1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26#include <linux/init.h>
27#include <linux/kernel.h>
28#include <linux/tracehook.h>
29#include <linux/errno.h>
30#include <linux/sched.h>
31#include <linux/security.h>
32#include <linux/xattr.h>
33#include <linux/capability.h>
34#include <linux/unistd.h>
35#include <linux/mm.h>
36#include <linux/mman.h>
37#include <linux/slab.h>
38#include <linux/pagemap.h>
39#include <linux/swap.h>
40#include <linux/spinlock.h>
41#include <linux/syscalls.h>
42#include <linux/file.h>
43#include <linux/fdtable.h>
44#include <linux/namei.h>
45#include <linux/mount.h>
46#include <linux/proc_fs.h>
47#include <linux/netfilter_ipv4.h>
48#include <linux/netfilter_ipv6.h>
49#include <linux/tty.h>
50#include <net/icmp.h>
51#include <net/ip.h>
52#include <net/tcp.h>
53#include <net/net_namespace.h>
54#include <net/netlabel.h>
55#include <linux/uaccess.h>
56#include <asm/ioctls.h>
57#include <asm/atomic.h>
58#include <linux/bitops.h>
59#include <linux/interrupt.h>
60#include <linux/netdevice.h>
61#include <linux/netlink.h>
62#include <linux/tcp.h>
63#include <linux/udp.h>
64#include <linux/dccp.h>
65#include <linux/quota.h>
66#include <linux/un.h>
67#include <net/af_unix.h>
68#include <linux/parser.h>
69#include <linux/nfs_mount.h>
70#include <net/ipv6.h>
71#include <linux/hugetlb.h>
72#include <linux/personality.h>
73#include <linux/sysctl.h>
74#include <linux/audit.h>
75#include <linux/string.h>
76#include <linux/selinux.h>
77#include <linux/mutex.h>
78#include <linux/posix-timers.h>
79
80#include "avc.h"
81#include "objsec.h"
82#include "netif.h"
83#include "netnode.h"
84#include "netport.h"
85#include "xfrm.h"
86#include "netlabel.h"
87#include "audit.h"
88
89#define XATTR_SELINUX_SUFFIX "selinux"
90#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
91
92#define NUM_SEL_MNT_OPTS 5
93
94extern unsigned int policydb_loaded_version;
95extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
96extern struct security_operations *security_ops;
97
98
99atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
100
101#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
102int selinux_enforcing;
103
104static int __init enforcing_setup(char *str)
105{
106 unsigned long enforcing;
107 if (!strict_strtoul(str, 0, &enforcing))
108 selinux_enforcing = enforcing ? 1 : 0;
109 return 1;
110}
111__setup("enforcing=", enforcing_setup);
112#endif
113
114#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
115int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
116
117static int __init selinux_enabled_setup(char *str)
118{
119 unsigned long enabled;
120 if (!strict_strtoul(str, 0, &enabled))
121 selinux_enabled = enabled ? 1 : 0;
122 return 1;
123}
124__setup("selinux=", selinux_enabled_setup);
125#else
126int selinux_enabled = 1;
127#endif
128
129
130
131
132
133
134static struct security_operations *secondary_ops;
135
136
137
138static LIST_HEAD(superblock_security_head);
139static DEFINE_SPINLOCK(sb_security_lock);
140
141static struct kmem_cache *sel_inode_cache;
142
143
144
145
146
147
148
149
150
151
152
153static int selinux_secmark_enabled(void)
154{
155 return (atomic_read(&selinux_secmark_refcount) > 0);
156}
157
158
159
160
161static void cred_init_security(void)
162{
163 struct cred *cred = (struct cred *) current->real_cred;
164 struct task_security_struct *tsec;
165
166 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
167 if (!tsec)
168 panic("SELinux: Failed to initialize initial task.\n");
169
170 tsec->osid = tsec->sid = SECINITSID_KERNEL;
171 cred->security = tsec;
172}
173
174
175
176
177static inline u32 cred_sid(const struct cred *cred)
178{
179 const struct task_security_struct *tsec;
180
181 tsec = cred->security;
182 return tsec->sid;
183}
184
185
186
187
188static inline u32 task_sid(const struct task_struct *task)
189{
190 u32 sid;
191
192 rcu_read_lock();
193 sid = cred_sid(__task_cred(task));
194 rcu_read_unlock();
195 return sid;
196}
197
198
199
200
201static inline u32 current_sid(void)
202{
203 const struct task_security_struct *tsec = current_cred()->security;
204
205 return tsec->sid;
206}
207
208
209
210static int inode_alloc_security(struct inode *inode)
211{
212 struct inode_security_struct *isec;
213 u32 sid = current_sid();
214
215 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
216 if (!isec)
217 return -ENOMEM;
218
219 mutex_init(&isec->lock);
220 INIT_LIST_HEAD(&isec->list);
221 isec->inode = inode;
222 isec->sid = SECINITSID_UNLABELED;
223 isec->sclass = SECCLASS_FILE;
224 isec->task_sid = sid;
225 inode->i_security = isec;
226
227 return 0;
228}
229
230static void inode_free_security(struct inode *inode)
231{
232 struct inode_security_struct *isec = inode->i_security;
233 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
234
235 spin_lock(&sbsec->isec_lock);
236 if (!list_empty(&isec->list))
237 list_del_init(&isec->list);
238 spin_unlock(&sbsec->isec_lock);
239
240 inode->i_security = NULL;
241 kmem_cache_free(sel_inode_cache, isec);
242}
243
244static int file_alloc_security(struct file *file)
245{
246 struct file_security_struct *fsec;
247 u32 sid = current_sid();
248
249 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
250 if (!fsec)
251 return -ENOMEM;
252
253 fsec->sid = sid;
254 fsec->fown_sid = sid;
255 file->f_security = fsec;
256
257 return 0;
258}
259
260static void file_free_security(struct file *file)
261{
262 struct file_security_struct *fsec = file->f_security;
263 file->f_security = NULL;
264 kfree(fsec);
265}
266
267static int superblock_alloc_security(struct super_block *sb)
268{
269 struct superblock_security_struct *sbsec;
270
271 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
272 if (!sbsec)
273 return -ENOMEM;
274
275 mutex_init(&sbsec->lock);
276 INIT_LIST_HEAD(&sbsec->list);
277 INIT_LIST_HEAD(&sbsec->isec_head);
278 spin_lock_init(&sbsec->isec_lock);
279 sbsec->sb = sb;
280 sbsec->sid = SECINITSID_UNLABELED;
281 sbsec->def_sid = SECINITSID_FILE;
282 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
283 sb->s_security = sbsec;
284
285 return 0;
286}
287
288static void superblock_free_security(struct super_block *sb)
289{
290 struct superblock_security_struct *sbsec = sb->s_security;
291
292 spin_lock(&sb_security_lock);
293 if (!list_empty(&sbsec->list))
294 list_del_init(&sbsec->list);
295 spin_unlock(&sb_security_lock);
296
297 sb->s_security = NULL;
298 kfree(sbsec);
299}
300
301static int sk_alloc_security(struct sock *sk, int family, gfp_t priority)
302{
303 struct sk_security_struct *ssec;
304
305 ssec = kzalloc(sizeof(*ssec), priority);
306 if (!ssec)
307 return -ENOMEM;
308
309 ssec->peer_sid = SECINITSID_UNLABELED;
310 ssec->sid = SECINITSID_UNLABELED;
311 sk->sk_security = ssec;
312
313 selinux_netlbl_sk_security_reset(ssec);
314
315 return 0;
316}
317
318static void sk_free_security(struct sock *sk)
319{
320 struct sk_security_struct *ssec = sk->sk_security;
321
322 sk->sk_security = NULL;
323 selinux_netlbl_sk_security_free(ssec);
324 kfree(ssec);
325}
326
327
328
329extern int ss_initialized;
330
331
332
333static char *labeling_behaviors[6] = {
334 "uses xattr",
335 "uses transition SIDs",
336 "uses task SIDs",
337 "uses genfs_contexts",
338 "not configured for labeling",
339 "uses mountpoint labeling",
340};
341
342static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
343
344static inline int inode_doinit(struct inode *inode)
345{
346 return inode_doinit_with_dentry(inode, NULL);
347}
348
349enum {
350 Opt_error = -1,
351 Opt_context = 1,
352 Opt_fscontext = 2,
353 Opt_defcontext = 3,
354 Opt_rootcontext = 4,
355 Opt_labelsupport = 5,
356};
357
358static const match_table_t tokens = {
359 {Opt_context, CONTEXT_STR "%s"},
360 {Opt_fscontext, FSCONTEXT_STR "%s"},
361 {Opt_defcontext, DEFCONTEXT_STR "%s"},
362 {Opt_rootcontext, ROOTCONTEXT_STR "%s"},
363 {Opt_labelsupport, LABELSUPP_STR},
364 {Opt_error, NULL},
365};
366
367#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
368
369static int may_context_mount_sb_relabel(u32 sid,
370 struct superblock_security_struct *sbsec,
371 const struct cred *cred)
372{
373 const struct task_security_struct *tsec = cred->security;
374 int rc;
375
376 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
377 FILESYSTEM__RELABELFROM, NULL);
378 if (rc)
379 return rc;
380
381 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
382 FILESYSTEM__RELABELTO, NULL);
383 return rc;
384}
385
386static int may_context_mount_inode_relabel(u32 sid,
387 struct superblock_security_struct *sbsec,
388 const struct cred *cred)
389{
390 const struct task_security_struct *tsec = cred->security;
391 int rc;
392 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
393 FILESYSTEM__RELABELFROM, NULL);
394 if (rc)
395 return rc;
396
397 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
398 FILESYSTEM__ASSOCIATE, NULL);
399 return rc;
400}
401
402static int sb_finish_set_opts(struct super_block *sb)
403{
404 struct superblock_security_struct *sbsec = sb->s_security;
405 struct dentry *root = sb->s_root;
406 struct inode *root_inode = root->d_inode;
407 int rc = 0;
408
409 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
410
411
412
413
414
415 if (!root_inode->i_op->getxattr) {
416 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
417 "xattr support\n", sb->s_id, sb->s_type->name);
418 rc = -EOPNOTSUPP;
419 goto out;
420 }
421 rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
422 if (rc < 0 && rc != -ENODATA) {
423 if (rc == -EOPNOTSUPP)
424 printk(KERN_WARNING "SELinux: (dev %s, type "
425 "%s) has no security xattr handler\n",
426 sb->s_id, sb->s_type->name);
427 else
428 printk(KERN_WARNING "SELinux: (dev %s, type "
429 "%s) getxattr errno %d\n", sb->s_id,
430 sb->s_type->name, -rc);
431 goto out;
432 }
433 }
434
435 sbsec->flags |= (SE_SBINITIALIZED | SE_SBLABELSUPP);
436
437 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
438 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
439 sb->s_id, sb->s_type->name);
440 else
441 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
442 sb->s_id, sb->s_type->name,
443 labeling_behaviors[sbsec->behavior-1]);
444
445 if (sbsec->behavior == SECURITY_FS_USE_GENFS ||
446 sbsec->behavior == SECURITY_FS_USE_MNTPOINT ||
447 sbsec->behavior == SECURITY_FS_USE_NONE ||
448 sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
449 sbsec->flags &= ~SE_SBLABELSUPP;
450
451
452 if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
453 sbsec->flags |= SE_SBLABELSUPP;
454
455
456 rc = inode_doinit_with_dentry(root_inode, root);
457
458
459
460
461
462 spin_lock(&sbsec->isec_lock);
463next_inode:
464 if (!list_empty(&sbsec->isec_head)) {
465 struct inode_security_struct *isec =
466 list_entry(sbsec->isec_head.next,
467 struct inode_security_struct, list);
468 struct inode *inode = isec->inode;
469 spin_unlock(&sbsec->isec_lock);
470 inode = igrab(inode);
471 if (inode) {
472 if (!IS_PRIVATE(inode))
473 inode_doinit(inode);
474 iput(inode);
475 }
476 spin_lock(&sbsec->isec_lock);
477 list_del_init(&isec->list);
478 goto next_inode;
479 }
480 spin_unlock(&sbsec->isec_lock);
481out:
482 return rc;
483}
484
485
486
487
488
489
490static int selinux_get_mnt_opts(const struct super_block *sb,
491 struct security_mnt_opts *opts)
492{
493 int rc = 0, i;
494 struct superblock_security_struct *sbsec = sb->s_security;
495 char *context = NULL;
496 u32 len;
497 char tmp;
498
499 security_init_mnt_opts(opts);
500
501 if (!(sbsec->flags & SE_SBINITIALIZED))
502 return -EINVAL;
503
504 if (!ss_initialized)
505 return -EINVAL;
506
507 tmp = sbsec->flags & SE_MNTMASK;
508
509 for (i = 0; i < 8; i++) {
510 if (tmp & 0x01)
511 opts->num_mnt_opts++;
512 tmp >>= 1;
513 }
514
515 if (sbsec->flags & SE_SBLABELSUPP)
516 opts->num_mnt_opts++;
517
518 opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
519 if (!opts->mnt_opts) {
520 rc = -ENOMEM;
521 goto out_free;
522 }
523
524 opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);
525 if (!opts->mnt_opts_flags) {
526 rc = -ENOMEM;
527 goto out_free;
528 }
529
530 i = 0;
531 if (sbsec->flags & FSCONTEXT_MNT) {
532 rc = security_sid_to_context(sbsec->sid, &context, &len);
533 if (rc)
534 goto out_free;
535 opts->mnt_opts[i] = context;
536 opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
537 }
538 if (sbsec->flags & CONTEXT_MNT) {
539 rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
540 if (rc)
541 goto out_free;
542 opts->mnt_opts[i] = context;
543 opts->mnt_opts_flags[i++] = CONTEXT_MNT;
544 }
545 if (sbsec->flags & DEFCONTEXT_MNT) {
546 rc = security_sid_to_context(sbsec->def_sid, &context, &len);
547 if (rc)
548 goto out_free;
549 opts->mnt_opts[i] = context;
550 opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;
551 }
552 if (sbsec->flags & ROOTCONTEXT_MNT) {
553 struct inode *root = sbsec->sb->s_root->d_inode;
554 struct inode_security_struct *isec = root->i_security;
555
556 rc = security_sid_to_context(isec->sid, &context, &len);
557 if (rc)
558 goto out_free;
559 opts->mnt_opts[i] = context;
560 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
561 }
562 if (sbsec->flags & SE_SBLABELSUPP) {
563 opts->mnt_opts[i] = NULL;
564 opts->mnt_opts_flags[i++] = SE_SBLABELSUPP;
565 }
566
567 BUG_ON(i != opts->num_mnt_opts);
568
569 return 0;
570
571out_free:
572 security_free_mnt_opts(opts);
573 return rc;
574}
575
576static int bad_option(struct superblock_security_struct *sbsec, char flag,
577 u32 old_sid, u32 new_sid)
578{
579 char mnt_flags = sbsec->flags & SE_MNTMASK;
580
581
582 if (sbsec->flags & SE_SBINITIALIZED)
583 if (!(sbsec->flags & flag) ||
584 (old_sid != new_sid))
585 return 1;
586
587
588
589
590 if (!(sbsec->flags & SE_SBINITIALIZED))
591 if (mnt_flags & flag)
592 return 1;
593 return 0;
594}
595
596
597
598
599
600static int selinux_set_mnt_opts(struct super_block *sb,
601 struct security_mnt_opts *opts)
602{
603 const struct cred *cred = current_cred();
604 int rc = 0, i;
605 struct superblock_security_struct *sbsec = sb->s_security;
606 const char *name = sb->s_type->name;
607 struct inode *inode = sbsec->sb->s_root->d_inode;
608 struct inode_security_struct *root_isec = inode->i_security;
609 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
610 u32 defcontext_sid = 0;
611 char **mount_options = opts->mnt_opts;
612 int *flags = opts->mnt_opts_flags;
613 int num_opts = opts->num_mnt_opts;
614
615 mutex_lock(&sbsec->lock);
616
617 if (!ss_initialized) {
618 if (!num_opts) {
619
620
621
622 spin_lock(&sb_security_lock);
623 if (list_empty(&sbsec->list))
624 list_add(&sbsec->list, &superblock_security_head);
625 spin_unlock(&sb_security_lock);
626 goto out;
627 }
628 rc = -EINVAL;
629 printk(KERN_WARNING "SELinux: Unable to set superblock options "
630 "before the security server is initialized\n");
631 goto out;
632 }
633
634
635
636
637
638
639
640
641
642
643
644
645 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
646 && (num_opts == 0))
647 goto out;
648
649
650
651
652
653
654 for (i = 0; i < num_opts; i++) {
655 u32 sid;
656
657 if (flags[i] == SE_SBLABELSUPP)
658 continue;
659 rc = security_context_to_sid(mount_options[i],
660 strlen(mount_options[i]), &sid);
661 if (rc) {
662 printk(KERN_WARNING "SELinux: security_context_to_sid"
663 "(%s) failed for (dev %s, type %s) errno=%d\n",
664 mount_options[i], sb->s_id, name, rc);
665 goto out;
666 }
667 switch (flags[i]) {
668 case FSCONTEXT_MNT:
669 fscontext_sid = sid;
670
671 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
672 fscontext_sid))
673 goto out_double_mount;
674
675 sbsec->flags |= FSCONTEXT_MNT;
676 break;
677 case CONTEXT_MNT:
678 context_sid = sid;
679
680 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
681 context_sid))
682 goto out_double_mount;
683
684 sbsec->flags |= CONTEXT_MNT;
685 break;
686 case ROOTCONTEXT_MNT:
687 rootcontext_sid = sid;
688
689 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
690 rootcontext_sid))
691 goto out_double_mount;
692
693 sbsec->flags |= ROOTCONTEXT_MNT;
694
695 break;
696 case DEFCONTEXT_MNT:
697 defcontext_sid = sid;
698
699 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
700 defcontext_sid))
701 goto out_double_mount;
702
703 sbsec->flags |= DEFCONTEXT_MNT;
704
705 break;
706 default:
707 rc = -EINVAL;
708 goto out;
709 }
710 }
711
712 if (sbsec->flags & SE_SBINITIALIZED) {
713
714 if ((sbsec->flags & SE_MNTMASK) && !num_opts)
715 goto out_double_mount;
716 rc = 0;
717 goto out;
718 }
719
720 if (strcmp(sb->s_type->name, "proc") == 0)
721 sbsec->flags |= SE_SBPROC;
722
723
724 rc = security_fs_use((sbsec->flags & SE_SBPROC) ? "proc" : sb->s_type->name, &sbsec->behavior, &sbsec->sid);
725 if (rc) {
726 printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
727 __func__, sb->s_type->name, rc);
728 goto out;
729 }
730
731
732 if (fscontext_sid) {
