1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26#include <linux/init.h>
27#include <linux/kd.h>
28#include <linux/kernel.h>
29#include <linux/tracehook.h>
30#include <linux/errno.h>
31#include <linux/sched.h>
32#include <linux/security.h>
33#include <linux/xattr.h>
34#include <linux/capability.h>
35#include <linux/unistd.h>
36#include <linux/mm.h>
37#include <linux/mman.h>
38#include <linux/slab.h>
39#include <linux/pagemap.h>
40#include <linux/proc_fs.h>
41#include <linux/swap.h>
42#include <linux/spinlock.h>
43#include <linux/syscalls.h>
44#include <linux/dcache.h>
45#include <linux/file.h>
46#include <linux/fdtable.h>
47#include <linux/namei.h>
48#include <linux/mount.h>
49#include <linux/netfilter_ipv4.h>
50#include <linux/netfilter_ipv6.h>
51#include <linux/tty.h>
52#include <net/icmp.h>
53#include <net/ip.h>
54#include <net/sock.h>
55#include <net/tcp.h>
56#include <net/net_namespace.h>
57#include <net/netlabel.h>
58#include <linux/uaccess.h>
59#include <asm/ioctls.h>
60#include <linux/atomic.h>
61#include <linux/bitops.h>
62#include <linux/interrupt.h>
63#include <linux/netdevice.h>
64#include <net/netlink.h>
65#include <linux/tcp.h>
66#include <linux/udp.h>
67#include <linux/dccp.h>
68#include <linux/quota.h>
69#include <linux/un.h>
70#include <net/af_unix.h>
71#include <linux/parser.h>
72#include <linux/nfs_mount.h>
73#include <net/ipv6.h>
74#include <linux/hugetlb.h>
75#include <linux/personality.h>
76#include <linux/audit.h>
77#include <linux/string.h>
78#include <linux/selinux.h>
79#include <linux/mutex.h>
80#include <linux/posix-timers.h>
81#include <linux/syslog.h>
82#include <linux/user_namespace.h>
83#include <linux/export.h>
84#include <linux/security.h>
85#include <linux/msg.h>
86#include <linux/shm.h>
87
88#include "avc.h"
89#include "objsec.h"
90#include "netif.h"
91#include "netnode.h"
92#include "netport.h"
93#include "xfrm.h"
94#include "netlabel.h"
95#include "audit.h"
96#include "avc_ss.h"
97
98#define NUM_SEL_MNT_OPTS 5
99
100extern struct security_operations *security_ops;
101
102
103static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
104
105#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
106int selinux_enforcing;
107
108static int __init enforcing_setup(char *str)
109{
110 unsigned long enforcing;
111 if (!strict_strtoul(str, 0, &enforcing))
112 selinux_enforcing = enforcing ? 1 : 0;
113 return 1;
114}
115__setup("enforcing=", enforcing_setup);
116#endif
117
118#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
119int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
120
121static int __init selinux_enabled_setup(char *str)
122{
123 unsigned long enabled;
124 if (!strict_strtoul(str, 0, &enabled))
125 selinux_enabled = enabled ? 1 : 0;
126 return 1;
127}
128__setup("selinux=", selinux_enabled_setup);
129#else
130int selinux_enabled = 1;
131#endif
132
133static struct kmem_cache *sel_inode_cache;
134
135
136
137
138
139
140
141
142
143
144
145static int selinux_secmark_enabled(void)
146{
147 return (atomic_read(&selinux_secmark_refcount) > 0);
148}
149
150
151
152
153static void cred_init_security(void)
154{
155 struct cred *cred = (struct cred *) current->real_cred;
156 struct task_security_struct *tsec;
157
158 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
159 if (!tsec)
160 panic("SELinux: Failed to initialize initial task.\n");
161
162 tsec->osid = tsec->sid = SECINITSID_KERNEL;
163 cred->security = tsec;
164}
165
166
167
168
169static inline u32 cred_sid(const struct cred *cred)
170{
171 const struct task_security_struct *tsec;
172
173 tsec = cred->security;
174 return tsec->sid;
175}
176
177
178
179
180static inline u32 task_sid(const struct task_struct *task)
181{
182 u32 sid;
183
184 rcu_read_lock();
185 sid = cred_sid(__task_cred(task));
186 rcu_read_unlock();
187 return sid;
188}
189
190
191
192
193static inline u32 current_sid(void)
194{
195 const struct task_security_struct *tsec = current_security();
196
197 return tsec->sid;
198}
199
200
201
202static int inode_alloc_security(struct inode *inode)
203{
204 struct inode_security_struct *isec;
205 u32 sid = current_sid();
206
207 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
208 if (!isec)
209 return -ENOMEM;
210
211 mutex_init(&isec->lock);
212 INIT_LIST_HEAD(&isec->list);
213 isec->inode = inode;
214 isec->sid = SECINITSID_UNLABELED;
215 isec->sclass = SECCLASS_FILE;
216 isec->task_sid = sid;
217 inode->i_security = isec;
218
219 return 0;
220}
221
222static void inode_free_security(struct inode *inode)
223{
224 struct inode_security_struct *isec = inode->i_security;
225 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
226
227 spin_lock(&sbsec->isec_lock);
228 if (!list_empty(&isec->list))
229 list_del_init(&isec->list);
230 spin_unlock(&sbsec->isec_lock);
231
232 inode->i_security = NULL;
233 kmem_cache_free(sel_inode_cache, isec);
234}
235
236static int file_alloc_security(struct file *file)
237{
238 struct file_security_struct *fsec;
239 u32 sid = current_sid();
240
241 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
242 if (!fsec)
243 return -ENOMEM;
244
245 fsec->sid = sid;
246 fsec->fown_sid = sid;
247 file->f_security = fsec;
248
249 return 0;
250}
251
252static void file_free_security(struct file *file)
253{
254 struct file_security_struct *fsec = file->f_security;
255 file->f_security = NULL;
256 kfree(fsec);
257}
258
259static int superblock_alloc_security(struct super_block *sb)
260{
261 struct superblock_security_struct *sbsec;
262
263 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
264 if (!sbsec)
265 return -ENOMEM;
266
267 mutex_init(&sbsec->lock);
268 INIT_LIST_HEAD(&sbsec->isec_head);
269 spin_lock_init(&sbsec->isec_lock);
270 sbsec->sb = sb;
271 sbsec->sid = SECINITSID_UNLABELED;
272 sbsec->def_sid = SECINITSID_FILE;
273 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
274 sb->s_security = sbsec;
275
276 return 0;
277}
278
279static void superblock_free_security(struct super_block *sb)
280{
281 struct superblock_security_struct *sbsec = sb->s_security;
282 sb->s_security = NULL;
283 kfree(sbsec);
284}
285
286
287
288static const char *labeling_behaviors[7] = {
289 "uses xattr",
