1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26#include <linux/init.h>
27#include <linux/kd.h>
28#include <linux/kernel.h>
29#include <linux/tracehook.h>
30#include <linux/errno.h>
31#include <linux/ext2_fs.h>
32#include <linux/sched.h>
33#include <linux/security.h>
34#include <linux/xattr.h>
35#include <linux/capability.h>
36#include <linux/unistd.h>
37#include <linux/mm.h>
38#include <linux/mman.h>
39#include <linux/slab.h>
40#include <linux/pagemap.h>
41#include <linux/proc_fs.h>
42#include <linux/swap.h>
43#include <linux/spinlock.h>
44#include <linux/syscalls.h>
45#include <linux/dcache.h>
46#include <linux/file.h>
47#include <linux/fdtable.h>
48#include <linux/namei.h>
49#include <linux/mount.h>
50#include <linux/netfilter_ipv4.h>
51#include <linux/netfilter_ipv6.h>
52#include <linux/tty.h>
53#include <net/icmp.h>
54#include <net/ip.h>
55#include <net/tcp.h>
56#include <net/net_namespace.h>
57#include <net/netlabel.h>
58#include <linux/uaccess.h>
59#include <asm/ioctls.h>
60#include <asm/atomic.h>
61#include <linux/bitops.h>
62#include <linux/interrupt.h>
63#include <linux/netdevice.h>
64#include <linux/netlink.h>
65#include <linux/tcp.h>
66#include <linux/udp.h>
67#include <linux/dccp.h>
68#include <linux/quota.h>
69#include <linux/un.h>
70#include <net/af_unix.h>
71#include <linux/parser.h>
72#include <linux/nfs_mount.h>
73#include <net/ipv6.h>
74#include <linux/hugetlb.h>
75#include <linux/personality.h>
76#include <linux/audit.h>
77#include <linux/string.h>
78#include <linux/selinux.h>
79#include <linux/mutex.h>
80#include <linux/posix-timers.h>
81#include <linux/syslog.h>
82#include <linux/user_namespace.h>
83
84#include "avc.h"
85#include "objsec.h"
86#include "netif.h"
87#include "netnode.h"
88#include "netport.h"
89#include "xfrm.h"
90#include "netlabel.h"
91#include "audit.h"
92
93#define NUM_SEL_MNT_OPTS 5
94
95extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
96extern struct security_operations *security_ops;
97
98
99atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
100
101#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
102int selinux_enforcing;
103
104static int __init enforcing_setup(char *str)
105{
106 unsigned long enforcing;
107 if (!strict_strtoul(str, 0, &enforcing))
108 selinux_enforcing = enforcing ? 1 : 0;
109 return 1;
110}
111__setup("enforcing=", enforcing_setup);
112#endif
113
114#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
115int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
116
117static int __init selinux_enabled_setup(char *str)
118{
119 unsigned long enabled;
120 if (!strict_strtoul(str, 0, &enabled))
121 selinux_enabled = enabled ? 1 : 0;
122 return 1;
123}
124__setup("selinux=", selinux_enabled_setup);
125#else
126int selinux_enabled = 1;
127#endif
128
129static struct kmem_cache *sel_inode_cache;
130
131
132
133
134
135
136
137
138
139
140
141static int selinux_secmark_enabled(void)
142{
143 return (atomic_read(&selinux_secmark_refcount) > 0);
144}
145
146
147
148
149static void cred_init_security(void)
150{
151 struct cred *cred = (struct cred *) current->real_cred;
152 struct task_security_struct *tsec;
153
154 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
155 if (!tsec)
156 panic("SELinux: Failed to initialize initial task.\n");
157
158 tsec->osid = tsec->sid = SECINITSID_KERNEL;
159 cred->security = tsec;
160}
161
162
163
164
165static inline u32 cred_sid(const struct cred *cred)
166{
167 const struct task_security_struct *tsec;
168
169 tsec = cred->security;
170 return tsec->sid;
171}
172
173
174
175
176static inline u32 task_sid(const struct task_struct *task)
177{
178 u32 sid;
179
180 rcu_read_lock();
181 sid = cred_sid(__task_cred(task));
182 rcu_read_unlock();
183 return sid;
184}
185
186
187
188
189static inline u32 current_sid(void)
190{
191 const struct task_security_struct *tsec = current_security();
192
193 return tsec->sid;
194}
195
196
197
198static int inode_alloc_security(struct inode *inode)
199{
200 struct inode_security_struct *isec;
201 u32 sid = current_sid();
202
203 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
204 if (!isec)
205 return -ENOMEM;
206
207 mutex_init(&isec->lock);
208 INIT_LIST_HEAD(&isec->list);
209 isec->inode = inode;
210 isec->sid = SECINITSID_UNLABELED;
211 isec->sclass = SECCLASS_FILE;
212 isec->task_sid = sid;
213 inode->i_security = isec;
214
215 return 0;
216}
217
218static void inode_free_security(struct inode *inode)
219{
220 struct inode_security_struct *isec = inode->i_security;
221 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
222
223 spin_lock(&sbsec->isec_lock);
224 if (!list_empty(&isec->list))
225 list_del_init(&isec->list);
226 spin_unlock(&sbsec->isec_lock);
227
228 inode->i_security = NULL;
229 kmem_cache_free(sel_inode_cache, isec);
230}
231
232static int file_alloc_security(struct file *file)
233{
234 struct file_security_struct *fsec;
235 u32 sid = current_sid();
236
237 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
238 if (!fsec)
239 return -ENOMEM;
240
241 fsec->sid = sid;
242 fsec->fown_sid = sid;
243 file->f_security = fsec;
244
245 return 0;
246}
247
248static void file_free_security(struct file *file)
249{
250 struct file_security_struct *fsec = file->f_security;
251 file->f_security = NULL;
252 kfree(fsec);
253}
254
255static int superblock_alloc_security(struct super_block *sb)
256{
257 struct superblock_security_struct *sbsec;
258
259 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
260 if (!sbsec)
261 return -ENOMEM;
262
263 mutex_init(&sbsec->lock);
264 INIT_LIST_HEAD(&sbsec->isec_head);
265 spin_lock_init(&sbsec->isec_lock);
266 sbsec->sb = sb;
267 sbsec->sid = SECINITSID_UNLABELED;
268 sbsec->def_sid = SECINITSID_FILE;
269 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
270 sb->s_security = sbsec;
271
272 return 0;
273}
274
275static void superblock_free_security(struct super_block *sb)
276{
277 struct superblock_security_struct *sbsec = sb->s_security;
278 sb->s_security = NULL;
279 kfree(sbsec);
280}
281
282
283
284extern int ss_initialized;
285
286
287
288static const char *labeling_behaviors[6] = {
289 "uses xattr",
290 "uses transition SIDs",
291 "uses task SIDs",
292 "uses genfs_contexts",
293 "not configured for labeling",
294 "uses mountpoint labeling",
295};
296
297static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
298
299static inline int inode_doinit(struct inode *inode)
300{
301 return inode_doinit_with_dentry(inode, NULL);
302}
303
304enum {
305 Opt_error = -1,
306 Opt_context = 1,
307 Opt_fscontext = 2,
308 Opt_defcontext = 3,
309 Opt_rootcontext = 4,
310 Opt_labelsupport = 5,
311};
312
313static const match_table_t tokens = {
314 {Opt_context, CONTEXT_STR "%s"},
315 {Opt_fscontext, FSCONTEXT_STR "%s"},
316 {Opt_defcontext, DEFCONTEXT_STR "%s"},
317 {Opt_rootcontext, ROOTCONTEXT_STR "%s"},
318 {Opt_labelsupport, LABELSUPP_STR},
319 {Opt_error, NULL},
320};
321
322#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
323
324static int may_context_mount_sb_relabel(u32 sid,
325 struct superblock_security_struct *sbsec,
326 const struct cred *cred)
327{
328 const struct task_security_struct *tsec = cred->security;
329 int rc;
330
331 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
332 FILESYSTEM__RELABELFROM, NULL);
333 if (rc)
334 return rc;
335
336 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
337 FILESYSTEM__RELABELTO, NULL);
338 return rc;
339}
340
341static int may_context_mount_inode_relabel(u32 sid,
342 struct superblock_security_struct *sbsec,
343 const struct cred *cred)
344{
345 const struct task_security_struct *tsec = cred->security;
346 int rc;
347 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
348 FILESYSTEM__RELABELFROM, NULL);
349 if (rc)
350 return rc;
351
352 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
353 FILESYSTEM__ASSOCIATE, NULL);
354 return rc;
355}
356
357static int sb_finish_set_opts(struct super_block *sb)
358{
359 struct superblock_security_struct *sbsec = sb->s_security;
360 struct dentry *root = sb->s_root;
361 struct inode *root_inode = root->d_inode;
362 int rc = 0;
363
364 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
365
366
367
368
369
370 if (!root_inode->i_op->getxattr) {
371 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
372 "xattr support\n", sb->s_id, sb->s_type->name);
373 rc = -EOPNOTSUPP;
374 goto out;
375 }
376 rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
377 if (rc < 0 && rc != -ENODATA) {
378 if (rc == -EOPNOTSUPP)
379 printk(KERN_WARNING "SELinux: (dev %s, type "
380 "%s) has no security xattr handler\n",
381 sb->s_id, sb->s_type->name);
382 else
383 printk(KERN_WARNING "SELinux: (dev %s, type "
384 "%s) getxattr errno %d\n", sb->s_id,
385 sb->s_type->name, -rc);
386 goto out;
387 }
388 }
389
390 sbsec->flags |= (SE_SBINITIALIZED | SE_SBLABELSUPP);
391
392 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
393 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
394 sb->s_id, sb->s_type->name);
395 else
396 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
397 sb->s_id, sb->s_type->name,
398 labeling_behaviors[sbsec->behavior-1]);
399
400 if (sbsec->behavior == SECURITY_FS_USE_GENFS ||
401 sbsec->behavior == SECURITY_FS_USE_MNTPOINT ||
402 sbsec->behavior == SECURITY_FS_USE_NONE ||
403 sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
404 sbsec->flags &= ~SE_SBLABELSUPP;
405
406
407 if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
408 sbsec->flags |= SE_SBLABELSUPP;
409
410
411 rc = inode_doinit_with_dentry(root_inode, root);
412
413
414
415
416
417 spin_lock(&sbsec->isec_lock);
418next_inode:
419 if (!list_empty(&sbsec->isec_head)) {
420 struct inode_security_struct *isec =
421 list_entry(sbsec->isec_head.next,
422 struct inode_security_struct, list);
423 struct inode *inode = isec->inode;
424 spin_unlock(&sbsec->isec_lock);
425 inode = igrab(inode);
426 if (inode) {
427 if (!IS_PRIVATE(inode))
428 inode_doinit(inode);
429 iput(inode);
430 }
431 spin_lock(&sbsec->isec_lock);
432 list_del_init(&isec->list);
433 goto next_inode;
434 }
435 spin_unlock(&sbsec->isec_lock);
436out:
437 return rc;
438}
439
440
441
442
443
444
445static int selinux_get_mnt_opts(const struct super_block *sb,
446 struct security_mnt_opts *opts)
447{
448 int rc = 0, i;
449 struct superblock_security_struct *sbsec = sb->s_security;
450 char *context = NULL;
451 u32 len;
452 char tmp;
453
454 security_init_mnt_opts(opts);
455
456 if (!(sbsec->flags & SE_SBINITIALIZED))
457 return -EINVAL;
458
459 if (!ss_initialized)
460 return -EINVAL;
461
462 tmp = sbsec->flags & SE_MNTMASK;
463
464 for (i = 0; i < 8; i++) {
465 if (tmp & 0x01)
466 opts->num_mnt_opts++;
467 tmp >>= 1;
468 }
469
470 if (sbsec->flags & SE_SBLABELSUPP)
471 opts->num_mnt_opts++;
472
473 opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
474 if (!opts->mnt_opts) {
475 rc = -ENOMEM;
476 goto out_free;
477 }
478
479 opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);
480 if (!opts->mnt_opts_flags) {
481 rc = -ENOMEM;
482 goto out_free;
483 }
484
485 i = 0;
486 if (sbsec->flags & FSCONTEXT_MNT) {
487 rc = security_sid_to_context(sbsec->sid, &context, &len);
488 if (rc)
489 goto out_free;
490 opts->mnt_opts[i] = context;
491 opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
492 }
493 if (sbsec->flags & CONTEXT_MNT) {
494 rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
495 if (rc)
496 goto out_free;
497 opts->mnt_opts[i] = context;
498 opts->mnt_opts_flags[i++] = CONTEXT_MNT;
499 }
500 if (sbsec->flags & DEFCONTEXT_MNT) {
501 rc = security_sid_to_context(sbsec->def_sid, &context, &len);
502 if (rc)
503 goto out_free;
504 opts->mnt_opts[i] = context;
505 opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;
506 }
507 if (sbsec->flags & ROOTCONTEXT_MNT) {
508 struct inode *root = sbsec->sb->s_root->d_inode;
509 struct inode_security_struct *isec = root->i_security;
510
511 rc = security_sid_to_context(isec->sid, &context, &len);
512 if (rc)
513 goto out_free;
514 opts->mnt_opts[i] = context;
515 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
516 }
517 if (sbsec->flags & SE_SBLABELSUPP) {
518 opts->mnt_opts[i] = NULL;
519 opts->mnt_opts_flags[i++] = SE_SBLABELSUPP;
520 }
521
522 BUG_ON(i != opts->num_mnt_opts);
523
524 return 0;
525
526out_free:
527 security_free_mnt_opts(opts);
528 return rc;
529}
530
531static int bad_option(struct superblock_security_struct *sbsec, char flag,
532 u32 old_sid, u32 new_sid)
533{
534 char mnt_flags = sbsec->flags & SE_MNTMASK;
535
536
537 if (sbsec->flags & SE_SBINITIALIZED)
538 if (!(sbsec->flags & flag) ||
539 (old_sid != new_sid))
540 return 1;
541
542
543
544
545 if (!(sbsec->flags & SE_SBINITIALIZED))
546 if (mnt_flags & flag)
547 return 1;
548 return 0;
549}
550
551
552
553
554
555static int selinux_set_mnt_opts(struct super_block *sb,
556 struct security_mnt_opts *opts)
557{
558 const struct cred *cred = current_cred();
559 int rc = 0, i;
560 struct superblock_security_struct *sbsec = sb->s_security;
561 const char *name = sb->s_type->name;
562 struct inode *inode = sbsec->sb->s_root->d_inode;
563 struct inode_security_struct *root_isec = inode->i_security;
564 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
565 u32 defcontext_sid = 0;
566 char **mount_options = opts->mnt_opts;
567 int *flags = opts->mnt_opts_flags;
568 int num_opts = opts->num_mnt_opts;
569
570 mutex_lock(&sbsec->lock);
571
572 if (!ss_initialized) {
573 if (!num_opts) {
574
575
576
577 goto out;
578 }
579 rc = -EINVAL;
580 printk(KERN_WARNING "SELinux: Unable to set superblock options "
581 "before the security server is initialized\n");
582 goto out;
583 }
584
585
586
587
588
589
590
591
592
593
594
595
596 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
597 && (num_opts == 0))
598 goto out;
599
600
601
602
603
604
605 for (i = 0; i < num_opts; i++) {
606 u32 sid;
607
608 if (flags[i] == SE_SBLABELSUPP)
609 continue;
610 rc = security_context_to_sid(mount_options[i],
611 strlen(mount_options[i]), &sid);
612 if (rc) {
613 printk(KERN_WARNING "SELinux: security_context_to_sid"
614 "(%s) failed for (dev %s, type %s) errno=%d\n",
615 mount_options[i], sb->s_id, name, rc);
616 goto out;
617 }
618 switch (flags[i]) {
619 case FSCONTEXT_MNT:
620 fscontext_sid = sid;
621
622 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
623 fscontext_sid))
624 goto out_double_mount;
625
626 sbsec->flags |= FSCONTEXT_MNT;
627 break;
628 case CONTEXT_MNT:
629 context_sid = sid;
630
631 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
632 context_sid))
633 goto out_double_mount;
634
635 sbsec->flags |= CONTEXT_MNT;
636 break;
637 case ROOTCONTEXT_MNT:
638 rootcontext_sid = sid;
639
640 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
641 rootcontext_sid))
642 goto out_double_mount;
643
644 sbsec->flags |= ROOTCONTEXT_MNT;
645
646 break;
647 case DEFCONTEXT_MNT:
648 defcontext_sid = sid;
649
650 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
651 defcontext_sid))
652 goto out_double_mount;
653
654 sbsec->flags |= DEFCONTEXT_MNT;
655
656 break;
657 default:
658 rc = -EINVAL;
659 goto out;
660 }
661 }
662
663 if (sbsec->flags & SE_SBINITIALIZED) {
664
665 if ((sbsec->flags & SE_MNTMASK) && !num_opts)
666 goto out_double_mount;
667 rc = 0;
668 goto out;
669 }
670
671 if (strcmp(sb->s_type->name, "proc") == 0)
672 sbsec->flags |= SE_SBPROC;
673
674
675 rc = security_fs_use((sbsec->flags & SE_SBPROC) ? "proc" : sb->s_type->name, &sbsec->behavior, &sbsec->sid);
676 if (rc) {
677 printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
678 __func__, sb->s_type->name, rc);
679 goto out;
680 }
681
682
683 if (fscontext_sid) {
684 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
685 if (rc)
686 goto out;
687
688 sbsec->sid = fscontext_sid;
689 }
690
691
692
693
694
695
696 if (context_sid) {
697 if (!fscontext_sid) {
698 rc = may_context_mount_sb_relabel(context_sid, sbsec,
699 cred);
700 if (rc)
701 goto out;
702 sbsec->sid = context_sid;
703 } else {
704 rc = may_context_mount_inode_relabel(context_sid, sbsec,