733 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
734 if (rc)
735 goto out;
736
737 sbsec->sid = fscontext_sid;
738 }
739
740
741
742
743
744
745 if (context_sid) {
746 if (!fscontext_sid) {
747 rc = may_context_mount_sb_relabel(context_sid, sbsec,
748 cred);
749 if (rc)
750 goto out;
751 sbsec->sid = context_sid;
752 } else {
753 rc = may_context_mount_inode_relabel(context_sid, sbsec,
754 cred);
755 if (rc)
756 goto out;
757 }
758 if (!rootcontext_sid)
759 rootcontext_sid = context_sid;
760
761 sbsec->mntpoint_sid = context_sid;
762 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
763 }
764
765 if (rootcontext_sid) {
766 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
767 cred);
768 if (rc)
769 goto out;
770
771 root_isec->sid = rootcontext_sid;
772 root_isec->initialized = 1;
773 }
774
775 if (defcontext_sid) {
776 if (sbsec->behavior != SECURITY_FS_USE_XATTR) {
777 rc = -EINVAL;
778 printk(KERN_WARNING "SELinux: defcontext option is "
779 "invalid for this filesystem type\n");
780 goto out;
781 }
782
783 if (defcontext_sid != sbsec->def_sid) {
784 rc = may_context_mount_inode_relabel(defcontext_sid,
785 sbsec, cred);
786 if (rc)
787 goto out;
788 }
789
790 sbsec->def_sid = defcontext_sid;
791 }
792
793 rc = sb_finish_set_opts(sb);
794out:
795 mutex_unlock(&sbsec->lock);
796 return rc;
797out_double_mount:
798 rc = -EINVAL;
799 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
800 "security settings for (dev %s, type %s)\n", sb->s_id, name);
801 goto out;
802}
803
804static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
805 struct super_block *newsb)
806{
807 const struct superblock_security_struct *oldsbsec = oldsb->s_security;
808 struct superblock_security_struct *newsbsec = newsb->s_security;
809
810 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
811 int set_context = (oldsbsec->flags & CONTEXT_MNT);
812 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
813
814
815
816
817
818
819 if (!ss_initialized) {
820 spin_lock(&sb_security_lock);
821 if (list_empty(&newsbsec->list))
822 list_add(&newsbsec->list, &superblock_security_head);
823 spin_unlock(&sb_security_lock);
824 return;
825 }
826
827
828 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
829
830
831 if (newsbsec->flags & SE_SBINITIALIZED)
832 return;
833
834 mutex_lock(&newsbsec->lock);
835
836 newsbsec->flags = oldsbsec->flags;
837
838 newsbsec->sid = oldsbsec->sid;
839 newsbsec->def_sid = oldsbsec->def_sid;
840 newsbsec->behavior = oldsbsec->behavior;
841
842 if (set_context) {
843 u32 sid = oldsbsec->mntpoint_sid;
844
845 if (!set_fscontext)
846 newsbsec->sid = sid;
847 if (!set_rootcontext) {
848 struct inode *newinode = newsb->s_root->d_inode;
849 struct inode_security_struct *newisec = newinode->i_security;
850 newisec->sid = sid;
851 }
852 newsbsec->mntpoint_sid = sid;
853 }
854 if (set_rootcontext) {
855 const struct inode *oldinode = oldsb->s_root->d_inode;
856 const struct inode_security_struct *oldisec = oldinode->i_security;
857 struct inode *newinode = newsb->s_root->d_inode;
858 struct inode_security_struct *newisec = newinode->i_security;
859
860 newisec->sid = oldisec->sid;
861 }
862
863 sb_finish_set_opts(newsb);
864 mutex_unlock(&newsbsec->lock);
865}
866
867static int selinux_parse_opts_str(char *options,
868 struct security_mnt_opts *opts)
869{
870 char *p;
871 char *context = NULL, *defcontext = NULL;
872 char *fscontext = NULL, *rootcontext = NULL;
873 int rc, num_mnt_opts = 0;
874
875 opts->num_mnt_opts = 0;
876
877
878 while ((p = strsep(&options, "|")) != NULL) {
879 int token;
880 substring_t args[MAX_OPT_ARGS];
881
882 if (!*p)
883 continue;
884
885 token = match_token(p, tokens, args);
886
887 switch (token) {
888 case Opt_context:
889 if (context || defcontext) {
890 rc = -EINVAL;
891 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
892 goto out_err;
893 }
894 context = match_strdup(&args[0]);
895 if (!context) {
896 rc = -ENOMEM;
897 goto out_err;
898 }
899 break;
900
901 case Opt_fscontext:
902 if (fscontext) {
903 rc = -EINVAL;
904 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
905 goto out_err;
906 }
907 fscontext = match_strdup(&args[0]);
908 if (!fscontext) {
909 rc = -ENOMEM;
910 goto out_err;
911 }
912 break;
913
914 case Opt_rootcontext:
915 if (rootcontext) {
916 rc = -EINVAL;
917 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
918 goto out_err;
919 }
920 rootcontext = match_strdup(&args[0]);
921 if (!rootcontext) {
922 rc = -ENOMEM;
923 goto out_err;
924 }
925 break;
926
927 case Opt_defcontext:
928 if (context || defcontext) {
929 rc = -EINVAL;
930 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
931 goto out_err;
932 }
933 defcontext = match_strdup(&args[0]);
934 if (!defcontext) {
935 rc = -ENOMEM;
936 goto out_err;
937 }
938 break;
939 case Opt_labelsupport:
940 break;
941 default:
942 rc = -EINVAL;
943 printk(KERN_WARNING "SELinux: unknown mount option\n");
944 goto out_err;
945
946 }
947 }
948
949 rc = -ENOMEM;
950 opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC);
951 if (!opts->mnt_opts)
952 goto out_err;
953
954 opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC);
955 if (!opts->mnt_opts_flags) {
956 kfree(opts->mnt_opts);
957 goto out_err;
958 }
959
960 if (fscontext) {
961 opts->mnt_opts[num_mnt_opts] = fscontext;
962 opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;
963 }
964 if (context) {
965 opts->mnt_opts[num_mnt_opts] = context;
966 opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;
967 }
968 if (rootcontext) {
969 opts->mnt_opts[num_mnt_opts] = rootcontext;
970 opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;
971 }
972 if (defcontext) {
973 opts->mnt_opts[num_mnt_opts] = defcontext;
974 opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;
975 }
976
977 opts->num_mnt_opts = num_mnt_opts;
978 return 0;
979
980out_err:
981 kfree(context);
982 kfree(defcontext);
983 kfree(fscontext);
984 kfree(rootcontext);
985 return rc;
986}
987
988
989
990static int superblock_doinit(struct super_block *sb, void *data)
991{
992 int rc = 0;
993 char *options = data;
994 struct security_mnt_opts opts;
995
996 security_init_mnt_opts(&opts);
997
998 if (!data)
999 goto out;
1000
1001 BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
1002
1003 rc = selinux_parse_opts_str(options, &opts);
1004 if (rc)
1005 goto out_err;
1006
1007out:
1008 rc = selinux_set_mnt_opts(sb, &opts);
1009
1010out_err:
1011 security_free_mnt_opts(&opts);
1012 return rc;
1013}
1014
1015static void selinux_write_opts(struct seq_file *m,
1016 struct security_mnt_opts *opts)
1017{
1018 int i;
1019 char *prefix;
1020
1021 for (i = 0; i < opts->num_mnt_opts; i++) {
1022 char *has_comma;
1023
1024 if (opts->mnt_opts[i])
1025 has_comma = strchr(opts->mnt_opts[i], ',');
1026 else
1027 has_comma = NULL;
1028
1029 switch (opts->mnt_opts_flags[i]) {
1030 case CONTEXT_MNT:
1031 prefix = CONTEXT_STR;
1032 break;
1033 case FSCONTEXT_MNT:
1034 prefix = FSCONTEXT_STR;
1035 break;
1036 case ROOTCONTEXT_MNT:
1037 prefix = ROOTCONTEXT_STR;
1038 break;
1039 case DEFCONTEXT_MNT:
1040 prefix = DEFCONTEXT_STR;
1041 break;
1042 case SE_SBLABELSUPP:
1043 seq_putc(m, ',');
1044 seq_puts(m, LABELSUPP_STR);
1045 continue;
1046 default:
1047 BUG();
1048 };
1049
1050 seq_putc(m, ',');
1051 seq_puts(m, prefix);
1052 if (has_comma)
1053 seq_putc(m, '\"');
1054 seq_puts(m, opts->mnt_opts[i]);
1055 if (has_comma)
1056 seq_putc(m, '\"');
1057 }
1058}
1059
1060static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
1061{
1062 struct security_mnt_opts opts;
1063 int rc;
1064
1065 rc = selinux_get_mnt_opts(sb, &opts);
1066 if (rc) {
1067
1068 if (rc == -EINVAL)
1069 rc = 0;
1070 return rc;
1071 }
1072
1073 selinux_write_opts(m, &opts);
1074
1075 security_free_mnt_opts(&opts);
1076
1077 return rc;
1078}
1079
1080static inline u16 inode_mode_to_security_class(umode_t mode)
1081{
1082 switch (mode & S_IFMT) {
1083 case S_IFSOCK:
1084 return SECCLASS_SOCK_FILE;
1085 case S_IFLNK:
1086 return SECCLASS_LNK_FILE;
1087 case S_IFREG:
1088 return SECCLASS_FILE;
1089 case S_IFBLK:
1090 return SECCLASS_BLK_FILE;
1091 case S_IFDIR:
1092 return SECCLASS_DIR;
1093 case S_IFCHR:
1094 return SECCLASS_CHR_FILE;
1095 case S_IFIFO:
1096 return SECCLASS_FIFO_FILE;
1097
1098 }
1099
1100 return SECCLASS_FILE;
1101}
1102
1103static inline int default_protocol_stream(int protocol)
1104{
1105 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
1106}
1107
1108static inline int default_protocol_dgram(int protocol)
1109{
1110 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
1111}
1112
1113static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1114{
1115 switch (family) {
1116 case PF_UNIX:
1117 switch (type) {
1118 case SOCK_STREAM:
1119 case SOCK_SEQPACKET:
1120 return SECCLASS_UNIX_STREAM_SOCKET;
1121 case SOCK_DGRAM:
1122 return SECCLASS_UNIX_DGRAM_SOCKET;
1123 }
1124 break;
1125 case PF_INET:
1126 case PF_INET6:
1127 switch (type) {
1128 case SOCK_STREAM:
1129 if (default_protocol_stream(protocol))
1130 return SECCLASS_TCP_SOCKET;
1131 else
1132 return SECCLASS_RAWIP_SOCKET;
1133 case SOCK_DGRAM:
1134 if (default_protocol_dgram(protocol))
1135 return SECCLASS_UDP_SOCKET;
1136 else
1137 return SECCLASS_RAWIP_SOCKET;
1138 case SOCK_DCCP:
1139 return SECCLASS_DCCP_SOCKET;
1140 default:
1141 return SECCLASS_RAWIP_SOCKET;
1142 }
1143 break;
1144 case PF_NETLINK:
1145 switch (protocol) {
1146 case NETLINK_ROUTE:
1147 return SECCLASS_NETLINK_ROUTE_SOCKET;
1148 case NETLINK_FIREWALL:
1149 return SECCLASS_NETLINK_FIREWALL_SOCKET;
1150 case NETLINK_INET_DIAG:
1151 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1152 case NETLINK_NFLOG:
1153 return SECCLASS_NETLINK_NFLOG_SOCKET;
1154 case NETLINK_XFRM:
1155 return SECCLASS_NETLINK_XFRM_SOCKET;
1156 case NETLINK_SELINUX:
1157 return SECCLASS_NETLINK_SELINUX_SOCKET;
1158 case NETLINK_AUDIT:
1159 return SECCLASS_NETLINK_AUDIT_SOCKET;
1160 case NETLINK_IP6_FW:
1161 return SECCLASS_NETLINK_IP6FW_SOCKET;
1162 case NETLINK_DNRTMSG:
1163 return SECCLASS_NETLINK_DNRT_SOCKET;
1164 case NETLINK_KOBJECT_UEVENT:
1165 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1166 default:
1167 return SECCLASS_NETLINK_SOCKET;
1168 }
1169 case PF_PACKET:
1170 return SECCLASS_PACKET_SOCKET;
1171 case PF_KEY:
1172 return SECCLASS_KEY_SOCKET;
1173 case PF_APPLETALK:
1174 return SECCLASS_APPLETALK_SOCKET;
1175 }
1176
1177 return SECCLASS_SOCKET;
1178}
1179
1180#ifdef CONFIG_PROC_FS
1181static int selinux_proc_get_sid(struct proc_dir_entry *de,
1182 u16 tclass,
1183 u32 *sid)
1184{
1185 int buflen, rc;
1186 char *buffer, *path, *end;
1187
1188 buffer = (char *)__get_free_page(GFP_KERNEL);
1189 if (!buffer)
1190 return -ENOMEM;
1191
1192 buflen = PAGE_SIZE;
1193 end = buffer+buflen;
1194 *--end = '\0';
1195 buflen--;
1196 path = end-1;
1197 *path = '/';
1198 while (de && de != de->parent) {
1199 buflen -= de->namelen + 1;
1200 if (buflen < 0)
1201 break;
1202 end -= de->namelen;
1203 memcpy(end, de->name, de->namelen);
1204 *--end = '/';
1205 path = end;
1206 de = de->parent;
1207 }
1208 rc = security_genfs_sid("proc", path, tclass, sid);
1209 free_page((unsigned long)buffer);
1210 return rc;
1211}
1212#else
1213static int selinux_proc_get_sid(struct proc_dir_entry *de,
1214 u16 tclass,
1215 u32 *sid)
1216{
1217 return -EINVAL;
1218}
1219#endif
1220
1221
1222static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1223{
1224 struct superblock_security_struct *sbsec = NULL;
1225 struct inode_security_struct *isec = inode->i_security;
1226 u32 sid;
1227 struct dentry *dentry;
1228#define INITCONTEXTLEN 255
1229 char *context = NULL;
1230 unsigned len = 0;
1231 int rc = 0;
1232
1233 if (isec->initialized)
1234 goto out;
1235
1236 mutex_lock(&isec->lock);
1237 if (isec->initialized)
1238 goto out_unlock;
1239
1240 sbsec = inode->i_sb->s_security;
1241 if (!(sbsec->flags & SE_SBINITIALIZED)) {
1242
1243
1244
1245 spin_lock(&sbsec->isec_lock);
1246 if (list_empty(&isec->list))
1247 list_add(&isec->list, &sbsec->isec_head);
1248 spin_unlock(&sbsec->isec_lock);
1249 goto out_unlock;
1250 }
1251
1252 switch (sbsec->behavior) {
1253 case SECURITY_FS_USE_XATTR:
1254 if (!inode->i_op->getxattr) {
1255 isec->sid = sbsec->def_sid;
1256 break;
1257 }
1258
1259
1260
1261 if (opt_dentry) {
1262
1263 dentry = dget(opt_dentry);
1264 } else {
1265
1266 dentry = d_find_alias(inode);
1267 }
1268 if (!dentry) {
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278 goto out_unlock;
1279 }
1280
1281 len = INITCONTEXTLEN;
1282 context = kmalloc(len+1, GFP_NOFS);
1283 if (!context) {
1284 rc = -ENOMEM;
1285 dput(dentry);
1286 goto out_unlock;
1287 }
1288 context[len] = '\0';
1289 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1290 context, len);
1291 if (rc == -ERANGE) {
1292 kfree(context);
1293
1294
1295 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1296 NULL, 0);
1297 if (rc < 0) {
1298 dput(dentry);
1299 goto out_unlock;
1300 }
1301 len = rc;
1302 context = kmalloc(len+1, GFP_NOFS);
1303 if (!context) {
1304 rc = -ENOMEM;
1305 dput(dentry);
1306 goto out_unlock;
1307 }
1308 context[len] = '\0';
1309 rc = inode->i_op->getxattr(dentry,
1310 XATTR_NAME_SELINUX,
1311 context, len);
1312 }
1313 dput(dentry);
1314 if (rc < 0) {
1315 if (rc != -ENODATA) {
1316 printk(KERN_WARNING "SELinux: %s: getxattr returned "
1317 "%d for dev=%s ino=%ld\n", __func__,
1318 -rc, inode->i_sb->s_id, inode->i_ino);
1319 kfree(context);
1320 goto out_unlock;
1321 }
1322
1323 sid = sbsec->def_sid;
1324 rc = 0;
1325 } else {
1326 rc = security_context_to_sid_default(context, rc, &sid,
1327 sbsec->def_sid,
1328 GFP_NOFS);
1329 if (rc) {
1330 char *dev = inode->i_sb->s_id;
1331 unsigned long ino = inode->i_ino;
1332
1333 if (rc == -EINVAL) {
1334 if (printk_ratelimit())
1335 printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
1336 "context=%s. This indicates you may need to relabel the inode or the "
1337 "filesystem in question.\n", ino, dev, context);
1338 } else {
1339 printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
1340 "returned %d for dev=%s ino=%ld\n",
1341 __func__, context, -rc, dev, ino);
1342 }
1343 kfree(context);
1344
1345 rc = 0;
1346 break;
1347 }
1348 }
1349 kfree(context);
1350 isec->sid = sid;
1351 break;
1352 case SECURITY_FS_USE_TASK:
1353 isec->sid = isec->task_sid;
1354 break;
1355 case SECURITY_FS_USE_TRANS:
1356
1357 isec->sid = sbsec->sid;
1358
1359
1360 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1361 rc = security_transition_sid(isec->task_sid,
1362 sbsec->sid,
1363 isec->sclass,
1364 &sid);
1365 if (rc)
1366 goto out_unlock;
1367 isec->sid = sid;
1368 break;
1369 case SECURITY_FS_USE_MNTPOINT:
1370 isec->sid = sbsec->mntpoint_sid;
1371 break;
1372 default:
1373
1374 isec->sid = sbsec->sid;
1375
1376 if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
1377 struct proc_inode *proci = PROC_I(inode);
1378 if (proci->pde) {
1379 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1380 rc = selinux_proc_get_sid(proci->pde,
1381 isec->sclass,
1382 &sid);
1383 if (rc)
1384 goto out_unlock;
1385 isec->sid = sid;
1386 }
1387 }
1388 break;
1389 }
1390
1391 isec->initialized = 1;
1392
1393out_unlock:
1394 mutex_unlock(&isec->lock);
1395out:
1396 if (isec->sclass == SECCLASS_FILE)
1397 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1398 return rc;
1399}
1400
1401
1402static inline u32 signal_to_av(int sig)
1403{
1404 u32 perm = 0;
1405
1406 switch (sig) {
1407 case SIGCHLD:
1408
1409 perm = PROCESS__SIGCHLD;
1410 break;
1411 case SIGKILL:
1412
1413 perm = PROCESS__SIGKILL;
1414 break;
1415 case SIGSTOP:
1416
1417 perm = PROCESS__SIGSTOP;
1418 break;
1419 default:
1420
1421 perm = PROCESS__SIGNAL;
1422 break;
1423 }
1424
1425 return perm;
1426}
1427
1428
1429
1430
1431
1432static int cred_has_perm(const struct cred *actor,
1433 const struct cred *target,
1434 u32 perms)
1435{
1436 u32 asid = cred_sid(actor), tsid = cred_sid(target);
1437
1438 return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL);
1439}
1440
1441
1442
1443
1444
1445
1446
1447static int task_has_perm(const struct task_struct *tsk1,
1448 const struct task_struct *tsk2,
1449 u32 perms)
1450{
1451 const struct task_security_struct *__tsec1, *__tsec2;
1452 u32 sid1, sid2;
1453
1454 rcu_read_lock();
1455 __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid;
1456 __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid;
1457 rcu_read_unlock();
1458 return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL);
1459}
1460
1461
1462
1463
1464
1465
1466
1467static int current_has_perm(const struct task_struct *tsk,
1468 u32 perms)
1469{
1470 u32 sid, tsid;
1471
1472 sid = current_sid();
1473 tsid = task_sid(tsk);
1474 return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL);
1475}
1476
1477#if CAP_LAST_CAP > 63
1478#error Fix SELinux to handle capabilities > 63.
