915 u16 family, char *addrp, int len)
3916{
3917 int err = 0;
3918 u32 netif_perm, node_perm, node_sid, if_sid, send_perm = 0;
3919 struct socket *sock;
3920 struct inode *inode;
3921 struct inode_security_struct *isec;
3922
3923 sock = sk->sk_socket;
3924 if (!sock)
3925 goto out;
3926
3927 inode = SOCK_INODE(sock);
3928 if (!inode)
3929 goto out;
3930
3931 isec = inode->i_security;
3932
3933 err = sel_netif_sids(dev, &if_sid, NULL);
3934 if (err)
3935 goto out;
3936
3937 switch (isec->sclass) {
3938 case SECCLASS_UDP_SOCKET:
3939 netif_perm = NETIF__UDP_SEND;
3940 node_perm = NODE__UDP_SEND;
3941 send_perm = UDP_SOCKET__SEND_MSG;
3942 break;
3943
3944 case SECCLASS_TCP_SOCKET:
3945 netif_perm = NETIF__TCP_SEND;
3946 node_perm = NODE__TCP_SEND;
3947 send_perm = TCP_SOCKET__SEND_MSG;
3948 break;
3949
3950 case SECCLASS_DCCP_SOCKET:
3951 netif_perm = NETIF__DCCP_SEND;
3952 node_perm = NODE__DCCP_SEND;
3953 send_perm = DCCP_SOCKET__SEND_MSG;
3954 break;
3955
3956 default:
3957 netif_perm = NETIF__RAWIP_SEND;
3958 node_perm = NODE__RAWIP_SEND;
3959 break;
3960 }
3961
3962 err = avc_has_perm(isec->sid, if_sid, SECCLASS_NETIF, netif_perm, ad);
3963 if (err)
3964 goto out;
3965
3966 err = security_node_sid(family, addrp, len, &node_sid);
3967 if (err)
3968 goto out;
3969
3970 err = avc_has_perm(isec->sid, node_sid, SECCLASS_NODE, node_perm, ad);
3971 if (err)
3972 goto out;
3973
3974 if (send_perm) {
3975 u32 port_sid;
3976
3977 err = security_port_sid(sk->sk_family,
3978 sk->sk_type,
3979 sk->sk_protocol,
3980 ntohs(ad->u.net.dport),
3981 &port_sid);
3982 if (err)
3983 goto out;
3984
3985 err = avc_has_perm(isec->sid, port_sid, isec->sclass,
3986 send_perm, ad);
3987 }
3988out:
3989 return err;
3990}
3991
3992static unsigned int selinux_ip_postroute_last(unsigned int hooknum,
3993 struct sk_buff *skb,
3994 const struct net_device *in,
3995 const struct net_device *out,
3996 int (*okfn)(struct sk_buff *),
3997 u16 family)
3998{
3999 char *addrp;
4000 int len, err = 0;
4001 struct sock *sk;
4002 struct avc_audit_data ad;
4003 struct net_device *dev = (struct net_device *)out;
4004 struct sk_security_struct *sksec;
4005 u8 proto;
4006
4007 sk = skb->sk;
4008 if (!sk)
4009 goto out;
4010
4011 sksec = sk->sk_security;
4012
4013 AVC_AUDIT_DATA_INIT(&ad, NET);
4014 ad.u.net.netif = dev->name;
4015 ad.u.net.family = family;
4016
4017 err = selinux_parse_skb(skb, &ad, &addrp, &len, 0, &proto);
4018 if (err)
4019 goto out;
4020
4021 if (selinux_compat_net)
4022 err = selinux_ip_postroute_last_compat(sk, dev, &ad,
4023 family, addrp, len);
4024 else
4025 err = avc_has_perm(sksec->sid, skb->secmark, SECCLASS_PACKET,
4026 PACKET__SEND, &ad);
4027
4028 if (err)
4029 goto out;
4030
4031 err = selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto);
4032out:
4033 return err ? NF_DROP : NF_ACCEPT;
4034}
4035
4036static unsigned int selinux_ipv4_postroute_last(unsigned int hooknum,
4037 struct sk_buff *skb,
4038 const struct net_device *in,
4039 const struct net_device *out,
4040 int (*okfn)(struct sk_buff *))
4041{
4042 return selinux_ip_postroute_last(hooknum, skb, in, out, okfn, PF_INET);
4043}
4044
4045#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4046
4047static unsigned int selinux_ipv6_postroute_last(unsigned int hooknum,
4048 struct sk_buff *skb,
4049 const struct net_device *in,
4050 const struct net_device *out,
4051 int (*okfn)(struct sk_buff *))
4052{
4053 return selinux_ip_postroute_last(hooknum, skb, in, out, okfn, PF_INET6);
4054}
4055
4056#endif
4057
4058#endif
4059
4060static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
4061{
4062 int err;
4063
4064 err = secondary_ops->netlink_send(sk, skb);
4065 if (err)
4066 return err;
4067
4068 if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS)
4069 err = selinux_nlmsg_perm(sk, skb);
4070
4071 return err;
4072}
4073
4074static int selinux_netlink_recv(struct sk_buff *skb, int capability)
4075{
4076 int err;
4077 struct avc_audit_data ad;
4078