705 cred);
706 if (rc)
707 goto out;
708 }
709 if (!rootcontext_sid)
710 rootcontext_sid = context_sid;
711
712 sbsec->mntpoint_sid = context_sid;
713 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
714 }
715
716 if (rootcontext_sid) {
717 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
718 cred);
719 if (rc)
720 goto out;
721
722 root_isec->sid = rootcontext_sid;
723 root_isec->initialized = 1;
724 }
725
726 if (defcontext_sid) {
727 if (sbsec->behavior != SECURITY_FS_USE_XATTR) {
728 rc = -EINVAL;
729 printk(KERN_WARNING "SELinux: defcontext option is "
730 "invalid for this filesystem type\n");
731 goto out;
732 }
733
734 if (defcontext_sid != sbsec->def_sid) {
735 rc = may_context_mount_inode_relabel(defcontext_sid,
736 sbsec, cred);
737 if (rc)
738 goto out;
739 }
740
741 sbsec->def_sid = defcontext_sid;
742 }
743
744 rc = sb_finish_set_opts(sb);
745out:
746 mutex_unlock(&sbsec->lock);
747 return rc;
748out_double_mount:
749 rc = -EINVAL;
750 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
751 "security settings for (dev %s, type %s)\n", sb->s_id, name);
752 goto out;
753}
754
755static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
756 struct super_block *newsb)
757{
758 const struct superblock_security_struct *oldsbsec = oldsb->s_security;
759 struct superblock_security_struct *newsbsec = newsb->s_security;
760
761 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
762 int set_context = (oldsbsec->flags & CONTEXT_MNT);
763 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
764
765
766
767
768
769 if (!ss_initialized)
770 return;
771
772
773 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
774
775
776 if (newsbsec->flags & SE_SBINITIALIZED)
777 return;
778
779 mutex_lock(&newsbsec->lock);
780
781 newsbsec->flags = oldsbsec->flags;
782
783 newsbsec->sid = oldsbsec->sid;
784 newsbsec->def_sid = oldsbsec->def_sid;
785 newsbsec->behavior = oldsbsec->behavior;
786
787 if (set_context) {
788 u32 sid = oldsbsec->mntpoint_sid;
789
790 if (!set_fscontext)
791 newsbsec->sid = sid;
792 if (!set_rootcontext) {
793 struct inode *newinode = newsb->s_root->d_inode;
794 struct inode_security_struct *newisec = newinode->i_security;
795 newisec->sid = sid;
796 }
797 newsbsec->mntpoint_sid = sid;
798 }
799 if (set_rootcontext) {
800 const struct inode *oldinode = oldsb->s_root->d_inode;
801 const struct inode_security_struct *oldisec = oldinode->i_security;
802 struct inode *newinode = newsb->s_root->d_inode;
803 struct inode_security_struct *newisec = newinode->i_security;
804
805 newisec->sid = oldisec->sid;
806 }
807
808 sb_finish_set_opts(newsb);
809 mutex_unlock(&newsbsec->lock);
810}
811
812static int selinux_parse_opts_str(char *options,
813 struct security_mnt_opts *opts)
814{
815 char *p;
816 char *context = NULL, *defcontext = NULL;
817 char *fscontext = NULL, *rootcontext = NULL;
818 int rc, num_mnt_opts = 0;
819
820 opts->num_mnt_opts = 0;
821
822
823 while ((p = strsep(&options, "|")) != NULL) {
824 int token;
825 substring_t args[MAX_OPT_ARGS];
826
827 if (!*p)
828 continue;
829
830 token = match_token(p, tokens, args);
831
832 switch (token) {
833 case Opt_context:
834 if (context || defcontext) {
835 rc = -EINVAL;
836 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
837 goto out_err;
838 }
839 context = match_strdup(&args[0]);
840 if (!context) {
841 rc = -ENOMEM;
842 goto out_err;
843 }
844 break;
845
846 case Opt_fscontext:
847 if (fscontext) {
848 rc = -EINVAL;
849 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
850 goto out_err;
851 }
852 fscontext = match_strdup(&args[0]);
853 if (!fscontext) {
854 rc = -ENOMEM;
855 goto out_err;
856 }
857 break;
858
859 case Opt_rootcontext:
860 if (rootcontext) {
861 rc = -EINVAL;
862 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
863 goto out_err;
864 }
865 rootcontext = match_strdup(&args[0]);
866 if (!rootcontext) {
867 rc = -ENOMEM;
868 goto out_err;
869 }
870 break;
871
872 case Opt_defcontext:
873 if (context || defcontext) {
874 rc = -EINVAL;
875 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
876 goto out_err;
877 }
878 defcontext = match_strdup(&args[0]);
879 if (!defcontext) {
880 rc = -ENOMEM;
881 goto out_err;
882 }
883 break;
884 case Opt_labelsupport:
885 break;
886 default:
887 rc = -EINVAL;
888 printk(KERN_WARNING "SELinux: unknown mount option\n");
889 goto out_err;
890
891 }
892 }
893
894 rc = -ENOMEM;
895 opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC);
896 if (!opts->mnt_opts)
897 goto out_err;
898
899 opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC);
900 if (!opts->mnt_opts_flags) {
901 kfree(opts->mnt_opts);
902 goto out_err;
903 }
904
905 if (fscontext) {
906 opts->mnt_opts[num_mnt_opts] = fscontext;
907 opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;
908 }
909 if (context) {
910 opts->mnt_opts[num_mnt_opts] = context;
911 opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;
912 }
913 if (rootcontext) {
914 opts->mnt_opts[num_mnt_opts] = rootcontext;
915 opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;
916 }
917 if (defcontext) {
918 opts->mnt_opts[num_mnt_opts] = defcontext;
919 opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;
920 }
921
922 opts->num_mnt_opts = num_mnt_opts;
923 return 0;
924
925out_err:
926 kfree(context);
927 kfree(defcontext);
928 kfree(fscontext);
929 kfree(rootcontext);
930 return rc;
931}
932
933
934
935static int superblock_doinit(struct super_block *sb, void *data)
936{
937 int rc = 0;
938 char *options = data;
939 struct security_mnt_opts opts;
940
941 security_init_mnt_opts(&opts);
942
943 if (!data)
944 goto out;
945
946 BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
947
948 rc = selinux_parse_opts_str(options, &opts);
949 if (rc)
950 goto out_err;
951
952out:
953 rc = selinux_set_mnt_opts(sb, &opts);
954
955out_err:
956 security_free_mnt_opts(&opts);
957 return rc;
958}
959
960static void selinux_write_opts(struct seq_file *m,
961 struct security_mnt_opts *opts)
962{
963 int i;
964 char *prefix;
965
966 for (i = 0; i < opts->num_mnt_opts; i++) {
967 char *has_comma;
968
969 if (opts->mnt_opts[i])
970 has_comma = strchr(opts->mnt_opts[i], ',');
971 else
972 has_comma = NULL;
973
974 switch (opts->mnt_opts_flags[i]) {
975 case CONTEXT_MNT:
976 prefix = CONTEXT_STR;
977 break;
978 case FSCONTEXT_MNT:
979 prefix = FSCONTEXT_STR;
980 break;
981 case ROOTCONTEXT_MNT:
982 prefix = ROOTCONTEXT_STR;
983 break;
984 case DEFCONTEXT_MNT:
985 prefix = DEFCONTEXT_STR;
986 break;
987 case SE_SBLABELSUPP:
988 seq_putc(m, ',');
989 seq_puts(m, LABELSUPP_STR);
990 continue;
991 default:
992 BUG();
993 return;
994 };
995
996 seq_putc(m, ',');
997 seq_puts(m, prefix);
998 if (has_comma)
999 seq_putc(m, '\"');
1000 seq_puts(m, opts->mnt_opts[i]);
1001 if (has_comma)
1002 seq_putc(m, '\"');
1003 }
1004}
1005
1006static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
1007{
1008 struct security_mnt_opts opts;
1009 int rc;
1010
1011 rc = selinux_get_mnt_opts(sb, &opts);
1012 if (rc) {
1013
1014 if (rc == -EINVAL)
1015 rc = 0;
1016 return rc;
1017 }
1018
1019 selinux_write_opts(m, &opts);
1020
1021 security_free_mnt_opts(&opts);
1022
1023 return rc;
1024}
1025
1026static inline u16 inode_mode_to_security_class(umode_t mode)
1027{
1028 switch (mode & S_IFMT) {
1029 case S_IFSOCK:
1030 return SECCLASS_SOCK_FILE;
1031 case S_IFLNK:
1032 return SECCLASS_LNK_FILE;
1033 case S_IFREG:
1034 return SECCLASS_FILE;
1035 case S_IFBLK:
1036 return SECCLASS_BLK_FILE;
1037 case S_IFDIR:
1038 return SECCLASS_DIR;
1039 case S_IFCHR:
1040 return SECCLASS_CHR_FILE;
1041 case S_IFIFO:
1042 return SECCLASS_FIFO_FILE;
1043
1044 }
1045
1046 return SECCLASS_FILE;
1047}
1048
1049static inline int default_protocol_stream(int protocol)
1050{
1051 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
1052}
1053
1054static inline int default_protocol_dgram(int protocol)
1055{
1056 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
1057}
1058
1059static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1060{
1061 switch (family) {
1062 case PF_UNIX:
1063 switch (type) {
1064 case SOCK_STREAM:
1065 case SOCK_SEQPACKET:
1066 return SECCLASS_UNIX_STREAM_SOCKET;
1067 case SOCK_DGRAM:
1068 return SECCLASS_UNIX_DGRAM_SOCKET;
1069 }
1070 break;
1071 case PF_INET:
1072 case PF_INET6:
1073 switch (type) {
1074 case SOCK_STREAM:
1075 if (default_protocol_stream(protocol))
1076 return SECCLASS_TCP_SOCKET;
1077 else
1078 return SECCLASS_RAWIP_SOCKET;
1079 case SOCK_DGRAM:
1080 if (default_protocol_dgram(protocol))
1081 return SECCLASS_UDP_SOCKET;
1082 else
1083 return SECCLASS_RAWIP_SOCKET;
1084 case SOCK_DCCP:
1085 return SECCLASS_DCCP_SOCKET;
1086 default:
1087 return SECCLASS_RAWIP_SOCKET;
1088 }
1089 break;
1090 case PF_NETLINK:
1091 switch (protocol) {
1092 case NETLINK_ROUTE:
1093 return SECCLASS_NETLINK_ROUTE_SOCKET;
1094 case NETLINK_FIREWALL:
1095 return SECCLASS_NETLINK_FIREWALL_SOCKET;
1096 case NETLINK_INET_DIAG:
1097 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1098 case NETLINK_NFLOG:
1099 return SECCLASS_NETLINK_NFLOG_SOCKET;
1100 case NETLINK_XFRM:
1101 return SECCLASS_NETLINK_XFRM_SOCKET;
1102 case NETLINK_SELINUX:
1103 return SECCLASS_NETLINK_SELINUX_SOCKET;
1104 case NETLINK_AUDIT:
1105 return SECCLASS_NETLINK_AUDIT_SOCKET;
1106 case NETLINK_IP6_FW:
1107 return SECCLASS_NETLINK_IP6FW_SOCKET;
1108 case NETLINK_DNRTMSG:
1109 return SECCLASS_NETLINK_DNRT_SOCKET;
1110 case NETLINK_KOBJECT_UEVENT:
1111 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1112 default:
1113 return SECCLASS_NETLINK_SOCKET;
1114 }
1115 case PF_PACKET:
1116 return SECCLASS_PACKET_SOCKET;
1117 case PF_KEY:
1118 return SECCLASS_KEY_SOCKET;
1119 case PF_APPLETALK:
1120 return SECCLASS_APPLETALK_SOCKET;
1121 }
1122
1123 return SECCLASS_SOCKET;
1124}
1125
1126#ifdef CONFIG_PROC_FS
1127static int selinux_proc_get_sid(struct dentry *dentry,
1128 u16 tclass,
1129 u32 *sid)
1130{
1131 int rc;
1132 char *buffer, *path;
1133
1134 buffer = (char *)__get_free_page(GFP_KERNEL);
1135 if (!buffer)
1136 return -ENOMEM;
1137
1138 path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
1139 if (IS_ERR(path))
1140 rc = PTR_ERR(path);
1141 else {
1142
1143
1144
1145 while (path[1] >= '0' && path[1] <= '9') {
1146 path[1] = '/';
1147 path++;
1148 }
1149 rc = security_genfs_sid("proc", path, tclass, sid);
1150 }
1151 free_page((unsigned long)buffer);
1152 return rc;
1153}
1154#else
1155static int selinux_proc_get_sid(struct dentry *dentry,
1156 u16 tclass,
1157 u32 *sid)
1158{
1159 return -EINVAL;
1160}
1161#endif
1162
1163
1164static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1165{
1166 struct superblock_security_struct *sbsec = NULL;
1167 struct inode_security_struct *isec = inode->i_security;
1168 u32 sid;
1169 struct dentry *dentry;
1170#define INITCONTEXTLEN 255
1171 char *context = NULL;
1172 unsigned len = 0;
1173 int rc = 0;
1174
1175 if (isec->initialized)
1176 goto out;
1177
1178 mutex_lock(&isec->lock);
1179 if (isec->initialized)
1180 goto out_unlock;
1181
1182 sbsec = inode->i_sb->s_security;
1183 if (!(sbsec->flags & SE_SBINITIALIZED)) {
1184
1185
1186
1187 spin_lock(&sbsec->isec_lock);
1188 if (list_empty(&isec->list))
1189 list_add(&isec->list, &sbsec->isec_head);
1190 spin_unlock(&sbsec->isec_lock);
1191 goto out_unlock;
1192 }
1193
1194 switch (sbsec->behavior) {
1195 case SECURITY_FS_USE_XATTR:
1196 if (!inode->i_op->getxattr) {
1197 isec->sid = sbsec->def_sid;
1198 break;
1199 }
1200
1201
1202
1203 if (opt_dentry) {
1204
1205 dentry = dget(opt_dentry);
1206 } else {
1207
1208 dentry = d_find_alias(inode);
1209 }
1210 if (!dentry) {
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220 goto out_unlock;
1221 }
1222
1223 len = INITCONTEXTLEN;
1224 context = kmalloc(len+1, GFP_NOFS);
1225 if (!context) {
1226 rc = -ENOMEM;
1227 dput(dentry);
1228 goto out_unlock;
1229 }
1230 context[len] = '\0';
1231 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1232 context, len);
1233 if (rc == -ERANGE) {
1234 kfree(context);
1235
1236
1237 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1238 NULL, 0);
1239 if (rc < 0) {
1240 dput(dentry);
1241 goto out_unlock;
1242 }
1243 len = rc;
1244 context = kmalloc(len+1, GFP_NOFS);
1245 if (!context) {
1246 rc = -ENOMEM;
1247 dput(dentry);
1248 goto out_unlock;
1249 }
1250 context[len] = '\0';
1251 rc = inode->i_op->getxattr(dentry,
1252 XATTR_NAME_SELINUX,
1253 context, len);
1254 }
1255 dput(dentry);
1256 if (rc < 0) {
1257 if (rc != -ENODATA) {
1258 printk(KERN_WARNING "SELinux: %s: getxattr returned "
1259 "%d for dev=%s ino=%ld\n", __func__,
1260 -rc, inode->i_sb->s_id, inode->i_ino);
1261 kfree(context);
1262 goto out_unlock;
1263 }
1264
1265 sid = sbsec->def_sid;
1266 rc = 0;
1267 } else {
1268 rc = security_context_to_sid_default(context, rc, &sid,
1269 sbsec->def_sid,
1270 GFP_NOFS);
1271 if (rc) {
1272 char *dev = inode->i_sb->s_id;
1273 unsigned long ino = inode->i_ino;
1274
1275 if (rc == -EINVAL) {
1276 if (printk_ratelimit())
1277 printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
1278 "context=%s. This indicates you may need to relabel the inode or the "
1279 "filesystem in question.\n", ino, dev, context);
1280 } else {
1281 printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
1282 "returned %d for dev=%s ino=%ld\n",
1283 __func__, context, -rc, dev, ino);
1284 }
1285 kfree(context);
1286
1287 rc = 0;
1288 break;
1289 }
1290 }
1291 kfree(context);
1292 isec->sid = sid;
1293 break;
1294 case SECURITY_FS_USE_TASK:
1295 isec->sid = isec->task_sid;
1296 break;
1297 case SECURITY_FS_USE_TRANS:
1298
1299 isec->sid = sbsec->sid;
1300
1301
1302 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1303 rc = security_transition_sid(isec->task_sid, sbsec->sid,
1304 isec->sclass, NULL, &sid);
1305 if (rc)
1306 goto out_unlock;
1307 isec->sid = sid;
1308 break;
1309 case SECURITY_FS_USE_MNTPOINT:
1310 isec->sid = sbsec->mntpoint_sid;
1311 break;
1312 default:
1313
1314 isec->sid = sbsec->sid;
1315
1316 if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
1317 if (opt_dentry) {
1318 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1319 rc = selinux_proc_get_sid(opt_dentry,
1320 isec->sclass,
1321 &sid);
1322 if (rc)
1323 goto out_unlock;
1324 isec->sid = sid;
1325 }
1326 }
1327 break;
1328 }
1329
1330 isec->initialized = 1;
1331
1332out_unlock:
1333 mutex_unlock(&isec->lock);
1334out:
1335 if (isec->sclass == SECCLASS_FILE)
1336 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1337 return rc;
1338}
1339
1340
1341static inline u32 signal_to_av(int sig)
1342{
1343 u32 perm = 0;
1344
1345 switch (sig) {
1346 case SIGCHLD:
1347
1348 perm = PROCESS__SIGCHLD;
1349 break;
1350 case SIGKILL:
1351
1352 perm = PROCESS__SIGKILL;
1353 break;
1354 case SIGSTOP:
1355
1356 perm = PROCESS__SIGSTOP;
1357 break;
1358 default:
1359
1360 perm = PROCESS__SIGNAL;
1361 break;
1362 }
1363
1364 return perm;
1365}
1366
1367
1368
1369
1370
1371static int cred_has_perm(const struct cred *actor,
1372 const struct cred *target,
1373 u32 perms)
1374{
1375 u32 asid = cred_sid(actor), tsid = cred_sid(target);
1376
1377 return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL);
1378}
1379
1380
1381
1382
1383
1384
1385
1386static int task_has_perm(const struct task_struct *tsk1,
1387 const struct task_struct *tsk2,
1388 u32 perms)
1389{
1390 const struct task_security_struct *__tsec1, *__tsec2;
1391 u32 sid1, sid2;
1392
1393 rcu_read_lock();
1394 __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid;
1395 __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid;
1396 rcu_read_unlock();
1397 return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL);
1398}
1399
1400
1401
1402
1403
1404
1405
1406static int current_has_perm(const struct task_struct *tsk,
1407 u32 perms)
1408{
1409 u32 sid, tsid;
1410
1411 sid = current_sid();
1412 tsid = task_sid(tsk);
1413 return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL);
1414}
1415
1416#if CAP_LAST_CAP > 63
1417#error Fix SELinux to handle capabilities > 63.