1479#endif
1480
1481
1482static int task_has_capability(struct task_struct *tsk,
1483 const struct cred *cred,
1484 int cap, int audit)
1485{
1486 struct common_audit_data ad;
1487 struct av_decision avd;
1488 u16 sclass;
1489 u32 sid = cred_sid(cred);
1490 u32 av = CAP_TO_MASK(cap);
1491 int rc;
1492
1493 COMMON_AUDIT_DATA_INIT(&ad, CAP);
1494 ad.tsk = tsk;
1495 ad.u.cap = cap;
1496
1497 switch (CAP_TO_INDEX(cap)) {
1498 case 0:
1499 sclass = SECCLASS_CAPABILITY;
1500 break;
1501 case 1:
1502 sclass = SECCLASS_CAPABILITY2;
1503 break;
1504 default:
1505 printk(KERN_ERR
1506 "SELinux: out of range capability %d\n", cap);
1507 BUG();
1508 }
1509
1510 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
1511 if (audit == SECURITY_CAP_AUDIT)
1512 avc_audit(sid, sid, sclass, av, &avd, rc, &ad);
1513 return rc;
1514}
1515
1516
1517static int task_has_system(struct task_struct *tsk,
1518 u32 perms)
1519{
1520 u32 sid = task_sid(tsk);
1521
1522 return avc_has_perm(sid, SECINITSID_KERNEL,
1523 SECCLASS_SYSTEM, perms, NULL);
1524}
1525
1526
1527
1528
1529static int inode_has_perm(const struct cred *cred,
1530 struct inode *inode,
1531 u32 perms,
1532 struct common_audit_data *adp)
1533{
1534 struct inode_security_struct *isec;
1535 struct common_audit_data ad;
1536 u32 sid;
1537
1538 validate_creds(cred);
1539
1540 if (unlikely(IS_PRIVATE(inode)))
1541 return 0;
1542
1543 sid = cred_sid(cred);
1544 isec = inode->i_security;
1545
1546 if (!adp) {
1547 adp = &ad;
1548 COMMON_AUDIT_DATA_INIT(&ad, FS);
1549 ad.u.fs.inode = inode;
1550 }
1551
1552 return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);
1553}
1554
1555
1556
1557
1558static inline int dentry_has_perm(const struct cred *cred,
1559 struct vfsmount *mnt,
1560 struct dentry *dentry,
1561 u32 av)
1562{
1563 struct inode *inode = dentry->d_inode;
1564 struct common_audit_data ad;
1565
1566 COMMON_AUDIT_DATA_INIT(&ad, FS);
1567 ad.u.fs.path.mnt = mnt;
1568 ad.u.fs.path.dentry = dentry;
1569 return inode_has_perm(cred, inode, av, &ad);
1570}
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580static int file_has_perm(const struct cred *cred,
1581 struct file *file,
1582 u32 av)
1583{
1584 struct file_security_struct *fsec = file->f_security;
1585 struct inode *inode = file->f_path.dentry->d_inode;
1586 struct common_audit_data ad;
1587 u32 sid = cred_sid(cred);
1588 int rc;
1589
1590 COMMON_AUDIT_DATA_INIT(&ad, FS);
1591 ad.u.fs.path = file->f_path;
1592
1593 if (sid != fsec->sid) {
1594 rc = avc_has_perm(sid, fsec->sid,
1595 SECCLASS_FD,
1596 FD__USE,
1597 &ad);
1598 if (rc)
1599 goto out;
1600 }
1601
1602
1603 rc = 0;
1604 if (av)
1605 rc = inode_has_perm(cred, inode, av, &ad);
1606
1607out:
1608 return rc;
1609}
1610
1611
1612static int may_create(struct inode *dir,
1613 struct dentry *dentry,
1614 u16 tclass)
1615{
1616 const struct cred *cred = current_cred();
1617 const struct task_security_struct *tsec = cred->security;
1618 struct inode_security_struct *dsec;
1619 struct superblock_security_struct *sbsec;
1620 u32 sid, newsid;
1621 struct common_audit_data ad;
1622 int rc;
1623
1624 dsec = dir->i_security;
1625 sbsec = dir->i_sb->s_security;
1626
1627 sid = tsec->sid;
1628 newsid = tsec->create_sid;
1629
1630 COMMON_AUDIT_DATA_INIT(&ad, FS);
1631 ad.u.fs.path.dentry = dentry;
1632
1633 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
1634 DIR__ADD_NAME | DIR__SEARCH,
1635 &ad);
1636 if (rc)
1637 return rc;
1638
1639 if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
1640 rc = security_transition_sid(sid, dsec->sid, tclass, &newsid);
1641 if (rc)
1642 return rc;
1643 }
1644
1645 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);
1646 if (rc)
1647 return rc;
1648
1649 return avc_has_perm(newsid, sbsec->sid,
1650 SECCLASS_FILESYSTEM,
1651 FILESYSTEM__ASSOCIATE, &ad);
1652}
1653
1654
1655static int may_create_key(u32 ksid,
1656 struct task_struct *ctx)
1657{
1658 u32 sid = task_sid(ctx);
1659
1660 return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1661}
1662
1663#define MAY_LINK 0
1664#define MAY_UNLINK 1
1665#define MAY_RMDIR 2
1666
1667
1668static int may_link(struct inode *dir,
1669 struct dentry *dentry,
1670 int kind)
1671
1672{
1673 struct inode_security_struct *dsec, *isec;
1674 struct common_audit_data ad;
1675 u32 sid = current_sid();
1676 u32 av;
1677 int rc;
1678
1679 dsec = dir->i_security;
1680 isec = dentry->d_inode->i_security;
1681
1682 COMMON_AUDIT_DATA_INIT(&ad, FS);
1683 ad.u.fs.path.dentry = dentry;
1684
1685 av = DIR__SEARCH;
1686 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1687 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);
1688 if (rc)
1689 return rc;
1690
1691 switch (kind) {
1692 case MAY_LINK:
1693 av = FILE__LINK;
1694 break;
1695 case MAY_UNLINK:
1696 av = FILE__UNLINK;
1697 break;
1698 case MAY_RMDIR:
1699 av = DIR__RMDIR;
1700 break;
1701 default:
1702 printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
1703 __func__, kind);
1704 return 0;
1705 }
1706
1707 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);
1708 return rc;
1709}
1710
1711static inline int may_rename(struct inode *old_dir,
1712 struct dentry *old_dentry,
1713 struct inode *new_dir,
1714 struct dentry *new_dentry)
1715{
1716 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1717 struct common_audit_data ad;
1718 u32 sid = current_sid();
1719 u32 av;
1720 int old_is_dir, new_is_dir;
1721 int rc;
1722
1723 old_dsec = old_dir->i_security;
1724 old_isec = old_dentry->d_inode->i_security;
1725 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
1726 new_dsec = new_dir->i_security;
1727
1728 COMMON_AUDIT_DATA_INIT(&ad, FS);
1729
1730 ad.u.fs.path.dentry = old_dentry;
1731 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
1732 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1733 if (rc)
1734 return rc;
1735 rc = avc_has_perm(sid, old_isec->sid,
1736 old_isec->sclass, FILE__RENAME, &ad);
1737 if (rc)
1738 return rc;
1739 if (old_is_dir && new_dir != old_dir) {
1740 rc = avc_has_perm(sid, old_isec->sid,
1741 old_isec->sclass, DIR__REPARENT, &ad);
1742 if (rc)
1743 return rc;
1744 }
1745
1746 ad.u.fs.path.dentry = new_dentry;
1747 av = DIR__ADD_NAME | DIR__SEARCH;
1748 if (new_dentry->d_inode)
1749 av |= DIR__REMOVE_NAME;
1750 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1751 if (rc)
1752 return rc;
1753 if (new_dentry->d_inode) {
1754 new_isec = new_dentry->d_inode->i_security;
1755 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
1756 rc = avc_has_perm(sid, new_isec->sid,
1757 new_isec->sclass,
1758 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1759 if (rc)
1760 return rc;
1761 }
1762
1763 return 0;
1764}
1765
1766
1767static int superblock_has_perm(const struct cred *cred,
1768 struct super_block *sb,
1769 u32 perms,
1770 struct common_audit_data *ad)
1771{
1772 struct superblock_security_struct *sbsec;
1773 u32 sid = cred_sid(cred);
1774
1775 sbsec = sb->s_security;
1776 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
1777}
1778
1779
1780static inline u32 file_mask_to_av(int mode, int mask)
1781{
1782 u32 av = 0;
1783
1784 if ((mode & S_IFMT) != S_IFDIR) {
1785 if (mask & MAY_EXEC)
1786 av |= FILE__EXECUTE;
1787 if (mask & MAY_READ)
1788 av |= FILE__READ;
1789
1790 if (mask & MAY_APPEND)
1791 av |= FILE__APPEND;
1792 else if (mask & MAY_WRITE)
1793 av |= FILE__WRITE;
1794
1795 } else {
1796 if (mask & MAY_EXEC)
1797 av |= DIR__SEARCH;
1798 if (mask & MAY_WRITE)
1799 av |= DIR__WRITE;
1800 if (mask & MAY_READ)
1801 av |= DIR__READ;
1802 }
1803
1804 return av;
1805}
1806
1807
1808static inline u32 file_to_av(struct file *file)
1809{
1810 u32 av = 0;
1811
1812 if (file->f_mode & FMODE_READ)
1813 av |= FILE__READ;
1814 if (file->f_mode & FMODE_WRITE) {
1815 if (file->f_flags & O_APPEND)
1816 av |= FILE__APPEND;
1817 else
1818 av |= FILE__WRITE;
1819 }
1820 if (!av) {
1821
1822
1823
1824 av = FILE__IOCTL;
1825 }
1826
1827 return av;
1828}
1829
1830
1831
1832
1833
1834static inline u32 open_file_to_av(struct file *file)
1835{
1836 u32 av = file_to_av(file);
1837
1838 if (selinux_policycap_openperm) {
1839 mode_t mode = file->f_path.dentry->d_inode->i_mode;
1840
1841
1842
1843 if (S_ISREG(mode))
1844 av |= FILE__OPEN;
1845 else if (S_ISCHR(mode))
1846 av |= CHR_FILE__OPEN;
1847 else if (S_ISBLK(mode))
1848 av |= BLK_FILE__OPEN;
1849 else if (S_ISFIFO(mode))
1850 av |= FIFO_FILE__OPEN;
1851 else if (S_ISDIR(mode))
1852 av |= DIR__OPEN;
1853 else if (S_ISSOCK(mode))
1854 av |= SOCK_FILE__OPEN;
1855 else
1856 printk(KERN_ERR "SELinux: WARNING: inside %s with "
1857 "unknown mode:%o\n", __func__, mode);
1858 }
1859 return av;
1860}
1861
1862
1863
1864static int selinux_ptrace_access_check(struct task_struct *child,
1865 unsigned int mode)
1866{
1867 int rc;
1868
1869 rc = cap_ptrace_access_check(child, mode);
1870 if (rc)
1871 return rc;
1872
1873 if (mode == PTRACE_MODE_READ) {
1874 u32 sid = current_sid();
1875 u32 csid = task_sid(child);
1876 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
1877 }
1878
1879 return current_has_perm(child, PROCESS__PTRACE);
1880}
1881
1882static int selinux_ptrace_traceme(struct task_struct *parent)
1883{
1884 int rc;
1885
1886 rc = cap_ptrace_traceme(parent);
1887 if (rc)
1888 return rc;
1889
1890 return task_has_perm(parent, current, PROCESS__PTRACE);
1891}
1892
1893static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
1894 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1895{
1896 int error;
1897
1898 error = current_has_perm(target, PROCESS__GETCAP);
1899 if (error)
1900 return error;
1901
1902 return cap_capget(target, effective, inheritable, permitted);
1903}
1904
1905static int selinux_capset(struct cred *new, const struct cred *old,
1906 const kernel_cap_t *effective,
1907 const kernel_cap_t *inheritable,
1908 const kernel_cap_t *permitted)
1909{
1910 int error;
1911
1912 error = cap_capset(new, old,
1913 effective, inheritable, permitted);
1914 if (error)
1915 return error;
1916
1917 return cred_has_perm(old, new, PROCESS__SETCAP);
1918}
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930static int selinux_capable(struct task_struct *tsk, const struct cred *cred,
1931 int cap, int audit)
1932{
1933 int rc;
1934
1935 rc = cap_capable(tsk, cred, cap, audit);
1936 if (rc)
1937 return rc;
1938
1939 return task_has_capability(tsk, cred, cap, audit);
1940}
1941
1942static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid)
1943{
1944 int buflen, rc;
1945 char *buffer, *path, *end;
1946
1947 rc = -ENOMEM;
1948 buffer = (char *)__get_free_page(GFP_KERNEL);
1949 if (!buffer)
1950 goto out;
1951
1952 buflen = PAGE_SIZE;
1953 end = buffer+buflen;
1954 *--end = '\0';
1955 buflen--;
1956 path = end-1;
1957 *path = '/';
1958 while (table) {
1959 const char *name = table->procname;
1960 size_t namelen = strlen(name);
1961 buflen -= namelen + 1;
1962 if (buflen < 0)
1963 goto out_free;
1964 end -= namelen;
1965 memcpy(end, name, namelen);
1966 *--end = '/';
1967 path = end;
1968 table = table->parent;
1969 }
1970 buflen -= 4;
1971 if (buflen < 0)
1972 goto out_free;
1973 end -= 4;
1974 memcpy(end, "/sys", 4);
1975 path = end;
1976 rc = security_genfs_sid("proc", path, tclass, sid);
1977out_free:
1978 free_page((unsigned long)buffer);
1979out:
1980 return rc;
1981}
1982
1983static int selinux_sysctl(ctl_table *table, int op)
1984{
1985 int error = 0;
1986 u32 av;
1987 u32 tsid, sid;
1988 int rc;
1989
1990 sid = current_sid();
1991
1992 rc = selinux_sysctl_get_sid(table, (op == 0001) ?
1993 SECCLASS_DIR : SECCLASS_FILE, &tsid);
1994 if (rc) {
1995
1996 tsid = SECINITSID_SYSCTL;
1997 }
1998
1999
2000
2001 if (op == 001) {
2002 error = avc_has_perm(sid, tsid,
2003 SECCLASS_DIR, DIR__SEARCH, NULL);
2004 } else {
2005 av = 0;
2006 if (op & 004)
2007 av |= FILE__READ;
2008 if (op & 002)
2009 av |= FILE__WRITE;
2010 if (av)
2011 error = avc_has_perm(sid, tsid,
2012 SECCLASS_FILE, av, NULL);
2013 }
2014
2015 return error;
2016}
2017
2018static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
2019{
2020 const struct cred *cred = current_cred();
2021 int rc = 0;
2022
2023 if (!sb)
2024 return 0;
2025
2026 switch (cmds) {
2027 case Q_SYNC:
2028 case Q_QUOTAON:
2029 case Q_QUOTAOFF:
2030 case Q_SETINFO:
2031 case Q_SETQUOTA:
2032 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
2033 break;
2034 case Q_GETFMT:
2035 case Q_GETINFO:
2036 case Q_GETQUOTA:
2037 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
2038 break;
2039 default:
2040 rc = 0;
2041 break;
2042 }
2043 return rc;
2044}
2045
2046static int selinux_quota_on(struct dentry *dentry)
2047{
2048 const struct cred *cred = current_cred();
2049
2050 return dentry_has_perm(cred, NULL, dentry, FILE__QUOTAON);
2051}
2052
2053static int selinux_syslog(int type)
2054{
2055 int rc;
2056
2057 rc = cap_syslog(type);
2058 if (rc)
2059 return rc;
2060
2061 switch (type) {
2062 case 3:
2063 case 10:
2064 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
2065 break;
2066 case 6:
2067 case 7:
2068 case 8:
2069 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
2070 break;
2071 case 0:
2072 case 1:
2073 case 2:
2074 case 4:
2075 case 5:
2076 default:
2077 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
2078 break;
2079 }
2080 return rc;
2081}
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
2092{
2093 int rc, cap_sys_admin = 0;
2094
2095 rc = selinux_capable(current, current_cred(), CAP_SYS_ADMIN,
2096 SECURITY_CAP_NOAUDIT);
2097 if (rc == 0)
2098 cap_sys_admin = 1;
2099
2100 return __vm_enough_memory(mm, pages, cap_sys_admin);
2101}
2102
2103
2104
2105static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2106{
2107 const struct task_security_struct *old_tsec;
2108 struct task_security_struct *new_tsec;
2109 struct inode_security_struct *isec;
2110 struct common_audit_data ad;
2111 struct inode *inode = bprm->file->f_path.dentry->d_inode;
2112 int rc;
2113
2114 rc = cap_bprm_set_creds(bprm);
2115 if (rc)
2116 return rc;
2117
2118
2119
2120 if (bprm->cred_prepared)
2121 return 0;
2122
2123 old_tsec = current_security();
2124 new_tsec = bprm->cred->security;
2125 isec = inode->i_security;
2126
2127
2128 new_tsec->sid = old_tsec->sid;
2129 new_tsec->osid = old_tsec->sid;
2130
2131
2132 new_tsec->create_sid = 0;
2133 new_tsec->keycreate_sid = 0;
2134 new_tsec->sockcreate_sid = 0;
2135
2136 if (old_tsec->exec_sid) {
2137 new_tsec->sid = old_tsec->exec_sid;
2138
2139 new_tsec->exec_sid = 0;
2140 } else {
2141
2142 rc = security_transition_sid(old_tsec->sid, isec->sid,
2143 SECCLASS_PROCESS, &new_tsec->sid);
2144 if (rc)
2145 return rc;
2146 }
2147
2148 COMMON_AUDIT_DATA_INIT(&ad, FS);
2149 ad.u.fs.path = bprm->file->f_path;
2150
2151 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
2152 new_tsec->sid = old_tsec->sid;
2153
2154 if (new_tsec->sid == old_tsec->sid) {
2155 rc = avc_has_perm(old_tsec->sid, isec->sid,
2156 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2157 if (rc)
2158 return rc;
2159 } else {
2160
2161 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2162 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2163 if (rc)
2164 return rc;
2165
2166 rc = avc_has_perm(new_tsec->sid, isec->sid,
2167 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2168 if (rc)
2169 return rc;
2170
2171
2172 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2173 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2174 SECCLASS_PROCESS, PROCESS__SHARE,
2175 NULL);
2176 if (rc)
2177 return -EPERM;
2178 }
2179
2180
2181
2182 if (bprm->unsafe &
2183 (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
2184 struct task_struct *tracer;
2185 struct task_security_struct *sec;
2186 u32 ptsid = 0;
2187
2188 rcu_read_lock();
2189 tracer = tracehook_tracer_task(current);
2190 if (likely(tracer != NULL)) {
2191 sec = __task_cred(tracer)->security;
2192 ptsid = sec->sid;
2193 }
2194 rcu_read_unlock();
2195
2196 if (ptsid != 0) {
2197 rc = avc_has_perm(ptsid, new_tsec->sid,
2198 SECCLASS_PROCESS,
2199 PROCESS__PTRACE, NULL);
2200 if (rc)
2201 return -EPERM;
2202 }
2203 }
2204
2205
2206 bprm->per_clear |= PER_CLEAR_ON_SETID;
2207 }
2208
2209 return 0;
2210}
2211
2212static int selinux_bprm_secureexec(struct linux_binprm *bprm)
2213{
2214 const struct cred *cred = current_cred();
2215 const struct task_security_struct *tsec = cred->security;
2216 u32 sid, osid;
2217 int atsecure = 0;
2218
2219 sid = tsec->sid;
2220 osid = tsec->osid;
2221
2222 if (osid != sid) {
2223
2224
2225
2226 atsecure = avc_has_perm(osid, sid,
2227 SECCLASS_PROCESS,
2228 PROCESS__NOATSECURE, NULL);
2229 }
2230
2231 return (atsecure || cap_bprm_secureexec(bprm));
2232}
2233
2234extern struct vfsmount *selinuxfs_mount;
2235extern struct dentry *selinux_null;
2236
2237
2238static inline void flush_unauthorized_files(const struct cred *cred,
2239 struct files_struct *files)
2240{
2241 struct common_audit_data ad;
2242 struct file *file, *devnull = NULL;
2243 struct tty_struct *tty;
2244 struct fdtable *fdt;
2245 long j = -1;
2246 int drop_tty = 0;
2247
2248 tty = get_current_tty();
2249 if (tty) {
2250 file_list_lock();
2251 if (!list_empty(&tty->tty_files)) {
2252 struct inode *inode;
2253
2254
2255
2256
2257
2258
2259 file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list);
2260 inode = file->f_path.dentry->d_inode;
2261 if (inode_has_perm(cred, inode,
2262 FILE__READ | FILE__WRITE, NULL)) {
2263 drop_tty = 1;
2264 }
2265 }
2266 file_list_unlock();
2267 tty_kref_put(tty);
2268 }
2269
2270 if (drop_tty)
2271 no_tty();
2272
2273
2274
2275 COMMON_AUDIT_DATA_INIT(&ad, FS);
2276
2277 spin_lock(&files->file_lock);
2278 for (;;) {
2279 unsigned long set, i;
2280 int fd;
2281
2282 j++;
2283 i = j * __NFDBITS;
2284 fdt = files_fdtable(files);
2285 if (i >= fdt->max_fds)
2286 break;
2287 set = fdt->open_fds->fds_bits[j];
2288 if (!set)
2289 continue;
2290 spin_unlock(&files->file_lock);
2291 for ( ; set ; i++, set >>= 1) {
2292 if (set & 1) {
2293 file = fget(i);
2294 if (!file)
2295 continue;
2296 if (file_has_perm(cred,
2297 file,
2298 file_to_av(file))) {
2299 sys_close(i);
2300 fd = get_unused_fd();
2301 if (fd != i) {
2302 if (fd >= 0)
2303 put_unused_fd(fd);
2304 fput(file);
2305 continue;
2306 }
2307 if (devnull) {
2308 get_file(devnull);
2309 } else {
2310 devnull = dentry_open(
2311 dget(selinux_null),
2312 mntget(selinuxfs_mount),
2313 O_RDWR, cred);
2314 if (IS_ERR(devnull)) {
2315 devnull = NULL;
2316 put_unused_fd(fd);
2317 fput(file);