290 "uses transition SIDs",
291 "uses task SIDs",
292 "uses genfs_contexts",
293 "not configured for labeling",
294 "uses mountpoint labeling",
295 "uses native labeling",
296};
297
298static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
299
300static inline int inode_doinit(struct inode *inode)
301{
302 return inode_doinit_with_dentry(inode, NULL);
303}
304
305enum {
306 Opt_error = -1,
307 Opt_context = 1,
308 Opt_fscontext = 2,
309 Opt_defcontext = 3,
310 Opt_rootcontext = 4,
311 Opt_labelsupport = 5,
312};
313
314static const match_table_t tokens = {
315 {Opt_context, CONTEXT_STR "%s"},
316 {Opt_fscontext, FSCONTEXT_STR "%s"},
317 {Opt_defcontext, DEFCONTEXT_STR "%s"},
318 {Opt_rootcontext, ROOTCONTEXT_STR "%s"},
319 {Opt_labelsupport, LABELSUPP_STR},
320 {Opt_error, NULL},
321};
322
323#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
324
325static int may_context_mount_sb_relabel(u32 sid,
326 struct superblock_security_struct *sbsec,
327 const struct cred *cred)
328{
329 const struct task_security_struct *tsec = cred->security;
330 int rc;
331
332 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
333 FILESYSTEM__RELABELFROM, NULL);
334 if (rc)
335 return rc;
336
337 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
338 FILESYSTEM__RELABELTO, NULL);
339 return rc;
340}
341
342static int may_context_mount_inode_relabel(u32 sid,
343 struct superblock_security_struct *sbsec,
344 const struct cred *cred)
345{
346 const struct task_security_struct *tsec = cred->security;
347 int rc;
348 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
349 FILESYSTEM__RELABELFROM, NULL);
350 if (rc)
351 return rc;
352
353 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
354 FILESYSTEM__ASSOCIATE, NULL);
355 return rc;
356}
357
358static int sb_finish_set_opts(struct super_block *sb)
359{
360 struct superblock_security_struct *sbsec = sb->s_security;
361 struct dentry *root = sb->s_root;
362 struct inode *root_inode = root->d_inode;
363 int rc = 0;
364
365 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
366
367
368
369
370
371 if (!root_inode->i_op->getxattr) {
372 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
373 "xattr support\n", sb->s_id, sb->s_type->name);
374 rc = -EOPNOTSUPP;
375 goto out;
376 }
377 rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
378 if (rc < 0 && rc != -ENODATA) {
379 if (rc == -EOPNOTSUPP)
380 printk(KERN_WARNING "SELinux: (dev %s, type "
381 "%s) has no security xattr handler\n",
382 sb->s_id, sb->s_type->name);
383 else
384 printk(KERN_WARNING "SELinux: (dev %s, type "
385 "%s) getxattr errno %d\n", sb->s_id,
386 sb->s_type->name, -rc);
387 goto out;
388 }
389 }
390
391 sbsec->flags |= (SE_SBINITIALIZED | SE_SBLABELSUPP);
392
393 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
394 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
395 sb->s_id, sb->s_type->name);
396 else
397 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
398 sb->s_id, sb->s_type->name,
399 labeling_behaviors[sbsec->behavior-1]);
400
401 if (sbsec->behavior == SECURITY_FS_USE_GENFS ||
402 sbsec->behavior == SECURITY_FS_USE_MNTPOINT ||
403 sbsec->behavior == SECURITY_FS_USE_NONE ||
404 sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
405 sbsec->flags &= ~SE_SBLABELSUPP;
406
407
408 if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
409 sbsec->flags |= SE_SBLABELSUPP;
410
411
412 rc = inode_doinit_with_dentry(root_inode, root);
413
414
415
416
417
418 spin_lock(&sbsec->isec_lock);
419next_inode:
420 if (!list_empty(&sbsec->isec_head)) {
421 struct inode_security_struct *isec =
422 list_entry(sbsec->isec_head.next,
423 struct inode_security_struct, list);
424 struct inode *inode = isec->inode;
425 spin_unlock(&sbsec->isec_lock);
426 inode = igrab(inode);
427 if (inode) {
428 if (!IS_PRIVATE(inode))
429 inode_doinit(inode);
430 iput(inode);
431 }
432 spin_lock(&sbsec->isec_lock);
433 list_del_init(&isec->list);
434 goto next_inode;
435 }
436 spin_unlock(&sbsec->isec_lock);
437out:
438 return rc;
439}
440
441
442
443
444
445
446static int selinux_get_mnt_opts(const struct super_block *sb,
447 struct security_mnt_opts *opts)
448{
449 int rc = 0, i;
450 struct superblock_security_struct *sbsec = sb->s_security;
451 char *context = NULL;
452 u32 len;
453 char tmp;
454
455 security_init_mnt_opts(opts);
456
457 if (!(sbsec->flags & SE_SBINITIALIZED))
458 return -EINVAL;
459
460 if (!ss_initialized)
461 return -EINVAL;
462
463 tmp = sbsec->flags & SE_MNTMASK;
464
465 for (i = 0; i < 8; i++) {
466 if (tmp & 0x01)
467 opts->num_mnt_opts++;
468 tmp >>= 1;
469 }
470
471 if (sbsec->flags & SE_SBLABELSUPP)
472 opts->num_mnt_opts++;
473
474 opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
475 if (!opts->mnt_opts) {
476 rc = -ENOMEM;
477 goto out_free;
478 }
479
480 opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);
481 if (!opts->mnt_opts_flags) {
482 rc = -ENOMEM;
483 goto out_free;
484 }
485
486 i = 0;
487 if (sbsec->flags & FSCONTEXT_MNT) {
488 rc = security_sid_to_context(sbsec->sid, &context, &len);
489 if (rc)
490 goto out_free;
491 opts->mnt_opts[i] = context;
492 opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
493 }
494 if (sbsec->flags & CONTEXT_MNT) {
495 rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
496 if (rc)
497 goto out_free;
498 opts->mnt_opts[i] = context;
499 opts->mnt_opts_flags[i++] = CONTEXT_MNT;
500 }
501 if (sbsec->flags & DEFCONTEXT_MNT) {
502 rc = security_sid_to_context(sbsec->def_sid, &context, &len);
503 if (rc)
504 goto out_free;
505 opts->mnt_opts[i] = context;
506 opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;
507 }
508 if (sbsec->flags & ROOTCONTEXT_MNT) {
509 struct inode *root = sbsec->sb->s_root->d_inode;
510 struct inode_security_struct *isec = root->i_security;
511
512 rc = security_sid_to_context(isec->sid, &context, &len);
513 if (rc)
514 goto out_free;
515 opts->mnt_opts[i] = context;
516 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
517 }
518 if (sbsec->flags & SE_SBLABELSUPP) {
519 opts->mnt_opts[i] = NULL;
520 opts->mnt_opts_flags[i++] = SE_SBLABELSUPP;
521 }
522
523 BUG_ON(i != opts->num_mnt_opts);
524
525 return 0;
526
527out_free:
528 security_free_mnt_opts(opts);
529 return rc;
530}
531
532static int bad_option(struct superblock_security_struct *sbsec, char flag,
533 u32 old_sid, u32 new_sid)
534{
535 char mnt_flags = sbsec->flags & SE_MNTMASK;
536
537
538 if (sbsec->flags & SE_SBINITIALIZED)
539 if (!(sbsec->flags & flag) ||
540 (old_sid != new_sid))
541 return 1;
542
543
544
545
546 if (!(sbsec->flags & SE_SBINITIALIZED))
547 if (mnt_flags & flag)
548 return 1;
549 return 0;
550}
551
552
553
554
555
556static int selinux_set_mnt_opts(struct super_block *sb,
557 struct security_mnt_opts *opts,
558 unsigned long kern_flags,
559 unsigned long *set_kern_flags)
560{
561 const struct cred *cred = current_cred();
562 int rc = 0, i;
563 struct superblock_security_struct *sbsec = sb->s_security;
564 const char *name = sb->s_type->name;
565 struct inode *inode = sbsec->sb->s_root->d_inode;
566 struct inode_security_struct *root_isec = inode->i_security;
567 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
568 u32 defcontext_sid = 0;
569 char **mount_options = opts->mnt_opts;
570 int *flags = opts->mnt_opts_flags;
571 int num_opts = opts->num_mnt_opts;
572
573 mutex_lock(&sbsec->lock);
574
575 if (!ss_initialized) {
576 if (!num_opts) {
577
578
579
580 goto out;
581 }
582 rc = -EINVAL;
583 printk(KERN_WARNING "SELinux: Unable to set superblock options "
584 "before the security server is initialized\n");
585 goto out;
586 }
587 if (kern_flags && !set_kern_flags) {
588
589
590 rc = -EINVAL;
591 goto out;
592 }
593
594
595
596
597
598
599
600
601
602
603
604
605 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
606 && (num_opts == 0))
607 goto out;
608
609
610
611
612
613
614 for (i = 0; i < num_opts; i++) {
615 u32 sid;
616
617 if (flags[i] == SE_SBLABELSUPP)
618 continue;
619 rc = security_context_to_sid(mount_options[i],
620 strlen(mount_options[i]), &sid);
621 if (rc) {
622 printk(KERN_WARNING "SELinux: security_context_to_sid"
623 "(%s) failed for (dev %s, type %s) errno=%d\n",
624 mount_options[i], sb->s_id, name, rc);
625 goto out;
626 }
627 switch (flags[i]) {
628 case FSCONTEXT_MNT:
629 fscontext_sid = sid;
630
631 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
632 fscontext_sid))
633 goto out_double_mount;
634
635 sbsec->flags |= FSCONTEXT_MNT;
636 break;
637 case CONTEXT_MNT:
638 context_sid = sid;
639
640 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
641 context_sid))
642 goto out_double_mount;
643
644 sbsec->flags |= CONTEXT_MNT;
645 break;
646 case ROOTCONTEXT_MNT:
647 rootcontext_sid = sid;
648
649 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
650 rootcontext_sid))
651 goto out_double_mount;
652
653 sbsec->flags |= ROOTCONTEXT_MNT;
654
655 break;
656 case DEFCONTEXT_MNT:
657 defcontext_sid = sid;
658
659 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
660 defcontext_sid))
661 goto out_double_mount;
662
663 sbsec->flags |= DEFCONTEXT_MNT;
664
665 break;
666 default:
667 rc = -EINVAL;
668 goto out;
669 }
670 }
671
672 if (sbsec->flags & SE_SBINITIALIZED) {
673
674 if ((sbsec->flags & SE_MNTMASK) && !num_opts)
675 goto out_double_mount;
676 rc = 0;
677 goto out;
678 }
679
680 if (strcmp(sb->s_type->name, "proc") == 0)
681 sbsec->flags |= SE_SBPROC;
682
683 if (!sbsec->behavior) {
684
685
686
687
688 rc = security_fs_use((sbsec->flags & SE_SBPROC) ?
689 "proc" : sb->s_type->name,
690 &sbsec->behavior, &sbsec->sid);
691 if (rc) {
692 printk(KERN_WARNING
693 "%s: security_fs_use(%s) returned %d\n",
694 __func__, sb->s_type->name, rc);
695 goto out;
696 }
697 }
698
699 if (fscontext_sid) {
700 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
701 if (rc)
702 goto out;
703
704 sbsec->sid = fscontext_sid;
705 }
706
707
708
709
710
711
712 if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !context_sid) {
713 sbsec->behavior = SECURITY_FS_USE_NATIVE;
714 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
715 }
716
717 if (context_sid) {
718 if (!fscontext_sid) {
719 rc = may_context_mount_sb_relabel(context_sid, sbsec,
720 cred);
721 if (rc)
722 goto out;
723 sbsec->sid = context_sid;
724 } else {
725 rc = may_context_mount_inode_relabel(context_sid, sbsec,
726 cred);
727 if (rc)
728 goto out;
729 }
730 if (!rootcontext_sid)
731 rootcontext_sid = context_sid;
732
733 sbsec->mntpoint_sid = context_sid;
734 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
735 }
736
737 if (rootcontext_sid) {
738 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
739 cred);
740 if (rc)
741 goto out;
742
743 root_isec->sid = rootcontext_sid;
744 root_isec->initialized = 1;
745 }
746
747 if (defcontext_sid) {
748 if (sbsec->behavior != SECURITY_FS_USE_XATTR &&
749 sbsec->behavior != SECURITY_FS_USE_NATIVE) {
750 rc = -EINVAL;
751 printk(KERN_WARNING "SELinux: defcontext option is "
752 "invalid for this filesystem type\n");
753 goto out;
754 }
755
756 if (defcontext_sid != sbsec->def_sid) {
757 rc = may_context_mount_inode_relabel(defcontext_sid,
758 sbsec, cred);
759 if (rc)
760 goto out;
761 }
762
763 sbsec->def_sid = defcontext_sid;
764 }
765
766 rc = sb_finish_set_opts(sb);
767out:
768 mutex_unlock(&sbsec->lock);
769 return rc;
770out_double_mount:
771 rc = -EINVAL;
772 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
773 "security settings for (dev %s, type %s)\n", sb->s_id, name);
774 goto out;
775}
776
777static int selinux_cmp_sb_context(const struct super_block *oldsb,
778 const struct super_block *newsb)
779{
780 struct superblock_security_struct *old = oldsb->s_security;
781 struct superblock_security_struct *new = newsb->s_security;
782 char oldflags = old->flags & SE_MNTMASK;
783 char newflags = new->flags & SE_MNTMASK;
784
785 if (oldflags != newflags)
786 goto mismatch;
787 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid)
788 goto mismatch;
789 if ((oldflags & CONTEXT_MNT) && old->mntpoint_sid != new->mntpoint_sid)
790 goto mismatch;
791 if ((oldflags & DEFCONTEXT_MNT) && old->def_sid != new->def_sid)
792 goto mismatch;
793 if (oldflags & ROOTCONTEXT_MNT) {
794 struct inode_security_struct *oldroot = oldsb->s_root->d_inode->i_security;
795 struct inode_security_struct *newroot = newsb->s_root->d_inode->i_security;
796 if (oldroot->sid != newroot->sid)