1418#endif
1419
1420
1421static int task_has_capability(struct task_struct *tsk,
1422 const struct cred *cred,
1423 int cap, int audit)
1424{
1425 struct common_audit_data ad;
1426 struct av_decision avd;
1427 u16 sclass;
1428 u32 sid = cred_sid(cred);
1429 u32 av = CAP_TO_MASK(cap);
1430 int rc;
1431
1432 COMMON_AUDIT_DATA_INIT(&ad, CAP);
1433 ad.tsk = tsk;
1434 ad.u.cap = cap;
1435
1436 switch (CAP_TO_INDEX(cap)) {
1437 case 0:
1438 sclass = SECCLASS_CAPABILITY;
1439 break;
1440 case 1:
1441 sclass = SECCLASS_CAPABILITY2;
1442 break;
1443 default:
1444 printk(KERN_ERR
1445 "SELinux: out of range capability %d\n", cap);
1446 BUG();
1447 return -EINVAL;
1448 }
1449
1450 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
1451 if (audit == SECURITY_CAP_AUDIT) {
1452 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0);
1453 if (rc2)
1454 return rc2;
1455 }
1456 return rc;
1457}
1458
1459
1460static int task_has_system(struct task_struct *tsk,
1461 u32 perms)
1462{
1463 u32 sid = task_sid(tsk);
1464
1465 return avc_has_perm(sid, SECINITSID_KERNEL,
1466 SECCLASS_SYSTEM, perms, NULL);
1467}
1468
1469
1470
1471
1472static int inode_has_perm(const struct cred *cred,
1473 struct inode *inode,
1474 u32 perms,
1475 struct common_audit_data *adp,
1476 unsigned flags)
1477{
1478 struct inode_security_struct *isec;
1479 u32 sid;
1480
1481 validate_creds(cred);
1482
1483 if (unlikely(IS_PRIVATE(inode)))
1484 return 0;
1485
1486 sid = cred_sid(cred);
1487 isec = inode->i_security;
1488
1489 return avc_has_perm_flags(sid, isec->sid, isec->sclass, perms, adp, flags);
1490}
1491
1492static int inode_has_perm_noadp(const struct cred *cred,
1493 struct inode *inode,
1494 u32 perms,
1495 unsigned flags)
1496{
1497 struct common_audit_data ad;
1498
1499 COMMON_AUDIT_DATA_INIT(&ad, INODE);
1500 ad.u.inode = inode;
1501 return inode_has_perm(cred, inode, perms, &ad, flags);
1502}
1503
1504
1505
1506
1507static inline int dentry_has_perm(const struct cred *cred,
1508 struct dentry *dentry,
1509 u32 av)
1510{
1511 struct inode *inode = dentry->d_inode;
1512 struct common_audit_data ad;
1513
1514 COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
1515 ad.u.dentry = dentry;
1516 return inode_has_perm(cred, inode, av, &ad, 0);
1517}
1518
1519
1520
1521
1522static inline int path_has_perm(const struct cred *cred,
1523 struct path *path,
1524 u32 av)
1525{
1526 struct inode *inode = path->dentry->d_inode;
1527 struct common_audit_data ad;
1528
1529 COMMON_AUDIT_DATA_INIT(&ad, PATH);
1530 ad.u.path = *path;
1531 return inode_has_perm(cred, inode, av, &ad, 0);
1532}
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542static int file_has_perm(const struct cred *cred,
1543 struct file *file,
1544 u32 av)
1545{
1546 struct file_security_struct *fsec = file->f_security;
1547 struct inode *inode = file->f_path.dentry->d_inode;
1548 struct common_audit_data ad;
1549 u32 sid = cred_sid(cred);
1550 int rc;
1551
1552 COMMON_AUDIT_DATA_INIT(&ad, PATH);
1553 ad.u.path = file->f_path;
1554
1555 if (sid != fsec->sid) {
1556 rc = avc_has_perm(sid, fsec->sid,
1557 SECCLASS_FD,
1558 FD__USE,
1559 &ad);
1560 if (rc)
1561 goto out;
1562 }
1563
1564
1565 rc = 0;
1566 if (av)
1567 rc = inode_has_perm(cred, inode, av, &ad, 0);
1568
1569out:
1570 return rc;
1571}
1572
1573
1574static int may_create(struct inode *dir,
1575 struct dentry *dentry,
1576 u16 tclass)
1577{
1578 const struct task_security_struct *tsec = current_security();
1579 struct inode_security_struct *dsec;
1580 struct superblock_security_struct *sbsec;
1581 u32 sid, newsid;
1582 struct common_audit_data ad;
1583 int rc;
1584
1585 dsec = dir->i_security;
1586 sbsec = dir->i_sb->s_security;
1587
1588 sid = tsec->sid;
1589 newsid = tsec->create_sid;
1590
1591 COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
1592 ad.u.dentry = dentry;
1593
1594 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
1595 DIR__ADD_NAME | DIR__SEARCH,
1596 &ad);
1597 if (rc)
1598 return rc;
1599
1600 if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
1601 rc = security_transition_sid(sid, dsec->sid, tclass,
1602 &dentry->d_name, &newsid);
1603 if (rc)
1604 return rc;
1605 }
1606
1607 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);
1608 if (rc)
1609 return rc;
1610
1611 return avc_has_perm(newsid, sbsec->sid,
1612 SECCLASS_FILESYSTEM,
1613 FILESYSTEM__ASSOCIATE, &ad);
1614}
1615
1616
1617static int may_create_key(u32 ksid,
1618 struct task_struct *ctx)
1619{
1620 u32 sid = task_sid(ctx);
1621
1622 return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1623}
1624
1625#define MAY_LINK 0
1626#define MAY_UNLINK 1
1627#define MAY_RMDIR 2
1628
1629
1630static int may_link(struct inode *dir,
1631 struct dentry *dentry,
1632 int kind)
1633
1634{
1635 struct inode_security_struct *dsec, *isec;
1636 struct common_audit_data ad;
1637 u32 sid = current_sid();
1638 u32 av;
1639 int rc;
1640
1641 dsec = dir->i_security;
1642 isec = dentry->d_inode->i_security;
1643
1644 COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
1645 ad.u.dentry = dentry;
1646
1647 av = DIR__SEARCH;
1648 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1649 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);
1650 if (rc)
1651 return rc;
1652
1653 switch (kind) {
1654 case MAY_LINK:
1655 av = FILE__LINK;
1656 break;
1657 case MAY_UNLINK:
1658 av = FILE__UNLINK;
1659 break;
1660 case MAY_RMDIR:
1661 av = DIR__RMDIR;
1662 break;
1663 default:
1664 printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
1665 __func__, kind);
1666 return 0;
1667 }
1668
1669 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);
1670 return rc;
1671}
1672
1673static inline int may_rename(struct inode *old_dir,
1674 struct dentry *old_dentry,
1675 struct inode *new_dir,
1676 struct dentry *new_dentry)
1677{
1678 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1679 struct common_audit_data ad;
1680 u32 sid = current_sid();
1681 u32 av;
1682 int old_is_dir, new_is_dir;
1683 int rc;
1684
1685 old_dsec = old_dir->i_security;
1686 old_isec = old_dentry->d_inode->i_security;
1687 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
1688 new_dsec = new_dir->i_security;
1689
1690 COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
1691
1692 ad.u.dentry = old_dentry;
1693 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
1694 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1695 if (rc)
1696 return rc;
1697 rc = avc_has_perm(sid, old_isec->sid,
1698 old_isec->sclass, FILE__RENAME, &ad);
1699 if (rc)
1700 return rc;
1701 if (old_is_dir && new_dir != old_dir) {
1702 rc = avc_has_perm(sid, old_isec->sid,
1703 old_isec->sclass, DIR__REPARENT, &ad);
1704 if (rc)
1705 return rc;
1706 }
1707
1708 ad.u.dentry = new_dentry;
1709 av = DIR__ADD_NAME | DIR__SEARCH;
1710 if (new_dentry->d_inode)
1711 av |= DIR__REMOVE_NAME;
1712 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1713 if (rc)
1714 return rc;
1715 if (new_dentry->d_inode) {
1716 new_isec = new_dentry->d_inode->i_security;
1717 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
1718 rc = avc_has_perm(sid, new_isec->sid,
1719 new_isec->sclass,
1720 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1721 if (rc)
1722 return rc;
1723 }
1724
1725 return 0;
1726}
1727
1728
1729static int superblock_has_perm(const struct cred *cred,
1730 struct super_block *sb,
1731 u32 perms,
1732 struct common_audit_data *ad)
1733{
1734 struct superblock_security_struct *sbsec;
1735 u32 sid = cred_sid(cred);
1736
1737 sbsec = sb->s_security;
1738 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
1739}
1740
1741
1742static inline u32 file_mask_to_av(int mode, int mask)
1743{
1744 u32 av = 0;
1745
1746 if ((mode & S_IFMT) != S_IFDIR) {
1747 if (mask & MAY_EXEC)
1748 av |= FILE__EXECUTE;
1749 if (mask & MAY_READ)
1750 av |= FILE__READ;
1751
1752 if (mask & MAY_APPEND)
1753 av |= FILE__APPEND;
1754 else if (mask & MAY_WRITE)
1755 av |= FILE__WRITE;
1756
1757 } else {
1758 if (mask & MAY_EXEC)
1759 av |= DIR__SEARCH;
1760 if (mask & MAY_WRITE)
1761 av |= DIR__WRITE;
1762 if (mask & MAY_READ)
1763 av |= DIR__READ;
1764 }
1765
1766 return av;
1767}
1768
1769
1770static inline u32 file_to_av(struct file *file)
1771{
1772 u32 av = 0;
1773
1774 if (file->f_mode & FMODE_READ)
1775 av |= FILE__READ;
1776 if (file->f_mode & FMODE_WRITE) {
1777 if (file->f_flags & O_APPEND)
1778 av |= FILE__APPEND;
1779 else
1780 av |= FILE__WRITE;
1781 }
1782 if (!av) {
1783
1784
1785
1786 av = FILE__IOCTL;
1787 }
1788
1789 return av;
1790}
1791
1792
1793
1794
1795
1796static inline u32 open_file_to_av(struct file *file)
1797{
1798 u32 av = file_to_av(file);
1799
1800 if (selinux_policycap_openperm)
1801 av |= FILE__OPEN;
1802
1803 return av;
1804}
1805
1806
1807
1808static int selinux_ptrace_access_check(struct task_struct *child,
1809 unsigned int mode)
1810{
1811 int rc;
1812
1813 rc = cap_ptrace_access_check(child, mode);
1814 if (rc)
1815 return rc;
1816
1817 if (mode == PTRACE_MODE_READ) {
1818 u32 sid = current_sid();
1819 u32 csid = task_sid(child);
1820 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
1821 }
1822
1823 return current_has_perm(child, PROCESS__PTRACE);
1824}
1825
1826static int selinux_ptrace_traceme(struct task_struct *parent)
1827{
1828 int rc;
1829
1830 rc = cap_ptrace_traceme(parent);
1831 if (rc)
1832 return rc;
1833
1834 return task_has_perm(parent, current, PROCESS__PTRACE);
1835}
1836
1837static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
1838 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1839{
1840 int error;
1841
1842 error = current_has_perm(target, PROCESS__GETCAP);
1843 if (error)
1844 return error;
1845
1846 return cap_capget(target, effective, inheritable, permitted);
1847}
1848
1849static int selinux_capset(struct cred *new, const struct cred *old,
1850 const kernel_cap_t *effective,
1851 const kernel_cap_t *inheritable,
1852 const kernel_cap_t *permitted)
1853{
1854 int error;
1855
1856 error = cap_capset(new, old,
1857 effective, inheritable, permitted);
1858 if (error)
1859 return error;
1860
1861 return cred_has_perm(old, new, PROCESS__SETCAP);
1862}
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874static int selinux_capable(struct task_struct *tsk, const struct cred *cred,
1875 struct user_namespace *ns, int cap, int audit)
1876{
1877 int rc;
1878
1879 rc = cap_capable(tsk, cred, ns, cap, audit);
1880 if (rc)
1881 return rc;
1882
1883 return task_has_capability(tsk, cred, cap, audit);
1884}
1885
1886static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1887{
1888 const struct cred *cred = current_cred();
1889 int rc = 0;
1890
1891 if (!sb)
1892 return 0;
1893
1894 switch (cmds) {
1895 case Q_SYNC:
1896 case Q_QUOTAON:
1897 case Q_QUOTAOFF:
1898 case Q_SETINFO:
1899 case Q_SETQUOTA:
1900 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
1901 break;
1902 case Q_GETFMT:
1903 case Q_GETINFO:
1904 case Q_GETQUOTA:
1905 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
1906 break;
1907 default:
1908 rc = 0;
1909 break;
1910 }
1911 return rc;
1912}
1913
1914static int selinux_quota_on(struct dentry *dentry)
1915{
1916 const struct cred *cred = current_cred();
1917
1918 return dentry_has_perm(cred, dentry, FILE__QUOTAON);
1919}
1920
1921static int selinux_syslog(int type)
1922{
1923 int rc;
1924
1925 switch (type) {
1926 case SYSLOG_ACTION_READ_ALL:
1927 case SYSLOG_ACTION_SIZE_BUFFER:
1928 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
1929 break;
1930 case SYSLOG_ACTION_CONSOLE_OFF:
1931 case SYSLOG_ACTION_CONSOLE_ON:
1932
1933 case SYSLOG_ACTION_CONSOLE_LEVEL:
1934 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
1935 break;
1936 case SYSLOG_ACTION_CLOSE:
1937 case SYSLOG_ACTION_OPEN:
1938 case SYSLOG_ACTION_READ:
1939 case SYSLOG_ACTION_READ_CLEAR:
1940 case SYSLOG_ACTION_CLEAR:
1941 default:
1942 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
1943 break;
1944 }
1945 return rc;
1946}
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
1957{
1958 int rc, cap_sys_admin = 0;
1959
1960 rc = selinux_capable(current, current_cred(),
1961 &init_user_ns, CAP_SYS_ADMIN,
1962 SECURITY_CAP_NOAUDIT);
1963 if (rc == 0)
1964 cap_sys_admin = 1;
1965
1966 return __vm_enough_memory(mm, pages, cap_sys_admin);
1967}
1968
1969
1970
1971static int selinux_bprm_set_creds(struct linux_binprm *bprm)
1972{
1973 const struct task_security_struct *old_tsec;
1974 struct task_security_struct *new_tsec;
1975 struct inode_security_struct *isec;
1976 struct common_audit_data ad;
1977 struct inode *inode = bprm->file->f_path.dentry->d_inode;
1978 int rc;
1979
1980 rc = cap_bprm_set_creds(bprm);
1981 if (rc)
1982 return rc;
1983
1984
1985
1986 if (bprm->cred_prepared)
1987 return 0;
1988
1989 old_tsec = current_security();
1990 new_tsec = bprm->cred->security;
1991 isec = inode->i_security;
1992
1993
1994 new_tsec->sid = old_tsec->sid;
1995 new_tsec->osid = old_tsec->sid;
1996
1997
1998 new_tsec->create_sid = 0;
1999 new_tsec->keycreate_sid = 0;
2000 new_tsec->sockcreate_sid = 0;
2001
2002 if (old_tsec->exec_sid) {
2003 new_tsec->sid = old_tsec->exec_sid;
2004
2005 new_tsec->exec_sid = 0;
2006 } else {
2007
2008 rc = security_transition_sid(old_tsec->sid, isec->sid,
2009 SECCLASS_PROCESS, NULL,
2010 &new_tsec->sid);
2011 if (rc)
2012 return rc;
2013 }
2014
2015 COMMON_AUDIT_DATA_INIT(&ad, PATH);
2016 ad.u.path = bprm->file->f_path;
2017
2018 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
2019 new_tsec->sid = old_tsec->sid;
2020
2021 if (new_tsec->sid == old_tsec->sid) {
2022 rc = avc_has_perm(old_tsec->sid, isec->sid,
2023 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2024 if (rc)
2025 return rc;
2026 } else {
2027
2028 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2029 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2030 if (rc)
2031 return rc;
2032
2033 rc = avc_has_perm(new_tsec->sid, isec->sid,
2034 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2035 if (rc)
2036 return rc;
2037
2038
2039 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2040 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2041 SECCLASS_PROCESS, PROCESS__SHARE,
2042 NULL);
2043 if (rc)
2044 return -EPERM;
2045 }
2046
2047
2048
2049 if (bprm->unsafe &
2050 (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
2051 struct task_struct *tracer;
2052 struct task_security_struct *sec;
2053 u32 ptsid = 0;
2054
2055 rcu_read_lock();
2056 tracer = tracehook_tracer_task(current);
2057 if (likely(tracer != NULL)) {
2058 sec = __task_cred(tracer)->security;
2059 ptsid = sec->sid;
2060 }
2061 rcu_read_unlock();
2062
2063 if (ptsid != 0) {
2064 rc = avc_has_perm(ptsid, new_tsec->sid,
2065 SECCLASS_PROCESS,
2066 PROCESS__PTRACE, NULL);
2067 if (rc)
2068 return -EPERM;
2069 }
2070 }
2071
2072
2073 bprm->per_clear |= PER_CLEAR_ON_SETID;
2074 }
2075
2076 return 0;
2077}
2078
2079static int selinux_bprm_secureexec(struct linux_binprm *bprm)
2080{
2081 const struct task_security_struct *tsec = current_security();
2082 u32 sid, osid;
2083 int atsecure = 0;
2084
2085 sid = tsec->sid;
2086 osid = tsec->osid;
2087
2088 if (osid != sid) {
2089
2090
2091
2092 atsecure = avc_has_perm(osid, sid,
2093 SECCLASS_PROCESS,
2094 PROCESS__NOATSECURE, NULL);
2095 }
2096
2097 return (atsecure || cap_bprm_secureexec(bprm));
2098}
2099
2100extern struct vfsmount *selinuxfs_mount;
2101extern struct dentry *selinux_null;
2102
2103
2104static inline void flush_unauthorized_files(const struct cred *cred,
2105 struct files_struct *files)
2106{
2107 struct common_audit_data ad;
2108 struct file *file, *devnull = NULL;
2109 struct tty_struct *tty;
2110 struct fdtable *fdt;
2111 long j = -1;
2112 int drop_tty = 0;
2113
2114 tty = get_current_tty();
2115 if (tty) {
2116 spin_lock(&tty_files_lock);
2117 if (!list_empty(&tty->tty_files)) {
2118 struct tty_file_private *file_priv;
2119 struct inode *inode;
2120
2121
2122
2123
2124
2125
2126 file_priv = list_first_entry(&tty->tty_files,
2127 struct tty_file_private, list);
2128 file = file_priv->file;
2129 inode = file->f_path.dentry->d_inode;
2130 if (inode_has_perm_noadp(cred, inode,
2131 FILE__READ | FILE__WRITE, 0)) {
2132 drop_tty = 1;
2133 }
2134 }
2135 spin_unlock(&tty_files_lock);
2136 tty_kref_put(tty);
2137 }
2138
2139 if (drop_tty)
2140 no_tty();
2141
2142
2143
2144 COMMON_AUDIT_DATA_INIT(&ad, INODE);
2145
2146 spin_lock(&files->file_lock);
2147 for (;;) {
2148 unsigned long set, i;
2149 int fd;
2150
2151 j++;
2152 i = j * __NFDBITS;
2153 fdt = files_fdtable(files);
2154 if (i >= fdt->max_fds)
2155 break;
2156 set = fdt->open_fds->fds_bits[j];
2157 if (!set)
2158 continue;
2159 spin_unlock(&files->file_lock);
2160 for ( ; set ; i++, set >>= 1) {
2161 if (set & 1) {
2162 file = fget(i);
2163 if (!file)
2164 continue;
2165 if (file_has_perm(cred,
2166 file,
2167 file_to_av(file))) {
2168 sys_close(i);
2169 fd = get_unused_fd();
2170 if (fd != i) {
2171 if (fd >= 0)
2172 put_unused_fd(fd);
2173 fput(file);
2174 continue;
2175 }
2176 if (devnull) {
2177 get_file(devnull);
2178 } else {
2179 devnull = dentry_open(
2180 dget(selinux_null),
2181 mntget(selinuxfs_mount),
2182 O_RDWR, cred);
2183 if (IS_ERR(devnull)) {
2184 devnull = NULL;
2185 put_unused_fd(fd);
2186 fput(file);
2187 continue;
2188 }
2189 }
2190 fd_install(fd, devnull);
2191 }
2192 fput(file);
2193 }
2194 }
2195 spin_lock(&files->file_lock);
2196
2197 }
2198 spin_unlock(&files->file_lock);
2199}
2200
2201
2202
2203
2204static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2205{
2206 struct task_security_struct *new_tsec;
2207 struct rlimit *rlim, *initrlim;
2208 int rc, i;
2209
2210 new_tsec = bprm->cred->security;
2211 if (new_tsec->sid == new_tsec->osid)
2212 return;
2213
2214
2215 flush_unauthorized_files(bprm->cred, current->files);
2216
2217
2218 current->pdeath_signal = 0;
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2231 PROCESS__RLIMITINH, NULL);
2232 if (rc) {
2233
2234 task_lock(current);
2235 for (i = 0; i < RLIM_NLIMITS; i++) {
2236 rlim = current->signal->rlim + i;
2237 initrlim = init_task.signal->rlim + i;
2238 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2239 }
2240 task_unlock(current);
2241 update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
2242 }
2243}
2244
2245
2246
2247
2248
2249static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2250{
2251 const struct task_security_struct *tsec = current_security();
2252 struct itimerval itimer;
2253 u32 osid, sid;
2254 int rc, i;
2255
2256 osid = tsec->osid;
2257 sid = tsec->sid;
2258
2259 if (sid == osid)
2260 return;
2261
2262
2263
2264
2265
2266
2267
2268
2269 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2270 if (rc) {
2271 memset(&itimer, 0, sizeof itimer);
2272 for (i = 0; i < 3; i++)
2273 do_setitimer(i, &itimer, NULL);
2274 spin_lock_irq(¤t->sighand->siglock);
2275 if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) {
2276 __flush_signals(current);
2277 flush_signal_handlers(current, 1);
2278 sigemptyset(¤t->blocked);
2279 }
2280 spin_unlock_irq(¤t->sighand->siglock);
2281 }
2282
2283
2284
2285 read_lock(&tasklist_lock);
2286 __wake_up_parent(current, current->real_parent);
2287 read_unlock(&tasklist_lock);
2288}
2289
2290
2291
2292static int selinux_sb_alloc_security(struct super_block *sb)
2293{