4079 err = secondary_ops->netlink_recv(skb, capability);
4080 if (err)
4081 return err;
4082
4083 AVC_AUDIT_DATA_INIT(&ad, CAP);
4084 ad.u.cap = capability;
4085
4086 return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid,
4087 SECCLASS_CAPABILITY, CAP_TO_MASK(capability), &ad);
4088}
4089
4090static int ipc_alloc_security(struct task_struct *task,
4091 struct kern_ipc_perm *perm,
4092 u16 sclass)
4093{
4094 struct task_security_struct *tsec = task->security;
4095 struct ipc_security_struct *isec;
4096
4097 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
4098 if (!isec)
4099 return -ENOMEM;
4100
4101 isec->sclass = sclass;
4102 isec->ipc_perm = perm;
4103 isec->sid = tsec->sid;
4104 perm->security = isec;
4105
4106 return 0;
4107}
4108
4109static void ipc_free_security(struct kern_ipc_perm *perm)
4110{
4111 struct ipc_security_struct *isec = perm->security;
4112 perm->security = NULL;
4113 kfree(isec);
4114}
4115
4116static int msg_msg_alloc_security(struct msg_msg *msg)
4117{
4118 struct msg_security_struct *msec;
4119
4120 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
4121 if (!msec)
4122 return -ENOMEM;
4123
4124 msec->msg = msg;
4125 msec->sid = SECINITSID_UNLABELED;
4126 msg->security = msec;
4127
4128 return 0;
4129}
4130
4131static void msg_msg_free_security(struct msg_msg *msg)
4132{
4133 struct msg_security_struct *msec = msg->security;
4134
4135 msg->security = NULL;
4136 kfree(msec);
4137}
4138
4139static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
4140 u32 perms)
4141{
4142 struct task_security_struct *tsec;
4143 struct ipc_security_struct *isec;
4144 struct avc_audit_data ad;
4145
4146 tsec = current->security;
4147 isec = ipc_perms->security;
4148
4149 AVC_AUDIT_DATA_INIT(&ad, IPC);
4150 ad.u.ipc_id = ipc_perms->key;
4151
4152 return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad);
4153}
4154
4155static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
4156{
4157 return msg_msg_alloc_security(msg);
4158}
4159
4160static void selinux_msg_msg_free_security(struct msg_msg *msg)
4161{
4162 msg_msg_free_security(msg);
4163}
4164
4165
4166static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4167{
4168 struct task_security_struct *tsec;
4169 struct ipc_security_struct *isec;
4170 struct avc_audit_data ad;
4171 int rc;
4172
4173 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
4174 if (rc)
4175 return rc;
4176
4177 tsec = current->security;
4178 isec = msq->q_perm.security;
4179
4180 AVC_AUDIT_DATA_INIT(&ad, IPC);
4181 ad.u.ipc_id = msq->q_perm.key;
4182
4183 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
4184 MSGQ__CREATE, &ad);
4185 if (rc) {
4186 ipc_free_security(&msq->q_perm);
4187 return rc;
4188 }
4189 return 0;
4190}
4191
4192static void selinux_msg_queue_free_security(struct msg_queue *msq)
4193{
4194 ipc_free_security(&msq->q_perm);
4195}
4196
4197static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
4198{
4199 struct task_security_struct *tsec;
4200 struct ipc_security_struct *isec;
4201 struct avc_audit_data ad;
4202
4203 tsec = current->security;
4204 isec = msq->q_perm.security;
4205
4206 AVC_AUDIT_DATA_INIT(&ad, IPC);
4207 ad.u.ipc_id = msq->q_perm.key;
4208
4209 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
4210 MSGQ__ASSOCIATE, &ad);
4211}
4212
4213static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
4214{
4215 int err;
4216 int perms;
4217
4218 switch(cmd) {
4219 case IPC_INFO:
4220 case MSG_INFO:
4221
4222 return task_has_system(current, SYSTEM__IPC_INFO);
4223 case IPC_STAT:
4224 case MSG_STAT:
4225 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
4226 break;
4227 case IPC_SET:
4228 perms = MSGQ__SETATTR;
4229 break;
4230 case IPC_RMID:
4231 perms = MSGQ__DESTROY;
4232 break;
4233 default:
4234 return 0;
4235 }
4236
4237 err = ipc_has_perm(&msq->q_perm, perms);
4238 return err;
4239}
4240
4241static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
4242{
4243 struct task_security_struct *tsec;
4244 struct ipc_security_struct *isec;