797 goto mismatch;
798 }
799 return 0;
800mismatch:
801 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, "
802 "different security settings for (dev %s, "
803 "type %s)\n", newsb->s_id, newsb->s_type->name);
804 return -EBUSY;
805}
806
807static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
808 struct super_block *newsb)
809{
810 const struct superblock_security_struct *oldsbsec = oldsb->s_security;
811 struct superblock_security_struct *newsbsec = newsb->s_security;
812
813 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
814 int set_context = (oldsbsec->flags & CONTEXT_MNT);
815 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
816
817
818
819
820
821 if (!ss_initialized)
822 return 0;
823
824
825 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
826
827
828 if (newsbsec->flags & SE_SBINITIALIZED)
829 return selinux_cmp_sb_context(oldsb, newsb);
830
831 mutex_lock(&newsbsec->lock);
832
833 newsbsec->flags = oldsbsec->flags;
834
835 newsbsec->sid = oldsbsec->sid;
836 newsbsec->def_sid = oldsbsec->def_sid;
837 newsbsec->behavior = oldsbsec->behavior;
838
839 if (set_context) {
840 u32 sid = oldsbsec->mntpoint_sid;
841
842 if (!set_fscontext)
843 newsbsec->sid = sid;
844 if (!set_rootcontext) {
845 struct inode *newinode = newsb->s_root->d_inode;
846 struct inode_security_struct *newisec = newinode->i_security;
847 newisec->sid = sid;
848 }
849 newsbsec->mntpoint_sid = sid;
850 }
851 if (set_rootcontext) {
852 const struct inode *oldinode = oldsb->s_root->d_inode;
853 const struct inode_security_struct *oldisec = oldinode->i_security;
854 struct inode *newinode = newsb->s_root->d_inode;
855 struct inode_security_struct *newisec = newinode->i_security;
856
857 newisec->sid = oldisec->sid;
858 }
859
860 sb_finish_set_opts(newsb);
861 mutex_unlock(&newsbsec->lock);
862 return 0;
863}
864
865static int selinux_parse_opts_str(char *options,
866 struct security_mnt_opts *opts)
867{
868 char *p;
869 char *context = NULL, *defcontext = NULL;
870 char *fscontext = NULL, *rootcontext = NULL;
871 int rc, num_mnt_opts = 0;
872
873 opts->num_mnt_opts = 0;
874
875
876 while ((p = strsep(&options, "|")) != NULL) {
877 int token;
878 substring_t args[MAX_OPT_ARGS];
879
880 if (!*p)
881 continue;
882
883 token = match_token(p, tokens, args);
884
885 switch (token) {
886 case Opt_context:
887 if (context || defcontext) {
888 rc = -EINVAL;
889 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
890 goto out_err;
891 }
892 context = match_strdup(&args[0]);
893 if (!context) {
894 rc = -ENOMEM;
895 goto out_err;
896 }
897 break;
898
899 case Opt_fscontext:
900 if (fscontext) {
901 rc = -EINVAL;
902 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
903 goto out_err;
904 }
905 fscontext = match_strdup(&args[0]);
906 if (!fscontext) {
907 rc = -ENOMEM;
908 goto out_err;
909 }
910 break;
911
912 case Opt_rootcontext:
913 if (rootcontext) {
914 rc = -EINVAL;
915 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
916 goto out_err;
917 }
918 rootcontext = match_strdup(&args[0]);
919 if (!rootcontext) {
920 rc = -ENOMEM;
921 goto out_err;
922 }
923 break;
924
925 case Opt_defcontext:
926 if (context || defcontext) {
927 rc = -EINVAL;
928 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
929 goto out_err;
930 }
931 defcontext = match_strdup(&args[0]);
932 if (!defcontext) {
933 rc = -ENOMEM;
934 goto out_err;
935 }
936 break;
937 case Opt_labelsupport:
938 break;
939 default:
940 rc = -EINVAL;
941 printk(KERN_WARNING "SELinux: unknown mount option\n");
942 goto out_err;
943
944 }
945 }
946
947 rc = -ENOMEM;
948 opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC);
949 if (!opts->mnt_opts)
950 goto out_err;
951
952 opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC);
953 if (!opts->mnt_opts_flags) {
954 kfree(opts->mnt_opts);
955 goto out_err;
956 }
957
958 if (fscontext) {
959 opts->mnt_opts[num_mnt_opts] = fscontext;
960 opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;
961 }
962 if (context) {
963 opts->mnt_opts[num_mnt_opts] = context;
964 opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;
965 }
966 if (rootcontext) {
967 opts->mnt_opts[num_mnt_opts] = rootcontext;
968 opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;
969 }
970 if (defcontext) {
971 opts->mnt_opts[num_mnt_opts] = defcontext;
972 opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;
973 }
974
975 opts->num_mnt_opts = num_mnt_opts;
976 return 0;
977
978out_err:
979 kfree(context);
980 kfree(defcontext);
981 kfree(fscontext);
982 kfree(rootcontext);
983 return rc;
984}
985
986
987
988static int superblock_doinit(struct super_block *sb, void *data)
989{
990 int rc = 0;
991 char *options = data;
992 struct security_mnt_opts opts;
993
994 security_init_mnt_opts(&opts);
995
996 if (!data)
997 goto out;
998
999 BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
1000
1001 rc = selinux_parse_opts_str(options, &opts);
1002 if (rc)
1003 goto out_err;
1004
1005out:
1006 rc = selinux_set_mnt_opts(sb, &opts, 0, NULL);
1007
1008out_err:
1009 security_free_mnt_opts(&opts);
1010 return rc;
1011}
1012
1013static void selinux_write_opts(struct seq_file *m,
1014 struct security_mnt_opts *opts)
1015{
1016 int i;
1017 char *prefix;
1018
1019 for (i = 0; i < opts->num_mnt_opts; i++) {
1020 char *has_comma;
1021
1022 if (opts->mnt_opts[i])
1023 has_comma = strchr(opts->mnt_opts[i], ',');
1024 else
1025 has_comma = NULL;
1026
1027 switch (opts->mnt_opts_flags[i]) {
1028 case CONTEXT_MNT:
1029 prefix = CONTEXT_STR;
1030 break;
1031 case FSCONTEXT_MNT:
1032 prefix = FSCONTEXT_STR;
1033 break;
1034 case ROOTCONTEXT_MNT:
1035 prefix = ROOTCONTEXT_STR;
1036 break;
1037 case DEFCONTEXT_MNT:
1038 prefix = DEFCONTEXT_STR;
1039 break;
1040 case SE_SBLABELSUPP:
1041 seq_putc(m, ',');
1042 seq_puts(m, LABELSUPP_STR);
1043 continue;
1044 default:
1045 BUG();
1046 return;
1047 };
1048
1049 seq_putc(m, ',');
1050 seq_puts(m, prefix);
1051 if (has_comma)
1052 seq_putc(m, '\"');
1053 seq_puts(m, opts->mnt_opts[i]);
1054 if (has_comma)
1055 seq_putc(m, '\"');
1056 }
1057}
1058
1059static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
1060{
1061 struct security_mnt_opts opts;