2294 return superblock_alloc_security(sb);
2295}
2296
2297static void selinux_sb_free_security(struct super_block *sb)
2298{
2299 superblock_free_security(sb);
2300}
2301
2302static inline int match_prefix(char *prefix, int plen, char *option, int olen)
2303{
2304 if (plen > olen)
2305 return 0;
2306
2307 return !memcmp(prefix, option, plen);
2308}
2309
2310static inline int selinux_option(char *option, int len)
2311{
2312 return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) ||
2313 match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) ||
2314 match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) ||
2315 match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) ||
2316 match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len));
2317}
2318
2319static inline void take_option(char **to, char *from, int *first, int len)
2320{
2321 if (!*first) {
2322 **to = ',';
2323 *to += 1;
2324 } else
2325 *first = 0;
2326 memcpy(*to, from, len);
2327 *to += len;
2328}
2329
2330static inline void take_selinux_option(char **to, char *from, int *first,
2331 int len)
2332{
2333 int current_size = 0;
2334
2335 if (!*first) {
2336 **to = '|';
2337 *to += 1;
2338 } else
2339 *first = 0;
2340
2341 while (current_size < len) {
2342 if (*from != '"') {
2343 **to = *from;
2344 *to += 1;
2345 }
2346 from += 1;
2347 current_size += 1;
2348 }
2349}
2350
2351static int selinux_sb_copy_data(char *orig, char *copy)
2352{
2353 int fnosec, fsec, rc = 0;
2354 char *in_save, *in_curr, *in_end;
2355 char *sec_curr, *nosec_save, *nosec;
2356 int open_quote = 0;
2357
2358 in_curr = orig;
2359 sec_curr = copy;
2360
2361 nosec = (char *)get_zeroed_page(GFP_KERNEL);
2362 if (!nosec) {
2363 rc = -ENOMEM;
2364 goto out;
2365 }
2366
2367 nosec_save = nosec;
2368 fnosec = fsec = 1;
2369 in_save = in_end = orig;
2370
2371 do {
2372 if (*in_end == '"')
2373 open_quote = !open_quote;
2374 if ((*in_end == ',' && open_quote == 0) ||
2375 *in_end == '\0') {
2376 int len = in_end - in_curr;
2377
2378 if (selinux_option(in_curr, len))
2379 take_selinux_option(&sec_curr, in_curr, &fsec, len);
2380 else
2381 take_option(&nosec, in_curr, &fnosec, len);
2382
2383 in_curr = in_end + 1;
2384 }
2385 } while (*in_end++);
2386
2387 strcpy(in_save, nosec_save);
2388 free_page((unsigned long)nosec_save);
2389out:
2390 return rc;
2391}
2392
2393static int selinux_sb_remount(struct super_block *sb, void *data)
2394{
2395 int rc, i, *flags;
2396 struct security_mnt_opts opts;
2397 char *secdata, **mount_options;
2398 struct superblock_security_struct *sbsec = sb->s_security;
2399
2400 if (!(sbsec->flags & SE_SBINITIALIZED))
2401 return 0;
2402
2403 if (!data)
2404 return 0;
2405
2406 if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
2407 return 0;
2408
2409 security_init_mnt_opts(&opts);
2410 secdata = alloc_secdata();
2411 if (!secdata)
2412 return -ENOMEM;
2413 rc = selinux_sb_copy_data(data, secdata);
2414 if (rc)
2415 goto out_free_secdata;
2416
2417 rc = selinux_parse_opts_str(secdata, &opts);
2418 if (rc)
2419 goto out_free_secdata;
2420
2421 mount_options = opts.mnt_opts;
2422 flags = opts.mnt_opts_flags;
2423
2424 for (i = 0; i < opts.num_mnt_opts; i++) {
2425 u32 sid;
2426 size_t len;
2427
2428 if (flags[i] == SE_SBLABELSUPP)
2429 continue;
2430 len = strlen(mount_options[i]);
2431 rc = security_context_to_sid(mount_options[i], len, &sid);
2432 if (rc) {
2433 printk(KERN_WARNING "SELinux: security_context_to_sid"
2434 "(%s) failed for (dev %s, type %s) errno=%d\n",
2435 mount_options[i], sb->s_id, sb->s_type->name, rc);
2436 goto out_free_opts;
2437 }
2438 rc = -EINVAL;
2439 switch (flags[i]) {
2440 case FSCONTEXT_MNT:
2441 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
2442 goto out_bad_option;
2443 break;
2444 case CONTEXT_MNT:
2445 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
2446 goto out_bad_option;
2447 break;
2448 case ROOTCONTEXT_MNT: {
2449 struct inode_security_struct *root_isec;
2450 root_isec = sb->s_root->d_inode->i_security;
2451
2452 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
2453 goto out_bad_option;
2454 break;
2455 }
2456 case DEFCONTEXT_MNT:
2457 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
2458 goto out_bad_option;
2459 break;
2460 default:
2461 goto out_free_opts;
2462 }
2463 }
2464
2465 rc = 0;
2466out_free_opts:
2467 security_free_mnt_opts(&opts);
2468out_free_secdata:
2469 free_secdata(secdata);
2470 return rc;
2471out_bad_option:
2472 printk(KERN_WARNING "SELinux: unable to change security options "
2473 "during remount (dev %s, type=%s)\n", sb->s_id,
2474 sb->s_type->name);
2475 goto out_free_opts;
2476}
2477
2478static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2479{
2480 const struct cred *cred = current_cred();
2481 struct common_audit_data ad;
2482 int rc;
2483
2484 rc = superblock_doinit(sb, data);
2485 if (rc)
2486 return rc;
2487
2488
2489 if (flags & MS_KERNMOUNT)
2490 return 0;
2491
2492 COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
2493 ad.u.dentry = sb->s_root;
2494 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2495}
2496
2497static int selinux_sb_statfs(struct dentry *dentry)
2498{
2499 const struct cred *cred = current_cred();
2500 struct common_audit_data ad;
2501
2502 COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
2503 ad.u.dentry = dentry->d_sb->s_root;
2504 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2505}
2506
2507static int selinux_mount(char *dev_name,
2508 struct path *path,
2509 char *type,
2510 unsigned long flags,
2511 void *data)
2512{
2513 const struct cred *cred = current_cred();
2514
2515 if (flags & MS_REMOUNT)
2516 return superblock_has_perm(cred, path->mnt->mnt_sb,
2517 FILESYSTEM__REMOUNT, NULL);
2518 else
2519 return path_has_perm(cred, path, FILE__MOUNTON);
2520}
2521
2522static int selinux_umount(struct vfsmount *mnt, int flags)
2523{
2524 const struct cred *cred = current_cred();
2525
2526 return superblock_has_perm(cred, mnt->mnt_sb,
2527 FILESYSTEM__UNMOUNT, NULL);
2528}
2529
2530
2531
2532static int selinux_inode_alloc_security(struct inode *inode)
2533{
2534 return inode_alloc_security(inode);
2535}
2536
2537static void selinux_inode_free_security(struct inode *inode)
2538{
2539 inode_free_security(inode);
2540}
2541
2542static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2543 const struct qstr *qstr, char **name,
2544 void **value, size_t *len)
2545{
2546 const struct task_security_struct *tsec = current_security();
2547 struct inode_security_struct *dsec;
2548 struct superblock_security_struct *sbsec;
2549 u32 sid, newsid, clen;
2550 int rc;
2551 char *namep = NULL, *context;
2552
2553 dsec = dir->i_security;
2554 sbsec = dir->i_sb->s_security;
2555
2556 sid = tsec->sid;
2557 newsid = tsec->create_sid;
2558
2559 if ((sbsec->flags & SE_SBINITIALIZED) &&
2560 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT))
2561 newsid = sbsec->mntpoint_sid;
2562 else if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
2563 rc = security_transition_sid(sid, dsec->sid,
2564 inode_mode_to_security_class(inode->i_mode),
2565 qstr, &newsid);
2566 if (rc) {
2567 printk(KERN_WARNING "%s: "
2568 "security_transition_sid failed, rc=%d (dev=%s "
2569 "ino=%ld)\n",
2570 __func__,
2571 -rc, inode->i_sb->s_id, inode->i_ino);
2572 return rc;
2573 }
2574 }
2575
2576
2577 if (sbsec->flags & SE_SBINITIALIZED) {
2578 struct inode_security_struct *isec = inode->i_security;
2579 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2580 isec->sid = newsid;
2581 isec->initialized = 1;
2582 }
2583
2584 if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP))
2585 return -EOPNOTSUPP;
2586
2587 if (name) {
2588 namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS);
2589 if (!namep)
2590 return -ENOMEM;
2591 *name = namep;
2592 }
2593
2594 if (value && len) {
2595 rc = security_sid_to_context_force(newsid, &context, &clen);
2596 if (rc) {
2597 kfree(namep);
2598 return rc;
2599 }
2600 *value = context;
2601 *len = clen;
2602 }
2603
2604 return 0;
2605}
2606
2607static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask)
2608{
2609 return may_create(dir, dentry, SECCLASS_FILE);
2610}
2611
2612static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2613{
2614 return may_link(dir, old_dentry, MAY_LINK);
2615}
2616
2617static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2618{
2619 return may_link(dir, dentry, MAY_UNLINK);
2620}
2621
2622static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2623{
2624 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2625}
2626
2627static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask)
2628{
2629 return may_create(dir, dentry, SECCLASS_DIR);
2630}
2631
2632static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2633{
2634 return may_link(dir, dentry, MAY_RMDIR);
2635}
2636
2637static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
2638{
2639 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2640}
2641
2642static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2643 struct inode *new_inode, struct dentry *new_dentry)
2644{
2645 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2646}
2647
2648static int selinux_inode_readlink(struct dentry *dentry)
2649{
2650 const struct cred *cred = current_cred();
2651
2652 return dentry_has_perm(cred, dentry, FILE__READ);
2653}
2654
2655static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
2656{
2657 const struct cred *cred = current_cred();
2658
2659 return dentry_has_perm(cred, dentry, FILE__READ);
2660}
2661
2662static int selinux_inode_permission(struct inode *inode, int mask, unsigned flags)
2663{
2664 const struct cred *cred = current_cred();
2665 struct common_audit_data ad;
2666 u32 perms;
2667 bool from_access;
2668
2669 from_access = mask & MAY_ACCESS;
2670 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
2671
2672
2673 if (!mask)
2674 return 0;
2675
2676 COMMON_AUDIT_DATA_INIT(&ad, INODE);
2677 ad.u.inode = inode;
2678
2679 if (from_access)
2680 ad.selinux_audit_data.auditdeny |= FILE__AUDIT_ACCESS;
2681
2682 perms = file_mask_to_av(inode->i_mode, mask);
2683
2684 return inode_has_perm(cred, inode, perms, &ad, flags);
2685}
2686
2687static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2688{
2689 const struct cred *cred = current_cred();
2690 unsigned int ia_valid = iattr->ia_valid;
2691
2692
2693 if (ia_valid & ATTR_FORCE) {
2694 ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE |
2695 ATTR_FORCE);
2696 if (!ia_valid)
2697 return 0;
2698 }
2699
2700 if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
2701 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
2702 return dentry_has_perm(cred, dentry, FILE__SETATTR);
2703
2704 return dentry_has_perm(cred, dentry, FILE__WRITE);
2705}
2706
2707static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
2708{
2709 const struct cred *cred = current_cred();
2710 struct path path;
2711
2712 path.dentry = dentry;
2713 path.mnt = mnt;
2714
2715 return path_has_perm(cred, &path, FILE__GETATTR);
2716}
2717
2718static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
2719{
2720 const struct cred *cred = current_cred();
2721
2722 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2723 sizeof XATTR_SECURITY_PREFIX - 1)) {
2724 if (!strcmp(name, XATTR_NAME_CAPS)) {
2725 if (!capable(CAP_SETFCAP))
2726 return -EPERM;
2727 } else if (!capable(CAP_SYS_ADMIN)) {
2728
2729
2730 return -EPERM;
2731 }
2732 }
2733
2734
2735
2736 return dentry_has_perm(cred, dentry, FILE__SETATTR);
2737}
2738
2739static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2740 const void *value, size_t size, int flags)
2741{
2742 struct inode *inode = dentry->d_inode;
2743 struct inode_security_struct *isec = inode->i_security;
2744 struct superblock_security_struct *sbsec;
2745 struct common_audit_data ad;
2746 u32 newsid, sid = current_sid();
2747 int rc = 0;
2748
2749 if (strcmp(name, XATTR_NAME_SELINUX))
2750 return selinux_inode_setotherxattr(dentry, name);
2751
2752 sbsec = inode->i_sb->s_security;
2753 if (!(sbsec->flags & SE_SBLABELSUPP))
2754 return -EOPNOTSUPP;
2755
2756 if (!inode_owner_or_capable(inode))
2757 return -EPERM;
2758
2759 COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
2760 ad.u.dentry = dentry;
2761
2762 rc = avc_has_perm(sid, isec->sid, isec->sclass,
2763 FILE__RELABELFROM, &ad);
2764 if (rc)
2765 return rc;
2766
2767 rc = security_context_to_sid(value, size, &newsid);
2768 if (rc == -EINVAL) {
2769 if (!capable(CAP_MAC_ADMIN))
2770 return rc;
2771 rc = security_context_to_sid_force(value, size, &newsid);
2772 }
2773 if (rc)
2774 return rc;
2775
2776 rc = avc_has_perm(sid, newsid, isec->sclass,
2777 FILE__RELABELTO, &ad);
2778 if (rc)
2779 return rc;
2780
2781 rc = security_validate_transition(isec->sid, newsid, sid,
2782 isec->sclass);
2783 if (rc)
2784 return rc;
2785
2786 return avc_has_perm(newsid,
2787 sbsec->sid,
2788 SECCLASS_FILESYSTEM,
2789 FILESYSTEM__ASSOCIATE,
2790 &ad);
2791}
2792
2793static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
2794 const void *value, size_t size,
2795 int flags)
2796{
2797 struct inode *inode = dentry->d_inode;
2798 struct inode_security_struct *isec = inode->i_security;
2799 u32 newsid;
2800 int rc;
2801
2802 if (strcmp(name, XATTR_NAME_SELINUX)) {
2803
2804 return;
2805 }
2806
2807 rc = security_context_to_sid_force(value, size, &newsid);
2808 if (rc) {
2809 printk(KERN_ERR "SELinux: unable to map context to SID"
2810 "for (%s, %lu), rc=%d\n",
2811 inode->i_sb->s_id, inode->i_ino, -rc);
2812 return;
2813 }
2814
2815 isec->sid = newsid;
2816 return;
2817}
2818
2819static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
2820{
2821 const struct cred *cred = current_cred();
2822
2823 return dentry_has_perm(cred, dentry, FILE__GETATTR);
2824}
2825
2826static int selinux_inode_listxattr(struct dentry *dentry)
2827{
2828 const struct cred *cred = current_cred();
2829
2830 return dentry_has_perm(cred, dentry, FILE__GETATTR);
2831}
2832
2833static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
2834{
2835 if (strcmp(name, XATTR_NAME_SELINUX))
2836 return selinux_inode_setotherxattr(dentry, name);
2837
2838
2839
2840 return -EACCES;
2841}
2842
2843
2844
2845
2846
2847
2848static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
2849{
2850 u32 size;
2851 int error;
2852 char *context = NULL;
2853 struct inode_security_struct *isec = inode->i_security;
2854
2855 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2856 return -EOPNOTSUPP;
2857
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867 error = selinux_capable(current, current_cred(),
2868 &init_user_ns, CAP_MAC_ADMIN,
2869 SECURITY_CAP_NOAUDIT);
2870 if (!error)
2871 error = security_sid_to_context_force(isec->sid, &context,
2872 &size);
2873 else
2874 error = security_sid_to_context(isec->sid, &context, &size);
2875 if (error)
2876 return error;
2877 error = size;
2878 if (alloc) {
2879 *buffer = context;
2880 goto out_nofree;
2881 }
2882 kfree(context);
2883out_nofree:
2884 return error;
2885}
2886
2887static int selinux_inode_setsecurity(struct inode *inode, const char *name,
2888 const void *value, size_t size, int flags)
2889{
2890 struct inode_security_struct *isec = inode->i_security;
2891 u32 newsid;
2892 int rc;
2893
2894 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2895 return -EOPNOTSUPP;
2896
2897 if (!value || !size)
2898 return -EACCES;
2899
2900 rc = security_context_to_sid((void *)value, size, &newsid);
2901 if (rc)
2902 return rc;
2903
2904 isec->sid = newsid;
2905 isec->initialized = 1;
2906 return 0;
2907}
2908
2909static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
2910{
2911 const int len = sizeof(XATTR_NAME_SELINUX);
2912 if (buffer && len <= buffer_size)
2913 memcpy(buffer, XATTR_NAME_SELINUX, len);
2914 return len;
2915}
2916
2917static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
2918{
2919 struct inode_security_struct *isec = inode->i_security;
2920 *secid = isec->sid;
2921}
2922
2923
2924
2925static int selinux_revalidate_file_permission(struct file *file, int mask)
2926{
2927 const struct cred *cred = current_cred();
2928 struct inode *inode = file->f_path.dentry->d_inode;
2929
2930
2931 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
2932 mask |= MAY_APPEND;
2933
2934 return file_has_perm(cred, file,
2935 file_mask_to_av(inode->i_mode, mask));
2936}
2937
2938static int selinux_file_permission(struct file *file, int mask)
2939{
2940 struct inode *inode = file->f_path.dentry->d_inode;
2941 struct file_security_struct *fsec = file->f_security;
2942 struct inode_security_struct *isec = inode->i_security;
2943 u32 sid = current_sid();
2944
2945 if (!mask)
2946
2947 return 0;
2948
2949 if (sid == fsec->sid && fsec->isid == isec->sid &&
2950 fsec->pseqno == avc_policy_seqno())
2951
2952 return 0;
2953
2954 return selinux_revalidate_file_permission(file, mask);
2955}
2956
2957static int selinux_file_alloc_security(struct file *file)
2958{
2959 return file_alloc_security(file);
2960}
2961
2962static void selinux_file_free_security(struct file *file)
2963{
2964 file_free_security(file);
2965}
2966
2967static int selinux_file_ioctl(struct file *file, unsigned int cmd,
2968 unsigned long arg)
2969{
2970 const struct cred *cred = current_cred();
2971 int error = 0;
2972
2973 switch (cmd) {
2974 case FIONREAD:
2975
2976 case FIBMAP:
2977
2978 case FIGETBSZ:
2979
2980 case EXT2_IOC_GETFLAGS:
2981
2982 case EXT2_IOC_GETVERSION:
2983 error = file_has_perm(cred, file, FILE__GETATTR);
2984 break;
2985
2986 case EXT2_IOC_SETFLAGS:
2987
2988 case EXT2_IOC_SETVERSION:
2989 error = file_has_perm(cred, file, FILE__SETATTR);
2990 break;
2991
2992
2993 case FIONBIO:
2994
2995 case FIOASYNC:
2996 error = file_has_perm(cred, file, 0);
2997 break;
2998
2999 case KDSKBENT:
3000 case KDSKBSENT:
3001 error = task_has_capability(current, cred, CAP_SYS_TTY_CONFIG,
3002 SECURITY_CAP_AUDIT);
3003 break;
3004
3005
3006
3007
3008 default:
3009 error = file_has_perm(cred, file, FILE__IOCTL);
3010 }
3011 return error;
3012}
3013
3014static int default_noexec;
3015
3016static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
3017{
3018 const struct cred *cred = current_cred();
3019 int rc = 0;
3020
3021 if (default_noexec &&
3022 (prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
3023
3024
3025
3026
3027
3028 rc = cred_has_perm(cred, cred, PROCESS__EXECMEM);
3029 if (rc)
3030 goto error;
3031 }
3032
3033 if (file) {
3034
3035 u32 av = FILE__READ;
3036
3037
3038 if (shared && (prot & PROT_WRITE))
3039 av |= FILE__WRITE;
3040
3041 if (prot & PROT_EXEC)
3042 av |= FILE__EXECUTE;
3043
3044 return file_has_perm(cred, file, av);
3045 }
3046
3047error:
3048 return rc;
3049}
3050
3051static int selinux_file_mmap(struct file *file, unsigned long reqprot,
3052 unsigned long prot, unsigned long flags,
3053 unsigned long addr, unsigned long addr_only)
3054{
3055 int rc = 0;
3056 u32 sid = current_sid();
3057
3058
3059
3060
3061
3062
3063
3064 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
3065 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
3066 MEMPROTECT__MMAP_ZERO, NULL);
3067 if (rc)
3068 return rc;
3069 }
3070
3071
3072 rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
3073 if (rc || addr_only)
3074 return rc;