4245 struct msg_security_struct *msec;
4246 struct avc_audit_data ad;
4247 int rc;
4248
4249 tsec = current->security;
4250 isec = msq->q_perm.security;
4251 msec = msg->security;
4252
4253
4254
4255
4256 if (msec->sid == SECINITSID_UNLABELED) {
4257
4258
4259
4260
4261 rc = security_transition_sid(tsec->sid,
4262 isec->sid,
4263 SECCLASS_MSG,
4264 &msec->sid);
4265 if (rc)
4266 return rc;
4267 }
4268
4269 AVC_AUDIT_DATA_INIT(&ad, IPC);
4270 ad.u.ipc_id = msq->q_perm.key;
4271
4272
4273 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
4274 MSGQ__WRITE, &ad);
4275 if (!rc)
4276
4277 rc = avc_has_perm(tsec->sid, msec->sid,
4278 SECCLASS_MSG, MSG__SEND, &ad);
4279 if (!rc)
4280
4281 rc = avc_has_perm(msec->sid, isec->sid,
4282 SECCLASS_MSGQ, MSGQ__ENQUEUE, &ad);
4283
4284 return rc;
4285}
4286
4287static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
4288 struct task_struct *target,
4289 long type, int mode)
4290{
4291 struct task_security_struct *tsec;
4292 struct ipc_security_struct *isec;
4293 struct msg_security_struct *msec;
4294 struct avc_audit_data ad;
4295 int rc;
4296
4297 tsec = target->security;
4298 isec = msq->q_perm.security;
4299 msec = msg->security;
4300
4301 AVC_AUDIT_DATA_INIT(&ad, IPC);
4302 ad.u.ipc_id = msq->q_perm.key;
4303
4304 rc = avc_has_perm(tsec->sid, isec->sid,
4305 SECCLASS_MSGQ, MSGQ__READ, &ad);
4306 if (!rc)
4307 rc = avc_has_perm(tsec->sid, msec->sid,
4308 SECCLASS_MSG, MSG__RECEIVE, &ad);
4309 return rc;
4310}
4311
4312
4313static int selinux_shm_alloc_security(struct shmid_kernel *shp)
4314{
4315 struct task_security_struct *tsec;
4316 struct ipc_security_struct *isec;
4317 struct avc_audit_data ad;
4318 int rc;
4319
4320 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
4321 if (rc)
4322 return rc;
4323
4324 tsec = current->security;
4325 isec = shp->shm_perm.security;
4326
4327 AVC_AUDIT_DATA_INIT(&ad, IPC);
4328 ad.u.ipc_id = shp->shm_perm.key;
4329
4330 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM,
4331 SHM__CREATE, &ad);
4332 if (rc) {
4333 ipc_free_security(&shp->shm_perm);
4334 return rc;
4335 }
4336 return 0;
4337}
4338
4339static void selinux_shm_free_security(struct shmid_kernel *shp)
4340{
4341 ipc_free_security(&shp->shm_perm);
4342}
4343
4344static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
4345{
4346 struct task_security_struct *tsec;
4347 struct ipc_security_struct *isec;
4348 struct avc_audit_data ad;
4349
4350 tsec = current->security;
4351 isec = shp->shm_perm.security;
4352
4353 AVC_AUDIT_DATA_INIT(&ad, IPC);
4354 ad.u.ipc_id = shp->shm_perm.key;
4355
4356 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM,
4357 SHM__ASSOCIATE, &ad);
4358}
4359
4360
4361static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
4362{
4363 int perms;
4364 int err;
4365
4366 switch(cmd) {
4367 case IPC_INFO:
4368 case SHM_INFO:
4369
4370 return task_has_system(current, SYSTEM__IPC_INFO);
4371 case IPC_STAT:
4372 case SHM_STAT:
4373 perms = SHM__GETATTR | SHM__ASSOCIATE;
4374 break;
4375 case IPC_SET:
4376 perms = SHM__SETATTR;
4377 break;
4378 case SHM_LOCK:
4379 case SHM_UNLOCK:
4380 perms = SHM__LOCK;
4381 break;
4382 case IPC_RMID:
4383 perms = SHM__DESTROY;
4384 break;
4385 default:
4386 return 0;
4387 }
4388
4389 err = ipc_has_perm(&shp->shm_perm, perms);
4390 return err;
4391}
4392
4393static int selinux_shm_shmat(struct shmid_kernel *shp,
4394 char __user *shmaddr, int shmflg)
4395{
4396 u32 perms;
4397 int rc;
4398
4399 rc = secondary_ops->shm_shmat(shp, shmaddr, shmflg);
4400 if (rc)
4401 return rc;
4402
4403 if (shmflg & SHM_RDONLY)
4404 perms = SHM__READ;
4405 else
4406 perms = SHM__READ | SHM__WRITE;
4407
4408 return ipc_has_perm(&shp->shm_perm, perms);
4409}
4410
4411
4412static int selinux_sem_alloc_security(struct sem_array *sma)
4413{
4414 struct task_security_struct *tsec;
4415 struct ipc_security_struct *isec;
4416 struct avc_audit_data ad;
4417 int rc;
4418
4419 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
4420 if (rc)