1062 int rc;
1063
1064 rc = selinux_get_mnt_opts(sb, &opts);
1065 if (rc) {
1066
1067 if (rc == -EINVAL)
1068 rc = 0;
1069 return rc;
1070 }
1071
1072 selinux_write_opts(m, &opts);
1073
1074 security_free_mnt_opts(&opts);
1075
1076 return rc;
1077}
1078
1079static inline u16 inode_mode_to_security_class(umode_t mode)
1080{
1081 switch (mode & S_IFMT) {
1082 case S_IFSOCK:
1083 return SECCLASS_SOCK_FILE;
1084 case S_IFLNK:
1085 return SECCLASS_LNK_FILE;
1086 case S_IFREG:
1087 return SECCLASS_FILE;
1088 case S_IFBLK:
1089 return SECCLASS_BLK_FILE;
1090 case S_IFDIR:
1091 return SECCLASS_DIR;
1092 case S_IFCHR:
1093 return SECCLASS_CHR_FILE;
1094 case S_IFIFO:
1095 return SECCLASS_FIFO_FILE;
1096
1097 }
1098
1099 return SECCLASS_FILE;
1100}
1101
1102static inline int default_protocol_stream(int protocol)
1103{
1104 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
1105}
1106
1107static inline int default_protocol_dgram(int protocol)
1108{
1109 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
1110}
1111
1112static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1113{
1114 switch (family) {
1115 case PF_UNIX:
1116 switch (type) {
1117 case SOCK_STREAM:
1118 case SOCK_SEQPACKET:
1119 return SECCLASS_UNIX_STREAM_SOCKET;
1120 case SOCK_DGRAM:
1121 return SECCLASS_UNIX_DGRAM_SOCKET;
1122 }
1123 break;
1124 case PF_INET:
1125 case PF_INET6:
1126 switch (type) {
1127 case SOCK_STREAM:
1128 if (default_protocol_stream(protocol))
1129 return SECCLASS_TCP_SOCKET;
1130 else
1131 return SECCLASS_RAWIP_SOCKET;
1132 case SOCK_DGRAM:
1133 if (default_protocol_dgram(protocol))
1134 return SECCLASS_UDP_SOCKET;
1135 else
1136 return SECCLASS_RAWIP_SOCKET;
1137 case SOCK_DCCP:
1138 return SECCLASS_DCCP_SOCKET;
1139 default:
1140 return SECCLASS_RAWIP_SOCKET;
1141 }
1142 break;
1143 case PF_NETLINK:
1144 switch (protocol) {
1145 case NETLINK_ROUTE:
1146 return SECCLASS_NETLINK_ROUTE_SOCKET;
1147 case NETLINK_FIREWALL:
1148 return SECCLASS_NETLINK_FIREWALL_SOCKET;
1149 case NETLINK_SOCK_DIAG:
1150 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1151 case NETLINK_NFLOG:
1152 return SECCLASS_NETLINK_NFLOG_SOCKET;
1153 case NETLINK_XFRM:
1154 return SECCLASS_NETLINK_XFRM_SOCKET;
1155 case NETLINK_SELINUX:
1156 return SECCLASS_NETLINK_SELINUX_SOCKET;
1157 case NETLINK_AUDIT:
1158 return SECCLASS_NETLINK_AUDIT_SOCKET;
1159 case NETLINK_IP6_FW:
1160 return SECCLASS_NETLINK_IP6FW_SOCKET;
1161 case NETLINK_DNRTMSG:
1162 return SECCLASS_NETLINK_DNRT_SOCKET;
1163 case NETLINK_KOBJECT_UEVENT:
1164 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1165 default:
1166 return SECCLASS_NETLINK_SOCKET;
1167 }
1168 case PF_PACKET:
1169 return SECCLASS_PACKET_SOCKET;
1170 case PF_KEY:
1171 return SECCLASS_KEY_SOCKET;
1172 case PF_APPLETALK:
1173 return SECCLASS_APPLETALK_SOCKET;
1174 }
1175
1176 return SECCLASS_SOCKET;
1177}
1178
1179#ifdef CONFIG_PROC_FS
1180static int selinux_proc_get_sid(struct dentry *dentry,
1181 u16 tclass,
1182 u32 *sid)
1183{
1184 int rc;
1185 char *buffer, *path;
1186
1187 buffer = (char *)__get_free_page(GFP_KERNEL);
1188 if (!buffer)
1189 return -ENOMEM;
1190
1191 path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
1192 if (IS_ERR(path))
1193 rc = PTR_ERR(path);
1194 else {
1195
1196
1197
1198 while (path[1] >= '0' && path[1] <= '9') {
1199 path[1] = '/';
1200 path++;
1201 }
1202 rc = security_genfs_sid("proc", path, tclass, sid);
1203 }
1204 free_page((unsigned long)buffer);
1205 return rc;
1206}
1207#else
1208static int selinux_proc_get_sid(struct dentry *dentry,
1209 u16 tclass,
1210 u32 *sid)
1211{
1212 return -EINVAL;
1213}
1214#endif
1215
1216
1217static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1218{
1219 struct superblock_security_struct *sbsec = NULL;
1220 struct inode_security_struct *isec = inode->i_security;
1221 u32 sid;
1222 struct dentry *dentry;
1223#define INITCONTEXTLEN 255
1224 char *context = NULL;
1225 unsigned len = 0;
1226 int rc = 0;
1227
1228 if (isec->initialized)
1229 goto out;
1230
1231 mutex_lock(&isec->lock);
1232 if (isec->initialized)
1233 goto out_unlock;
1234
1235 sbsec = inode->i_sb->s_security;
1236 if (!(sbsec->flags & SE_SBINITIALIZED)) {
1237
1238
1239
1240 spin_lock(&sbsec->isec_lock);
1241 if (list_empty(&isec->list))
1242 list_add(&isec->list, &sbsec->isec_head);
1243 spin_unlock(&sbsec->isec_lock);
1244 goto out_unlock;
1245 }
1246
1247 switch (sbsec->behavior) {
1248 case SECURITY_FS_USE_NATIVE:
1249 break;
1250 case SECURITY_FS_USE_XATTR:
1251 if (!inode->i_op->getxattr) {
1252 isec->sid = sbsec->def_sid;
1253 break;
1254 }
1255
1256
1257
1258 if (opt_dentry) {
1259
1260 dentry = dget(opt_dentry);
1261 } else {
1262
1263 dentry = d_find_alias(inode);
1264 }
1265 if (!dentry) {
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275 goto out_unlock;
1276 }
1277
1278 len = INITCONTEXTLEN;
1279 context = kmalloc(len+1, GFP_NOFS);
1280 if (!context) {
1281 rc = -ENOMEM;
1282 dput(dentry);
1283 goto out_unlock;
1284 }
1285 context[len] = '\0';
1286 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1287 context, len);
1288 if (rc == -ERANGE) {
1289 kfree(context);
1290
1291
1292 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1293 NULL, 0);
1294 if (rc < 0) {
1295 dput(dentry);
1296 goto out_unlock;
1297 }
1298 len = rc;
1299 context = kmalloc(len+1, GFP_NOFS);
1300 if (!context) {
1301 rc = -ENOMEM;
1302 dput(dentry);
1303 goto out_unlock;
1304 }
1305 context[len] = '\0';
1306 rc = inode->i_op->getxattr(dentry,
1307 XATTR_NAME_SELINUX,
1308 context, len);
1309 }
1310 dput(dentry);
1311 if (rc < 0) {
1312 if (rc != -ENODATA) {
1313 printk(KERN_WARNING "SELinux: %s: getxattr returned "
1314 "%d for dev=%s ino=%ld\n", __func__,
1315 -rc, inode->i_sb->s_id, inode->i_ino);
1316 kfree(context);
1317 goto out_unlock;
1318 }
1319
1320 sid = sbsec->def_sid;
1321 rc = 0;
1322 } else {
1323 rc = security_context_to_sid_default(context, rc, &sid,
1324 sbsec->def_sid,
1325 GFP_NOFS);
1326 if (rc) {
1327 char *dev = inode->i_sb->s_id;
1328 unsigned long ino = inode->i_ino;
1329
1330 if (rc == -EINVAL) {
1331 if (printk_ratelimit())
1332 printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