3075
3076 if (selinux_checkreqprot)
3077 prot = reqprot;
3078
3079 return file_map_prot_check(file, prot,
3080 (flags & MAP_TYPE) == MAP_SHARED);
3081}
3082
3083static int selinux_file_mprotect(struct vm_area_struct *vma,
3084 unsigned long reqprot,
3085 unsigned long prot)
3086{
3087 const struct cred *cred = current_cred();
3088
3089 if (selinux_checkreqprot)
3090 prot = reqprot;
3091
3092 if (default_noexec &&
3093 (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3094 int rc = 0;
3095 if (vma->vm_start >= vma->vm_mm->start_brk &&
3096 vma->vm_end <= vma->vm_mm->brk) {
3097 rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP);
3098 } else if (!vma->vm_file &&
3099 vma->vm_start <= vma->vm_mm->start_stack &&
3100 vma->vm_end >= vma->vm_mm->start_stack) {
3101 rc = current_has_perm(current, PROCESS__EXECSTACK);
3102 } else if (vma->vm_file && vma->anon_vma) {
3103
3104
3105
3106
3107
3108
3109
3110 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3111 }
3112 if (rc)
3113 return rc;
3114 }
3115
3116 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3117}
3118
3119static int selinux_file_lock(struct file *file, unsigned int cmd)
3120{
3121 const struct cred *cred = current_cred();
3122
3123 return file_has_perm(cred, file, FILE__LOCK);
3124}
3125
3126static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3127 unsigned long arg)
3128{
3129 const struct cred *cred = current_cred();
3130 int err = 0;
3131
3132 switch (cmd) {
3133 case F_SETFL:
3134 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3135 err = -EINVAL;
3136 break;
3137 }
3138
3139 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3140 err = file_has_perm(cred, file, FILE__WRITE);
3141 break;
3142 }
3143
3144 case F_SETOWN:
3145 case F_SETSIG:
3146 case F_GETFL:
3147 case F_GETOWN:
3148 case F_GETSIG:
3149
3150 err = file_has_perm(cred, file, 0);
3151 break;
3152 case F_GETLK:
3153 case F_SETLK:
3154 case F_SETLKW:
3155#if BITS_PER_LONG == 32
3156 case F_GETLK64:
3157 case F_SETLK64:
3158 case F_SETLKW64:
3159#endif
3160 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3161 err = -EINVAL;
3162 break;
3163 }
3164 err = file_has_perm(cred, file, FILE__LOCK);
3165 break;
3166 }
3167
3168 return err;
3169}
3170
3171static int selinux_file_set_fowner(struct file *file)
3172{
3173 struct file_security_struct *fsec;
3174
3175 fsec = file->f_security;
3176 fsec->fown_sid = current_sid();
3177
3178 return 0;
3179}
3180
3181static int selinux_file_send_sigiotask(struct task_struct *tsk,
3182 struct fown_struct *fown, int signum)
3183{
3184 struct file *file;
3185 u32 sid = task_sid(tsk);
3186 u32 perm;
3187 struct file_security_struct *fsec;
3188
3189
3190 file = container_of(fown, struct file, f_owner);
3191
3192 fsec = file->f_security;
3193
3194 if (!signum)
3195 perm = signal_to_av(SIGIO);
3196 else
3197 perm = signal_to_av(signum);
3198
3199 return avc_has_perm(fsec->fown_sid, sid,
3200 SECCLASS_PROCESS, perm, NULL);
3201}
3202
3203static int selinux_file_receive(struct file *file)
3204{
3205 const struct cred *cred = current_cred();
3206
3207 return file_has_perm(cred, file, file_to_av(file));
3208}
3209
3210static int selinux_dentry_open(struct file *file, const struct cred *cred)
3211{
3212 struct file_security_struct *fsec;
3213 struct inode *inode;
3214 struct inode_security_struct *isec;
3215
3216 inode = file->f_path.dentry->d_inode;
3217 fsec = file->f_security;
3218 isec = inode->i_security;
3219
3220
3221
3222
3223
3224
3225
3226 fsec->isid = isec->sid;
3227 fsec->pseqno = avc_policy_seqno();
3228
3229
3230
3231
3232
3233
3234
3235
3236 return inode_has_perm_noadp(cred, inode, open_file_to_av(file), 0);
3237}
3238
3239
3240
3241static int selinux_task_create(unsigned long clone_flags)
3242{
3243 return current_has_perm(current, PROCESS__FORK);
3244}
3245
3246
3247
3248
3249static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp)
3250{
3251 struct task_security_struct *tsec;
3252
3253 tsec = kzalloc(sizeof(struct task_security_struct), gfp);
3254 if (!tsec)
3255 return -ENOMEM;
3256
3257 cred->security = tsec;
3258 return 0;
3259}
3260
3261
3262
3263
3264static void selinux_cred_free(struct cred *cred)
3265{
3266 struct task_security_struct *tsec = cred->security;
3267
3268
3269
3270
3271
3272 BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE);
3273 cred->security = (void *) 0x7UL;
3274 kfree(tsec);
3275}
3276
3277
3278
3279
3280static int selinux_cred_prepare(struct cred *new, const struct cred *old,
3281 gfp_t gfp)
3282{
3283 const struct task_security_struct *old_tsec;
3284 struct task_security_struct *tsec;
3285
3286 old_tsec = old->security;
3287
3288 tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp);
3289 if (!tsec)
3290 return -ENOMEM;
3291
3292 new->security = tsec;
3293 return 0;
3294}
3295
3296
3297
3298
3299static void selinux_cred_transfer(struct cred *new, const struct cred *old)
3300{
3301 const struct task_security_struct *old_tsec = old->security;
3302 struct task_security_struct *tsec = new->security;
3303
3304 *tsec = *old_tsec;
3305}
3306
3307
3308
3309
3310
3311static int selinux_kernel_act_as(struct cred *new, u32 secid)
3312{
3313 struct task_security_struct *tsec = new->security;
3314 u32 sid = current_sid();
3315 int ret;
3316
3317 ret = avc_has_perm(sid, secid,
3318 SECCLASS_KERNEL_SERVICE,
3319 KERNEL_SERVICE__USE_AS_OVERRIDE,
3320 NULL);
3321 if (ret == 0) {
3322 tsec->sid = secid;
3323 tsec->create_sid = 0;
3324 tsec->keycreate_sid = 0;
3325 tsec->sockcreate_sid = 0;
3326 }
3327 return ret;
3328}
3329
3330
3331
3332
3333
3334static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3335{
3336 struct inode_security_struct *isec = inode->i_security;
3337 struct task_security_struct *tsec = new->security;
3338 u32 sid = current_sid();
3339 int ret;
3340
3341 ret = avc_has_perm(sid, isec->sid,
3342 SECCLASS_KERNEL_SERVICE,
3343 KERNEL_SERVICE__CREATE_FILES_AS,
3344 NULL);
3345
3346 if (ret == 0)
3347 tsec->create_sid = isec->sid;
3348 return ret;
3349}
3350
3351static int selinux_kernel_module_request(char *kmod_name)
3352{
3353 u32 sid;
3354 struct common_audit_data ad;
3355
3356 sid = task_sid(current);
3357
3358 COMMON_AUDIT_DATA_INIT(&ad, KMOD);
3359 ad.u.kmod_name = kmod_name;
3360
3361 return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM,
3362 SYSTEM__MODULE_REQUEST, &ad);
3363}
3364
3365static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
3366{
3367 return current_has_perm(p, PROCESS__SETPGID);
3368}
3369
3370static int selinux_task_getpgid(struct task_struct *p)
3371{
3372 return current_has_perm(p, PROCESS__GETPGID);
3373}
3374
3375static int selinux_task_getsid(struct task_struct *p)
3376{
3377 return current_has_perm(p, PROCESS__GETSESSION);
3378}
3379
3380static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
3381{
3382 *secid = task_sid(p);
3383}
3384
3385static int selinux_task_setnice(struct task_struct *p, int nice)
3386{
3387 int rc;
3388
3389 rc = cap_task_setnice(p, nice);
3390 if (rc)
3391 return rc;
3392
3393 return current_has_perm(p, PROCESS__SETSCHED);
3394}
3395
3396static int selinux_task_setioprio(struct task_struct *p, int ioprio)
3397{
3398 int rc;
3399
3400 rc = cap_task_setioprio(p, ioprio);
3401 if (rc)
3402 return rc;
3403
3404 return current_has_perm(p, PROCESS__SETSCHED);
3405}
3406
3407static int selinux_task_getioprio(struct task_struct *p)
3408{
3409 return current_has_perm(p, PROCESS__GETSCHED);
3410}
3411
3412static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
3413 struct rlimit *new_rlim)
3414{
3415 struct rlimit *old_rlim = p->signal->rlim + resource;
3416
3417
3418
3419
3420
3421 if (old_rlim->rlim_max != new_rlim->rlim_max)
3422 return current_has_perm(p, PROCESS__SETRLIMIT);
3423
3424 return 0;
3425}
3426
3427static int selinux_task_setscheduler(struct task_struct *p)
3428{
3429 int rc;
3430
3431 rc = cap_task_setscheduler(p);
3432 if (rc)
3433 return rc;
3434
3435 return current_has_perm(p, PROCESS__SETSCHED);
3436}
3437
3438static int selinux_task_getscheduler(struct task_struct *p)
3439{
3440 return current_has_perm(p, PROCESS__GETSCHED);
3441}
3442
3443static int selinux_task_movememory(struct task_struct *p)
3444{
3445 return current_has_perm(p, PROCESS__SETSCHED);
3446}
3447
3448static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
3449 int sig, u32 secid)
3450{
3451 u32 perm;
3452 int rc;
3453
3454 if (!sig)
3455 perm = PROCESS__SIGNULL;
3456 else
3457 perm = signal_to_av(sig);
3458 if (secid)
3459 rc = avc_has_perm(secid, task_sid(p),
3460 SECCLASS_PROCESS, perm, NULL);
3461 else
3462 rc = current_has_perm(p, perm);
3463 return rc;
3464}
3465
3466static int selinux_task_wait(struct task_struct *p)
3467{
3468 return task_has_perm(p, current, PROCESS__SIGCHLD);
3469}
3470
3471static void selinux_task_to_inode(struct task_struct *p,
3472 struct inode *inode)
3473{
3474 struct inode_security_struct *isec = inode->i_security;
3475 u32 sid = task_sid(p);
3476
3477 isec->sid = sid;
3478 isec->initialized = 1;
3479}
3480
3481
3482static int selinux_parse_skb_ipv4(struct sk_buff *skb,
3483 struct common_audit_data *ad, u8 *proto)
3484{
3485 int offset, ihlen, ret = -EINVAL;
3486 struct iphdr _iph, *ih;
3487
3488 offset = skb_network_offset(skb);
3489 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
3490 if (ih == NULL)
3491 goto out;
3492
3493 ihlen = ih->ihl * 4;
3494 if (ihlen < sizeof(_iph))
3495 goto out;
3496
3497 ad->u.net.v4info.saddr = ih->saddr;
3498 ad->u.net.v4info.daddr = ih->daddr;
3499 ret = 0;
3500
3501 if (proto)
3502 *proto = ih->protocol;
3503
3504 switch (ih->protocol) {
3505 case IPPROTO_TCP: {
3506 struct tcphdr _tcph, *th;
3507
3508 if (ntohs(ih->frag_off) & IP_OFFSET)
3509 break;
3510
3511 offset += ihlen;
3512 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3513 if (th == NULL)
3514 break;
3515
3516 ad->u.net.sport = th->source;
3517 ad->u.net.dport = th->dest;
3518 break;
3519 }
3520
3521 case IPPROTO_UDP: {
3522 struct udphdr _udph, *uh;
3523
3524 if (ntohs(ih->frag_off) & IP_OFFSET)
3525 break;
3526
3527 offset += ihlen;
3528 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3529 if (uh == NULL)
3530 break;
3531
3532 ad->u.net.sport = uh->source;
3533 ad->u.net.dport = uh->dest;
3534 break;
3535 }
3536
3537 case IPPROTO_DCCP: {
3538 struct dccp_hdr _dccph, *dh;
3539
3540 if (ntohs(ih->frag_off) & IP_OFFSET)
3541 break;
3542
3543 offset += ihlen;
3544 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3545 if (dh == NULL)
3546 break;
3547
3548 ad->u.net.sport = dh->dccph_sport;
3549 ad->u.net.dport = dh->dccph_dport;
3550 break;
3551 }
3552
3553 default:
3554 break;
3555 }
3556out:
3557 return ret;
3558}
3559
3560#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3561
3562
3563static int selinux_parse_skb_ipv6(struct sk_buff *skb,
3564 struct common_audit_data *ad, u8 *proto)
3565{
3566 u8 nexthdr;
3567 int ret = -EINVAL, offset;
3568 struct ipv6hdr _ipv6h, *ip6;
3569
3570 offset = skb_network_offset(skb);
3571 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3572 if (ip6 == NULL)
3573 goto out;
3574
3575 ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr);
3576 ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr);
3577 ret = 0;
3578
3579 nexthdr = ip6->nexthdr;
3580 offset += sizeof(_ipv6h);
3581 offset = ipv6_skip_exthdr(skb, offset, &nexthdr);
3582 if (offset < 0)
3583 goto out;
3584
3585 if (proto)
3586 *proto = nexthdr;
3587
3588 switch (nexthdr) {
3589 case IPPROTO_TCP: {
3590 struct tcphdr _tcph, *th;
3591
3592 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3593 if (th == NULL)
3594 break;
3595
3596 ad->u.net.sport = th->source;
3597 ad->u.net.dport = th->dest;
3598 break;
3599 }
3600
3601 case IPPROTO_UDP: {
3602 struct udphdr _udph, *uh;
3603
3604 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3605 if (uh == NULL)
3606 break;
3607
3608 ad->u.net.sport = uh->source;
3609 ad->u.net.dport = uh->dest;
3610 break;
3611 }
3612
3613 case IPPROTO_DCCP: {
3614 struct dccp_hdr _dccph, *dh;
3615
3616 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3617 if (dh == NULL)
3618 break;
3619
3620 ad->u.net.sport = dh->dccph_sport;
3621 ad->u.net.dport = dh->dccph_dport;
3622 break;
3623 }
3624
3625
3626 default:
3627 break;
3628 }
3629out:
3630 return ret;
3631}
3632
3633#endif
3634
3635static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
3636 char **_addrp, int src, u8 *proto)
3637{
3638 char *addrp;
3639 int ret;
3640
3641 switch (ad->u.net.family) {
3642 case PF_INET:
3643 ret = selinux_parse_skb_ipv4(skb, ad, proto);
3644 if (ret)
3645 goto parse_error;
3646 addrp = (char *)(src ? &ad->u.net.v4info.saddr :
3647 &ad->u.net.v4info.daddr);
3648 goto okay;
3649
3650#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3651 case PF_INET6:
3652 ret = selinux_parse_skb_ipv6(skb, ad, proto);
3653 if (ret)
3654 goto parse_error;
3655 addrp = (char *)(src ? &ad->u.net.v6info.saddr :
3656 &ad->u.net.v6info.daddr);
3657 goto okay;
3658#endif
3659 default:
3660 addrp = NULL;
3661 goto okay;
3662 }
3663
3664parse_error:
3665 printk(KERN_WARNING
3666 "SELinux: failure in selinux_parse_skb(),"
3667 " unable to parse packet\n");
3668 return ret;
3669
3670okay:
3671 if (_addrp)
3672 *_addrp = addrp;
3673 return 0;
3674}
3675
3676
3677
3678
3679
3680
3681
3682
3683
3684
3685
3686
3687
3688
3689
3690
3691static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
3692{
3693 int err;
3694 u32 xfrm_sid;
3695 u32 nlbl_sid;
3696 u32 nlbl_type;
3697
3698 selinux_skb_xfrm_sid(skb, &xfrm_sid);
3699 selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
3700
3701 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
3702 if (unlikely(err)) {
3703 printk(KERN_WARNING
3704 "SELinux: failure in selinux_skb_peerlbl_sid(),"
3705 " unable to determine packet's peer label\n");
3706 return -EACCES;
3707 }
3708
3709 return 0;
3710}
3711
3712
3713
3714static int socket_sockcreate_sid(const struct task_security_struct *tsec,
3715 u16 secclass, u32 *socksid)
3716{
3717 if (tsec->sockcreate_sid > SECSID_NULL) {
3718 *socksid = tsec->sockcreate_sid;
3719 return 0;
3720 }
3721
3722 return security_transition_sid(tsec->sid, tsec->sid, secclass, NULL,
3723 socksid);
3724}
3725
3726static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms)
3727{
3728 struct sk_security_struct *sksec = sk->sk_security;
3729 struct common_audit_data ad;
3730 u32 tsid = task_sid(task);
3731
3732 if (sksec->sid == SECINITSID_KERNEL)
3733 return 0;
3734
3735 COMMON_AUDIT_DATA_INIT(&ad, NET);
3736 ad.u.net.sk = sk;
3737
3738 return avc_has_perm(tsid, sksec->sid, sksec->sclass, perms, &ad);
3739}
3740
3741static int selinux_socket_create(int family, int type,
3742 int protocol, int kern)
3743{
3744 const struct task_security_struct *tsec = current_security();
3745 u32 newsid;
3746 u16 secclass;
3747 int rc;
3748
3749 if (kern)
3750 return 0;
3751
3752 secclass = socket_type_to_security_class(family, type, protocol);
3753 rc = socket_sockcreate_sid(tsec, secclass, &newsid);
3754 if (rc)
3755 return rc;
3756
3757 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
3758}
3759
3760static int selinux_socket_post_create(struct socket *sock, int family,
3761 int type, int protocol, int kern)
3762{
3763 const struct task_security_struct *tsec = current_security();
3764 struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;
3765 struct sk_security_struct *sksec;
3766 int err = 0;
3767
3768 isec->sclass = socket_type_to_security_class(family, type, protocol);
3769
3770 if (kern)
3771 isec->sid = SECINITSID_KERNEL;
3772 else {
3773 err = socket_sockcreate_sid(tsec, isec->sclass, &(isec->sid));
3774 if (err)
3775 return err;
3776 }
3777
3778 isec->initialized = 1;
3779
3780 if (sock->sk) {
3781 sksec = sock->sk->sk_security;
3782 sksec->sid = isec->sid;
3783 sksec->sclass = isec->sclass;
3784 err = selinux_netlbl_socket_post_create(sock->sk, family);
3785 }
3786
3787 return err;
3788}
3789
3790
3791
3792
3793
3794static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
3795{
3796 struct sock *sk = sock->sk;
3797 u16 family;
3798 int err;
3799
3800 err = sock_has_perm(current, sk, SOCKET__BIND);
3801 if (err)
3802 goto out;
3803
3804
3805
3806
3807
3808
3809 family = sk->sk_family;
3810 if (family == PF_INET || family == PF_INET6) {
3811 char *addrp;
3812 struct sk_security_struct *sksec = sk->sk_security;
3813 struct common_audit_data ad;
3814 struct sockaddr_in *addr4 = NULL;
3815 struct sockaddr_in6 *addr6 = NULL;
3816 unsigned short snum;
3817 u32 sid, node_perm;
3818
3819 if (family == PF_INET) {
3820 addr4 = (struct sockaddr_in *)address;
3821 snum = ntohs(addr4->sin_port);
3822 addrp = (char *)&addr4->sin_addr.s_addr;
3823 } else {
3824 addr6 = (struct sockaddr_in6 *)address;
3825 snum = ntohs(addr6->sin6_port);
3826 addrp = (char *)&addr6->sin6_addr.s6_addr;
3827 }
3828
3829 if (snum) {
3830 int low, high;
3831
3832 inet_get_local_port_range(&low, &high);
3833
3834 if (snum < max(PROT_SOCK, low) || snum > high) {
3835 err = sel_netport_sid(sk->sk_protocol,
3836 snum, &sid);
3837 if (err)
3838 goto out;
3839 COMMON_AUDIT_DATA_INIT(&ad, NET);
3840 ad.u.net.sport = htons(snum);
3841 ad.u.net.family = family;
3842 err = avc_has_perm(sksec->sid, sid,
3843 sksec->sclass,
3844 SOCKET__NAME_BIND, &ad);
3845 if (err)
3846 goto out;
3847 }
3848 }
3849
3850 switch (sksec->sclass) {
3851 case SECCLASS_TCP_SOCKET:
3852 node_perm = TCP_SOCKET__NODE_BIND;
3853 break;
3854
3855 case SECCLASS_UDP_SOCKET:
3856 node_perm = UDP_SOCKET__NODE_BIND;
3857 break;
3858
3859 case SECCLASS_DCCP_SOCKET:
3860 node_perm = DCCP_SOCKET__NODE_BIND;
3861 break;
3862
3863 default:
3864 node_perm = RAWIP_SOCKET__NODE_BIND;
3865 break;
3866 }
3867
3868 err = sel_netnode_sid(addrp, family, &sid);
3869 if (err)
3870 goto out;
3871
3872 COMMON_AUDIT_DATA_INIT(&ad, NET);
3873 ad.u.net.sport = htons(snum);
3874 ad.u.net.family = family;
3875
3876 if (family == PF_INET)
3877 ad.u.net.v4info.saddr = addr4->sin_addr.s_addr;
3878 else
3879 ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr);
3880
3881 err = avc_has_perm(sksec->sid, sid,
3882 sksec->sclass, node_perm, &ad);
3883 if (err)
3884 goto out;
3885 }
3886out:
3887 return err;
3888}
3889
3890static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
3891{
3892 struct sock *sk = sock->sk;
3893 struct sk_security_struct *sksec = sk->sk_security;
3894 int err;
3895
3896 err = sock_has_perm(current, sk, SOCKET__CONNECT);
3897 if (err)
3898 return err;
3899
3900
3901
3902
3903 if (sksec->sclass == SECCLASS_TCP_SOCKET ||
3904 sksec->sclass == SECCLASS_DCCP_SOCKET) {
3905 struct common_audit_data ad;
3906 struct sockaddr_in *addr4 = NULL;
3907 struct sockaddr_in6 *addr6 = NULL;
3908 unsigned short snum;
3909 u32 sid, perm;
3910
3911 if (sk->sk_family == PF_INET) {
3912 addr4 = (struct sockaddr_in *)address;
3913 if (addrlen < sizeof(struct sockaddr_in))
3914 return -EINVAL;
3915 snum = ntohs(addr4->sin_port);
3916 } else {
3917 addr6 = (struct sockaddr_in6 *)address;
3918 if (addrlen < SIN6_LEN_RFC2133)
3919 return -EINVAL;
3920 snum = ntohs(addr6->sin6_port);
3921 }
3922
3923 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
3924 if (err)
3925 goto out;
3926
3927 perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ?