4421 return rc;
4422
4423 tsec = current->security;
4424 isec = sma->sem_perm.security;
4425
4426 AVC_AUDIT_DATA_INIT(&ad, IPC);
4427 ad.u.ipc_id = sma->sem_perm.key;
4428
4429 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM,
4430 SEM__CREATE, &ad);
4431 if (rc) {
4432 ipc_free_security(&sma->sem_perm);
4433 return rc;
4434 }
4435 return 0;
4436}
4437
4438static void selinux_sem_free_security(struct sem_array *sma)
4439{
4440 ipc_free_security(&sma->sem_perm);
4441}
4442
4443static int selinux_sem_associate(struct sem_array *sma, int semflg)
4444{
4445 struct task_security_struct *tsec;
4446 struct ipc_security_struct *isec;
4447 struct avc_audit_data ad;
4448
4449 tsec = current->security;
4450 isec = sma->sem_perm.security;
4451
4452 AVC_AUDIT_DATA_INIT(&ad, IPC);
4453 ad.u.ipc_id = sma->sem_perm.key;
4454
4455 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM,
4456 SEM__ASSOCIATE, &ad);
4457}
4458
4459
4460static int selinux_sem_semctl(struct sem_array *sma, int cmd)
4461{
4462 int err;
4463 u32 perms;
4464
4465 switch(cmd) {
4466 case IPC_INFO:
4467 case SEM_INFO:
4468
4469 return task_has_system(current, SYSTEM__IPC_INFO);
4470 case GETPID:
4471 case GETNCNT:
4472 case GETZCNT:
4473 perms = SEM__GETATTR;
4474 break;
4475 case GETVAL:
4476 case GETALL:
4477 perms = SEM__READ;
4478 break;
4479 case SETVAL:
4480 case SETALL:
4481 perms = SEM__WRITE;
4482 break;
4483 case IPC_RMID:
4484 perms = SEM__DESTROY;
4485 break;
4486 case IPC_SET:
4487 perms = SEM__SETATTR;
4488 break;
4489 case IPC_STAT:
4490 case SEM_STAT:
4491 perms = SEM__GETATTR | SEM__ASSOCIATE;
4492 break;
4493 default:
4494 return 0;
4495 }
4496
4497 err = ipc_has_perm(&sma->sem_perm, perms);
4498 return err;
4499}
4500
4501static int selinux_sem_semop(struct sem_array *sma,
4502 struct sembuf *sops, unsigned nsops, int alter)
4503{
4504 u32 perms;
4505
4506 if (alter)
4507 perms = SEM__READ | SEM__WRITE;
4508 else
4509 perms = SEM__READ;
4510
4511 return ipc_has_perm(&sma->sem_perm, perms);
4512}
4513
4514static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
4515{
4516 u32 av = 0;
4517
4518 av = 0;
4519 if (flag & S_IRUGO)
4520 av |= IPC__UNIX_READ;
4521 if (flag & S_IWUGO)
4522 av |= IPC__UNIX_WRITE;
4523
4524 if (av == 0)
4525 return 0;
4526
4527 return ipc_has_perm(ipcp, av);
4528}
4529
4530
4531static int selinux_register_security (const char *name, struct security_operations *ops)
4532{
4533 if (secondary_ops != original_ops) {
4534 printk(KERN_ERR "%s: There is already a secondary security "
4535 "module registered.\n", __FUNCTION__);
4536 return -EINVAL;
4537 }
4538
4539 secondary_ops = ops;
4540
4541 printk(KERN_INFO "%s: Registering secondary module %s\n",
4542 __FUNCTION__,
4543 name);
4544
4545 return 0;
4546}
4547
4548static void selinux_d_instantiate (struct dentry *dentry, struct inode *inode)
4549{
4550 if (inode)
4551 inode_doinit_with_dentry(inode, dentry);
4552}
4553
4554static int selinux_getprocattr(struct task_struct *p,
4555 char *name, char **value)
4556{
4557 struct task_security_struct *tsec;
4558 u32 sid;
4559 int error;
4560 unsigned len;
4561
4562 if (current != p) {
4563 error = task_has_perm(current, p, PROCESS__GETATTR);
4564 if (error)
4565 return error;
4566 }
4567
4568 tsec = p->security;
4569
4570 if (!strcmp(name, "current"))
4571 sid = tsec->sid;
4572 else if (!strcmp(name, "prev"))
4573 sid = tsec->osid;
4574 else if (!strcmp(name, "exec"))
4575 sid = tsec->exec_sid;
4576 else if (!strcmp(name, "fscreate"))
4577 sid = tsec->create_sid;
4578 else if (!strcmp(name, "keycreate"))
4579 sid = tsec->keycreate_sid;
4580 else if (!strcmp(name, "sockcreate"))
4581 sid = tsec->sockcreate_sid;
4582 else
4583 return -EINVAL;
4584
4585 if (!sid)
4586 return 0;
4587
4588 error = security_sid_to_context(sid, value, &len);
4589 if (error)
4590 return error;
4591 return len;
4592}
4593
4594static int selinux_setprocattr(struct task_struct *p,
4595 char *name, void *value, size_t size)
4596{
4597 struct task_security_struct *tsec;