2318 continue;
2319 }
2320 }
2321 fd_install(fd, devnull);
2322 }
2323 fput(file);
2324 }
2325 }
2326 spin_lock(&files->file_lock);
2327
2328 }
2329 spin_unlock(&files->file_lock);
2330}
2331
2332
2333
2334
2335static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2336{
2337 struct task_security_struct *new_tsec;
2338 struct rlimit *rlim, *initrlim;
2339 int rc, i;
2340
2341 new_tsec = bprm->cred->security;
2342 if (new_tsec->sid == new_tsec->osid)
2343 return;
2344
2345
2346 flush_unauthorized_files(bprm->cred, current->files);
2347
2348
2349 current->pdeath_signal = 0;
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2362 PROCESS__RLIMITINH, NULL);
2363 if (rc) {
2364 for (i = 0; i < RLIM_NLIMITS; i++) {
2365 rlim = current->signal->rlim + i;
2366 initrlim = init_task.signal->rlim + i;
2367 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2368 }
2369 update_rlimit_cpu(rlim->rlim_cur);
2370 }
2371}
2372
2373
2374
2375
2376
2377static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2378{
2379 const struct task_security_struct *tsec = current_security();
2380 struct itimerval itimer;
2381 u32 osid, sid;
2382 int rc, i;
2383
2384 osid = tsec->osid;
2385 sid = tsec->sid;
2386
2387 if (sid == osid)
2388 return;
2389
2390
2391
2392
2393
2394
2395
2396
2397 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2398 if (rc) {
2399 memset(&itimer, 0, sizeof itimer);
2400 for (i = 0; i < 3; i++)
2401 do_setitimer(i, &itimer, NULL);
2402 spin_lock_irq(¤t->sighand->siglock);
2403 if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) {
2404 __flush_signals(current);
2405 flush_signal_handlers(current, 1);
2406 sigemptyset(¤t->blocked);
2407 }
2408 spin_unlock_irq(¤t->sighand->siglock);
2409 }
2410
2411
2412
2413 read_lock(&tasklist_lock);
2414 __wake_up_parent(current, current->real_parent);
2415 read_unlock(&tasklist_lock);
2416}
2417
2418
2419
2420static int selinux_sb_alloc_security(struct super_block *sb)
2421{
2422 return superblock_alloc_security(sb);
2423}
2424
2425static void selinux_sb_free_security(struct super_block *sb)
2426{
2427 superblock_free_security(sb);
2428}
2429
2430static inline int match_prefix(char *prefix, int plen, char *option, int olen)
2431{
2432 if (plen > olen)
2433 return 0;
2434
2435 return !memcmp(prefix, option, plen);
2436}
2437
2438static inline int selinux_option(char *option, int len)
2439{
2440 return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) ||
2441 match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) ||
2442 match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) ||
2443 match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) ||
2444 match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len));
2445}
2446
2447static inline void take_option(char **to, char *from, int *first, int len)
2448{
2449 if (!*first) {
2450 **to = ',';
2451 *to += 1;
2452 } else
2453 *first = 0;
2454 memcpy(*to, from, len);
2455 *to += len;
2456}
2457
2458static inline void take_selinux_option(char **to, char *from, int *first,
2459 int len)
2460{
2461 int current_size = 0;
2462
2463 if (!*first) {
2464 **to = '|';
2465 *to += 1;
2466 } else
2467 *first = 0;
2468
2469 while (current_size < len) {
2470 if (*from != '"') {
2471 **to = *from;
2472 *to += 1;
2473 }
2474 from += 1;
2475 current_size += 1;
2476 }
2477}
2478
2479static int selinux_sb_copy_data(char *orig, char *copy)
2480{
2481 int fnosec, fsec, rc = 0;
2482 char *in_save, *in_curr, *in_end;
2483 char *sec_curr, *nosec_save, *nosec;
2484 int open_quote = 0;
2485
2486 in_curr = orig;
2487 sec_curr = copy;
2488
2489 nosec = (char *)get_zeroed_page(GFP_KERNEL);
2490 if (!nosec) {
2491 rc = -ENOMEM;
2492 goto out;
2493 }
2494
2495 nosec_save = nosec;
2496 fnosec = fsec = 1;
2497 in_save = in_end = orig;
2498
2499 do {
2500 if (*in_end == '"')
2501 open_quote = !open_quote;
2502 if ((*in_end == ',' && open_quote == 0) ||
2503 *in_end == '\0') {
2504 int len = in_end - in_curr;
2505
2506 if (selinux_option(in_curr, len))
2507 take_selinux_option(&sec_curr, in_curr, &fsec, len);
2508 else
2509 take_option(&nosec, in_curr, &fnosec, len);
2510
2511 in_curr = in_end + 1;
2512 }
2513 } while (*in_end++);
2514
2515 strcpy(in_save, nosec_save);
2516 free_page((unsigned long)nosec_save);
2517out:
2518 return rc;
2519}
2520
2521static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2522{
2523 const struct cred *cred = current_cred();
2524 struct common_audit_data ad;
2525 int rc;
2526
2527 rc = superblock_doinit(sb, data);
2528 if (rc)
2529 return rc;
2530
2531
2532 if (flags & MS_KERNMOUNT)
2533 return 0;
2534
2535 COMMON_AUDIT_DATA_INIT(&ad, FS);
2536 ad.u.fs.path.dentry = sb->s_root;
2537 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2538}
2539
2540static int selinux_sb_statfs(struct dentry *dentry)
2541{
2542 const struct cred *cred = current_cred();
2543 struct common_audit_data ad;
2544
2545 COMMON_AUDIT_DATA_INIT(&ad, FS);
2546 ad.u.fs.path.dentry = dentry->d_sb->s_root;
2547 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2548}
2549
2550static int selinux_mount(char *dev_name,
2551 struct path *path,
2552 char *type,
2553 unsigned long flags,
2554 void *data)
2555{
2556 const struct cred *cred = current_cred();
2557
2558 if (flags & MS_REMOUNT)
2559 return superblock_has_perm(cred, path->mnt->mnt_sb,
2560 FILESYSTEM__REMOUNT, NULL);
2561 else
2562 return dentry_has_perm(cred, path->mnt, path->dentry,
2563 FILE__MOUNTON);
2564}
2565
2566static int selinux_umount(struct vfsmount *mnt, int flags)
2567{
2568 const struct cred *cred = current_cred();
2569
2570 return superblock_has_perm(cred, mnt->mnt_sb,
2571 FILESYSTEM__UNMOUNT, NULL);
2572}
2573
2574
2575
2576static int selinux_inode_alloc_security(struct inode *inode)
2577{
2578 return inode_alloc_security(inode);
2579}
2580
2581static void selinux_inode_free_security(struct inode *inode)
2582{
2583 inode_free_security(inode);
2584}
2585
2586static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2587 char **name, void **value,
2588 size_t *len)
2589{
2590 const struct cred *cred = current_cred();
2591 const struct task_security_struct *tsec = cred->security;
2592 struct inode_security_struct *dsec;
2593 struct superblock_security_struct *sbsec;
2594 u32 sid, newsid, clen;
2595 int rc;
2596 char *namep = NULL, *context;
2597
2598 dsec = dir->i_security;
2599 sbsec = dir->i_sb->s_security;
2600
2601 sid = tsec->sid;
2602 newsid = tsec->create_sid;
2603
2604 if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
2605 rc = security_transition_sid(sid, dsec->sid,
2606 inode_mode_to_security_class(inode->i_mode),
2607 &newsid);
2608 if (rc) {
2609 printk(KERN_WARNING "%s: "
2610 "security_transition_sid failed, rc=%d (dev=%s "
2611 "ino=%ld)\n",
2612 __func__,
2613 -rc, inode->i_sb->s_id, inode->i_ino);
2614 return rc;
2615 }
2616 }
2617
2618
2619 if (sbsec->flags & SE_SBINITIALIZED) {
2620 struct inode_security_struct *isec = inode->i_security;
2621 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2622 isec->sid = newsid;
2623 isec->initialized = 1;
2624 }
2625
2626 if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP))
2627 return -EOPNOTSUPP;
2628
2629 if (name) {
2630 namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS);
2631 if (!namep)
2632 return -ENOMEM;
2633 *name = namep;
2634 }
2635
2636 if (value && len) {
2637 rc = security_sid_to_context_force(newsid, &context, &clen);
2638 if (rc) {
2639 kfree(namep);
2640 return rc;
2641 }
2642 *value = context;
2643 *len = clen;
2644 }
2645
2646 return 0;
2647}
2648
2649static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask)
2650{
2651 return may_create(dir, dentry, SECCLASS_FILE);
2652}
2653
2654static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2655{
2656 return may_link(dir, old_dentry, MAY_LINK);
2657}
2658
2659static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2660{
2661 return may_link(dir, dentry, MAY_UNLINK);
2662}
2663
2664static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2665{
2666 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2667}
2668
2669static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask)
2670{
2671 return may_create(dir, dentry, SECCLASS_DIR);
2672}
2673
2674static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2675{
2676 return may_link(dir, dentry, MAY_RMDIR);
2677}
2678
2679static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
2680{
2681 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2682}
2683
2684static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2685 struct inode *new_inode, struct dentry *new_dentry)
2686{
2687 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2688}
2689
2690static int selinux_inode_readlink(struct dentry *dentry)
2691{
2692 const struct cred *cred = current_cred();
2693
2694 return dentry_has_perm(cred, NULL, dentry, FILE__READ);
2695}
2696
2697static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
2698{
2699 const struct cred *cred = current_cred();
2700
2701 return dentry_has_perm(cred, NULL, dentry, FILE__READ);
2702}
2703
2704static int selinux_inode_permission(struct inode *inode, int mask)
2705{
2706 const struct cred *cred = current_cred();
2707
2708 if (!mask) {
2709
2710 return 0;
2711 }
2712
2713 return inode_has_perm(cred, inode,
2714 file_mask_to_av(inode->i_mode, mask), NULL);
2715}
2716
2717static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2718{
2719 const struct cred *cred = current_cred();
2720 unsigned int ia_valid = iattr->ia_valid;
2721
2722
2723 if (ia_valid & ATTR_FORCE) {
2724 ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE |
2725 ATTR_FORCE);
2726 if (!ia_valid)
2727 return 0;
2728 }
2729
2730 if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
2731 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
2732 return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR);
2733
2734 return dentry_has_perm(cred, NULL, dentry, FILE__WRITE);
2735}
2736
2737static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
2738{
2739 const struct cred *cred = current_cred();
2740
2741 return dentry_has_perm(cred, mnt, dentry, FILE__GETATTR);
2742}
2743
2744static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
2745{
2746 const struct cred *cred = current_cred();
2747
2748 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2749 sizeof XATTR_SECURITY_PREFIX - 1)) {
2750 if (!strcmp(name, XATTR_NAME_CAPS)) {
2751 if (!capable(CAP_SETFCAP))
2752 return -EPERM;
2753 } else if (!capable(CAP_SYS_ADMIN)) {
2754
2755
2756 return -EPERM;
2757 }
2758 }
2759
2760
2761
2762 return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR);
2763}
2764
2765static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2766 const void *value, size_t size, int flags)
2767{
2768 struct inode *inode = dentry->d_inode;
2769 struct inode_security_struct *isec = inode->i_security;
2770 struct superblock_security_struct *sbsec;
2771 struct common_audit_data ad;
2772 u32 newsid, sid = current_sid();
2773 int rc = 0;
2774
2775 if (strcmp(name, XATTR_NAME_SELINUX))
2776 return selinux_inode_setotherxattr(dentry, name);
2777
2778 sbsec = inode->i_sb->s_security;
2779 if (!(sbsec->flags & SE_SBLABELSUPP))
2780 return -EOPNOTSUPP;
2781
2782 if (!is_owner_or_cap(inode))
2783 return -EPERM;
2784
2785 COMMON_AUDIT_DATA_INIT(&ad, FS);
2786 ad.u.fs.path.dentry = dentry;
2787
2788 rc = avc_has_perm(sid, isec->sid, isec->sclass,
2789 FILE__RELABELFROM, &ad);
2790 if (rc)
2791 return rc;
2792
2793 rc = security_context_to_sid(value, size, &newsid);
2794 if (rc == -EINVAL) {
2795 if (!capable(CAP_MAC_ADMIN))
2796 return rc;
2797 rc = security_context_to_sid_force(value, size, &newsid);
2798 }
2799 if (rc)
2800 return rc;
2801
2802 rc = avc_has_perm(sid, newsid, isec->sclass,
2803 FILE__RELABELTO, &ad);
2804 if (rc)
2805 return rc;
2806
2807 rc = security_validate_transition(isec->sid, newsid, sid,
2808 isec->sclass);
2809 if (rc)
2810 return rc;
2811
2812 return avc_has_perm(newsid,
2813 sbsec->sid,
2814 SECCLASS_FILESYSTEM,
2815 FILESYSTEM__ASSOCIATE,
2816 &ad);
2817}
2818
2819static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
2820 const void *value, size_t size,
2821 int flags)
2822{
2823 struct inode *inode = dentry->d_inode;
2824 struct inode_security_struct *isec = inode->i_security;
2825 u32 newsid;
2826 int rc;
2827
2828 if (strcmp(name, XATTR_NAME_SELINUX)) {
2829
2830 return;
2831 }
2832
2833 rc = security_context_to_sid_force(value, size, &newsid);
2834 if (rc) {
2835 printk(KERN_ERR "SELinux: unable to map context to SID"
2836 "for (%s, %lu), rc=%d\n",
2837 inode->i_sb->s_id, inode->i_ino, -rc);
2838 return;
2839 }
2840
2841 isec->sid = newsid;
2842 return;
2843}
2844
2845static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
2846{
2847 const struct cred *cred = current_cred();
2848
2849 return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR);
2850}
2851
2852static int selinux_inode_listxattr(struct dentry *dentry)
2853{
2854 const struct cred *cred = current_cred();
2855
2856 return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR);
2857}
2858
2859static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
2860{
2861 if (strcmp(name, XATTR_NAME_SELINUX))
2862 return selinux_inode_setotherxattr(dentry, name);
2863
2864
2865
2866 return -EACCES;
2867}
2868
2869
2870
2871
2872
2873
2874static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
2875{
2876 u32 size;
2877 int error;
2878 char *context = NULL;
2879 struct inode_security_struct *isec = inode->i_security;
2880
2881 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2882 return -EOPNOTSUPP;
2883
2884
2885
2886
2887
2888
2889
2890
2891
2892
2893 error = selinux_capable(current, current_cred(), CAP_MAC_ADMIN,
2894 SECURITY_CAP_NOAUDIT);
2895 if (!error)
2896 error = security_sid_to_context_force(isec->sid, &context,
2897 &size);
2898 else
2899 error = security_sid_to_context(isec->sid, &context, &size);
2900 if (error)
2901 return error;
2902 error = size;
2903 if (alloc) {
2904 *buffer = context;
2905 goto out_nofree;
2906 }
2907 kfree(context);
2908out_nofree:
2909 return error;
2910}
2911
2912static int selinux_inode_setsecurity(struct inode *inode, const char *name,
2913 const void *value, size_t size, int flags)
2914{
2915 struct inode_security_struct *isec = inode->i_security;
2916 u32 newsid;
2917 int rc;
2918
2919 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2920 return -EOPNOTSUPP;
2921
2922 if (!value || !size)
2923 return -EACCES;
2924
2925 rc = security_context_to_sid((void *)value, size, &newsid);
2926 if (rc)
2927 return rc;
2928
2929 isec->sid = newsid;
2930 isec->initialized = 1;
2931 return 0;
2932}
2933
2934static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
2935{
2936 const int len = sizeof(XATTR_NAME_SELINUX);
2937 if (buffer && len <= buffer_size)
2938 memcpy(buffer, XATTR_NAME_SELINUX, len);
2939 return len;
2940}
2941
2942static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
2943{
2944 struct inode_security_struct *isec = inode->i_security;
2945 *secid = isec->sid;
2946}
2947
2948
2949
2950static int selinux_revalidate_file_permission(struct file *file, int mask)
2951{
2952 const struct cred *cred = current_cred();
2953 struct inode *inode = file->f_path.dentry->d_inode;
2954
2955
2956 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
2957 mask |= MAY_APPEND;
2958
2959 return file_has_perm(cred, file,
2960 file_mask_to_av(inode->i_mode, mask));
2961}
2962
2963static int selinux_file_permission(struct file *file, int mask)
2964{
2965 struct inode *inode = file->f_path.dentry->d_inode;
2966 struct file_security_struct *fsec = file->f_security;
2967 struct inode_security_struct *isec = inode->i_security;
2968 u32 sid = current_sid();
2969
2970 if (!mask)
2971
2972 return 0;
2973
2974 if (sid == fsec->sid && fsec->isid == isec->sid &&
2975 fsec->pseqno == avc_policy_seqno())
2976
2977 return 0;
2978
2979 return selinux_revalidate_file_permission(file, mask);
2980}
2981
2982static int selinux_file_alloc_security(struct file *file)
2983{
2984 return file_alloc_security(file);
2985}
2986
2987static void selinux_file_free_security(struct file *file)
2988{
2989 file_free_security(file);
2990}
2991
2992static int selinux_file_ioctl(struct file *file, unsigned int cmd,
2993 unsigned long arg)
2994{
2995 const struct cred *cred = current_cred();
2996 u32 av = 0;
2997
2998 if (_IOC_DIR(cmd) & _IOC_WRITE)
2999 av |= FILE__WRITE;
3000 if (_IOC_DIR(cmd) & _IOC_READ)
3001 av |= FILE__READ;
3002 if (!av)
3003 av = FILE__IOCTL;
3004
3005 return file_has_perm(cred, file, av);
3006}
3007
3008static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
3009{
3010 const struct cred *cred = current_cred();
3011 int rc = 0;
3012
3013#ifndef CONFIG_PPC32
3014 if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
3015
3016
3017
3018
3019
3020 rc = cred_has_perm(cred, cred, PROCESS__EXECMEM);
3021 if (rc)
3022 goto error;
3023 }
3024#endif
3025
3026 if (file) {
3027
3028 u32 av = FILE__READ;
3029
3030
3031 if (shared && (prot & PROT_WRITE))
3032 av |= FILE__WRITE;
3033
3034 if (prot & PROT_EXEC)
3035 av |= FILE__EXECUTE;
3036
3037 return file_has_perm(cred, file, av);
3038 }
3039
3040error:
3041 return rc;
3042}
3043
3044static int selinux_file_mmap(struct file *file, unsigned long reqprot,
3045 unsigned long prot, unsigned long flags,
3046 unsigned long addr, unsigned long addr_only)
3047{
3048 int rc = 0;
3049 u32 sid = current_sid();
3050
3051
3052
3053
3054
3055
3056
3057 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
3058 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
3059 MEMPROTECT__MMAP_ZERO, NULL);
3060 if (rc)
3061 return rc;
3062 }
3063
3064
3065 rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
3066 if (rc || addr_only)
3067 return rc;
3068
3069 if (selinux_checkreqprot)
3070 prot = reqprot;
3071
3072 return file_map_prot_check(file, prot,
3073 (flags & MAP_TYPE) == MAP_SHARED);
3074}
3075
3076static int selinux_file_mprotect(struct vm_area_struct *vma,
3077 unsigned long reqprot,
3078 unsigned long prot)
3079{
3080 const struct cred *cred = current_cred();
3081
3082 if (selinux_checkreqprot)
3083 prot = reqprot;
3084
3085#ifndef CONFIG_PPC32
3086 if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3087 int rc = 0;
3088 if (vma->vm_start >= vma->vm_mm->start_brk &&
3089 vma->vm_end <= vma->vm_mm->brk) {
3090 rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP);