3928 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
3929
3930 COMMON_AUDIT_DATA_INIT(&ad, NET);
3931 ad.u.net.dport = htons(snum);
3932 ad.u.net.family = sk->sk_family;
3933 err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad);
3934 if (err)
3935 goto out;
3936 }
3937
3938 err = selinux_netlbl_socket_connect(sk, address);
3939
3940out:
3941 return err;
3942}
3943
3944static int selinux_socket_listen(struct socket *sock, int backlog)
3945{
3946 return sock_has_perm(current, sock->sk, SOCKET__LISTEN);
3947}
3948
3949static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
3950{
3951 int err;
3952 struct inode_security_struct *isec;
3953 struct inode_security_struct *newisec;
3954
3955 err = sock_has_perm(current, sock->sk, SOCKET__ACCEPT);
3956 if (err)
3957 return err;
3958
3959 newisec = SOCK_INODE(newsock)->i_security;
3960
3961 isec = SOCK_INODE(sock)->i_security;
3962 newisec->sclass = isec->sclass;
3963 newisec->sid = isec->sid;
3964 newisec->initialized = 1;
3965
3966 return 0;
3967}
3968
3969static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3970 int size)
3971{
3972 return sock_has_perm(current, sock->sk, SOCKET__WRITE);
3973}
3974
3975static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
3976 int size, int flags)
3977{
3978 return sock_has_perm(current, sock->sk, SOCKET__READ);
3979}
3980
3981static int selinux_socket_getsockname(struct socket *sock)
3982{
3983 return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
3984}
3985
3986static int selinux_socket_getpeername(struct socket *sock)
3987{
3988 return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
3989}
3990
3991static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
3992{
3993 int err;
3994
3995 err = sock_has_perm(current, sock->sk, SOCKET__SETOPT);
3996 if (err)
3997 return err;
3998
3999 return selinux_netlbl_socket_setsockopt(sock, level, optname);
4000}
4001
4002static int selinux_socket_getsockopt(struct socket *sock, int level,
4003 int optname)
4004{
4005 return sock_has_perm(current, sock->sk, SOCKET__GETOPT);
4006}
4007
4008static int selinux_socket_shutdown(struct socket *sock, int how)
4009{
4010 return sock_has_perm(current, sock->sk, SOCKET__SHUTDOWN);
4011}
4012
4013static int selinux_socket_unix_stream_connect(struct sock *sock,
4014 struct sock *other,
4015 struct sock *newsk)
4016{
4017 struct sk_security_struct *sksec_sock = sock->sk_security;
4018 struct sk_security_struct *sksec_other = other->sk_security;
4019 struct sk_security_struct *sksec_new = newsk->sk_security;
4020 struct common_audit_data ad;
4021 int err;
4022
4023 COMMON_AUDIT_DATA_INIT(&ad, NET);
4024 ad.u.net.sk = other;
4025
4026 err = avc_has_perm(sksec_sock->sid, sksec_other->sid,
4027 sksec_other->sclass,
4028 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
4029 if (err)
4030 return err;
4031
4032
4033 sksec_new->peer_sid = sksec_sock->sid;
4034 err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid,
4035 &sksec_new->sid);
4036 if (err)
4037 return err;
4038
4039
4040 sksec_sock->peer_sid = sksec_new->sid;
4041
4042 return 0;
4043}
4044
4045static int selinux_socket_unix_may_send(struct socket *sock,
4046 struct socket *other)
4047{
4048 struct sk_security_struct *ssec = sock->sk->sk_security;
4049 struct sk_security_struct *osec = other->sk->sk_security;
4050 struct common_audit_data ad;
4051
4052 COMMON_AUDIT_DATA_INIT(&ad, NET);
4053 ad.u.net.sk = other->sk;
4054
4055 return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
4056 &ad);
4057}
4058
4059static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family,
4060 u32 peer_sid,
4061 struct common_audit_data *ad)
4062{
4063 int err;
4064 u32 if_sid;
4065 u32 node_sid;
4066
4067 err = sel_netif_sid(ifindex, &if_sid);
4068 if (err)
4069 return err;
4070 err = avc_has_perm(peer_sid, if_sid,
4071 SECCLASS_NETIF, NETIF__INGRESS, ad);
4072 if (err)
4073 return err;
4074
4075 err = sel_netnode_sid(addrp, family, &node_sid);
4076 if (err)
4077 return err;
4078 return avc_has_perm(peer_sid, node_sid,
4079 SECCLASS_NODE, NODE__RECVFROM, ad);
4080}
4081
4082static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4083 u16 family)
4084{
4085 int err = 0;
4086 struct sk_security_struct *sksec = sk->sk_security;
4087 u32 sk_sid = sksec->sid;
4088 struct common_audit_data ad;
4089 char *addrp;
4090
4091 COMMON_AUDIT_DATA_INIT(&ad, NET);
4092 ad.u.net.netif = skb->skb_iif;
4093 ad.u.net.family = family;
4094 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4095 if (err)
4096 return err;
4097
4098 if (selinux_secmark_enabled()) {
4099 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4100 PACKET__RECV, &ad);
4101 if (err)
4102 return err;
4103 }
4104
4105 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
4106 if (err)
4107 return err;
4108 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
4109
4110 return err;
4111}
4112
4113static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4114{
4115 int err;
4116 struct sk_security_struct *sksec = sk->sk_security;
4117 u16 family = sk->sk_family;
4118 u32 sk_sid = sksec->sid;
4119 struct common_audit_data ad;
4120 char *addrp;
4121 u8 secmark_active;
4122 u8 peerlbl_active;
4123
4124 if (family != PF_INET && family != PF_INET6)
4125 return 0;
4126
4127
4128 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4129 family = PF_INET;
4130
4131
4132
4133
4134
4135 if (!selinux_policycap_netpeer)
4136 return selinux_sock_rcv_skb_compat(sk, skb, family);
4137
4138 secmark_active = selinux_secmark_enabled();
4139 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4140 if (!secmark_active && !peerlbl_active)
4141 return 0;
4142
4143 COMMON_AUDIT_DATA_INIT(&ad, NET);
4144 ad.u.net.netif = skb->skb_iif;
4145 ad.u.net.family = family;
4146 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4147 if (err)
4148 return err;
4149
4150 if (peerlbl_active) {
4151 u32 peer_sid;
4152
4153 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4154 if (err)
4155 return err;
4156 err = selinux_inet_sys_rcv_skb(skb->skb_iif, addrp, family,
4157 peer_sid, &ad);
4158 if (err) {
4159 selinux_netlbl_err(skb, err, 0);
4160 return err;
4161 }
4162 err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
4163 PEER__RECV, &ad);
4164 if (err)
4165 selinux_netlbl_err(skb, err, 0);
4166 }
4167
4168 if (secmark_active) {
4169 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4170 PACKET__RECV, &ad);
4171 if (err)
4172 return err;
4173 }
4174
4175 return err;
4176}
4177
4178static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
4179 int __user *optlen, unsigned len)
4180{
4181 int err = 0;
4182 char *scontext;
4183 u32 scontext_len;
4184 struct sk_security_struct *sksec = sock->sk->sk_security;
4185 u32 peer_sid = SECSID_NULL;
4186
4187 if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
4188 sksec->sclass == SECCLASS_TCP_SOCKET)
4189 peer_sid = sksec->peer_sid;
4190 if (peer_sid == SECSID_NULL)
4191 return -ENOPROTOOPT;
4192
4193 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
4194 if (err)
4195 return err;
4196
4197 if (scontext_len > len) {
4198 err = -ERANGE;
4199 goto out_len;
4200 }
4201
4202 if (copy_to_user(optval, scontext, scontext_len))
4203 err = -EFAULT;
4204
4205out_len:
4206 if (put_user(scontext_len, optlen))
4207 err = -EFAULT;
4208 kfree(scontext);
4209 return err;
4210}
4211
4212static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
4213{
4214 u32 peer_secid = SECSID_NULL;
4215 u16 family;
4216
4217 if (skb && skb->protocol == htons(ETH_P_IP))
4218 family = PF_INET;
4219 else if (skb && skb->protocol == htons(ETH_P_IPV6))
4220 family = PF_INET6;
4221 else if (sock)
4222 family = sock->sk->sk_family;
4223 else
4224 goto out;
4225
4226 if (sock && family == PF_UNIX)
4227 selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
4228 else if (skb)
4229 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
4230
4231out:
4232 *secid = peer_secid;
4233 if (peer_secid == SECSID_NULL)
4234 return -EINVAL;
4235 return 0;
4236}
4237
4238static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
4239{
4240 struct sk_security_struct *sksec;
4241
4242 sksec = kzalloc(sizeof(*sksec), priority);
4243 if (!sksec)
4244 return -ENOMEM;
4245
4246 sksec->peer_sid = SECINITSID_UNLABELED;
4247 sksec->sid = SECINITSID_UNLABELED;
4248 selinux_netlbl_sk_security_reset(sksec);
4249 sk->sk_security = sksec;
4250
4251 return 0;
4252}
4253
4254static void selinux_sk_free_security(struct sock *sk)
4255{
4256 struct sk_security_struct *sksec = sk->sk_security;
4257
4258 sk->sk_security = NULL;
4259 selinux_netlbl_sk_security_free(sksec);
4260 kfree(sksec);
4261}
4262
4263static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
4264{
4265 struct sk_security_struct *sksec = sk->sk_security;
4266 struct sk_security_struct *newsksec = newsk->sk_security;
4267
4268 newsksec->sid = sksec->sid;
4269 newsksec->peer_sid = sksec->peer_sid;
4270 newsksec->sclass = sksec->sclass;
4271
4272 selinux_netlbl_sk_security_reset(newsksec);
4273}
4274
4275static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
4276{
4277 if (!sk)
4278 *secid = SECINITSID_ANY_SOCKET;
4279 else {
4280 struct sk_security_struct *sksec = sk->sk_security;
4281
4282 *secid = sksec->sid;
4283 }
4284}
4285
4286static void selinux_sock_graft(struct sock *sk, struct socket *parent)
4287{
4288 struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
4289 struct sk_security_struct *sksec = sk->sk_security;
4290
4291 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
4292 sk->sk_family == PF_UNIX)
4293 isec->sid = sksec->sid;
4294 sksec->sclass = isec->sclass;
4295}
4296
4297static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4298 struct request_sock *req)
4299{
4300 struct sk_security_struct *sksec = sk->sk_security;
4301 int err;
4302 u16 family = sk->sk_family;
4303 u32 newsid;
4304 u32 peersid;
4305
4306
4307 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4308 family = PF_INET;
4309
4310 err = selinux_skb_peerlbl_sid(skb, family, &peersid);
4311 if (err)
4312 return err;
4313 if (peersid == SECSID_NULL) {
4314 req->secid = sksec->sid;
4315 req->peer_secid = SECSID_NULL;
4316 } else {
4317 err = security_sid_mls_copy(sksec->sid, peersid, &newsid);
4318 if (err)
4319 return err;
4320 req->secid = newsid;
4321 req->peer_secid = peersid;
4322 }
4323
4324 return selinux_netlbl_inet_conn_request(req, family);
4325}
4326
4327static void selinux_inet_csk_clone(struct sock *newsk,
4328 const struct request_sock *req)
4329{
4330 struct sk_security_struct *newsksec = newsk->sk_security;
4331
4332 newsksec->sid = req->secid;
4333 newsksec->peer_sid = req->peer_secid;
4334
4335
4336
4337
4338
4339
4340
4341 selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
4342}
4343
4344static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
4345{
4346 u16 family = sk->sk_family;
4347 struct sk_security_struct *sksec = sk->sk_security;
4348
4349
4350 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4351 family = PF_INET;
4352
4353 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
4354}
4355
4356static int selinux_secmark_relabel_packet(u32 sid)
4357{
4358 const struct task_security_struct *__tsec;
4359 u32 tsid;
4360
4361 __tsec = current_security();
4362 tsid = __tsec->sid;
4363
4364 return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL);
4365}
4366
4367static void selinux_secmark_refcount_inc(void)
4368{
4369 atomic_inc(&selinux_secmark_refcount);
4370}
4371
4372static void selinux_secmark_refcount_dec(void)
4373{
4374 atomic_dec(&selinux_secmark_refcount);
4375}
4376
4377static void selinux_req_classify_flow(const struct request_sock *req,
4378 struct flowi *fl)
4379{
4380 fl->flowi_secid = req->secid;
4381}
4382
4383static int selinux_tun_dev_create(void)
4384{
4385 u32 sid = current_sid();
4386
4387
4388
4389
4390
4391
4392
4393
4394 return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
4395 NULL);
4396}
4397
4398static void selinux_tun_dev_post_create(struct sock *sk)
4399{
4400 struct sk_security_struct *sksec = sk->sk_security;
4401
4402
4403
4404
4405
4406
4407
4408
4409
4410
4411
4412 sksec->sid = current_sid();
4413 sksec->sclass = SECCLASS_TUN_SOCKET;
4414}
4415
4416static int selinux_tun_dev_attach(struct sock *sk)
4417{
4418 struct sk_security_struct *sksec = sk->sk_security;
4419 u32 sid = current_sid();
4420 int err;
4421
4422 err = avc_has_perm(sid, sksec->sid, SECCLASS_TUN_SOCKET,
4423 TUN_SOCKET__RELABELFROM, NULL);
4424 if (err)
4425 return err;
4426 err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET,
4427 TUN_SOCKET__RELABELTO, NULL);
4428 if (err)
4429 return err;
4430
4431 sksec->sid = sid;
4432
4433 return 0;
4434}
4435
4436static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
4437{
4438 int err = 0;
4439 u32 perm;
4440 struct nlmsghdr *nlh;
4441 struct sk_security_struct *sksec = sk->sk_security;
4442
4443 if (skb->len < NLMSG_SPACE(0)) {
4444 err = -EINVAL;
4445 goto out;
4446 }
4447 nlh = nlmsg_hdr(skb);
4448
4449 err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);
4450 if (err) {
4451 if (err == -EINVAL) {
4452 audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR,
4453 "SELinux: unrecognized netlink message"
4454 " type=%hu for sclass=%hu\n",
4455 nlh->nlmsg_type, sksec->sclass);
4456 if (!selinux_enforcing || security_get_allow_unknown())
4457 err = 0;
4458 }
4459
4460
4461 if (err == -ENOENT)
4462 err = 0;
4463 goto out;
4464 }
4465
4466 err = sock_has_perm(current, sk, perm);
4467out:
4468 return err;
4469}
4470
4471#ifdef CONFIG_NETFILTER
4472
4473static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
4474 u16 family)
4475{
4476 int err;
4477 char *addrp;
4478 u32 peer_sid;
4479 struct common_audit_data ad;
4480 u8 secmark_active;
4481 u8 netlbl_active;
4482 u8 peerlbl_active;
4483
4484 if (!selinux_policycap_netpeer)
4485 return NF_ACCEPT;
4486
4487 secmark_active = selinux_secmark_enabled();
4488 netlbl_active = netlbl_enabled();
4489 peerlbl_active = netlbl_active || selinux_xfrm_enabled();
4490 if (!secmark_active && !peerlbl_active)
4491 return NF_ACCEPT;
4492
4493 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
4494 return NF_DROP;
4495
4496 COMMON_AUDIT_DATA_INIT(&ad, NET);
4497 ad.u.net.netif = ifindex;
4498 ad.u.net.family = family;
4499 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
4500 return NF_DROP;
4501
4502 if (peerlbl_active) {
4503 err = selinux_inet_sys_rcv_skb(ifindex, addrp, family,
4504 peer_sid, &ad);
4505 if (err) {
4506 selinux_netlbl_err(skb, err, 1);
4507 return NF_DROP;
4508 }
4509 }
4510
4511 if (secmark_active)
4512 if (avc_has_perm(peer_sid, skb->secmark,
4513 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
4514 return NF_DROP;
4515
4516 if (netlbl_active)
4517
4518
4519
4520
4521 if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
4522 return NF_DROP;
4523
4524 return NF_ACCEPT;
4525}
4526
4527static unsigned int selinux_ipv4_forward(unsigned int hooknum,
4528 struct sk_buff *skb,
4529 const struct net_device *in,
4530 const struct net_device *out,
4531 int (*okfn)(struct sk_buff *))
4532{
4533 return selinux_ip_forward(skb, in->ifindex, PF_INET);
4534}
4535
4536#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4537static unsigned int selinux_ipv6_forward(unsigned int hooknum,
4538 struct sk_buff *skb,
4539 const struct net_device *in,
4540 const struct net_device *out,
4541 int (*okfn)(struct sk_buff *))
4542{
4543 return selinux_ip_forward(skb, in->ifindex, PF_INET6);
4544}
4545#endif
4546
4547static unsigned int selinux_ip_output(struct sk_buff *skb,
4548 u16 family)
4549{
4550 u32 sid;
4551
4552 if (!netlbl_enabled())
4553 return NF_ACCEPT;
4554
4555
4556
4557
4558 if (skb->sk) {
4559 struct sk_security_struct *sksec = skb->sk->sk_security;
4560 sid = sksec->sid;
4561 } else
4562 sid = SECINITSID_KERNEL;
4563 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
4564 return NF_DROP;
4565
4566 return NF_ACCEPT;
4567}
4568
4569static unsigned int selinux_ipv4_output(unsigned int hooknum,
4570 struct sk_buff *skb,
4571 const struct net_device *in,
4572 const struct net_device *out,
4573 int (*okfn)(struct sk_buff *))
4574{
4575 return selinux_ip_output(skb, PF_INET);
4576}
4577
4578static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4579 int ifindex,
4580 u16 family)
4581{
4582 struct sock *sk = skb->sk;
4583 struct sk_security_struct *sksec;