4598 u32 sid = 0;
4599 int error;
4600 char *str = value;
4601
4602 if (current != p) {
4603
4604
4605 return -EACCES;
4606 }
4607
4608
4609
4610
4611
4612
4613 if (!strcmp(name, "exec"))
4614 error = task_has_perm(current, p, PROCESS__SETEXEC);
4615 else if (!strcmp(name, "fscreate"))
4616 error = task_has_perm(current, p, PROCESS__SETFSCREATE);
4617 else if (!strcmp(name, "keycreate"))
4618 error = task_has_perm(current, p, PROCESS__SETKEYCREATE);
4619 else if (!strcmp(name, "sockcreate"))
4620 error = task_has_perm(current, p, PROCESS__SETSOCKCREATE);
4621 else if (!strcmp(name, "current"))
4622 error = task_has_perm(current, p, PROCESS__SETCURRENT);
4623 else
4624 error = -EINVAL;
4625 if (error)
4626 return error;
4627
4628
4629 if (size && str[1] && str[1] != '\n') {
4630 if (str[size-1] == '\n') {
4631 str[size-1] = 0;
4632 size--;
4633 }
4634 error = security_context_to_sid(value, size, &sid);
4635 if (error)
4636 return error;
4637 }
4638
4639
4640
4641
4642
4643
4644
4645 tsec = p->security;
4646 if (!strcmp(name, "exec"))
4647 tsec->exec_sid = sid;
4648 else if (!strcmp(name, "fscreate"))
4649 tsec->create_sid = sid;
4650 else if (!strcmp(name, "keycreate")) {
4651 error = may_create_key(sid, p);
4652 if (error)
4653 return error;
4654 tsec->keycreate_sid = sid;
4655 } else if (!strcmp(name, "sockcreate"))
4656 tsec->sockcreate_sid = sid;
4657 else if (!strcmp(name, "current")) {
4658 struct av_decision avd;
4659
4660 if (sid == 0)
4661 return -EINVAL;
4662
4663
4664 if (atomic_read(&p->mm->mm_users) != 1) {
4665 struct task_struct *g, *t;
4666 struct mm_struct *mm = p->mm;
4667 read_lock(&tasklist_lock);
4668 do_each_thread(g, t)
4669 if (t->mm == mm && t != p) {
4670 read_unlock(&tasklist_lock);
4671 return -EPERM;
4672 }
4673 while_each_thread(g, t);
4674 read_unlock(&tasklist_lock);
4675 }
4676
4677
4678 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
4679 PROCESS__DYNTRANSITION, NULL);
4680 if (error)
4681 return error;
4682
4683
4684
4685 task_lock(p);
4686 if (p->ptrace & PT_PTRACED) {
4687 error = avc_has_perm_noaudit(tsec->ptrace_sid, sid,
4688 SECCLASS_PROCESS,
4689 PROCESS__PTRACE, 0, &avd);
4690 if (!error)
4691 tsec->sid = sid;
4692 task_unlock(p);
4693 avc_audit(tsec->ptrace_sid, sid, SECCLASS_PROCESS,
4694 PROCESS__PTRACE, &avd, error, NULL);
4695 if (error)
4696 return error;
4697 } else {
4698 tsec->sid = sid;
4699 task_unlock(p);
4700 }
4701 }
4702 else
4703 return -EINVAL;
4704
4705 return size;
4706}
4707
4708static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4709{
4710 return security_sid_to_context(secid, secdata, seclen);
4711}
4712
4713static void selinux_release_secctx(char *secdata, u32 seclen)
4714{
4715 kfree(secdata);
4716}
4717
4718#ifdef CONFIG_KEYS
4719
4720static int selinux_key_alloc(struct key *k, struct task_struct *tsk,
4721 unsigned long flags)
4722{
4723 struct task_security_struct *tsec = tsk->security;
4724 struct key_security_struct *ksec;
4725
4726 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
4727 if (!ksec)
4728 return -ENOMEM;
4729
4730 ksec->obj = k;
4731 if (tsec->keycreate_sid)
4732 ksec->sid = tsec->keycreate_sid;
4733 else
4734 ksec->sid = tsec->sid;
4735 k->security = ksec;
4736
4737 return 0;
4738}
4739
4740static void selinux_key_free(struct key *k)
4741{
4742 struct key_security_struct *ksec = k->security;
4743
4744 k->security = NULL;
4745 kfree(ksec);
4746}
4747
4748static int selinux_key_permission(key_ref_t key_ref,
4749 struct task_struct *ctx,
4750 key_perm_t perm)
4751{
4752 struct key *key;
4753 struct task_security_struct *tsec;
4754 struct key_security_struct *ksec;
4755
4756 key = key_ref_to_ptr(key_ref);
4757
4758 tsec = ctx->security;
4759 ksec = key->security;
4760
4761
4762
4763
4764 if (perm == 0)
4765 return 0;
4766
4767 return avc_has_perm(tsec->sid, ksec->sid,
4768 SECCLASS_KEY, perm, NULL);
4769}
4770
4771#endif
4772
4773static struct security_operations selinux_ops = {
4774 .ptrace = selinux_ptrace,