1333 "context=%s. This indicates you may need to relabel the inode or the "
1334 "filesystem in question.\n", ino, dev, context);
1335 } else {
1336 printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
1337 "returned %d for dev=%s ino=%ld\n",
1338 __func__, context, -rc, dev, ino);
1339 }
1340 kfree(context);
1341
1342 rc = 0;
1343 break;
1344 }
1345 }
1346 kfree(context);
1347 isec->sid = sid;
1348 break;
1349 case SECURITY_FS_USE_TASK:
1350 isec->sid = isec->task_sid;
1351 break;
1352 case SECURITY_FS_USE_TRANS:
1353
1354 isec->sid = sbsec->sid;
1355
1356
1357 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1358 rc = security_transition_sid(isec->task_sid, sbsec->sid,
1359 isec->sclass, NULL, &sid);
1360 if (rc)
1361 goto out_unlock;
1362 isec->sid = sid;
1363 break;
1364 case SECURITY_FS_USE_MNTPOINT:
1365 isec->sid = sbsec->mntpoint_sid;
1366 break;
1367 default:
1368
1369 isec->sid = sbsec->sid;
1370
1371 if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
1372 if (opt_dentry) {
1373 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1374 rc = selinux_proc_get_sid(opt_dentry,
1375 isec->sclass,
1376 &sid);
1377 if (rc)
1378 goto out_unlock;
1379 isec->sid = sid;
1380 }
1381 }
1382 break;
1383 }
1384
1385 isec->initialized = 1;
1386
1387out_unlock:
1388 mutex_unlock(&isec->lock);
1389out:
1390 if (isec->sclass == SECCLASS_FILE)
1391 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1392 return rc;
1393}
1394
1395
1396static inline u32 signal_to_av(int sig)
1397{
1398 u32 perm = 0;
1399
1400 switch (sig) {
1401 case SIGCHLD:
1402
1403 perm = PROCESS__SIGCHLD;
1404 break;
1405 case SIGKILL:
1406
1407 perm = PROCESS__SIGKILL;
1408 break;
1409 case SIGSTOP:
1410
1411 perm = PROCESS__SIGSTOP;
1412 break;
1413 default:
1414
1415 perm = PROCESS__SIGNAL;
1416 break;
1417 }
1418
1419 return perm;
1420}
1421
1422
1423
1424
1425
1426static int cred_has_perm(const struct cred *actor,
1427 const struct cred *target,
1428 u32 perms)
1429{
1430 u32 asid = cred_sid(actor), tsid = cred_sid(target);
1431
1432 return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL);
1433}
1434
1435
1436
1437
1438
1439
1440
1441static int task_has_perm(const struct task_struct *tsk1,
1442 const struct task_struct *tsk2,
1443 u32 perms)
1444{
1445 const struct task_security_struct *__tsec1, *__tsec2;
1446 u32 sid1, sid2;
1447
1448 rcu_read_lock();
1449 __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid;
1450 __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid;
1451 rcu_read_unlock();
1452 return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL);
1453}
1454
1455
1456
1457
1458
1459
1460
1461static int current_has_perm(const struct task_struct *tsk,
1462 u32 perms)
1463{
1464 u32 sid, tsid;
1465
1466 sid = current_sid();
1467 tsid = task_sid(tsk);
1468 return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL);
1469}
1470
1471#if CAP_LAST_CAP > 63
1472#error Fix SELinux to handle capabilities > 63.
1473#endif
1474
1475
1476static int cred_has_capability(const struct cred *cred,
1477 int cap, int audit)
1478{
1479 struct common_audit_data ad;
1480 struct av_decision avd;
1481 u16 sclass;
1482 u32 sid = cred_sid(cred);
1483 u32 av = CAP_TO_MASK(cap);
1484 int rc;
1485
1486 ad.type = LSM_AUDIT_DATA_CAP;
1487 ad.u.cap = cap;
1488
1489 switch (CAP_TO_INDEX(cap)) {
1490 case 0:
1491 sclass = SECCLASS_CAPABILITY;
1492 break;
1493 case 1:
1494 sclass = SECCLASS_CAPABILITY2;
1495 break;
1496 default:
1497 printk(KERN_ERR
1498 "SELinux: out of range capability %d\n", cap);
1499 BUG();
1500 return -EINVAL;
1501 }
1502
1503 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
1504 if (audit == SECURITY_CAP_AUDIT) {
1505 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0);
1506 if (rc2)
1507 return rc2;
1508 }
1509 return rc;
1510}
1511
1512
1513static int task_has_system(struct task_struct *tsk,
1514 u32 perms)
1515{
1516 u32 sid = task_sid(tsk);
1517
1518 return avc_has_perm(sid, SECINITSID_KERNEL,
1519 SECCLASS_SYSTEM, perms, NULL);
1520}
1521
1522
1523
1524
1525static int inode_has_perm(const struct cred *cred,
1526 struct inode *inode,
1527 u32 perms,
1528 struct common_audit_data *adp,
1529 unsigned flags)
1530{
1531 struct inode_security_struct *isec;
1532 u32 sid;
1533
1534 validate_creds(cred);
1535
1536 if (unlikely(IS_PRIVATE(inode)))
1537 return 0;
1538
1539 sid = cred_sid(cred);
1540 isec = inode->i_security;
1541
1542 return avc_has_perm_flags(sid, isec->sid, isec->sclass, perms, adp, flags);
1543}
1544
1545
1546
1547
1548static inline int dentry_has_perm(const struct cred *cred,
1549 struct dentry *dentry,
1550 u32 av)
1551{
1552 struct inode *inode = dentry->d_inode;
1553 struct common_audit_data ad;
1554
1555 ad.type = LSM_AUDIT_DATA_DENTRY;
1556 ad.u.dentry = dentry;
1557 return inode_has_perm(cred, inode, av, &ad, 0);
1558}
1559
1560
1561
1562
1563static inline int path_has_perm(const struct cred *cred,
1564 struct path *path,
1565 u32 av)
1566{
1567 struct inode *inode = path->dentry->d_inode;
1568 struct common_audit_data ad;
1569
1570 ad.type = LSM_AUDIT_DATA_PATH;
1571 ad.u.path = *path;
1572 return inode_has_perm(cred, inode, av, &ad, 0);
1573}
1574
1575
1576static inline int file_path_has_perm(const struct cred *cred,
1577 struct file *file,
1578 u32 av)
1579{
1580 struct common_audit_data ad;
1581
1582 ad.type = LSM_AUDIT_DATA_PATH;
1583 ad.u.path = file->f_path;
1584 return inode_has_perm(cred, file_inode(file), av, &ad, 0);
1585}
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595static int file_has_perm(const struct cred *cred,
1596 struct file *file,
1597 u32 av)
1598{
1599 struct file_security_struct *fsec = file->f_security;
1600 struct inode *inode = file_inode(file);
1601 struct common_audit_data ad;
1602 u32 sid = cred_sid(cred);
1603 int rc;
1604
1605 ad.type = LSM_AUDIT_DATA_PATH;
1606 ad.u.path = file->f_path;
1607
1608 if (sid != fsec->sid) {
1609 rc = avc_has_perm(sid, fsec->sid,
1610 SECCLASS_FD,
1611 FD__USE,
1612 &ad);
1613 if (rc)
1614 goto out;
1615 }
1616
1617
1618 rc = 0;
1619 if (av)
1620 rc = inode_has_perm(cred, inode, av, &ad, 0);
1621
1622out:
1623 return rc;
1624}
1625
1626