4584 struct common_audit_data ad;
4585 char *addrp;
4586 u8 proto;
4587
4588 if (sk == NULL)
4589 return NF_ACCEPT;
4590 sksec = sk->sk_security;
4591
4592 COMMON_AUDIT_DATA_INIT(&ad, NET);
4593 ad.u.net.netif = ifindex;
4594 ad.u.net.family = family;
4595 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
4596 return NF_DROP;
4597
4598 if (selinux_secmark_enabled())
4599 if (avc_has_perm(sksec->sid, skb->secmark,
4600 SECCLASS_PACKET, PACKET__SEND, &ad))
4601 return NF_DROP_ERR(-ECONNREFUSED);
4602
4603 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
4604 return NF_DROP_ERR(-ECONNREFUSED);
4605
4606 return NF_ACCEPT;
4607}
4608
4609static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4610 u16 family)
4611{
4612 u32 secmark_perm;
4613 u32 peer_sid;
4614 struct sock *sk;
4615 struct common_audit_data ad;
4616 char *addrp;
4617 u8 secmark_active;
4618 u8 peerlbl_active;
4619
4620
4621
4622
4623
4624 if (!selinux_policycap_netpeer)
4625 return selinux_ip_postroute_compat(skb, ifindex, family);
4626#ifdef CONFIG_XFRM
4627
4628
4629
4630
4631
4632
4633 if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL)
4634 return NF_ACCEPT;
4635#endif
4636 secmark_active = selinux_secmark_enabled();
4637 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4638 if (!secmark_active && !peerlbl_active)
4639 return NF_ACCEPT;
4640
4641
4642
4643
4644
4645 sk = skb->sk;
4646 if (sk == NULL) {
4647 if (skb->skb_iif) {
4648 secmark_perm = PACKET__FORWARD_OUT;
4649 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
4650 return NF_DROP;
4651 } else {
4652 secmark_perm = PACKET__SEND;
4653 peer_sid = SECINITSID_KERNEL;
4654 }
4655 } else {
4656 struct sk_security_struct *sksec = sk->sk_security;
4657 peer_sid = sksec->sid;
4658 secmark_perm = PACKET__SEND;
4659 }
4660
4661 COMMON_AUDIT_DATA_INIT(&ad, NET);
4662 ad.u.net.netif = ifindex;
4663 ad.u.net.family = family;
4664 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
4665 return NF_DROP;
4666
4667 if (secmark_active)
4668 if (avc_has_perm(peer_sid, skb->secmark,
4669 SECCLASS_PACKET, secmark_perm, &ad))
4670 return NF_DROP_ERR(-ECONNREFUSED);
4671
4672 if (peerlbl_active) {
4673 u32 if_sid;
4674 u32 node_sid;
4675
4676 if (sel_netif_sid(ifindex, &if_sid))
4677 return NF_DROP;
4678 if (avc_has_perm(peer_sid, if_sid,
4679 SECCLASS_NETIF, NETIF__EGRESS, &ad))
4680 return NF_DROP_ERR(-ECONNREFUSED);
4681
4682 if (sel_netnode_sid(addrp, family, &node_sid))
4683 return NF_DROP;
4684 if (avc_has_perm(peer_sid, node_sid,
4685 SECCLASS_NODE, NODE__SENDTO, &ad))
4686 return NF_DROP_ERR(-ECONNREFUSED);
4687 }
4688
4689 return NF_ACCEPT;
4690}
4691
4692static unsigned int selinux_ipv4_postroute(unsigned int hooknum,
4693 struct sk_buff *skb,
4694 const struct net_device *in,
4695 const struct net_device *out,
4696 int (*okfn)(struct sk_buff *))
4697{
4698 return selinux_ip_postroute(skb, out->ifindex, PF_INET);
4699}
4700
4701#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4702static unsigned int selinux_ipv6_postroute(unsigned int hooknum,
4703 struct sk_buff *skb,
4704 const struct net_device *in,
4705 const struct net_device *out,
4706 int (*okfn)(struct sk_buff *))
4707{
4708 return selinux_ip_postroute(skb, out->ifindex, PF_INET6);
4709}
4710#endif
4711
4712#endif
4713
4714static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
4715{
4716 int err;
4717
4718 err = cap_netlink_send(sk, skb);
4719 if (err)
4720 return err;
4721
4722 return selinux_nlmsg_perm(sk, skb);
4723}
4724
4725static int selinux_netlink_recv(struct sk_buff *skb, int capability)
4726{
4727 int err;
4728 struct common_audit_data ad;
4729 u32 sid;
4730
4731 err = cap_netlink_recv(skb, capability);
4732 if (err)
4733 return err;
4734
4735 COMMON_AUDIT_DATA_INIT(&ad, CAP);
4736 ad.u.cap = capability;
4737
4738 security_task_getsecid(current, &sid);
4739 return avc_has_perm(sid, sid, SECCLASS_CAPABILITY,
4740 CAP_TO_MASK(capability), &ad);
4741}
4742
4743static int ipc_alloc_security(struct task_struct *task,
4744 struct kern_ipc_perm *perm,
4745 u16 sclass)
4746{
4747 struct ipc_security_struct *isec;
4748 u32 sid;
4749
4750 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
4751 if (!isec)
4752 return -ENOMEM;
4753
4754 sid = task_sid(task);
4755 isec->sclass = sclass;
4756 isec->sid = sid;
4757 perm->security = isec;
4758
4759 return 0;
4760}
4761
4762static void ipc_free_security(struct kern_ipc_perm *perm)
4763{
4764 struct ipc_security_struct *isec = perm->security;
4765 perm->security = NULL;
4766 kfree(isec);
4767}
4768
4769static int msg_msg_alloc_security(struct msg_msg *msg)
4770{
4771 struct msg_security_struct *msec;
4772
4773 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
4774 if (!msec)
4775 return -ENOMEM;
4776
4777 msec->sid = SECINITSID_UNLABELED;
4778 msg->security = msec;
4779
4780 return 0;
4781}
4782
4783static void msg_msg_free_security(struct msg_msg *msg)
4784{
4785 struct msg_security_struct *msec = msg->security;
4786
4787 msg->security = NULL;
4788 kfree(msec);
4789}
4790
4791static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
4792 u32 perms)
4793{
4794 struct ipc_security_struct *isec;
4795 struct common_audit_data ad;
4796 u32 sid = current_sid();
4797
4798 isec = ipc_perms->security;
4799
4800 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4801 ad.u.ipc_id = ipc_perms->key;
4802
4803 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
4804}
4805
4806static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
4807{
4808 return msg_msg_alloc_security(msg);
4809}
4810
4811static void selinux_msg_msg_free_security(struct msg_msg *msg)
4812{
4813 msg_msg_free_security(msg);
4814}
4815
4816
4817static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4818{
4819 struct ipc_security_struct *isec;
4820 struct common_audit_data ad;
4821 u32 sid = current_sid();
4822 int rc;
4823
4824 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
4825 if (rc)
4826 return rc;
4827
4828 isec = msq->q_perm.security;
4829
4830 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4831 ad.u.ipc_id = msq->q_perm.key;
4832
4833 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4834 MSGQ__CREATE, &ad);
4835 if (rc) {
4836 ipc_free_security(&msq->q_perm);
4837 return rc;
4838 }
4839 return 0;
4840}
4841
4842static void selinux_msg_queue_free_security(struct msg_queue *msq)
4843{
4844 ipc_free_security(&msq->q_perm);
4845}
4846
4847static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
4848{
4849 struct ipc_security_struct *isec;
4850 struct common_audit_data ad;
4851 u32 sid = current_sid();
4852
4853 isec = msq->q_perm.security;
4854
4855 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4856 ad.u.ipc_id = msq->q_perm.key;
4857
4858 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4859 MSGQ__ASSOCIATE, &ad);
4860}
4861
4862static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
4863{
4864 int err;
4865 int perms;
4866
4867 switch (cmd) {
4868 case IPC_INFO:
4869 case MSG_INFO:
4870
4871 return task_has_system(current, SYSTEM__IPC_INFO);
4872 case IPC_STAT:
4873 case MSG_STAT:
4874 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
4875 break;
4876 case IPC_SET:
4877 perms = MSGQ__SETATTR;
4878 break;
4879 case IPC_RMID:
4880 perms = MSGQ__DESTROY;
4881 break;
4882 default:
4883 return 0;
4884 }
4885
4886 err = ipc_has_perm(&msq->q_perm, perms);
4887 return err;
4888}
4889
4890static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
4891{
4892 struct ipc_security_struct *isec;
4893 struct msg_security_struct *msec;
4894 struct common_audit_data ad;
4895 u32 sid = current_sid();
4896 int rc;
4897
4898 isec = msq->q_perm.security;
4899 msec = msg->security;
4900
4901
4902
4903
4904 if (msec->sid == SECINITSID_UNLABELED) {
4905
4906
4907
4908
4909 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG,
4910 NULL, &msec->sid);
4911 if (rc)
4912 return rc;
4913 }
4914
4915 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4916 ad.u.ipc_id = msq->q_perm.key;
4917
4918
4919 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4920 MSGQ__WRITE, &ad);
4921 if (!rc)
4922
4923 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG,
4924 MSG__SEND, &ad);
4925 if (!rc)
4926
4927 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ,
4928 MSGQ__ENQUEUE, &ad);
4929
4930 return rc;
4931}
4932
4933static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
4934 struct task_struct *target,
4935 long type, int mode)
4936{
4937 struct ipc_security_struct *isec;
4938 struct msg_security_struct *msec;
4939 struct common_audit_data ad;
4940 u32 sid = task_sid(target);
4941 int rc;
4942
4943 isec = msq->q_perm.security;
4944 msec = msg->security;
4945
4946 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4947 ad.u.ipc_id = msq->q_perm.key;
4948
4949 rc = avc_has_perm(sid, isec->sid,
4950 SECCLASS_MSGQ, MSGQ__READ, &ad);
4951 if (!rc)
4952 rc = avc_has_perm(sid, msec->sid,
4953 SECCLASS_MSG, MSG__RECEIVE, &ad);
4954 return rc;
4955}
4956
4957
4958static int selinux_shm_alloc_security(struct shmid_kernel *shp)
4959{
4960 struct ipc_security_struct *isec;
4961 struct common_audit_data ad;
4962 u32 sid = current_sid();
4963 int rc;
4964
4965 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
4966 if (rc)
4967 return rc;
4968
4969 isec = shp->shm_perm.security;
4970
4971 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4972 ad.u.ipc_id = shp->shm_perm.key;
4973
4974 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
4975 SHM__CREATE, &ad);
4976 if (rc) {
4977 ipc_free_security(&shp->shm_perm);
4978 return rc;
4979 }
4980 return 0;
4981}
4982
4983static void selinux_shm_free_security(struct shmid_kernel *shp)
4984{
4985 ipc_free_security(&shp->shm_perm);
4986}
4987
4988static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
4989{
4990 struct ipc_security_struct *isec;
4991 struct common_audit_data ad;
4992 u32 sid = current_sid();
4993
4994 isec = shp->shm_perm.security;
4995
4996 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4997 ad.u.ipc_id = shp->shm_perm.key;
4998
4999 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5000 SHM__ASSOCIATE, &ad);
5001}
5002
5003
5004static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
5005{
5006 int perms;
5007 int err;
5008
5009 switch (cmd) {
5010 case IPC_INFO:
5011 case SHM_INFO:
5012
5013 return task_has_system(current, SYSTEM__IPC_INFO);
5014 case IPC_STAT:
5015 case SHM_STAT:
5016 perms = SHM__GETATTR | SHM__ASSOCIATE;
5017 break;
5018 case IPC_SET:
5019 perms = SHM__SETATTR;
5020 break;
5021 case SHM_LOCK:
5022 case SHM_UNLOCK:
5023 perms = SHM__LOCK;
5024 break;
5025 case IPC_RMID:
5026 perms = SHM__DESTROY;
5027 break;
5028 default:
5029 return 0;
5030 }
5031
5032 err = ipc_has_perm(&shp->shm_perm, perms);
5033 return err;
5034}
5035
5036static int selinux_shm_shmat(struct shmid_kernel *shp,
5037 char __user *shmaddr, int shmflg)
5038{
5039 u32 perms;
5040
5041 if (shmflg & SHM_RDONLY)
5042 perms = SHM__READ;
5043 else
5044 perms = SHM__READ | SHM__WRITE;
5045
5046 return ipc_has_perm(&shp->shm_perm, perms);
5047}
5048
5049
5050static int selinux_sem_alloc_security(struct sem_array *sma)
5051{
5052 struct ipc_security_struct *isec;
5053 struct common_audit_data ad;
5054 u32 sid = current_sid();
5055 int rc;
5056
5057 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
5058 if (rc)
5059 return rc;
5060
5061 isec = sma->sem_perm.security;
5062
5063 COMMON_AUDIT_DATA_INIT(&ad, IPC);
5064 ad.u.ipc_id = sma->sem_perm.key;
5065
5066 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5067 SEM__CREATE, &ad);
5068 if (rc) {
5069 ipc_free_security(&sma->sem_perm);
5070 return rc;
5071 }
5072 return 0;
5073}
5074
5075static void selinux_sem_free_security(struct sem_array *sma)
5076{
5077 ipc_free_security(&sma->sem_perm);
5078}
5079
5080static int selinux_sem_associate(struct sem_array *sma, int semflg)
5081{
5082 struct ipc_security_struct *isec;
5083 struct common_audit_data ad;
5084 u32 sid = current_sid();
5085
5086 isec = sma->sem_perm.security;
5087
5088 COMMON_AUDIT_DATA_INIT(&ad, IPC);
5089 ad.u.ipc_id = sma->sem_perm.key;
5090
5091 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5092 SEM__ASSOCIATE, &ad);
5093}
5094
5095
5096static int selinux_sem_semctl(struct sem_array *sma, int cmd)
5097{
5098 int err;
5099 u32 perms;
5100
5101 switch (cmd) {
5102 case IPC_INFO:
5103 case SEM_INFO:
5104
5105 return task_has_system(current, SYSTEM__IPC_INFO);
5106 case GETPID:
5107 case GETNCNT:
5108 case GETZCNT:
5109 perms = SEM__GETATTR;
5110 break;
5111 case GETVAL:
5112 case GETALL:
5113 perms = SEM__READ;
5114 break;
5115 case SETVAL:
5116 case SETALL:
5117 perms = SEM__WRITE;
5118 break;
5119 case IPC_RMID:
5120 perms = SEM__DESTROY;
5121 break;
5122 case IPC_SET:
5123 perms = SEM__SETATTR;
5124 break;
5125 case IPC_STAT:
5126 case SEM_STAT:
5127 perms = SEM__GETATTR | SEM__ASSOCIATE;
5128 break;
5129 default:
5130 return 0;
5131 }
5132
5133 err = ipc_has_perm(&sma->sem_perm, perms);
5134 return err;
5135}
5136
5137static int selinux_sem_semop(struct sem_array *sma,
5138 struct sembuf *sops, unsigned nsops, int alter)
5139{
5140 u32 perms;
5141
5142 if (alter)
5143 perms = SEM__READ | SEM__WRITE;
5144 else
5145 perms = SEM__READ;
5146
5147 return ipc_has_perm(&sma->sem_perm, perms);
5148}
5149
5150static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
5151{
5152 u32 av = 0;
5153
5154 av = 0;
5155 if (flag & S_IRUGO)
5156 av |= IPC__UNIX_READ;
5157 if (flag & S_IWUGO)
5158 av |= IPC__UNIX_WRITE;
5159
5160 if (av == 0)
5161 return 0;
5162
5163 return ipc_has_perm(ipcp, av);
5164}
5165
5166static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
5167{
5168 struct ipc_security_struct *isec = ipcp->security;
5169 *secid = isec->sid;
5170}
5171
5172static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
5173{
5174 if (inode)
5175 inode_doinit_with_dentry(inode, dentry);
5176}
5177
5178static int selinux_getprocattr(struct task_struct *p,
5179 char *name, char **value)
5180{
5181 const struct task_security_struct *__tsec;
5182 u32 sid;
5183 int error;
5184 unsigned len;
5185
5186 if (current != p) {
5187 error = current_has_perm(p, PROCESS__GETATTR);
5188 if (error)
5189 return error;
5190 }
5191
5192 rcu_read_lock();
5193 __tsec = __task_cred(p)->security;
5194
5195 if (!strcmp(name, "current"))
5196 sid = __tsec->sid;
5197 else if (!strcmp(name, "prev"))
5198 sid = __tsec->osid;
5199 else if (!strcmp(name, "exec"))
5200 sid = __tsec->exec_sid;
5201 else if (!strcmp(name, "fscreate"))
5202 sid = __tsec->create_sid;
5203 else if (!strcmp(name, "keycreate"))
5204 sid = __tsec->keycreate_sid;
5205 else if (!strcmp(name, "sockcreate"))
5206 sid = __tsec->sockcreate_sid;
5207 else
5208 goto invalid;
5209 rcu_read_unlock();
5210
5211 if (!sid)
5212 return 0;
5213
5214 error = security_sid_to_context(sid, value, &len);
5215 if (error)
5216 return error;
5217 return len;
5218
5219invalid:
5220 rcu_read_unlock();
5221 return -EINVAL;
5222}
5223
5224static int selinux_setprocattr(struct task_struct *p,
5225 char *name, void *value, size_t size)
5226{
5227 struct task_security_struct *tsec;
5228 struct task_struct *tracer;
5229 struct cred *new;
5230 u32 sid = 0, ptsid;
5231 int error;
5232 char *str = value;
5233
5234 if (current != p) {
5235
5236
5237 return -EACCES;
5238 }
5239
5240
5241
5242
5243
5244
5245 if (!strcmp(name, "exec"))
5246 error = current_has_perm(p, PROCESS__SETEXEC);
5247 else if (!strcmp(name, "fscreate"))
5248 error = current_has_perm(p, PROCESS__SETFSCREATE);
5249 else if (!strcmp(name, "keycreate"))
5250 error = current_has_perm(p, PROCESS__SETKEYCREATE);
5251 else if (!strcmp(name, "sockcreate"))
5252 error = current_has_perm(p, PROCESS__SETSOCKCREATE);
5253 else if (!strcmp(name, "current"))
5254 error = current_has_perm(p, PROCESS__SETCURRENT);
5255 else
5256 error = -EINVAL;
5257 if (error)
5258 return error;
5259
5260
5261 if (size && str[1] && str[1] != '\n') {
5262 if (str[size-1] == '\n') {
5263 str[size-1] = 0;
5264 size--;
5265 }
5266 error = security_context_to_sid(value, size, &sid);
5267 if (error == -EINVAL && !strcmp(name, "fscreate")) {
5268 if (!capable(CAP_MAC_ADMIN))
5269 return error;
5270 error = security_context_to_sid_force(value, size,
5271 &sid);
5272 }
5273 if (error)
5274 return error;
5275 }
5276
5277 new = prepare_creds();
5278 if (!new)
5279 return -ENOMEM;
5280
5281
5282
5283
5284
5285
5286