4775 .capget = selinux_capget,
4776 .capset_check = selinux_capset_check,
4777 .capset_set = selinux_capset_set,
4778 .sysctl = selinux_sysctl,
4779 .capable = selinux_capable,
4780 .quotactl = selinux_quotactl,
4781 .quota_on = selinux_quota_on,
4782 .syslog = selinux_syslog,
4783 .vm_enough_memory = selinux_vm_enough_memory,
4784
4785 .netlink_send = selinux_netlink_send,
4786 .netlink_recv = selinux_netlink_recv,
4787
4788 .bprm_alloc_security = selinux_bprm_alloc_security,
4789 .bprm_free_security = selinux_bprm_free_security,
4790 .bprm_apply_creds = selinux_bprm_apply_creds,
4791 .bprm_post_apply_creds = selinux_bprm_post_apply_creds,
4792 .bprm_set_security = selinux_bprm_set_security,
4793 .bprm_check_security = selinux_bprm_check_security,
4794 .bprm_secureexec = selinux_bprm_secureexec,
4795
4796 .sb_alloc_security = selinux_sb_alloc_security,
4797 .sb_free_security = selinux_sb_free_security,
4798 .sb_copy_data = selinux_sb_copy_data,
4799 .sb_kern_mount = selinux_sb_kern_mount,
4800 .sb_statfs = selinux_sb_statfs,
4801 .sb_mount = selinux_mount,
4802 .sb_umount = selinux_umount,
4803
4804 .inode_alloc_security = selinux_inode_alloc_security,
4805 .inode_free_security = selinux_inode_free_security,
4806 .inode_init_security = selinux_inode_init_security,
4807 .inode_create = selinux_inode_create,
4808 .inode_link = selinux_inode_link,
4809 .inode_unlink = selinux_inode_unlink,
4810 .inode_symlink = selinux_inode_symlink,
4811 .inode_mkdir = selinux_inode_mkdir,
4812 .inode_rmdir = selinux_inode_rmdir,
4813 .inode_mknod = selinux_inode_mknod,
4814 .inode_rename = selinux_inode_rename,
4815 .inode_readlink = selinux_inode_readlink,
4816 .inode_follow_link = selinux_inode_follow_link,
4817 .inode_permission = selinux_inode_permission,
4818 .inode_setattr = selinux_inode_setattr,
4819 .inode_getattr = selinux_inode_getattr,
4820 .inode_setxattr = selinux_inode_setxattr,
4821 .inode_post_setxattr = selinux_inode_post_setxattr,
4822 .inode_getxattr = selinux_inode_getxattr,
4823 .inode_listxattr = selinux_inode_listxattr,
4824 .inode_removexattr = selinux_inode_removexattr,
4825 .inode_getsecurity = selinux_inode_getsecurity,
4826 .inode_setsecurity = selinux_inode_setsecurity,
4827 .inode_listsecurity = selinux_inode_listsecurity,
4828 .inode_need_killpriv = selinux_inode_need_killpriv,
4829 .inode_killpriv = selinux_inode_killpriv,
4830
4831 .file_permission = selinux_file_permission,
4832 .file_alloc_security = selinux_file_alloc_security,
4833 .file_free_security = selinux_file_free_security,
4834 .file_ioctl = selinux_file_ioctl,
4835 .file_mmap = selinux_file_mmap,
4836 .file_mprotect = selinux_file_mprotect,
4837 .file_lock = selinux_file_lock,
4838 .file_fcntl = selinux_file_fcntl,
4839 .file_set_fowner = selinux_file_set_fowner,
4840 .file_send_sigiotask = selinux_file_send_sigiotask,
4841 .file_receive = selinux_file_receive,
4842
4843 .dentry_open = selinux_dentry_open,
4844
4845 .task_create = selinux_task_create,
4846 .task_alloc_security = selinux_task_alloc_security,
4847 .task_free_security = selinux_task_free_security,
4848 .task_setuid = selinux_task_setuid,
4849 .task_post_setuid = selinux_task_post_setuid,
4850 .task_setgid = selinux_task_setgid,
4851 .task_setpgid = selinux_task_setpgid,
4852 .task_getpgid = selinux_task_getpgid,
4853 .task_getsid = selinux_task_getsid,
4854 .task_getsecid = selinux_task_getsecid,
4855 .task_setgroups = selinux_task_setgroups,
4856 .task_setnice = selinux_task_setnice,
4857 .task_setioprio = selinux_task_setioprio,
4858 .task_getioprio = selinux_task_getioprio,
4859 .task_setrlimit = selinux_task_setrlimit,
4860 .task_setscheduler = selinux_task_setscheduler,
4861 .task_getscheduler = selinux_task_getscheduler,
4862 .task_movememory = selinux_task_movememory,
4863 .task_kill = selinux_task_kill,
4864 .task_wait = selinux_task_wait,
4865 .task_prctl = selinux_task_prctl,
4866 .task_reparent_to_init = selinux_task_reparent_to_init,
4867 .task_to_inode = selinux_task_to_inode,