3091 } else if (!vma->vm_file &&
3092 vma->vm_start <= vma->vm_mm->start_stack &&
3093 vma->vm_end >= vma->vm_mm->start_stack) {
3094 rc = current_has_perm(current, PROCESS__EXECSTACK);
3095 } else if (vma->vm_file && vma->anon_vma) {
3096
3097
3098
3099
3100
3101
3102
3103 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3104 }
3105 if (rc)
3106 return rc;
3107 }
3108#endif
3109
3110 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3111}
3112
3113static int selinux_file_lock(struct file *file, unsigned int cmd)
3114{
3115 const struct cred *cred = current_cred();
3116
3117 return file_has_perm(cred, file, FILE__LOCK);
3118}
3119
3120static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3121 unsigned long arg)
3122{
3123 const struct cred *cred = current_cred();
3124 int err = 0;
3125
3126 switch (cmd) {
3127 case F_SETFL:
3128 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3129 err = -EINVAL;
3130 break;
3131 }
3132
3133 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3134 err = file_has_perm(cred, file, FILE__WRITE);
3135 break;
3136 }
3137
3138 case F_SETOWN:
3139 case F_SETSIG:
3140 case F_GETFL:
3141 case F_GETOWN:
3142 case F_GETSIG:
3143
3144 err = file_has_perm(cred, file, 0);
3145 break;
3146 case F_GETLK:
3147 case F_SETLK:
3148 case F_SETLKW:
3149#if BITS_PER_LONG == 32
3150 case F_GETLK64:
3151 case F_SETLK64:
3152 case F_SETLKW64:
3153#endif
3154 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3155 err = -EINVAL;
3156 break;
3157 }
3158 err = file_has_perm(cred, file, FILE__LOCK);
3159 break;
3160 }
3161
3162 return err;
3163}
3164
3165static int selinux_file_set_fowner(struct file *file)
3166{
3167 struct file_security_struct *fsec;
3168
3169 fsec = file->f_security;
3170 fsec->fown_sid = current_sid();
3171
3172 return 0;
3173}
3174
3175static int selinux_file_send_sigiotask(struct task_struct *tsk,
3176 struct fown_struct *fown, int signum)
3177{
3178 struct file *file;
3179 u32 sid = task_sid(tsk);
3180 u32 perm;
3181 struct file_security_struct *fsec;
3182
3183
3184 file = container_of(fown, struct file, f_owner);
3185
3186 fsec = file->f_security;
3187
3188 if (!signum)
3189 perm = signal_to_av(SIGIO);
3190 else
3191 perm = signal_to_av(signum);
3192
3193 return avc_has_perm(fsec->fown_sid, sid,
3194 SECCLASS_PROCESS, perm, NULL);
3195}
3196
3197static int selinux_file_receive(struct file *file)
3198{
3199 const struct cred *cred = current_cred();
3200
3201 return file_has_perm(cred, file, file_to_av(file));
3202}
3203
3204static int selinux_dentry_open(struct file *file, const struct cred *cred)
3205{
3206 struct file_security_struct *fsec;
3207 struct inode *inode;
3208 struct inode_security_struct *isec;
3209
3210 inode = file->f_path.dentry->d_inode;
3211 fsec = file->f_security;
3212 isec = inode->i_security;
3213
3214
3215
3216
3217
3218
3219
3220 fsec->isid = isec->sid;
3221 fsec->pseqno = avc_policy_seqno();
3222
3223
3224
3225
3226
3227
3228
3229
3230 return inode_has_perm(cred, inode, open_file_to_av(file), NULL);
3231}
3232
3233
3234
3235static int selinux_task_create(unsigned long clone_flags)
3236{
3237 return current_has_perm(current, PROCESS__FORK);
3238}
3239
3240
3241
3242
3243static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp)
3244{
3245 struct task_security_struct *tsec;
3246
3247 tsec = kzalloc(sizeof(struct task_security_struct), gfp);
3248 if (!tsec)
3249 return -ENOMEM;
3250
3251 cred->security = tsec;
3252 return 0;
3253}
3254
3255
3256
3257
3258static void selinux_cred_free(struct cred *cred)
3259{
3260 struct task_security_struct *tsec = cred->security;
3261
3262 BUG_ON((unsigned long) cred->security < PAGE_SIZE);
3263 cred->security = (void *) 0x7UL;
3264 kfree(tsec);
3265}
3266
3267
3268
3269
3270static int selinux_cred_prepare(struct cred *new, const struct cred *old,
3271 gfp_t gfp)
3272{
3273 const struct task_security_struct *old_tsec;
3274 struct task_security_struct *tsec;
3275
3276 old_tsec = old->security;
3277
3278 tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp);
3279 if (!tsec)
3280 return -ENOMEM;
3281
3282 new->security = tsec;
3283 return 0;
3284}
3285
3286
3287
3288
3289static void selinux_cred_transfer(struct cred *new, const struct cred *old)
3290{
3291 const struct task_security_struct *old_tsec = old->security;
3292 struct task_security_struct *tsec = new->security;
3293
3294 *tsec = *old_tsec;
3295}
3296
3297
3298
3299
3300
3301static int selinux_kernel_act_as(struct cred *new, u32 secid)
3302{
3303 struct task_security_struct *tsec = new->security;
3304 u32 sid = current_sid();
3305 int ret;
3306
3307 ret = avc_has_perm(sid, secid,
3308 SECCLASS_KERNEL_SERVICE,
3309 KERNEL_SERVICE__USE_AS_OVERRIDE,
3310 NULL);
3311 if (ret == 0) {
3312 tsec->sid = secid;
3313 tsec->create_sid = 0;
3314 tsec->keycreate_sid = 0;
3315 tsec->sockcreate_sid = 0;
3316 }
3317 return ret;
3318}
3319
3320
3321
3322
3323
3324static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3325{
3326 struct inode_security_struct *isec = inode->i_security;
3327 struct task_security_struct *tsec = new->security;
3328 u32 sid = current_sid();
3329 int ret;
3330
3331 ret = avc_has_perm(sid, isec->sid,
3332 SECCLASS_KERNEL_SERVICE,
3333 KERNEL_SERVICE__CREATE_FILES_AS,
3334 NULL);
3335
3336 if (ret == 0)
3337 tsec->create_sid = isec->sid;
3338 return 0;
3339}
3340
3341static int selinux_kernel_module_request(void)
3342{
3343 return task_has_system(current, SYSTEM__MODULE_REQUEST);
3344}
3345
3346static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
3347{
3348 return current_has_perm(p, PROCESS__SETPGID);
3349}
3350
3351static int selinux_task_getpgid(struct task_struct *p)
3352{
3353 return current_has_perm(p, PROCESS__GETPGID);
3354}
3355
3356static int selinux_task_getsid(struct task_struct *p)
3357{
3358 return current_has_perm(p, PROCESS__GETSESSION);
3359}
3360
3361static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
3362{
3363 *secid = task_sid(p);
3364}
3365
3366static int selinux_task_setnice(struct task_struct *p, int nice)
3367{
3368 int rc;
3369
3370 rc = cap_task_setnice(p, nice);
3371 if (rc)
3372 return rc;
3373
3374 return current_has_perm(p, PROCESS__SETSCHED);
3375}
3376
3377static int selinux_task_setioprio(struct task_struct *p, int ioprio)
3378{
3379 int rc;
3380
3381 rc = cap_task_setioprio(p, ioprio);
3382 if (rc)
3383 return rc;
3384
3385 return current_has_perm(p, PROCESS__SETSCHED);
3386}
3387
3388static int selinux_task_getioprio(struct task_struct *p)
3389{
3390 return current_has_perm(p, PROCESS__GETSCHED);
3391}
3392
3393static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim)
3394{
3395 struct rlimit *old_rlim = current->signal->rlim + resource;
3396
3397
3398
3399
3400
3401 if (old_rlim->rlim_max != new_rlim->rlim_max)
3402 return current_has_perm(current, PROCESS__SETRLIMIT);
3403
3404 return 0;
3405}
3406
3407static int selinux_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp)
3408{
3409 int rc;
3410
3411 rc = cap_task_setscheduler(p, policy, lp);
3412 if (rc)
3413 return rc;
3414
3415 return current_has_perm(p, PROCESS__SETSCHED);
3416}
3417
3418static int selinux_task_getscheduler(struct task_struct *p)
3419{
3420 return current_has_perm(p, PROCESS__GETSCHED);
3421}
3422
3423static int selinux_task_movememory(struct task_struct *p)
3424{
3425 return current_has_perm(p, PROCESS__SETSCHED);
3426}
3427
3428static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
3429 int sig, u32 secid)
3430{
3431 u32 perm;
3432 int rc;
3433
3434 if (!sig)
3435 perm = PROCESS__SIGNULL;
3436 else
3437 perm = signal_to_av(sig);
3438 if (secid)
3439 rc = avc_has_perm(secid, task_sid(p),
3440 SECCLASS_PROCESS, perm, NULL);
3441 else
3442 rc = current_has_perm(p, perm);
3443 return rc;
3444}
3445
3446static int selinux_task_wait(struct task_struct *p)
3447{
3448 return task_has_perm(p, current, PROCESS__SIGCHLD);
3449}
3450
3451static void selinux_task_to_inode(struct task_struct *p,
3452 struct inode *inode)
3453{
3454 struct inode_security_struct *isec = inode->i_security;
3455 u32 sid = task_sid(p);
3456
3457 isec->sid = sid;
3458 isec->initialized = 1;
3459}
3460
3461
3462static int selinux_parse_skb_ipv4(struct sk_buff *skb,
3463 struct common_audit_data *ad, u8 *proto)
3464{
3465 int offset, ihlen, ret = -EINVAL;
3466 struct iphdr _iph, *ih;
3467
3468 offset = skb_network_offset(skb);
3469 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
3470 if (ih == NULL)
3471 goto out;
3472
3473 ihlen = ih->ihl * 4;
3474 if (ihlen < sizeof(_iph))
3475 goto out;
3476
3477 ad->u.net.v4info.saddr = ih->saddr;
3478 ad->u.net.v4info.daddr = ih->daddr;
3479 ret = 0;
3480
3481 if (proto)
3482 *proto = ih->protocol;
3483
3484 switch (ih->protocol) {
3485 case IPPROTO_TCP: {
3486 struct tcphdr _tcph, *th;
3487
3488 if (ntohs(ih->frag_off) & IP_OFFSET)
3489 break;
3490
3491 offset += ihlen;
3492 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3493 if (th == NULL)
3494 break;
3495
3496 ad->u.net.sport = th->source;
3497 ad->u.net.dport = th->dest;
3498 break;
3499 }
3500
3501 case IPPROTO_UDP: {
3502 struct udphdr _udph, *uh;
3503
3504 if (ntohs(ih->frag_off) & IP_OFFSET)
3505 break;
3506
3507 offset += ihlen;
3508 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3509 if (uh == NULL)
3510 break;
3511
3512 ad->u.net.sport = uh->source;
3513 ad->u.net.dport = uh->dest;
3514 break;
3515 }
3516
3517 case IPPROTO_DCCP: {
3518 struct dccp_hdr _dccph, *dh;
3519
3520 if (ntohs(ih->frag_off) & IP_OFFSET)
3521 break;
3522
3523 offset += ihlen;
3524 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3525 if (dh == NULL)
3526 break;
3527
3528 ad->u.net.sport = dh->dccph_sport;
3529 ad->u.net.dport = dh->dccph_dport;
3530 break;
3531 }
3532
3533 default:
3534 break;
3535 }
3536out:
3537 return ret;
3538}
3539
3540#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3541
3542
3543static int selinux_parse_skb_ipv6(struct sk_buff *skb,
3544 struct common_audit_data *ad, u8 *proto)
3545{
3546 u8 nexthdr;
3547 int ret = -EINVAL, offset;
3548 struct ipv6hdr _ipv6h, *ip6;
3549
3550 offset = skb_network_offset(skb);
3551 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3552 if (ip6 == NULL)
3553 goto out;
3554
3555 ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr);
3556 ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr);
3557 ret = 0;
3558
3559 nexthdr = ip6->nexthdr;
3560 offset += sizeof(_ipv6h);
3561 offset = ipv6_skip_exthdr(skb, offset, &nexthdr);
3562 if (offset < 0)
3563 goto out;
3564
3565 if (proto)
3566 *proto = nexthdr;
3567
3568 switch (nexthdr) {
3569 case IPPROTO_TCP: {
3570 struct tcphdr _tcph, *th;
3571
3572 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3573 if (th == NULL)
3574 break;
3575
3576 ad->u.net.sport = th->source;
3577 ad->u.net.dport = th->dest;
3578 break;
3579 }
3580
3581 case IPPROTO_UDP: {
3582 struct udphdr _udph, *uh;
3583
3584 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3585 if (uh == NULL)
3586 break;
3587
3588 ad->u.net.sport = uh->source;
3589 ad->u.net.dport = uh->dest;
3590 break;
3591 }
3592
3593 case IPPROTO_DCCP: {
3594 struct dccp_hdr _dccph, *dh;
3595
3596 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3597 if (dh == NULL)
3598 break;
3599
3600 ad->u.net.sport = dh->dccph_sport;
3601 ad->u.net.dport = dh->dccph_dport;
3602 break;
3603 }
3604
3605
3606 default:
3607 break;
3608 }
3609out:
3610 return ret;
3611}
3612
3613#endif
3614
3615static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
3616 char **_addrp, int src, u8 *proto)
3617{
3618 char *addrp;
3619 int ret;
3620
3621 switch (ad->u.net.family) {
3622 case PF_INET:
3623 ret = selinux_parse_skb_ipv4(skb, ad, proto);
3624 if (ret)
3625 goto parse_error;
3626 addrp = (char *)(src ? &ad->u.net.v4info.saddr :
3627 &ad->u.net.v4info.daddr);
3628 goto okay;
3629
3630#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3631 case PF_INET6:
3632 ret = selinux_parse_skb_ipv6(skb, ad, proto);
3633 if (ret)
3634 goto parse_error;
3635 addrp = (char *)(src ? &ad->u.net.v6info.saddr :
3636 &ad->u.net.v6info.daddr);
3637 goto okay;
3638#endif
3639 default:
3640 addrp = NULL;
3641 goto okay;
3642 }
3643
3644parse_error:
3645 printk(KERN_WARNING
3646 "SELinux: failure in selinux_parse_skb(),"
3647 " unable to parse packet\n");
3648 return ret;
3649
3650okay:
3651 if (_addrp)
3652 *_addrp = addrp;
3653 return 0;
3654}
3655
3656
3657
3658
3659
3660
3661
3662
3663
3664
3665
3666
3667
3668
3669
3670
3671static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
3672{
3673 int err;
3674 u32 xfrm_sid;
3675 u32 nlbl_sid;
3676 u32 nlbl_type;
3677
3678 selinux_skb_xfrm_sid(skb, &xfrm_sid);
3679 selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
3680
3681 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
3682 if (unlikely(err)) {
3683 printk(KERN_WARNING
3684 "SELinux: failure in selinux_skb_peerlbl_sid(),"
3685 " unable to determine packet's peer label\n");
3686 return -EACCES;
3687 }
3688
3689 return 0;
3690}
3691
3692
3693static int socket_has_perm(struct task_struct *task, struct socket *sock,
3694 u32 perms)
3695{
3696 struct inode_security_struct *isec;
3697 struct common_audit_data ad;
3698 u32 sid;
3699 int err = 0;
3700
3701 isec = SOCK_INODE(sock)->i_security;
3702
3703 if (isec->sid == SECINITSID_KERNEL)
3704 goto out;
3705 sid = task_sid(task);
3706
3707 COMMON_AUDIT_DATA_INIT(&ad, NET);
3708 ad.u.net.sk = sock->sk;
3709 err = avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
3710
3711out:
3712 return err;
3713}
3714
3715static int selinux_socket_create(int family, int type,
3716 int protocol, int kern)
3717{
3718 const struct cred *cred = current_cred();
3719 const struct task_security_struct *tsec = cred->security;
3720 u32 sid, newsid;
3721 u16 secclass;
3722 int err = 0;
3723
3724 if (kern)
3725 goto out;
3726
3727 sid = tsec->sid;
3728 newsid = tsec->sockcreate_sid ?: sid;
3729
3730 secclass = socket_type_to_security_class(family, type, protocol);
3731 err = avc_has_perm(sid, newsid, secclass, SOCKET__CREATE, NULL);
3732
3733out:
3734 return err;
3735}
3736
3737static int selinux_socket_post_create(struct socket *sock, int family,
3738 int type, int protocol, int kern)
3739{
3740 const struct cred *cred = current_cred();
3741 const struct task_security_struct *tsec = cred->security;
3742 struct inode_security_struct *isec;
3743 struct sk_security_struct *sksec;
3744 u32 sid, newsid;
3745 int err = 0;
3746
3747 sid = tsec->sid;
3748 newsid = tsec->sockcreate_sid;
3749
3750 isec = SOCK_INODE(sock)->i_security;
3751
3752 if (kern)
3753 isec->sid = SECINITSID_KERNEL;
3754 else if (newsid)
3755 isec->sid = newsid;
3756 else
3757 isec->sid = sid;
3758
3759 isec->sclass = socket_type_to_security_class(family, type, protocol);
3760 isec->initialized = 1;
3761
3762 if (sock->sk) {
3763 sksec = sock->sk->sk_security;
3764 sksec->sid = isec->sid;
3765 sksec->sclass = isec->sclass;
3766 err = selinux_netlbl_socket_post_create(sock->sk, family);
3767 }
3768
3769 return err;
3770}
3771
3772
3773
3774
3775
3776static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
3777{
3778 u16 family;
3779 int err;
3780
3781 err = socket_has_perm(current, sock, SOCKET__BIND);
3782 if (err)
3783 goto out;
3784
3785
3786
3787
3788
3789
3790 family = sock->sk->sk_family;
3791 if (family == PF_INET || family == PF_INET6) {
3792 char *addrp;
3793 struct inode_security_struct *isec;
3794 struct common_audit_data ad;
3795 struct sockaddr_in *addr4 = NULL;
3796 struct sockaddr_in6 *addr6 = NULL;
3797 unsigned short snum;
3798 struct sock *sk = sock->sk;
3799 u32 sid, node_perm;
3800
3801 isec = SOCK_INODE(sock)->i_security;
3802
3803 if (family == PF_INET) {
3804 addr4 = (struct sockaddr_in *)address;
3805 snum = ntohs(addr4->sin_port);
3806 addrp = (char *)&addr4->sin_addr.s_addr;
3807 } else {
3808 addr6 = (struct sockaddr_in6 *)address;
3809 snum = ntohs(addr6->sin6_port);
3810 addrp = (char *)&addr6->sin6_addr.s6_addr;
3811 }
3812
3813 if (snum) {
3814 int low, high;
3815
3816 inet_get_local_port_range(&low, &high);
3817
3818 if (snum < max(PROT_SOCK, low) || snum > high) {
3819 err = sel_netport_sid(sk->sk_protocol,
3820 snum, &sid);
3821 if (err)
3822 goto out;
3823 COMMON_AUDIT_DATA_INIT(&ad, NET);
3824 ad.u.net.sport = htons(snum);
3825 ad.u.net.family = family;
3826 err = avc_has_perm(isec->sid, sid,
3827 isec->sclass,
3828 SOCKET__NAME_BIND, &ad);
3829 if (err)
3830 goto out;
3831 }
3832 }
3833
3834 switch (isec->sclass) {
3835 case SECCLASS_TCP_SOCKET:
3836 node_perm = TCP_SOCKET__NODE_BIND;
3837 break;
3838
3839 case SECCLASS_UDP_SOCKET:
3840 node_perm = UDP_SOCKET__NODE_BIND;
3841 break;
3842
3843 case SECCLASS_DCCP_SOCKET:
3844 node_perm = DCCP_SOCKET__NODE_BIND;
3845 break;
3846
3847 default:
3848 node_perm = RAWIP_SOCKET__NODE_BIND;
3849 break;
3850 }
3851
3852 err = sel_netnode_sid(addrp, family, &sid);
3853 if (err)
3854 goto out;
3855
3856 COMMON_AUDIT_DATA_INIT(&ad, NET);
3857 ad.u.net.sport = htons(snum);
3858 ad.u.net.family = family;
3859
3860 if (family == PF_INET)
3861 ad.u.net.v4info.saddr = addr4->sin_addr.s_addr;
3862 else
3863 ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr);
3864
3865 err = avc_has_perm(isec->sid, sid,
3866 isec->sclass, node_perm, &ad);
3867 if (err)
3868 goto out;
3869 }
3870out:
3871 return err;
3872}
3873
3874static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
3875{
3876 struct sock *sk = sock->sk;
3877 struct inode_security_struct *isec;
3878 int err;
3879
3880 err = socket_has_perm(current, sock, SOCKET__CONNECT);
3881 if (err)
3882 return err;
3883
3884
3885
3886
3887 isec = SOCK_INODE(sock)->i_security;
3888 if (isec->sclass == SECCLASS_TCP_SOCKET ||
3889 isec->sclass == SECCLASS_DCCP_SOCKET) {
3890 struct common_audit_data ad;
3891 struct sockaddr_in *addr4 = NULL;
3892 struct sockaddr_in6 *addr6 = NULL;
3893 unsigned short snum;
3894 u32 sid, perm;
3895
3896 if (sk->sk_family == PF_INET) {
3897 addr4 = (struct sockaddr_in *)address;
3898 if (addrlen < sizeof(struct sockaddr_in))
3899 return -EINVAL;
3900 snum = ntohs(addr4->sin_port);
3901 } else {
3902 addr6 = (struct sockaddr_in6 *)address;
3903 if (addrlen < SIN6_LEN_RFC2133)
3904 return -EINVAL;
3905 snum = ntohs(addr6->sin6_port);
3906 }
3907
3908 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
3909 if (err)
3910 goto out;
3911
3912 perm = (isec->sclass == SECCLASS_TCP_SOCKET) ?