5287 tsec = new->security;
5288 if (!strcmp(name, "exec")) {
5289 tsec->exec_sid = sid;
5290 } else if (!strcmp(name, "fscreate")) {
5291 tsec->create_sid = sid;
5292 } else if (!strcmp(name, "keycreate")) {
5293 error = may_create_key(sid, p);
5294 if (error)
5295 goto abort_change;
5296 tsec->keycreate_sid = sid;
5297 } else if (!strcmp(name, "sockcreate")) {
5298 tsec->sockcreate_sid = sid;
5299 } else if (!strcmp(name, "current")) {
5300 error = -EINVAL;
5301 if (sid == 0)
5302 goto abort_change;
5303
5304
5305 error = -EPERM;
5306 if (!current_is_single_threaded()) {
5307 error = security_bounded_transition(tsec->sid, sid);
5308 if (error)
5309 goto abort_change;
5310 }
5311
5312
5313 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
5314 PROCESS__DYNTRANSITION, NULL);
5315 if (error)
5316 goto abort_change;
5317
5318
5319
5320 ptsid = 0;
5321 task_lock(p);
5322 tracer = tracehook_tracer_task(p);
5323 if (tracer)
5324 ptsid = task_sid(tracer);
5325 task_unlock(p);
5326
5327 if (tracer) {
5328 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
5329 PROCESS__PTRACE, NULL);
5330 if (error)
5331 goto abort_change;
5332 }
5333
5334 tsec->sid = sid;
5335 } else {
5336 error = -EINVAL;
5337 goto abort_change;
5338 }
5339
5340 commit_creds(new);
5341 return size;
5342
5343abort_change:
5344 abort_creds(new);
5345 return error;
5346}
5347
5348static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
5349{
5350 return security_sid_to_context(secid, secdata, seclen);
5351}
5352
5353static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
5354{
5355 return security_context_to_sid(secdata, seclen, secid);
5356}
5357
5358static void selinux_release_secctx(char *secdata, u32 seclen)
5359{
5360 kfree(secdata);
5361}
5362
5363
5364
5365
5366static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
5367{
5368 return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0);
5369}
5370
5371
5372
5373
5374static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
5375{
5376 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
5377}
5378
5379static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
5380{
5381 int len = 0;
5382 len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,
5383 ctx, true);
5384 if (len < 0)
5385 return len;
5386 *ctxlen = len;
5387 return 0;
5388}
5389#ifdef CONFIG_KEYS
5390
5391static int selinux_key_alloc(struct key *k, const struct cred *cred,
5392 unsigned long flags)
5393{
5394 const struct task_security_struct *tsec;
5395 struct key_security_struct *ksec;
5396
5397 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
5398 if (!ksec)
5399 return -ENOMEM;
5400
5401 tsec = cred->security;
5402 if (tsec->keycreate_sid)
5403 ksec->sid = tsec->keycreate_sid;
5404 else
5405 ksec->sid = tsec->sid;
5406
5407 k->security = ksec;
5408 return 0;
5409}
5410
5411static void selinux_key_free(struct key *k)
5412{
5413 struct key_security_struct *ksec = k->security;
5414
5415 k->security = NULL;
5416 kfree(ksec);
5417}
5418
5419static int selinux_key_permission(key_ref_t key_ref,
5420 const struct cred *cred,
5421 key_perm_t perm)
5422{
5423 struct key *key;
5424 struct key_security_struct *ksec;
5425 u32 sid;
5426
5427
5428
5429
5430 if (perm == 0)
5431 return 0;
5432
5433 sid = cred_sid(cred);
5434
5435 key = key_ref_to_ptr(key_ref);
5436 ksec = key->security;
5437
5438 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL);
5439}
5440
5441static int selinux_key_getsecurity(struct key *key, char **_buffer)
5442{
5443 struct key_security_struct *ksec = key->security;
5444 char *context = NULL;
5445 unsigned len;
5446 int rc;
5447
5448 rc = security_sid_to_context(ksec->sid, &context, &len);
5449 if (!rc)
5450 rc = len;
5451 *_buffer = context;
5452 return rc;
5453}
5454
5455#endif
5456
5457static struct security_operations selinux_ops = {
5458 .name = "selinux",
5459
5460 .ptrace_access_check = selinux_ptrace_access_check,
5461 .ptrace_traceme = selinux_ptrace_traceme,
5462 .capget = selinux_capget,
5463 .capset = selinux_capset,
5464 .capable = selinux_capable,
5465 .quotactl = selinux_quotactl,
5466 .quota_on = selinux_quota_on,
5467 .syslog = selinux_syslog,
5468 .vm_enough_memory = selinux_vm_enough_memory,
5469
5470 .netlink_send = selinux_netlink_send,
5471 .netlink_recv = selinux_netlink_recv,
5472
5473 .bprm_set_creds = selinux_bprm_set_creds,
5474 .bprm_committing_creds = selinux_bprm_committing_creds,
5475 .bprm_committed_creds = selinux_bprm_committed_creds,
5476 .bprm_secureexec = selinux_bprm_secureexec,
5477
5478 .sb_alloc_security = selinux_sb_alloc_security,
5479 .sb_free_security = selinux_sb_free_security,
5480 .sb_copy_data = selinux_sb_copy_data,
5481 .sb_remount = selinux_sb_remount,
5482 .sb_kern_mount = selinux_sb_kern_mount,
5483 .sb_show_options = selinux_sb_show_options,
5484 .sb_statfs = selinux_sb_statfs,
5485 .sb_mount = selinux_mount,
5486 .sb_umount = selinux_umount,
5487 .sb_set_mnt_opts = selinux_set_mnt_opts,
5488 .sb_clone_mnt_opts = selinux_sb_clone_mnt_opts,
5489 .sb_parse_opts_str = selinux_parse_opts_str,
5490
5491
5492 .inode_alloc_security = selinux_inode_alloc_security,
5493 .inode_free_security = selinux_inode_free_security,
5494 .inode_init_security = selinux_inode_init_security,
5495 .inode_create = selinux_inode_create,
5496 .inode_link = selinux_inode_link,
5497 .inode_unlink = selinux_inode_unlink,
5498 .inode_symlink = selinux_inode_symlink,
5499 .inode_mkdir = selinux_inode_mkdir,
5500 .inode_rmdir = selinux_inode_rmdir,
5501 .inode_mknod = selinux_inode_mknod,
5502 .inode_rename = selinux_inode_rename,
5503 .inode_readlink = selinux_inode_readlink,
5504 .inode_follow_link = selinux_inode_follow_link,
5505 .inode_permission = selinux_inode_permission,
5506 .inode_setattr = selinux_inode_setattr,
5507 .inode_getattr = selinux_inode_getattr,
5508 .inode_setxattr = selinux_inode_setxattr,
5509 .inode_post_setxattr = selinux_inode_post_setxattr,
5510 .inode_getxattr = selinux_inode_getxattr,
5511 .inode_listxattr = selinux_inode_listxattr,
5512 .inode_removexattr = selinux_inode_removexattr,
5513 .inode_getsecurity = selinux_inode_getsecurity,
5514 .inode_setsecurity = selinux_inode_setsecurity,
5515 .inode_listsecurity = selinux_inode_listsecurity,
5516 .inode_getsecid = selinux_inode_getsecid,
5517
5518 .file_permission = selinux_file_permission,
5519 .file_alloc_security = selinux_file_alloc_security,
5520 .file_free_security = selinux_file_free_security,
5521 .file_ioctl = selinux_file_ioctl,
5522 .file_mmap = selinux_file_mmap,
5523 .file_mprotect = selinux_file_mprotect,
5524 .file_lock = selinux_file_lock,
5525 .file_fcntl = selinux_file_fcntl,
5526 .file_set_fowner = selinux_file_set_fowner,
5527 .file_send_sigiotask = selinux_file_send_sigiotask,
5528 .file_receive = selinux_file_receive,
5529
5530 .dentry_open = selinux_dentry_open,
5531
5532 .task_create = selinux_task_create,
5533 .cred_alloc_blank = selinux_cred_alloc_blank,
5534 .cred_free = selinux_cred_free,
5535 .cred_prepare = selinux_cred_prepare,
5536 .cred_transfer = selinux_cred_transfer,
5537 .kernel_act_as = selinux_kernel_act_as,
5538 .kernel_create_files_as = selinux_kernel_create_files_as,
5539 .kernel_module_request = selinux_kernel_module_request,
5540 .task_setpgid = selinux_task_setpgid,
5541 .task_getpgid = selinux_task_getpgid,
5542 .task_getsid = selinux_task_getsid,
5543 .task_getsecid = selinux_task_getsecid,
5544 .task_setnice = selinux_task_setnice,
5545 .task_setioprio = selinux_task_setioprio,
5546 .task_getioprio = selinux_task_getioprio,
5547 .task_setrlimit = selinux_task_setrlimit,
5548 .task_setscheduler = selinux_task_setscheduler,
5549 .task_getscheduler = selinux_task_getscheduler,
5550 .task_movememory = selinux_task_movememory,
5551 .task_kill = selinux_task_kill,
5552 .task_wait = selinux_task_wait,
5553 .task_to_inode = selinux_task_to_inode,
5554
5555 .ipc_permission = selinux_ipc_permission,
5556 .ipc_getsecid = selinux_ipc_getsecid,
5557
5558 .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
5559 .msg_msg_free_security = selinux_msg_msg_free_security,
5560
5561 .msg_queue_alloc_security = selinux_msg_queue_alloc_security,
5562 .msg_queue_free_security = selinux_msg_queue_free_security,
5563 .msg_queue_associate = selinux_msg_queue_associate,
5564 .msg_queue_msgctl = selinux_msg_queue_msgctl,
5565 .msg_queue_msgsnd = selinux_msg_queue_msgsnd,
5566 .msg_queue_msgrcv = selinux_msg_queue_msgrcv,
5567
5568 .shm_alloc_security = selinux_shm_alloc_security,
5569 .shm_free_security = selinux_shm_free_security,
5570 .shm_associate = selinux_shm_associate,
5571 .shm_shmctl = selinux_shm_shmctl,
5572 .shm_shmat = selinux_shm_shmat,
5573
5574 .sem_alloc_security = selinux_sem_alloc_security,
5575 .sem_free_security = selinux_sem_free_security,
5576 .sem_associate = selinux_sem_associate,
5577 .sem_semctl = selinux_sem_semctl,
5578 .sem_semop = selinux_sem_semop,
5579
5580 .d_instantiate = selinux_d_instantiate,
5581
5582 .getprocattr = selinux_getprocattr,
5583 .setprocattr = selinux_setprocattr,
5584
5585 .secid_to_secctx = selinux_secid_to_secctx,
5586 .secctx_to_secid = selinux_secctx_to_secid,
5587 .release_secctx = selinux_release_secctx,
5588 .inode_notifysecctx = selinux_inode_notifysecctx,
5589 .inode_setsecctx = selinux_inode_setsecctx,
5590 .inode_getsecctx = selinux_inode_getsecctx,
5591
5592 .unix_stream_connect = selinux_socket_unix_stream_connect,
5593 .unix_may_send = selinux_socket_unix_may_send,
5594
5595 .socket_create = selinux_socket_create,
5596 .socket_post_create = selinux_socket_post_create,
5597 .socket_bind = selinux_socket_bind,
5598 .socket_connect = selinux_socket_connect,
5599 .socket_listen = selinux_socket_listen,
5600 .socket_accept = selinux_socket_accept,
5601 .socket_sendmsg = selinux_socket_sendmsg,
5602 .socket_recvmsg = selinux_socket_recvmsg,
5603 .socket_getsockname = selinux_socket_getsockname,
5604 .socket_getpeername = selinux_socket_getpeername,
5605 .socket_getsockopt = selinux_socket_getsockopt,
5606 .socket_setsockopt = selinux_socket_setsockopt,
5607 .socket_shutdown = selinux_socket_shutdown,
5608 .socket_sock_rcv_skb = selinux_socket_sock_rcv_skb,
5609 .socket_getpeersec_stream = selinux_socket_getpeersec_stream,
5610 .socket_getpeersec_dgram = selinux_socket_getpeersec_dgram,
5611 .sk_alloc_security = selinux_sk_alloc_security,
5612 .sk_free_security = selinux_sk_free_security,
5613 .sk_clone_security = selinux_sk_clone_security,
5614 .sk_getsecid = selinux_sk_getsecid,
5615 .sock_graft = selinux_sock_graft,
5616 .inet_conn_request = selinux_inet_conn_request,
5617 .inet_csk_clone = selinux_inet_csk_clone,
5618 .inet_conn_established = selinux_inet_conn_established,
5619 .secmark_relabel_packet = selinux_secmark_relabel_packet,
5620 .secmark_refcount_inc = selinux_secmark_refcount_inc,
5621 .secmark_refcount_dec = selinux_secmark_refcount_dec,
5622 .req_classify_flow = selinux_req_classify_flow,
5623 .tun_dev_create = selinux_tun_dev_create,
5624 .tun_dev_post_create = selinux_tun_dev_post_create,
5625 .tun_dev_attach = selinux_tun_dev_attach,
5626
5627#ifdef CONFIG_SECURITY_NETWORK_XFRM
5628 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc,
5629 .xfrm_policy_clone_security = selinux_xfrm_policy_clone,
5630 .xfrm_policy_free_security = selinux_xfrm_policy_free,
5631 .xfrm_policy_delete_security = selinux_xfrm_policy_delete,
5632 .xfrm_state_alloc_security = selinux_xfrm_state_alloc,
5633 .xfrm_state_free_security = selinux_xfrm_state_free,
5634 .xfrm_state_delete_security = selinux_xfrm_state_delete,
5635 .xfrm_policy_lookup = selinux_xfrm_policy_lookup,
5636 .xfrm_state_pol_flow_match = selinux_xfrm_state_pol_flow_match,
5637 .xfrm_decode_session = selinux_xfrm_decode_session,
5638#endif
5639
5640#ifdef CONFIG_KEYS
5641 .key_alloc = selinux_key_alloc,
5642 .key_free = selinux_key_free,
5643 .key_permission = selinux_key_permission,
5644 .key_getsecurity = selinux_key_getsecurity,
5645#endif
5646
5647#ifdef CONFIG_AUDIT
5648 .audit_rule_init = selinux_audit_rule_init,
5649 .audit_rule_known = selinux_audit_rule_known,
5650 .audit_rule_match = selinux_audit_rule_match,
5651 .audit_rule_free = selinux_audit_rule_free,
5652#endif
5653};
5654
5655static __init int selinux_init(void)
5656{
5657 if (!security_module_enable(&selinux_ops)) {
5658 selinux_enabled = 0;
5659 return 0;
5660 }
5661
5662 if (!selinux_enabled) {
5663 printk(KERN_INFO "SELinux: Disabled at boot.\n");
5664 return 0;
5665 }
5666
5667 printk(KERN_INFO "SELinux: Initializing.\n");
5668
5669
5670 cred_init_security();
5671
5672 default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
5673
5674 sel_inode_cache = kmem_cache_create("selinux_inode_security",
5675 sizeof(struct inode_security_struct),
5676 0, SLAB_PANIC, NULL);
5677 avc_init();
5678
5679 if (register_security(&selinux_ops))
5680 panic("SELinux: Unable to register with kernel.\n");
5681
5682 if (selinux_enforcing)
5683 printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
5684 else
5685 printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
5686
5687 return 0;
5688}
5689
5690static void delayed_superblock_init(struct super_block *sb, void *unused)
5691{
5692 superblock_doinit(sb, NULL);
5693}
5694
5695void selinux_complete_init(void)
5696{
5697 printk(KERN_DEBUG "SELinux: Completing initialization.\n");
5698
5699
5700 printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
5701 iterate_supers(delayed_superblock_init, NULL);
5702}
5703
5704
5705
5706security_initcall(selinux_init);
5707
5708#if defined(CONFIG_NETFILTER)
5709
5710static struct nf_hook_ops selinux_ipv4_ops[] = {
5711 {
5712 .hook = selinux_ipv4_postroute,
5713 .owner = THIS_MODULE,
5714 .pf = PF_INET,
5715 .hooknum = NF_INET_POST_ROUTING,
5716 .priority = NF_IP_PRI_SELINUX_LAST,
5717 },
5718 {
5719 .hook = selinux_ipv4_forward,
5720 .owner = THIS_MODULE,
5721 .pf = PF_INET,
5722 .hooknum = NF_INET_FORWARD,
5723 .priority = NF_IP_PRI_SELINUX_FIRST,
5724 },
5725 {
5726 .hook = selinux_ipv4_output,
5727 .owner = THIS_MODULE,
5728 .pf = PF_INET,
5729 .hooknum = NF_INET_LOCAL_OUT,
5730 .priority = NF_IP_PRI_SELINUX_FIRST,
5731 }
5732};
5733
5734#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5735
5736static struct nf_hook_ops selinux_ipv6_ops[] = {
5737 {
5738 .hook = selinux_ipv6_postroute,
5739 .owner = THIS_MODULE,
5740 .pf = PF_INET6,
5741 .hooknum = NF_INET_POST_ROUTING,
5742 .priority = NF_IP6_PRI_SELINUX_LAST,
5743 },
5744 {
5745 .hook = selinux_ipv6_forward,
5746 .owner = THIS_MODULE,
5747 .pf = PF_INET6,
5748 .hooknum = NF_INET_FORWARD,
5749 .priority = NF_IP6_PRI_SELINUX_FIRST,
5750 }
5751};
5752
5753#endif
5754
5755static int __init selinux_nf_ip_init(void)
5756{
5757 int err = 0;
5758
5759 if (!selinux_enabled)
5760 goto out;
5761
5762 printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
5763
5764 err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
5765 if (err)
5766 panic("SELinux: nf_register_hooks for IPv4: error %d\n", err);
5767
5768#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5769 err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
5770 if (err)
5771 panic("SELinux: nf_register_hooks for IPv6: error %d\n", err);
5772#endif
5773
5774out:
5775 return err;
5776}
5777
5778__initcall(selinux_nf_ip_init);
5779
5780#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5781static void selinux_nf_ip_exit(void)
5782{
5783 printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
5784
5785 nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
5786#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5787 nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
5788#endif
5789}
5790#endif
5791
5792#else
5793
5794#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5795#define selinux_nf_ip_exit()
5796#endif
5797
5798#endif
5799
5800#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5801static int selinux_disabled;
5802
5803int selinux_disable(void)
5804{
5805 extern void exit_sel_fs(void);
5806
5807 if (ss_initialized) {
5808
5809 return -EINVAL;
5810 }
5811
5812 if (selinux_disabled) {
5813
5814 return -EINVAL;
5815 }
5816
5817 printk(KERN_INFO "SELinux: Disabled at runtime.\n");
5818
5819 selinux_disabled = 1;
5820 selinux_enabled = 0;
5821
5822 reset_security_ops();
5823
5824
5825 avc_disable();
5826
5827
5828 selinux_nf_ip_exit();
5829
5830
5831 exit_sel_fs();
5832
5833 return 0;
5834}
5835#endif
5836