4868
4869 .ipc_permission = selinux_ipc_permission,
4870
4871 .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
4872 .msg_msg_free_security = selinux_msg_msg_free_security,
4873
4874 .msg_queue_alloc_security = selinux_msg_queue_alloc_security,
4875 .msg_queue_free_security = selinux_msg_queue_free_security,
4876 .msg_queue_associate = selinux_msg_queue_associate,
4877 .msg_queue_msgctl = selinux_msg_queue_msgctl,
4878 .msg_queue_msgsnd = selinux_msg_queue_msgsnd,
4879 .msg_queue_msgrcv = selinux_msg_queue_msgrcv,
4880
4881 .shm_alloc_security = selinux_shm_alloc_security,
4882 .shm_free_security = selinux_shm_free_security,
4883 .shm_associate = selinux_shm_associate,
4884 .shm_shmctl = selinux_shm_shmctl,
4885 .shm_shmat = selinux_shm_shmat,
4886
4887 .sem_alloc_security = selinux_sem_alloc_security,
4888 .sem_free_security = selinux_sem_free_security,
4889 .sem_associate = selinux_sem_associate,
4890 .sem_semctl = selinux_sem_semctl,
4891 .sem_semop = selinux_sem_semop,
4892
4893 .register_security = selinux_register_security,
4894
4895 .d_instantiate = selinux_d_instantiate,
4896
4897 .getprocattr = selinux_getprocattr,
4898 .setprocattr = selinux_setprocattr,
4899
4900 .secid_to_secctx = selinux_secid_to_secctx,
4901 .release_secctx = selinux_release_secctx,
4902
4903 .unix_stream_connect = selinux_socket_unix_stream_connect,
4904 .unix_may_send = selinux_socket_unix_may_send,
4905
4906 .socket_create = selinux_socket_create,
4907 .socket_post_create = selinux_socket_post_create,
4908 .socket_bind = selinux_socket_bind,
4909 .socket_connect = selinux_socket_connect,
4910 .socket_listen = selinux_socket_listen,
4911 .socket_accept = selinux_socket_accept,
4912 .socket_sendmsg = selinux_socket_sendmsg,
4913 .socket_recvmsg = selinux_socket_recvmsg,
4914 .socket_getsockname = selinux_socket_getsockname,
4915 .socket_getpeername = selinux_socket_getpeername,
4916 .socket_getsockopt = selinux_socket_getsockopt,
4917 .socket_setsockopt = selinux_socket_setsockopt,
4918 .socket_shutdown = selinux_socket_shutdown,
4919 .socket_sock_rcv_skb = selinux_socket_sock_rcv_skb,
4920 .socket_getpeersec_stream = selinux_socket_getpeersec_stream,
4921 .socket_getpeersec_dgram = selinux_socket_getpeersec_dgram,
4922 .sk_alloc_security = selinux_sk_alloc_security,
4923 .sk_free_security = selinux_sk_free_security,
4924 .sk_clone_security = selinux_sk_clone_security,
4925 .sk_getsecid = selinux_sk_getsecid,
4926 .sock_graft = selinux_sock_graft,
4927 .inet_conn_request = selinux_inet_conn_request,
4928 .inet_csk_clone = selinux_inet_csk_clone,
4929 .inet_conn_established = selinux_inet_conn_established,
4930 .req_classify_flow = selinux_req_classify_flow,
4931
4932#ifdef CONFIG_SECURITY_NETWORK_XFRM
4933 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc,
4934 .xfrm_policy_clone_security = selinux_xfrm_policy_clone,
4935 .xfrm_policy_free_security = selinux_xfrm_policy_free,
4936 .xfrm_policy_delete_security = selinux_xfrm_policy_delete,
4937 .xfrm_state_alloc_security = selinux_xfrm_state_alloc,
4938 .xfrm_state_free_security = selinux_xfrm_state_free,
4939 .xfrm_state_delete_security = selinux_xfrm_state_delete,
4940 .xfrm_policy_lookup = selinux_xfrm_policy_lookup,
4941 .xfrm_state_pol_flow_match = selinux_xfrm_state_pol_flow_match,
4942 .xfrm_decode_session = selinux_xfrm_decode_session,
4943#endif
4944
4945#ifdef CONFIG_KEYS
4946 .key_alloc = selinux_key_alloc,
4947 .key_free = selinux_key_free,
4948 .key_permission = selinux_key_permission,
4949#endif
4950};
4951
4952static __init int selinux_init(void)
4953{
4954 struct task_security_struct *tsec;
4955
4956 if (!selinux_enabled) {
4957 printk(KERN_INFO "SELinux: Disabled at boot.\n");
4958 return 0;
4959 }
4960
4961 printk(KERN_INFO "SELinux: Initializing.\n");
4962
4963
4964 if (task_alloc_security(current))
4965 panic("SELinux: Failed to initialize initial task.\n");
4966 tsec = current->security;
4967 tsec->osid = tsec->sid = SECINITSID_KERNEL;
4968