3913 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
3914
3915 COMMON_AUDIT_DATA_INIT(&ad, NET);
3916 ad.u.net.dport = htons(snum);
3917 ad.u.net.family = sk->sk_family;
3918 err = avc_has_perm(isec->sid, sid, isec->sclass, perm, &ad);
3919 if (err)
3920 goto out;
3921 }
3922
3923 err = selinux_netlbl_socket_connect(sk, address);
3924
3925out:
3926 return err;
3927}
3928
3929static int selinux_socket_listen(struct socket *sock, int backlog)
3930{
3931 return socket_has_perm(current, sock, SOCKET__LISTEN);
3932}
3933
3934static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
3935{
3936 int err;
3937 struct inode_security_struct *isec;
3938 struct inode_security_struct *newisec;
3939
3940 err = socket_has_perm(current, sock, SOCKET__ACCEPT);
3941 if (err)
3942 return err;
3943
3944 newisec = SOCK_INODE(newsock)->i_security;
3945
3946 isec = SOCK_INODE(sock)->i_security;
3947 newisec->sclass = isec->sclass;
3948 newisec->sid = isec->sid;
3949 newisec->initialized = 1;
3950
3951 return 0;
3952}
3953
3954static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3955 int size)
3956{
3957 return socket_has_perm(current, sock, SOCKET__WRITE);
3958}
3959
3960static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
3961 int size, int flags)
3962{
3963 return socket_has_perm(current, sock, SOCKET__READ);
3964}
3965
3966static int selinux_socket_getsockname(struct socket *sock)
3967{
3968 return socket_has_perm(current, sock, SOCKET__GETATTR);
3969}
3970
3971static int selinux_socket_getpeername(struct socket *sock)
3972{
3973 return socket_has_perm(current, sock, SOCKET__GETATTR);
3974}
3975
3976static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
3977{
3978 int err;
3979
3980 err = socket_has_perm(current, sock, SOCKET__SETOPT);
3981 if (err)
3982 return err;
3983
3984 return selinux_netlbl_socket_setsockopt(sock, level, optname);
3985}
3986
3987static int selinux_socket_getsockopt(struct socket *sock, int level,
3988 int optname)
3989{
3990 return socket_has_perm(current, sock, SOCKET__GETOPT);
3991}
3992
3993static int selinux_socket_shutdown(struct socket *sock, int how)
3994{
3995 return socket_has_perm(current, sock, SOCKET__SHUTDOWN);
3996}
3997
3998static int selinux_socket_unix_stream_connect(struct socket *sock,
3999 struct socket *other,
4000 struct sock *newsk)
4001{
4002 struct sk_security_struct *ssec;
4003 struct inode_security_struct *isec;
4004 struct inode_security_struct *other_isec;
4005 struct common_audit_data ad;
4006 int err;
4007
4008 isec = SOCK_INODE(sock)->i_security;
4009 other_isec = SOCK_INODE(other)->i_security;
4010
4011 COMMON_AUDIT_DATA_INIT(&ad, NET);
4012 ad.u.net.sk = other->sk;
4013
4014 err = avc_has_perm(isec->sid, other_isec->sid,
4015 isec->sclass,
4016 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
4017 if (err)
4018 return err;
4019
4020
4021 ssec = sock->sk->sk_security;
4022 ssec->peer_sid = other_isec->sid;
4023
4024
4025 ssec = newsk->sk_security;
4026 ssec->peer_sid = isec->sid;
4027 err = security_sid_mls_copy(other_isec->sid, ssec->peer_sid, &ssec->sid);
4028
4029 return err;
4030}
4031
4032static int selinux_socket_unix_may_send(struct socket *sock,
4033 struct socket *other)
4034{
4035 struct inode_security_struct *isec;
4036 struct inode_security_struct *other_isec;
4037 struct common_audit_data ad;
4038 int err;
4039
4040 isec = SOCK_INODE(sock)->i_security;
4041 other_isec = SOCK_INODE(other)->i_security;
4042
4043 COMMON_AUDIT_DATA_INIT(&ad, NET);
4044 ad.u.net.sk = other->sk;
4045
4046 err = avc_has_perm(isec->sid, other_isec->sid,
4047 isec->sclass, SOCKET__SENDTO, &ad);
4048 if (err)
4049 return err;
4050
4051 return 0;
4052}
4053
4054static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family,
4055 u32 peer_sid,
4056 struct common_audit_data *ad)
4057{
4058 int err;
4059 u32 if_sid;
4060 u32 node_sid;
4061
4062 err = sel_netif_sid(ifindex, &if_sid);
4063 if (err)
4064 return err;
4065 err = avc_has_perm(peer_sid, if_sid,
4066 SECCLASS_NETIF, NETIF__INGRESS, ad);
4067 if (err)
4068 return err;
4069
4070 err = sel_netnode_sid(addrp, family, &node_sid);
4071 if (err)
4072 return err;
4073 return avc_has_perm(peer_sid, node_sid,
4074 SECCLASS_NODE, NODE__RECVFROM, ad);
4075}
4076
4077static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4078 u16 family)
4079{
4080 int err = 0;
4081 struct sk_security_struct *sksec = sk->sk_security;
4082 u32 peer_sid;
4083 u32 sk_sid = sksec->sid;
4084 struct common_audit_data ad;
4085 char *addrp;
4086
4087 COMMON_AUDIT_DATA_INIT(&ad, NET);
4088 ad.u.net.netif = skb->iif;
4089 ad.u.net.family = family;
4090 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4091 if (err)
4092 return err;
4093
4094 if (selinux_secmark_enabled()) {
4095 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4096 PACKET__RECV, &ad);
4097 if (err)
4098 return err;
4099 }
4100
4101 if (selinux_policycap_netpeer) {
4102 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4103 if (err)
4104 return err;
4105 err = avc_has_perm(sk_sid, peer_sid,
4106 SECCLASS_PEER, PEER__RECV, &ad);
4107 if (err)
4108 selinux_netlbl_err(skb, err, 0);
4109 } else {
4110 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
4111 if (err)
4112 return err;
4113 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
4114 }
4115
4116 return err;
4117}
4118
4119static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4120{
4121 int err;
4122 struct sk_security_struct *sksec = sk->sk_security;
4123 u16 family = sk->sk_family;
4124 u32 sk_sid = sksec->sid;
4125 struct common_audit_data ad;
4126 char *addrp;
4127 u8 secmark_active;
4128 u8 peerlbl_active;
4129
4130 if (family != PF_INET && family != PF_INET6)
4131 return 0;
4132
4133
4134 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4135 family = PF_INET;
4136
4137
4138
4139
4140
4141 if (!selinux_policycap_netpeer)
4142 return selinux_sock_rcv_skb_compat(sk, skb, family);
4143
4144 secmark_active = selinux_secmark_enabled();
4145 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4146 if (!secmark_active && !peerlbl_active)
4147 return 0;
4148
4149 COMMON_AUDIT_DATA_INIT(&ad, NET);
4150 ad.u.net.netif = skb->iif;
4151 ad.u.net.family = family;
4152 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4153 if (err)
4154 return err;
4155
4156 if (peerlbl_active) {
4157 u32 peer_sid;
4158
4159 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4160 if (err)
4161 return err;
4162 err = selinux_inet_sys_rcv_skb(skb->iif, addrp, family,
4163 peer_sid, &ad);
4164 if (err) {
4165 selinux_netlbl_err(skb, err, 0);
4166 return err;
4167 }
4168 err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
4169 PEER__RECV, &ad);
4170 if (err)
4171 selinux_netlbl_err(skb, err, 0);
4172 }
4173
4174 if (secmark_active) {
4175 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4176 PACKET__RECV, &ad);
4177 if (err)
4178 return err;
4179 }
4180
4181 return err;
4182}
4183
4184static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
4185 int __user *optlen, unsigned len)
4186{
4187 int err = 0;
4188 char *scontext;
4189 u32 scontext_len;
4190 struct sk_security_struct *ssec;
4191 struct inode_security_struct *isec;
4192 u32 peer_sid = SECSID_NULL;
4193
4194 isec = SOCK_INODE(sock)->i_security;
4195
4196 if (isec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
4197 isec->sclass == SECCLASS_TCP_SOCKET) {
4198 ssec = sock->sk->sk_security;
4199 peer_sid = ssec->peer_sid;
4200 }
4201 if (peer_sid == SECSID_NULL) {
4202 err = -ENOPROTOOPT;
4203 goto out;
4204 }
4205
4206 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
4207
4208 if (err)
4209 goto out;
4210
4211 if (scontext_len > len) {
4212 err = -ERANGE;
4213 goto out_len;
4214 }
4215
4216 if (copy_to_user(optval, scontext, scontext_len))
4217 err = -EFAULT;
4218
4219out_len:
4220 if (put_user(scontext_len, optlen))
4221 err = -EFAULT;
4222
4223 kfree(scontext);
4224out:
4225 return err;
4226}
4227
4228static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
4229{
4230 u32 peer_secid = SECSID_NULL;
4231 u16 family;
4232
4233 if (skb && skb->protocol == htons(ETH_P_IP))
4234 family = PF_INET;
4235 else if (skb && skb->protocol == htons(ETH_P_IPV6))
4236 family = PF_INET6;
4237 else if (sock)
4238 family = sock->sk->sk_family;
4239 else
4240 goto out;
4241
4242 if (sock && family == PF_UNIX)
4243 selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
4244 else if (skb)
4245 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
4246
4247out:
4248 *secid = peer_secid;
4249 if (peer_secid == SECSID_NULL)
4250 return -EINVAL;
4251 return 0;
4252}
4253
4254static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
4255{
4256 return sk_alloc_security(sk, family, priority);
4257}
4258
4259static void selinux_sk_free_security(struct sock *sk)
4260{
4261 sk_free_security(sk);
4262}
4263
4264static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
4265{
4266 struct sk_security_struct *ssec = sk->sk_security;
4267 struct sk_security_struct *newssec = newsk->sk_security;
4268
4269 newssec->sid = ssec->sid;
4270 newssec->peer_sid = ssec->peer_sid;
4271 newssec->sclass = ssec->sclass;
4272
4273 selinux_netlbl_sk_security_reset(newssec);
4274}
4275
4276static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
4277{
4278 if (!sk)
4279 *secid = SECINITSID_ANY_SOCKET;
4280 else {
4281 struct sk_security_struct *sksec = sk->sk_security;
4282
4283 *secid = sksec->sid;
4284 }
4285}
4286
4287static void selinux_sock_graft(struct sock *sk, struct socket *parent)
4288{
4289 struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
4290 struct sk_security_struct *sksec = sk->sk_security;
4291
4292 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
4293 sk->sk_family == PF_UNIX)
4294 isec->sid = sksec->sid;
4295 sksec->sclass = isec->sclass;
4296}
4297
4298static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4299 struct request_sock *req)
4300{
4301 struct sk_security_struct *sksec = sk->sk_security;
4302 int err;
4303 u16 family = sk->sk_family;
4304 u32 newsid;
4305 u32 peersid;
4306
4307
4308 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4309 family = PF_INET;
4310
4311 err = selinux_skb_peerlbl_sid(skb, family, &peersid);
4312 if (err)
4313 return err;
4314 if (peersid == SECSID_NULL) {
4315 req->secid = sksec->sid;
4316 req->peer_secid = SECSID_NULL;
4317 } else {
4318 err = security_sid_mls_copy(sksec->sid, peersid, &newsid);
4319 if (err)
4320 return err;
4321 req->secid = newsid;
4322 req->peer_secid = peersid;
4323 }
4324
4325 return selinux_netlbl_inet_conn_request(req, family);
4326}
4327
4328static void selinux_inet_csk_clone(struct sock *newsk,
4329 const struct request_sock *req)
4330{
4331 struct sk_security_struct *newsksec = newsk->sk_security;
4332
4333 newsksec->sid = req->secid;
4334 newsksec->peer_sid = req->peer_secid;
4335
4336
4337
4338
4339
4340
4341
4342 selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
4343}
4344
4345static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
4346{
4347 u16 family = sk->sk_family;
4348 struct sk_security_struct *sksec = sk->sk_security;
4349
4350
4351 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4352 family = PF_INET;
4353
4354 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
4355}
4356
4357static void selinux_req_classify_flow(const struct request_sock *req,
4358 struct flowi *fl)
4359{
4360 fl->secid = req->secid;
4361}
4362
4363static int selinux_tun_dev_create(void)
4364{
4365 u32 sid = current_sid();
4366
4367
4368
4369
4370
4371
4372
4373
4374 return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
4375 NULL);
4376}
4377
4378static void selinux_tun_dev_post_create(struct sock *sk)
4379{
4380 struct sk_security_struct *sksec = sk->sk_security;
4381
4382
4383
4384
4385
4386
4387
4388
4389
4390
4391
4392 sksec->sid = current_sid();
4393 sksec->sclass = SECCLASS_TUN_SOCKET;
4394}
4395
4396static int selinux_tun_dev_attach(struct sock *sk)
4397{
4398 struct sk_security_struct *sksec = sk->sk_security;
4399 u32 sid = current_sid();
4400 int err;
4401
4402 err = avc_has_perm(sid, sksec->sid, SECCLASS_TUN_SOCKET,
4403 TUN_SOCKET__RELABELFROM, NULL);
4404 if (err)
4405 return err;
4406 err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET,
4407 TUN_SOCKET__RELABELTO, NULL);
4408 if (err)
4409 return err;
4410
4411 sksec->sid = sid;
4412
4413 return 0;
4414}
4415
4416static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
4417{
4418 int err = 0;
4419 u32 perm;
4420 struct nlmsghdr *nlh;
4421 struct socket *sock = sk->sk_socket;
4422 struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;
4423
4424 if (skb->len < NLMSG_SPACE(0)) {
4425 err = -EINVAL;
4426 goto out;
4427 }
4428 nlh = nlmsg_hdr(skb);
4429
4430 err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
4431 if (err) {
4432 if (err == -EINVAL) {
4433 audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR,
4434 "SELinux: unrecognized netlink message"
4435 " type=%hu for sclass=%hu\n",
4436 nlh->nlmsg_type, isec->sclass);
4437 if (!selinux_enforcing || security_get_allow_unknown())
4438 err = 0;
4439 }
4440
4441
4442 if (err == -ENOENT)
4443 err = 0;
4444 goto out;
4445 }
4446
4447 err = socket_has_perm(current, sock, perm);
4448out:
4449 return err;
4450}
4451
4452#ifdef CONFIG_NETFILTER
4453
4454static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
4455 u16 family)
4456{
4457 int err;
4458 char *addrp;
4459 u32 peer_sid;
4460 struct common_audit_data ad;
4461 u8 secmark_active;
4462 u8 netlbl_active;
4463 u8 peerlbl_active;
4464
4465 if (!selinux_policycap_netpeer)
4466 return NF_ACCEPT;
4467
4468 secmark_active = selinux_secmark_enabled();
4469 netlbl_active = netlbl_enabled();
4470 peerlbl_active = netlbl_active || selinux_xfrm_enabled();
4471 if (!secmark_active && !peerlbl_active)
4472 return NF_ACCEPT;
4473
4474 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
4475 return NF_DROP;
4476
4477 COMMON_AUDIT_DATA_INIT(&ad, NET);
4478 ad.u.net.netif = ifindex;
4479 ad.u.net.family = family;
4480 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
4481 return NF_DROP;
4482
4483 if (peerlbl_active) {
4484 err = selinux_inet_sys_rcv_skb(ifindex, addrp, family,
4485 peer_sid, &ad);
4486 if (err) {
4487 selinux_netlbl_err(skb, err, 1);
4488 return NF_DROP;
4489 }
4490 }
4491
4492 if (secmark_active)
4493 if (avc_has_perm(peer_sid, skb->secmark,
4494 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
4495 return NF_DROP;
4496
4497 if (netlbl_active)
4498
4499
4500
4501
4502 if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
4503 return NF_DROP;
4504
4505 return NF_ACCEPT;
4506}
4507
4508static unsigned int selinux_ipv4_forward(unsigned int hooknum,
4509 struct sk_buff *skb,
4510 const struct net_device *in,
4511 const struct net_device *out,
4512 int (*okfn)(struct sk_buff *))
4513{
4514 return selinux_ip_forward(skb, in->ifindex, PF_INET);
4515}
4516
4517#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4518static unsigned int selinux_ipv6_forward(unsigned int hooknum,
4519 struct sk_buff *skb,
4520 const struct net_device *in,
4521 const struct net_device *out,
4522 int (*okfn)(struct sk_buff *))
4523{
4524 return selinux_ip_forward(skb, in->ifindex, PF_INET6);
4525}
4526#endif
4527
4528static unsigned int selinux_ip_output(struct sk_buff *skb,
4529 u16 family)
4530{
4531 u32 sid;
4532
4533 if (!netlbl_enabled())
4534 return NF_ACCEPT;
4535
4536
4537
4538
4539 if (skb->sk) {
4540 struct sk_security_struct *sksec = skb->sk->sk_security;
4541 sid = sksec->sid;
4542 } else
4543 sid = SECINITSID_KERNEL;
4544 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
4545 return NF_DROP;
4546
4547 return NF_ACCEPT;
4548}
4549
4550static unsigned int selinux_ipv4_output(unsigned int hooknum,
4551 struct sk_buff *skb,
4552 const struct net_device *in,
4553 const struct net_device *out,
4554 int (*okfn)(struct sk_buff *))
4555{
4556 return selinux_ip_output(skb, PF_INET);
4557}
4558
4559static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4560 int ifindex,
4561 u16 family)
4562{
4563 struct sock *sk = skb->sk;
4564 struct sk_security_struct *sksec;
4565 struct common_audit_data ad;
4566 char *addrp;
4567 u8 proto;
4568
4569 if (sk == NULL)
4570 return NF_ACCEPT;
4571 sksec = sk->sk_security;
4572
4573 COMMON_AUDIT_DATA_INIT(&ad, NET);
4574 ad.u.net.netif = ifindex;
4575 ad.u.net.family = family;
4576 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
4577 return NF_DROP;
4578
4579 if (selinux_secmark_enabled())
4580 if (avc_has_perm(sksec->sid, skb->secmark,