1627static int may_create(struct inode *dir,
1628 struct dentry *dentry,
1629 u16 tclass)
1630{
1631 const struct task_security_struct *tsec = current_security();
1632 struct inode_security_struct *dsec;
1633 struct superblock_security_struct *sbsec;
1634 u32 sid, newsid;
1635 struct common_audit_data ad;
1636 int rc;
1637
1638 dsec = dir->i_security;
1639 sbsec = dir->i_sb->s_security;
1640
1641 sid = tsec->sid;
1642 newsid = tsec->create_sid;
1643
1644 ad.type = LSM_AUDIT_DATA_DENTRY;
1645 ad.u.dentry = dentry;
1646
1647 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
1648 DIR__ADD_NAME | DIR__SEARCH,
1649 &ad);
1650 if (rc)
1651 return rc;
1652
1653 if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
1654 rc = security_transition_sid(sid, dsec->sid, tclass,
1655 &dentry->d_name, &newsid);
1656 if (rc)
1657 return rc;
1658 }
1659
1660 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);
1661 if (rc)
1662 return rc;
1663
1664 return avc_has_perm(newsid, sbsec->sid,
1665 SECCLASS_FILESYSTEM,
1666 FILESYSTEM__ASSOCIATE, &ad);
1667}
1668
1669
1670static int may_create_key(u32 ksid,
1671 struct task_struct *ctx)
1672{
1673 u32 sid = task_sid(ctx);
1674
1675 return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1676}
1677
1678#define MAY_LINK 0
1679#define MAY_UNLINK 1
1680#define MAY_RMDIR 2
1681
1682
1683static int may_link(struct inode *dir,
1684 struct dentry *dentry,
1685 int kind)
1686
1687{
1688 struct inode_security_struct *dsec, *isec;
1689 struct common_audit_data ad;
1690 u32 sid = current_sid();
1691 u32 av;
1692 int rc;
1693
1694 dsec = dir->i_security;
1695 isec = dentry->d_inode->i_security;
1696
1697 ad.type = LSM_AUDIT_DATA_DENTRY;
1698 ad.u.dentry = dentry;
1699
1700 av = DIR__SEARCH;
1701 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1702 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);
1703 if (rc)
1704 return rc;
1705
1706 switch (kind) {
1707 case MAY_LINK:
1708 av = FILE__LINK;
1709 break;
1710 case MAY_UNLINK:
1711 av = FILE__UNLINK;
1712 break;
1713 case MAY_RMDIR:
1714 av = DIR__RMDIR;
1715 break;
1716 default:
1717 printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
1718 __func__, kind);
1719 return 0;
1720 }
1721
1722 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);
1723 return rc;
1724}
1725
1726static inline int may_rename(struct inode *old_dir,
1727 struct dentry *old_dentry,
1728 struct inode *new_dir,
1729 struct dentry *new_dentry)
1730{
1731 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1732 struct common_audit_data ad;
1733 u32 sid = current_sid();
1734 u32 av;
1735 int old_is_dir, new_is_dir;
1736 int rc;
1737
1738 old_dsec = old_dir->i_security;
1739 old_isec = old_dentry->d_inode->i_security;
1740 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
1741 new_dsec = new_dir->i_security;
1742
1743 ad.type = LSM_AUDIT_DATA_DENTRY;
1744
1745 ad.u.dentry = old_dentry;
1746 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
1747 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1748 if (rc)
1749 return rc;
1750 rc = avc_has_perm(sid, old_isec->sid,
1751 old_isec->sclass, FILE__RENAME, &ad);
1752 if (rc)
1753 return rc;
1754 if (old_is_dir && new_dir != old_dir) {
1755 rc = avc_has_perm(sid, old_isec->sid,
1756 old_isec->sclass, DIR__REPARENT, &ad);
1757 if (rc)
1758 return rc;
1759 }
1760
1761 ad.u.dentry = new_dentry;
1762 av = DIR__ADD_NAME | DIR__SEARCH;
1763 if (new_dentry->d_inode)
1764 av |= DIR__REMOVE_NAME;
1765 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1766 if (rc)
1767 return rc;
1768 if (new_dentry->d_inode) {
1769 new_isec = new_dentry->d_inode->i_security;
1770 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
1771 rc = avc_has_perm(sid, new_isec->sid,
1772 new_isec->sclass,
1773 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1774 if (rc)
1775 return rc;
1776 }
1777
1778 return 0;
1779}
1780
1781
1782static int superblock_has_perm(const struct cred *cred,
1783 struct super_block *sb,
1784 u32 perms,
1785 struct common_audit_data *ad)
1786{
1787 struct superblock_security_struct *sbsec;
1788 u32 sid = cred_sid(cred);
1789
1790 sbsec = sb->s_security;
1791 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
1792}
1793
1794
1795static inline u32 file_mask_to_av(int mode, int mask)
1796{
1797 u32 av = 0;
1798
1799 if (!S_ISDIR(mode)) {
1800 if (mask & MAY_EXEC)
1801 av |= FILE__EXECUTE;
1802 if (mask & MAY_READ)
1803 av |= FILE__READ;
1804
1805 if (mask & MAY_APPEND)
1806 av |= FILE__APPEND;
1807 else if (mask & MAY_WRITE)
1808 av |= FILE__WRITE;
1809
1810 } else {
1811 if (mask & MAY_EXEC)
1812 av |= DIR__SEARCH;
1813 if (mask & MAY_WRITE)
1814 av |= DIR__WRITE;
1815 if (mask & MAY_READ)
1816 av |= DIR__READ;
1817 }
1818
1819 return av;
1820}
1821
1822
1823static inline u32 file_to_av(struct file *file)
1824{
1825 u32 av = 0;
1826
1827 if (file->f_mode & FMODE_READ)
1828 av |= FILE__READ;
1829 if (file->f_mode & FMODE_WRITE) {
1830 if (file->f_flags & O_APPEND)
1831 av |= FILE__APPEND;
1832 else
1833 av |= FILE__WRITE;
1834 }
1835 if (!av) {
1836
1837
1838
1839 av = FILE__IOCTL;
1840 }
1841
1842 return av;
1843}
1844
1845
1846
1847
1848
1849static inline u32 open_file_to_av(struct file *file)
1850{
1851 u32 av = file_to_av(file);
1852
1853 if (selinux_policycap_openperm)
1854 av |= FILE__OPEN;
1855
1856 return av;
1857}
1858
1859
1860
1861static int selinux_ptrace_access_check(struct task_struct *child,
1862 unsigned int mode)
1863{
1864 int rc;
1865
1866 rc = cap_ptrace_access_check(child, mode);
1867 if (rc)
1868 return rc;
1869
1870 if (mode & PTRACE_MODE_READ) {
1871 u32 sid = current_sid();
1872 u32 csid = task_sid(child);
1873 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
1874 }
1875
1876 return current_has_perm(child, PROCESS__PTRACE);
1877}
1878
1879static int selinux_ptrace_traceme(struct task_struct *parent)
1880{
1881 int rc;
1882
1883 rc = cap_ptrace_traceme(parent);
1884 if (rc)
1885 return rc;
1886
1887 return task_has_perm(parent, current, PROCESS__PTRACE);
1888}
1889
1890static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
1891 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1892{
1893 int error;
1894