4969 sel_inode_cache = kmem_cache_create("selinux_inode_security",
4970 sizeof(struct inode_security_struct),
4971 0, SLAB_PANIC, NULL);
4972 avc_init();
4973
4974 original_ops = secondary_ops = security_ops;
4975 if (!secondary_ops)
4976 panic ("SELinux: No initial security operations\n");
4977 if (register_security (&selinux_ops))
4978 panic("SELinux: Unable to register with kernel.\n");
4979
4980 if (selinux_enforcing) {
4981 printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
4982 } else {
4983 printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
4984 }
4985
4986#ifdef CONFIG_KEYS
4987
4988 selinux_key_alloc(&root_user_keyring, current,
4989 KEY_ALLOC_NOT_IN_QUOTA);
4990 selinux_key_alloc(&root_session_keyring, current,
4991 KEY_ALLOC_NOT_IN_QUOTA);
4992#endif
4993
4994 return 0;
4995}
4996
4997void selinux_complete_init(void)
4998{
4999 printk(KERN_DEBUG "SELinux: Completing initialization.\n");
5000
5001
5002 printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
5003 spin_lock(&sb_lock);
5004 spin_lock(&sb_security_lock);
5005next_sb:
5006 if (!list_empty(&superblock_security_head)) {
5007 struct superblock_security_struct *sbsec =
5008 list_entry(superblock_security_head.next,
5009 struct superblock_security_struct,
5010 list);
5011 struct super_block *sb = sbsec->sb;
5012 sb->s_count++;
5013 spin_unlock(&sb_security_lock);
5014 spin_unlock(&sb_lock);
5015 down_read(&sb->s_umount);
5016 if (sb->s_root)
5017 superblock_doinit(sb, NULL);
5018 drop_super(sb);
5019 spin_lock(&sb_lock);
5020 spin_lock(&sb_security_lock);
5021 list_del_init(&sbsec->list);
5022 goto next_sb;
5023 }
5024 spin_unlock(&sb_security_lock);
5025 spin_unlock(&sb_lock);
5026}
5027
5028
5029
5030security_initcall(selinux_init);
5031
5032#if defined(CONFIG_NETFILTER)
5033
5034static struct nf_hook_ops selinux_ipv4_op = {
5035 .hook = selinux_ipv4_postroute_last,
5036 .owner = THIS_MODULE,
5037 .pf = PF_INET,
5038 .hooknum = NF_IP_POST_ROUTING,
5039 .priority = NF_IP_PRI_SELINUX_LAST,
5040};
5041
5042#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5043
5044static struct nf_hook_ops selinux_ipv6_op = {
5045 .hook = selinux_ipv6_postroute_last,
5046 .owner = THIS_MODULE,
5047 .pf = PF_INET6,
5048 .hooknum = NF_IP6_POST_ROUTING,
5049 .priority = NF_IP6_PRI_SELINUX_LAST,
5050};
5051
5052#endif
5053
5054static int __init selinux_nf_ip_init(void)
5055{
5056 int err = 0;
5057
5058 if (!selinux_enabled)
5059 goto out;
5060
5061 printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
5062
5063 err = nf_register_hook(&selinux_ipv4_op);
5064 if (err)
5065 panic("SELinux: nf_register_hook for IPv4: error %d\n", err);
5066
5067#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5068
5069 err = nf_register_hook(&selinux_ipv6_op);
5070 if (err)
5071 panic("SELinux: nf_register_hook for IPv6: error %d\n", err);
5072
5073#endif
5074
5075out:
5076 return err;
5077}
5078
5079__initcall(selinux_nf_ip_init);
5080
5081#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5082static void selinux_nf_ip_exit(void)
5083{
5084 printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
5085
5086 nf_unregister_hook(&selinux_ipv4_op);
5087#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5088 nf_unregister_hook(&selinux_ipv6_op);
5089#endif
5090}
5091#endif
5092
5093#else
5094
5095#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5096#define selinux_nf_ip_exit()
5097#endif
5098
5099#endif
5100
5101#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5102int selinux_disable(void)
5103{
5104 extern void exit_sel_fs(void);
5105 static int selinux_disabled = 0;
5106
5107 if (ss_initialized) {
5108
5109 return -EINVAL;
5110 }
5111
5112 if (selinux_disabled) {
5113
5114 return -EINVAL;
5115 }
5116
5117 printk(KERN_INFO "SELinux: Disabled at runtime.\n");
5118
5119 selinux_disabled = 1;
5120 selinux_enabled = 0;
5121
5122
5123 security_ops = secondary_ops;
5124
5125
5126 selinux_nf_ip_exit();
5127
5128
5129 exit_sel_fs();
5130
5131 return 0;
5132}
5133#endif
5134
5135
5136