4581 SECCLASS_PACKET, PACKET__SEND, &ad))
4582 return NF_DROP;
4583
4584 if (selinux_policycap_netpeer)
4585 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
4586 return NF_DROP;
4587
4588 return NF_ACCEPT;
4589}
4590
4591static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4592 u16 family)
4593{
4594 u32 secmark_perm;
4595 u32 peer_sid;
4596 struct sock *sk;
4597 struct common_audit_data ad;
4598 char *addrp;
4599 u8 secmark_active;
4600 u8 peerlbl_active;
4601
4602
4603
4604
4605
4606 if (!selinux_policycap_netpeer)
4607 return selinux_ip_postroute_compat(skb, ifindex, family);
4608#ifdef CONFIG_XFRM
4609
4610
4611
4612
4613
4614
4615 if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL)
4616 return NF_ACCEPT;
4617#endif
4618 secmark_active = selinux_secmark_enabled();
4619 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4620 if (!secmark_active && !peerlbl_active)
4621 return NF_ACCEPT;
4622
4623
4624
4625
4626
4627 sk = skb->sk;
4628 if (sk == NULL) {
4629 switch (family) {
4630 case PF_INET:
4631 if (IPCB(skb)->flags & IPSKB_FORWARDED)
4632 secmark_perm = PACKET__FORWARD_OUT;
4633 else
4634 secmark_perm = PACKET__SEND;
4635 break;
4636 case PF_INET6:
4637 if (IP6CB(skb)->flags & IP6SKB_FORWARDED)
4638 secmark_perm = PACKET__FORWARD_OUT;
4639 else
4640 secmark_perm = PACKET__SEND;
4641 break;
4642 default:
4643 return NF_DROP;
4644 }
4645 if (secmark_perm == PACKET__FORWARD_OUT) {
4646 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
4647 return NF_DROP;
4648 } else
4649 peer_sid = SECINITSID_KERNEL;
4650 } else {
4651 struct sk_security_struct *sksec = sk->sk_security;
4652 peer_sid = sksec->sid;
4653 secmark_perm = PACKET__SEND;
4654 }
4655
4656 COMMON_AUDIT_DATA_INIT(&ad, NET);
4657 ad.u.net.netif = ifindex;
4658 ad.u.net.family = family;
4659 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
4660 return NF_DROP;
4661
4662 if (secmark_active)
4663 if (avc_has_perm(peer_sid, skb->secmark,
4664 SECCLASS_PACKET, secmark_perm, &ad))
4665 return NF_DROP;
4666
4667 if (peerlbl_active) {
4668 u32 if_sid;
4669 u32 node_sid;
4670
4671 if (sel_netif_sid(ifindex, &if_sid))
4672 return NF_DROP;
4673 if (avc_has_perm(peer_sid, if_sid,
4674 SECCLASS_NETIF, NETIF__EGRESS, &ad))
4675 return NF_DROP;
4676
4677 if (sel_netnode_sid(addrp, family, &node_sid))
4678 return NF_DROP;
4679 if (avc_has_perm(peer_sid, node_sid,
4680 SECCLASS_NODE, NODE__SENDTO, &ad))
4681 return NF_DROP;
4682 }
4683
4684 return NF_ACCEPT;
4685}
4686
4687static unsigned int selinux_ipv4_postroute(unsigned int hooknum,
4688 struct sk_buff *skb,
4689 const struct net_device *in,
4690 const struct net_device *out,
4691 int (*okfn)(struct sk_buff *))
4692{
4693 return selinux_ip_postroute(skb, out->ifindex, PF_INET);
4694}
4695
4696#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4697static unsigned int selinux_ipv6_postroute(unsigned int hooknum,
4698 struct sk_buff *skb,
4699 const struct net_device *in,
4700 const struct net_device *out,
4701 int (*okfn)(struct sk_buff *))
4702{
4703 return selinux_ip_postroute(skb, out->ifindex, PF_INET6);
4704}
4705#endif
4706
4707#endif
4708
4709static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
4710{
4711 int err;
4712
4713 err = cap_netlink_send(sk, skb);
4714 if (err)
4715 return err;
4716
4717 if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS)
4718 err = selinux_nlmsg_perm(sk, skb);
4719
4720 return err;
4721}
4722
4723static int selinux_netlink_recv(struct sk_buff *skb, int capability)
4724{
4725 int err;
4726 struct common_audit_data ad;
4727
4728 err = cap_netlink_recv(skb, capability);
4729 if (err)
4730 return err;
4731
4732 COMMON_AUDIT_DATA_INIT(&ad, CAP);
4733 ad.u.cap = capability;
4734
4735 return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid,
4736 SECCLASS_CAPABILITY, CAP_TO_MASK(capability), &ad);
4737}
4738
4739static int ipc_alloc_security(struct task_struct *task,
4740 struct kern_ipc_perm *perm,
4741 u16 sclass)
4742{
4743 struct ipc_security_struct *isec;
4744 u32 sid;
4745
4746 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
4747 if (!isec)
4748 return -ENOMEM;
4749
4750 sid = task_sid(task);
4751 isec->sclass = sclass;
4752 isec->sid = sid;
4753 perm->security = isec;
4754
4755 return 0;
4756}
4757
4758static void ipc_free_security(struct kern_ipc_perm *perm)
4759{
4760 struct ipc_security_struct *isec = perm->security;
4761 perm->security = NULL;
4762 kfree(isec);
4763}
4764
4765static int msg_msg_alloc_security(struct msg_msg *msg)
4766{
4767 struct msg_security_struct *msec;
4768
4769 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
4770 if (!msec)
4771 return -ENOMEM;
4772
4773 msec->sid = SECINITSID_UNLABELED;
4774 msg->security = msec;
4775
4776 return 0;
4777}
4778
4779static void msg_msg_free_security(struct msg_msg *msg)
4780{
4781 struct msg_security_struct *msec = msg->security;
4782
4783 msg->security = NULL;
4784 kfree(msec);
4785}
4786
4787static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
4788 u32 perms)
4789{
4790 struct ipc_security_struct *isec;
4791 struct common_audit_data ad;
4792 u32 sid = current_sid();
4793
4794 isec = ipc_perms->security;
4795
4796 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4797 ad.u.ipc_id = ipc_perms->key;
4798
4799 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
4800}
4801
4802static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
4803{
4804 return msg_msg_alloc_security(msg);
4805}
4806
4807static void selinux_msg_msg_free_security(struct msg_msg *msg)
4808{
4809 msg_msg_free_security(msg);
4810}
4811
4812
4813static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4814{
4815 struct ipc_security_struct *isec;
4816 struct common_audit_data ad;
4817 u32 sid = current_sid();
4818 int rc;
4819
4820 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
4821 if (rc)
4822 return rc;
4823
4824 isec = msq->q_perm.security;
4825
4826 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4827 ad.u.ipc_id = msq->q_perm.key;
4828
4829 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4830 MSGQ__CREATE, &ad);
4831 if (rc) {
4832 ipc_free_security(&msq->q_perm);
4833 return rc;
4834 }
4835 return 0;
4836}
4837
4838static void selinux_msg_queue_free_security(struct msg_queue *msq)
4839{
4840 ipc_free_security(&msq->q_perm);
4841}
4842
4843static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
4844{
4845 struct ipc_security_struct *isec;
4846 struct common_audit_data ad;
4847 u32 sid = current_sid();
4848
4849 isec = msq->q_perm.security;
4850
4851 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4852 ad.u.ipc_id = msq->q_perm.key;
4853
4854 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4855 MSGQ__ASSOCIATE, &ad);
4856}
4857
4858static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
4859{
4860 int err;
4861 int perms;
4862
4863 switch (cmd) {
4864 case IPC_INFO:
4865 case MSG_INFO:
4866
4867 return task_has_system(current, SYSTEM__IPC_INFO);
4868 case IPC_STAT:
4869 case MSG_STAT:
4870 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
4871 break;
4872 case IPC_SET:
4873 perms = MSGQ__SETATTR;
4874 break;
4875 case IPC_RMID:
4876 perms = MSGQ__DESTROY;
4877 break;
4878 default:
4879 return 0;
4880 }
4881
4882 err = ipc_has_perm(&msq->q_perm, perms);
4883 return err;
4884}
4885
4886static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
4887{
4888 struct ipc_security_struct *isec;
4889 struct msg_security_struct *msec;
4890 struct common_audit_data ad;
4891 u32 sid = current_sid();
4892 int rc;
4893
4894 isec = msq->q_perm.security;
4895 msec = msg->security;
4896
4897
4898
4899
4900 if (msec->sid == SECINITSID_UNLABELED) {
4901
4902
4903
4904
4905 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG,
4906 &msec->sid);
4907 if (rc)
4908 return rc;
4909 }
4910
4911 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4912 ad.u.ipc_id = msq->q_perm.key;
4913
4914
4915 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4916 MSGQ__WRITE, &ad);
4917 if (!rc)
4918
4919 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG,
4920 MSG__SEND, &ad);
4921 if (!rc)
4922
4923 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ,
4924 MSGQ__ENQUEUE, &ad);
4925
4926 return rc;
4927}
4928
4929static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
4930 struct task_struct *target,
4931 long type, int mode)
4932{
4933 struct ipc_security_struct *isec;
4934 struct msg_security_struct *msec;
4935 struct common_audit_data ad;
4936 u32 sid = task_sid(target);
4937 int rc;
4938
4939 isec = msq->q_perm.security;
4940 msec = msg->security;
4941
4942 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4943 ad.u.ipc_id = msq->q_perm.key;
4944
4945 rc = avc_has_perm(sid, isec->sid,
4946 SECCLASS_MSGQ, MSGQ__READ, &ad);
4947 if (!rc)
4948 rc = avc_has_perm(sid, msec->sid,
4949 SECCLASS_MSG, MSG__RECEIVE, &ad);
4950 return rc;
4951}
4952
4953
4954static int selinux_shm_alloc_security(struct shmid_kernel *shp)
4955{
4956 struct ipc_security_struct *isec;
4957 struct common_audit_data ad;
4958 u32 sid = current_sid();
4959 int rc;
4960
4961 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
4962 if (rc)
4963 return rc;
4964
4965 isec = shp->shm_perm.security;
4966
4967 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4968 ad.u.ipc_id = shp->shm_perm.key;
4969
4970 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
4971 SHM__CREATE, &ad);
4972 if (rc) {
4973 ipc_free_security(&shp->shm_perm);
4974 return rc;
4975 }
4976 return 0;
4977}
4978
4979static void selinux_shm_free_security(struct shmid_kernel *shp)
4980{
4981 ipc_free_security(&shp->shm_perm);
4982}
4983
4984static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
4985{
4986 struct ipc_security_struct *isec;
4987 struct common_audit_data ad;
4988 u32 sid = current_sid();
4989
4990 isec = shp->shm_perm.security;
4991
4992 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4993 ad.u.ipc_id = shp->shm_perm.key;
4994
4995 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
4996 SHM__ASSOCIATE, &ad);
4997}
4998
4999
5000static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
5001{
5002 int perms;
5003 int err;
5004
5005 switch (cmd) {
5006 case IPC_INFO:
5007 case SHM_INFO:
5008
5009 return task_has_system(current, SYSTEM__IPC_INFO);
5010 case IPC_STAT:
5011 case SHM_STAT:
5012 perms = SHM__GETATTR | SHM__ASSOCIATE;
5013 break;
5014 case IPC_SET:
5015 perms = SHM__SETATTR;
5016 break;
5017 case SHM_LOCK:
5018 case SHM_UNLOCK:
5019 perms = SHM__LOCK;
5020 break;
5021 case IPC_RMID:
5022 perms = SHM__DESTROY;
5023 break;
5024 default:
5025 return 0;
5026 }
5027
5028 err = ipc_has_perm(&shp->shm_perm, perms);
5029 return err;
5030}
5031
5032static int selinux_shm_shmat(struct shmid_kernel *shp,
5033 char __user *shmaddr, int shmflg)
5034{
5035 u32 perms;
5036
5037 if (shmflg & SHM_RDONLY)
5038 perms = SHM__READ;
5039 else
5040 perms = SHM__READ | SHM__WRITE;
5041
5042 return ipc_has_perm(&shp->shm_perm, perms);
5043}
5044
5045
5046static int selinux_sem_alloc_security(struct sem_array *sma)
5047{
5048 struct ipc_security_struct *isec;
5049 struct common_audit_data ad;
5050 u32 sid = current_sid();
5051 int rc;
5052
5053 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
5054 if (rc)
5055 return rc;
5056
5057 isec = sma->sem_perm.security;
5058
5059 COMMON_AUDIT_DATA_INIT(&ad, IPC);
5060 ad.u.ipc_id = sma->sem_perm.key;
5061
5062 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5063 SEM__CREATE, &ad);
5064 if (rc) {
5065 ipc_free_security(&sma->sem_perm);
5066 return rc;
5067 }
5068 return 0;
5069}
5070
5071static void selinux_sem_free_security(struct sem_array *sma)
5072{
5073 ipc_free_security(&sma->sem_perm);
5074}
5075
5076static int selinux_sem_associate(struct sem_array *sma, int semflg)
5077{
5078 struct ipc_security_struct *isec;
5079 struct common_audit_data ad;
5080 u32 sid = current_sid();
5081
5082 isec = sma->sem_perm.security;
5083
5084 COMMON_AUDIT_DATA_INIT(&ad, IPC);
5085 ad.u.ipc_id = sma->sem_perm.key;
5086
5087 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5088 SEM__ASSOCIATE, &ad);
5089}
5090
5091
5092static int selinux_sem_semctl(struct sem_array *sma, int cmd)
5093{
5094 int err;
5095 u32 perms;
5096
5097 switch (cmd) {
5098 case IPC_INFO:
5099 case SEM_INFO:
5100
5101 return task_has_system(current, SYSTEM__IPC_INFO);
5102 case GETPID:
5103 case GETNCNT:
5104 case GETZCNT:
5105 perms = SEM__GETATTR;
5106 break;
5107 case GETVAL:
5108 case GETALL:
5109 perms = SEM__READ;
5110 break;
5111 case SETVAL:
5112 case SETALL:
5113 perms = SEM__WRITE;
5114 break;
5115 case IPC_RMID:
5116 perms = SEM__DESTROY;
5117 break;
5118 case IPC_SET:
5119 perms = SEM__SETATTR;
5120 break;
5121 case IPC_STAT:
5122 case SEM_STAT:
5123 perms = SEM__GETATTR | SEM__ASSOCIATE;
5124 break;
5125 default:
5126 return 0;
5127 }
5128
5129 err = ipc_has_perm(&sma->sem_perm, perms);
5130 return err;
5131}
5132
5133static int selinux_sem_semop(struct sem_array *sma,
5134 struct sembuf *sops, unsigned nsops, int alter)
5135{
5136 u32 perms;
5137
5138 if (alter)
5139 perms = SEM__READ | SEM__WRITE;
5140 else
5141 perms = SEM__READ;
5142
5143 return ipc_has_perm(&sma->sem_perm, perms);
5144}
5145
5146static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
5147{
5148 u32 av = 0;
5149
5150 av = 0;
5151 if (flag & S_IRUGO)
5152 av |= IPC__UNIX_READ;
5153 if (flag & S_IWUGO)
5154 av |= IPC__UNIX_WRITE;
5155
5156 if (av == 0)
5157 return 0;
5158
5159 return ipc_has_perm(ipcp, av);
5160}
5161
5162static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
5163{
5164 struct ipc_security_struct *isec = ipcp->security;
5165 *secid = isec->sid;
5166}
5167
5168static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
5169{
5170 if (inode)
5171 inode_doinit_with_dentry(inode, dentry);
5172}
5173
5174static int selinux_getprocattr(struct task_struct *p,
5175 char *name, char **value)
5176{
5177 const struct task_security_struct *__tsec;
5178 u32 sid;
5179 int error;
5180 unsigned len;
5181
5182 if (current != p) {
5183 error = current_has_perm(p, PROCESS__GETATTR);
5184 if (error)
5185 return error;
5186 }
5187
5188 rcu_read_lock();
5189 __tsec = __task_cred(p)->security;
5190
5191 if (!strcmp(name, "current"))
5192 sid = __tsec->sid;
5193 else if (!strcmp(name, "prev"))
5194 sid = __tsec->osid;
5195 else if (!strcmp(name, "exec"))
5196 sid = __tsec->exec_sid;
5197 else if (!strcmp(name, "fscreate"))
5198 sid = __tsec->create_sid;
5199 else if (!strcmp(name, "keycreate"))
5200 sid = __tsec->keycreate_sid;
5201 else if (!strcmp(name, "sockcreate"))
5202 sid = __tsec->sockcreate_sid;
5203 else
5204 goto invalid;
5205 rcu_read_unlock();
5206
5207 if (!sid)
5208 return 0;
5209
5210 error = security_sid_to_context(sid, value, &len);
5211 if (error)
5212 return error;
5213 return len;
5214
5215invalid:
5216 rcu_read_unlock();
5217 return -EINVAL;
5218}
5219
5220static int selinux_setprocattr(struct task_struct *p,
5221 char *name, void *value, size_t size)
5222{
5223 struct task_security_struct *tsec;
5224 struct task_struct *tracer;
5225 struct cred *new;
5226 u32 sid = 0, ptsid;
5227 int error;
5228 char *str = value;
5229
5230 if (current != p) {
5231
5232
5233 return -EACCES;
5234 }
5235
5236
5237
5238
5239
5240
5241 if (!strcmp(name, "exec"))
5242 error = current_has_perm(p, PROCESS__SETEXEC);
5243 else if (!strcmp(name, "fscreate"))
5244 error = current_has_perm(p, PROCESS__SETFSCREATE);
5245 else if (!strcmp(name, "keycreate"))
5246 error = current_has_perm(p, PROCESS__SETKEYCREATE);
5247 else if (!strcmp(name, "sockcreate"))
5248 error = current_has_perm(p, PROCESS__SETSOCKCREATE);
5249 else if (!strcmp(name, "current"))
5250 error = current_has_perm(p, PROCESS__SETCURRENT);
5251 else
5252 error = -EINVAL;
5253 if (error)
5254 return error;
5255
5256
5257 if (size && str[1] && str[1] != '\n') {
5258 if (str[size-1] == '\n') {
5259 str[size-1] = 0;
5260 size--;
5261 }
5262 error = security_context_to_sid(value, size, &sid);
5263 if (error == -EINVAL && !strcmp(name, "fscreate")) {
5264 if (!capable(CAP_MAC_ADMIN))
5265 return error;
5266 error = security_context_to_sid_force(value, size,
5267 &sid);
5268 }
5269 if (error)
5270 return error;
5271 }
5272
5273 new = prepare_creds();
5274 if (!new)
5275 return -ENOMEM;
5276
5277
5278
5279
5280
5281
5282
5283 tsec = new->security;
5284 if (!strcmp(name, "exec")) {
5285 tsec->exec_sid = sid;
5286 } else if (!strcmp(name, "fscreate")) {
5287 tsec->create_sid = sid;
5288 } else if (!strcmp(name, "keycreate")) {
5289 error = may_create_key(sid, p);
5290 if (error)
5291 goto abort_change;
5292 tsec->keycreate_sid = sid;
5293 } else if (!strcmp(name, "sockcreate")) {
5294 tsec->sockcreate_sid = sid;
5295 } else if (!strcmp(name, "current")) {
5296 error = -EINVAL;
5297 if (sid == 0)
5298 goto abort_change;
5299
5300
5301 error = -EPERM;
5302 if (!current_is_single_threaded()) {
5303 error = security_bounded_transition(tsec->sid, sid);
5304 if (error)
5305 goto abort_change;
5306 }
5307
5308
5309 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
5310 PROCESS__DYNTRANSITION, NULL);
5311 if (error)
5312 goto abort_change;
5313
5314
5315
5316 ptsid = 0;
5317 task_lock(p);
5318 tracer = tracehook_tracer_task(p);
5319 if (tracer)
5320 ptsid = task_sid(tracer);
5321 task_unlock(p);
5322
5323 if (tracer) {
5324 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
5325 PROCESS__PTRACE, NULL);
5326 if (error)
5327 goto abort_change;
5328 }
5329
5330 tsec->sid = sid;
5331 } else {
5332 error = -EINVAL;
5333 goto abort_change;
5334 }
5335
5336 commit_creds(new);
5337 return size;
5338
5339abort_change:
5340 abort_creds(new);
5341 return error;
5342}
5343
5344static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
5345{
5346 return security_sid_to_context(secid, secdata, seclen);
5347}
5348
5349static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
5350{
5351 return security_context_to_sid(secdata, seclen, secid);
5352}
5353
5354static void selinux_release_secctx(char *secdata, u32 seclen)
5355{
5356 kfree(secdata);
5357}
5358
5359
5360
5361
5362static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
5363{
5364 return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0);
5365}
5366
5367
5368
5369
5370static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
5371{
5372 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
5373}
5374
5375static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
5376{
5377 int len = 0;
5378 len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,
5379 ctx, true);
5380 if (len < 0)
5381 return len;
5382 *ctxlen = len;
5383 return 0;
5384}
5385#ifdef CONFIG_KEYS
5386
5387static int selinux_key_alloc(struct key *k, const struct cred *cred,
5388 unsigned long flags)
5389{
5390 const struct task_security_struct *tsec;
5391 struct key_security_struct *ksec;
5392
5393 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
5394 if (!ksec)
5395 return -ENOMEM;
5396
5397 tsec = cred->security;
5398 if (tsec->keycreate_sid)
5399 ksec->sid = tsec->keycreate_sid;
5400 else
5401 ksec->sid = tsec->sid;
5402
5403 k->security = ksec;
5404 return 0;
5405}
5406
5407static void selinux_key_free(struct key *k)
5408{
5409 struct key_security_struct *ksec = k->security;
5410
5411 k->security = NULL;
5412 kfree(ksec);
5413}
5414
5415static int selinux_key_permission(key_ref_t key_ref,
5416 const struct cred *cred,
5417 key_perm_t perm)
5418{
5419 struct key *key;
5420 struct key_security_struct *ksec;
5421 u32 sid;
5422
5423
5424
5425
5426 if (perm == 0)
5427 return 0;
5428
5429 sid = cred_sid(cred);
5430
5431 key = key_ref_to_ptr(key_ref);
5432 ksec = key->security;
5433
5434 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL);
5435}
5436
5437static int selinux_key_getsecurity(struct key *key, char **_buffer)
5438{
5439 struct key_security_struct *ksec = key->security;
5440 char *context = NULL;
5441 unsigned len;
5442 int rc;
5443
5444 rc = security_sid_to_context(ksec->sid, &context, &len);
5445 if (!rc)
5446 rc = len;
5447 *_buffer = context;
5448 return rc;
5449}
5450
5451#endif
5452
5453static struct security_operations selinux_ops = {
5454 .name = "selinux",
5455
5456 .ptrace_access_check = selinux_ptrace_access_check,
5457 .ptrace_traceme = selinux_ptrace_traceme,
5458 .capget = selinux_capget,
5459 .capset = selinux_capset,
5460 .sysctl = selinux_sysctl,
5461 .capable = selinux_capable,
5462 .quotactl = selinux_quotactl,
5463 .quota_on = selinux_quota_on,
5464 .syslog = selinux_syslog,
5465 .vm_enough_memory = selinux_vm_enough_memory,
5466
5467 .netlink_send = selinux_netlink_send,
5468 .netlink_recv = selinux_netlink_recv,
5469
5470 .bprm_set_creds = selinux_bprm_set_creds,
5471 .bprm_committing_creds = selinux_bprm_committing_creds,
5472 .bprm_committed_creds = selinux_bprm_committed_creds,
5473 .bprm_secureexec = selinux_bprm_secureexec,
5474
5475 .sb_alloc_security = selinux_sb_alloc_security,
5476 .sb_free_security = selinux_sb_free_security,
5477 .sb_copy_data = selinux_sb_copy_data,
5478 .sb_kern_mount = selinux_sb_kern_mount,
5479 .sb_show_options = selinux_sb_show_options,
5480 .sb_statfs = selinux_sb_statfs,
5481 .sb_mount = selinux_mount,
5482 .sb_umount = selinux_umount,
5483 .sb_set_mnt_opts = selinux_set_mnt_opts,
5484 .sb_clone_mnt_opts = selinux_sb_clone_mnt_opts,
5485 .sb_parse_opts_str = selinux_parse_opts_str,
5486
5487
5488 .inode_alloc_security = selinux_inode_alloc_security,
5489 .inode_free_security = selinux_inode_free_security,
5490 .inode_init_security = selinux_inode_init_security,
5491 .inode_create = selinux_inode_create,
5492 .inode_link = selinux_inode_link,
5493 .inode_unlink = selinux_inode_unlink,
5494 .inode_symlink = selinux_inode_symlink,
5495 .inode_mkdir = selinux_inode_mkdir,
5496 .inode_rmdir = selinux_inode_rmdir,
5497 .inode_mknod = selinux_inode_mknod,
5498 .inode_rename = selinux_inode_rename,
5499 .inode_readlink = selinux_inode_readlink,
5500 .inode_follow_link = selinux_inode_follow_link,
5501 .inode_permission = selinux_inode_permission,
5502 .inode_setattr = selinux_inode_setattr,
5503 .inode_getattr = selinux_inode_getattr,
5504 .inode_setxattr = selinux_inode_setxattr,
5505 .inode_post_setxattr = selinux_inode_post_setxattr,
5506 .inode_getxattr = selinux_inode_getxattr,
5507 .inode_listxattr = selinux_inode_listxattr,
5508 .inode_removexattr = selinux_inode_removexattr,
5509 .inode_getsecurity = selinux_inode_getsecurity,
5510 .inode_setsecurity = selinux_inode_setsecurity,
5511 .inode_listsecurity = selinux_inode_listsecurity,
5512 .inode_getsecid = selinux_inode_getsecid,
5513
5514 .file_permission = selinux_file_permission,
5515 .file_alloc_security = selinux_file_alloc_security,
5516 .file_free_security = selinux_file_free_security,
5517 .file_ioctl = selinux_file_ioctl,
5518 .file_mmap = selinux_file_mmap,
5519 .file_mprotect = selinux_file_mprotect,
5520 .file_lock = selinux_file_lock,
5521 .file_fcntl = selinux_file_fcntl,
5522 .file_set_fowner = selinux_file_set_fowner,
5523 .file_send_sigiotask = selinux_file_send_sigiotask,
5524 .file_receive = selinux_file_receive,
5525
5526 .dentry_open = selinux_dentry_open,
5527
5528 .task_create = selinux_task_create,
5529 .cred_alloc_blank = selinux_cred_alloc_blank,
5530 .cred_free = selinux_cred_free,
5531 .cred_prepare = selinux_cred_prepare,
5532 .cred_transfer = selinux_cred_transfer,
5533 .kernel_act_as = selinux_kernel_act_as,
5534 .kernel_create_files_as = selinux_kernel_create_files_as,
5535 .kernel_module_request = selinux_kernel_module_request,
5536 .task_setpgid = selinux_task_setpgid,
5537 .task_getpgid = selinux_task_getpgid,
5538 .task_getsid = selinux_task_getsid,
5539 .task_getsecid = selinux_task_getsecid,
5540 .task_setnice = selinux_task_setnice,
5541 .task_setioprio = selinux_task_setioprio,
5542 .task_getioprio = selinux_task_getioprio,
5543 .task_setrlimit = selinux_task_setrlimit,
5544 .task_setscheduler = selinux_task_setscheduler,
5545 .task_getscheduler = selinux_task_getscheduler,
5546 .task_movememory = selinux_task_movememory,
5547 .task_kill = selinux_task_kill,
5548 .task_wait = selinux_task_wait,
5549 .task_to_inode = selinux_task_to_inode,
5550
5551 .ipc_permission = selinux_ipc_permission,
5552 .ipc_getsecid = selinux_ipc_getsecid,
5553
5554 .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
5555 .msg_msg_free_security = selinux_msg_msg_free_security,
5556
5557 .msg_queue_alloc_security = selinux_msg_queue_alloc_security,
5558 .msg_queue_free_security = selinux_msg_queue_free_security,
5559 .msg_queue_associate = selinux_msg_queue_associate,
5560 .msg_queue_msgctl = selinux_msg_queue_msgctl,
5561 .msg_queue_msgsnd = selinux_msg_queue_msgsnd,
5562 .msg_queue_msgrcv = selinux_msg_queue_msgrcv,
5563
5564 .shm_alloc_security = selinux_shm_alloc_security,
5565 .shm_free_security = selinux_shm_free_security,
5566 .shm_associate = selinux_shm_associate,
5567 .shm_shmctl = selinux_shm_shmctl,
5568 .shm_shmat = selinux_shm_shmat,
5569
5570 .sem_alloc_security = selinux_sem_alloc_security,
5571 .sem_free_security = selinux_sem_free_security,
5572 .sem_associate = selinux_sem_associate,
5573 .sem_semctl = selinux_sem_semctl,
5574 .sem_semop = selinux_sem_semop,
5575
5576 .d_instantiate = selinux_d_instantiate,
5577
5578 .getprocattr = selinux_getprocattr,
5579 .setprocattr = selinux_setprocattr,
5580
5581 .secid_to_secctx = selinux_secid_to_secctx,
5582 .secctx_to_secid = selinux_secctx_to_secid,
5583 .release_secctx = selinux_release_secctx,
5584 .inode_notifysecctx = selinux_inode_notifysecctx,
5585 .inode_setsecctx = selinux_inode_setsecctx,
5586 .inode_getsecctx = selinux_inode_getsecctx,
5587
5588 .unix_stream_connect = selinux_socket_unix_stream_connect,
5589 .unix_may_send = selinux_socket_unix_may_send,
5590
5591 .socket_create = selinux_socket_create,
5592 .socket_post_create = selinux_socket_post_create,
5593 .socket_bind = selinux_socket_bind,
5594 .socket_connect = selinux_socket_connect,
5595 .socket_listen = selinux_socket_listen,
5596 .socket_accept = selinux_socket_accept,
5597 .socket_sendmsg = selinux_socket_sendmsg,
5598 .socket_recvmsg = selinux_socket_recvmsg,
5599 .socket_getsockname = selinux_socket_getsockname,
5600 .socket_getpeername = selinux_socket_getpeername,
5601 .socket_getsockopt = selinux_socket_getsockopt,
5602 .socket_setsockopt = selinux_socket_setsockopt,
5603 .socket_shutdown = selinux_socket_shutdown,
5604 .socket_sock_rcv_skb = selinux_socket_sock_rcv_skb,
5605 .socket_getpeersec_stream = selinux_socket_getpeersec_stream,
5606 .socket_getpeersec_dgram = selinux_socket_getpeersec_dgram,
5607 .sk_alloc_security = selinux_sk_alloc_security,
5608 .sk_free_security = selinux_sk_free_security,
5609 .sk_clone_security = selinux_sk_clone_security,
5610 .sk_getsecid = selinux_sk_getsecid,
5611 .sock_graft = selinux_sock_graft,
5612 .inet_conn_request = selinux_inet_conn_request,
5613 .inet_csk_clone = selinux_inet_csk_clone,
5614 .inet_conn_established = selinux_inet_conn_established,
5615 .req_classify_flow = selinux_req_classify_flow,
5616 .tun_dev_create = selinux_tun_dev_create,
5617 .tun_dev_post_create = selinux_tun_dev_post_create,
5618 .tun_dev_attach = selinux_tun_dev_attach,
5619
5620#ifdef CONFIG_SECURITY_NETWORK_XFRM
5621 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc,
5622 .xfrm_policy_clone_security = selinux_xfrm_policy_clone,
5623 .xfrm_policy_free_security = selinux_xfrm_policy_free,
5624 .xfrm_policy_delete_security = selinux_xfrm_policy_delete,
5625 .xfrm_state_alloc_security = selinux_xfrm_state_alloc,
5626 .xfrm_state_free_security = selinux_xfrm_state_free,
5627 .xfrm_state_delete_security = selinux_xfrm_state_delete,
5628 .xfrm_policy_lookup = selinux_xfrm_policy_lookup,
5629 .xfrm_state_pol_flow_match = selinux_xfrm_state_pol_flow_match,
5630 .xfrm_decode_session = selinux_xfrm_decode_session,
5631#endif
5632
5633#ifdef CONFIG_KEYS
5634 .key_alloc = selinux_key_alloc,
5635 .key_free = selinux_key_free,
5636 .key_permission = selinux_key_permission,
5637 .key_getsecurity = selinux_key_getsecurity,
5638#endif
5639
5640#ifdef CONFIG_AUDIT
5641 .audit_rule_init = selinux_audit_rule_init,
5642 .audit_rule_known = selinux_audit_rule_known,
5643 .audit_rule_match = selinux_audit_rule_match,
5644 .audit_rule_free = selinux_audit_rule_free,
5645#endif
5646};
5647
5648static __init int selinux_init(void)
5649{
5650 if (!security_module_enable(&selinux_ops)) {
5651 selinux_enabled = 0;
5652 return 0;
5653 }
5654
5655 if (!selinux_enabled) {
5656 printk(KERN_INFO "SELinux: Disabled at boot.\n");
5657 return 0;
5658 }
5659
5660 printk(KERN_INFO "SELinux: Initializing.\n");
5661
5662
5663 cred_init_security();
5664
5665 sel_inode_cache = kmem_cache_create("selinux_inode_security",
5666 sizeof(struct inode_security_struct),
5667 0, SLAB_PANIC, NULL);
5668 avc_init();
5669
5670 secondary_ops = security_ops;
5671 if (!secondary_ops)
5672 panic("SELinux: No initial security operations\n");
5673 if (register_security(&selinux_ops))
5674 panic("SELinux: Unable to register with kernel.\n");
5675
5676 if (selinux_enforcing)
5677 printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
5678 else
5679 printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
5680
5681 return 0;
5682}
5683
5684void selinux_complete_init(void)
5685{
5686 printk(KERN_DEBUG "SELinux: Completing initialization.\n");
5687
5688
5689 printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
5690 spin_lock(&sb_lock);
5691 spin_lock(&sb_security_lock);
5692next_sb:
5693 if (!list_empty(&superblock_security_head)) {
5694 struct superblock_security_struct *sbsec =
5695 list_entry(superblock_security_head.next,
5696 struct superblock_security_struct,
5697 list);
5698 struct super_block *sb = sbsec->sb;
5699 sb->s_count++;
5700 spin_unlock(&sb_security_lock);
5701 spin_unlock(&sb_lock);
5702 down_read(&sb->s_umount);
5703 if (sb->s_root)
5704 superblock_doinit(sb, NULL);
5705 drop_super(sb);
5706 spin_lock(&sb_lock);
5707 spin_lock(&sb_security_lock);
5708 list_del_init(&sbsec->list);
5709 goto next_sb;
5710 }
5711 spin_unlock(&sb_security_lock);
5712 spin_unlock(&sb_lock);
5713}
5714
5715
5716
5717security_initcall(selinux_init);
5718
5719#if defined(CONFIG_NETFILTER)
5720
5721static struct nf_hook_ops selinux_ipv4_ops[] = {
5722 {
5723 .hook = selinux_ipv4_postroute,
5724 .owner = THIS_MODULE,
5725 .pf = PF_INET,
5726 .hooknum = NF_INET_POST_ROUTING,
5727 .priority = NF_IP_PRI_SELINUX_LAST,
5728 },
5729 {
5730 .hook = selinux_ipv4_forward,
5731 .owner = THIS_MODULE,
5732 .pf = PF_INET,
5733 .hooknum = NF_INET_FORWARD,
5734 .priority = NF_IP_PRI_SELINUX_FIRST,
5735 },
5736 {
5737 .hook = selinux_ipv4_output,
5738 .owner = THIS_MODULE,
5739 .pf = PF_INET,
5740 .hooknum = NF_INET_LOCAL_OUT,
5741 .priority = NF_IP_PRI_SELINUX_FIRST,
5742 }
5743};
5744
5745#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5746
5747static struct nf_hook_ops selinux_ipv6_ops[] = {
5748 {
5749 .hook = selinux_ipv6_postroute,
5750 .owner = THIS_MODULE,
5751 .pf = PF_INET6,
5752 .hooknum = NF_INET_POST_ROUTING,
5753 .priority = NF_IP6_PRI_SELINUX_LAST,
5754 },
5755 {
5756 .hook = selinux_ipv6_forward,
5757 .owner = THIS_MODULE,
5758 .pf = PF_INET6,
5759 .hooknum = NF_INET_FORWARD,
5760 .priority = NF_IP6_PRI_SELINUX_FIRST,
5761 }
5762};
5763
5764#endif
5765
5766static int __init selinux_nf_ip_init(void)
5767{
5768 int err = 0;
5769
5770 if (!selinux_enabled)
5771 goto out;
5772
5773 printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
5774
5775 err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
5776 if (err)
5777 panic("SELinux: nf_register_hooks for IPv4: error %d\n", err);
5778
5779#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5780 err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
5781 if (err)
5782 panic("SELinux: nf_register_hooks for IPv6: error %d\n", err);
5783#endif
5784
5785out:
5786 return err;
5787}
5788
5789__initcall(selinux_nf_ip_init);
5790
5791#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5792static void selinux_nf_ip_exit(void)
5793{
5794 printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
5795
5796 nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
5797#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5798 nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
5799#endif
5800}
5801#endif
5802
5803#else
5804
5805#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5806#define selinux_nf_ip_exit()
5807#endif
5808
5809#endif
5810
5811#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5812static int selinux_disabled;
5813
5814int selinux_disable(void)
5815{
5816 extern void exit_sel_fs(void);
5817
5818 if (ss_initialized) {
5819
5820 return -EINVAL;
5821 }
5822
5823 if (selinux_disabled) {
5824
5825 return -EINVAL;
5826 }
5827
5828 printk(KERN_INFO "SELinux: Disabled at runtime.\n");
5829
5830 selinux_disabled = 1;
5831 selinux_enabled = 0;
5832
5833
5834 avc_disable();
5835
5836
5837 security_ops = secondary_ops;
5838
5839
5840 selinux_nf_ip_exit();
5841
5842
5843 exit_sel_fs();
5844
5845 return 0;
5846}
5847#endif
5848