1895 error = current_has_perm(target, PROCESS__GETCAP);
1896 if (error)
1897 return error;
1898
1899 return cap_capget(target, effective, inheritable, permitted);
1900}
1901
1902static int selinux_capset(struct cred *new, const struct cred *old,
1903 const kernel_cap_t *effective,
1904 const kernel_cap_t *inheritable,
1905 const kernel_cap_t *permitted)
1906{
1907 int error;
1908
1909 error = cap_capset(new, old,
1910 effective, inheritable, permitted);
1911 if (error)
1912 return error;
1913
1914 return cred_has_perm(old, new, PROCESS__SETCAP);
1915}
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
1928 int cap, int audit)
1929{
1930 int rc;
1931
1932 rc = cap_capable(cred, ns, cap, audit);
1933 if (rc)
1934 return rc;
1935
1936 return cred_has_capability(cred, cap, audit);
1937}
1938
1939static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1940{
1941 const struct cred *cred = current_cred();
1942 int rc = 0;
1943
1944 if (!sb)
1945 return 0;
1946
1947 switch (cmds) {
1948 case Q_SYNC:
1949 case Q_QUOTAON:
1950 case Q_QUOTAOFF:
1951 case Q_SETINFO:
1952 case Q_SETQUOTA:
1953 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
1954 break;
1955 case Q_GETFMT:
1956 case Q_GETINFO:
1957 case Q_GETQUOTA:
1958 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
1959 break;
1960 default:
1961 rc = 0;
1962 break;
1963 }
1964 return rc;
1965}
1966
1967static int selinux_quota_on(struct dentry *dentry)
1968{
1969 const struct cred *cred = current_cred();
1970
1971 return dentry_has_perm(cred, dentry, FILE__QUOTAON);
1972}
1973
1974static int selinux_syslog(int type)
1975{
1976 int rc;
1977
1978 switch (type) {
1979 case SYSLOG_ACTION_READ_ALL:
1980 case SYSLOG_ACTION_SIZE_BUFFER:
1981 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
1982 break;
1983 case SYSLOG_ACTION_CONSOLE_OFF:
1984 case SYSLOG_ACTION_CONSOLE_ON:
1985
1986 case SYSLOG_ACTION_CONSOLE_LEVEL:
1987 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
1988 break;
1989 case SYSLOG_ACTION_CLOSE:
1990 case SYSLOG_ACTION_OPEN:
1991 case SYSLOG_ACTION_READ:
1992 case SYSLOG_ACTION_READ_CLEAR:
1993 case SYSLOG_ACTION_CLEAR:
1994 default:
1995 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
1996 break;
1997 }
1998 return rc;
1999}
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
2010{
2011 int rc, cap_sys_admin = 0;
2012
2013 rc = selinux_capable(current_cred(), &init_user_ns, CAP_SYS_ADMIN,
2014 SECURITY_CAP_NOAUDIT);
2015 if (rc == 0)
2016 cap_sys_admin = 1;
2017
2018 return __vm_enough_memory(mm, pages, cap_sys_admin);
2019}
2020
2021
2022
2023static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2024{
2025 const struct task_security_struct *old_tsec;
2026 struct task_security_struct *new_tsec;
2027 struct inode_security_struct *isec;
2028 struct common_audit_data ad;
2029 struct inode *inode = file_inode(bprm->file);
2030 int rc;
2031
2032 rc = cap_bprm_set_creds(bprm);
2033 if (rc)
2034 return rc;
2035
2036
2037
2038 if (bprm->cred_prepared)
2039 return 0;
2040
2041 old_tsec = current_security();
2042 new_tsec = bprm->cred->security;
2043 isec = inode->i_security;
2044
2045
2046 new_tsec->sid = old_tsec->sid;
2047 new_tsec->osid = old_tsec->sid;
2048
2049
2050 new_tsec->create_sid = 0;
2051 new_tsec->keycreate_sid = 0;
2052 new_tsec->sockcreate_sid = 0;
2053
2054 if (old_tsec->exec_sid) {
2055 new_tsec->sid = old_tsec->exec_sid;
2056
2057 new_tsec->exec_sid = 0;
2058
2059
2060
2061
2062
2063 if (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS)
2064 return -EPERM;
2065 } else {
2066
2067 rc = security_transition_sid(old_tsec->sid, isec->sid,
2068 SECCLASS_PROCESS, NULL,
2069 &new_tsec->sid);
2070 if (rc)
2071 return rc;
2072 }
2073
2074 ad.type = LSM_AUDIT_DATA_PATH;
2075 ad.u.path = bprm->file->f_path;
2076
2077 if ((bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) ||
2078 (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS))
2079 new_tsec->sid = old_tsec->sid;
2080
2081 if (new_tsec->sid == old_tsec->sid) {
2082 rc = avc_has_perm(old_tsec->sid, isec->sid,
2083 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2084 if (rc)
2085 return rc;
2086 } else {
2087
2088 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2089 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2090 if (rc)
2091 return rc;
2092
2093 rc = avc_has_perm(new_tsec->sid, isec->sid,
2094 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2095 if (rc)
2096 return rc;
2097
2098
2099 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2100 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2101 SECCLASS_PROCESS, PROCESS__SHARE,
2102 NULL);
2103 if (rc)
2104 return -EPERM;
2105 }
2106
2107
2108
2109 if (bprm->unsafe &
2110 (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
2111 struct task_struct *tracer;
2112 struct task_security_struct *sec;
2113 u32 ptsid = 0;
2114
2115 rcu_read_lock();
2116 tracer = ptrace_parent(current);
2117 if (likely(tracer != NULL)) {
2118 sec = __task_cred(tracer)->security;
2119 ptsid = sec->sid;
2120 }
2121 rcu_read_unlock();
2122
2123 if (ptsid != 0) {
2124 rc = avc_has_perm(ptsid, new_tsec->sid,
2125 SECCLASS_PROCESS,
2126 PROCESS__PTRACE, NULL);
2127 if (rc)
2128 return -EPERM;
2129 }
2130 }
2131
2132
2133 bprm->per_clear |= PER_CLEAR_ON_SETID;
2134 }
2135
2136 return 0;
2137}
2138
2139static int selinux_bprm_secureexec(struct linux_binprm *bprm)
2140{
2141 const struct task_security_struct *tsec = current_security();
2142 u32 sid, osid;
2143 int atsecure = 0;
2144
2145 sid = tsec->sid;
2146 osid = tsec->osid;
2147
2148 if (osid != sid) {
2149
2150
2151
2152 atsecure = avc_has_perm(osid, sid,
2153 SECCLASS_PROCESS,
2154 PROCESS__NOATSECURE, NULL);
2155 }
2156
2157 return (atsecure || cap_bprm_secureexec(bprm));
2158}
2159
2160static int match_file(const void *p, struct file *file, unsigned fd)
2161{
2162 return file_has_perm(p, file, file_to_av(file)) ? fd + 1 : 0;
2163}
2164
2165
2166static inline void flush_unauthorized_files(const struct cred *cred,
2167 struct files_struct *files)
2168{
2169 struct file *file, *devnull = NULL;
2170 struct tty_struct *tty;
2171 int drop_tty = 0;
2172 unsigned n;
2173
2174 tty = get_current_tty();
2175 if (tty) {
2176 spin_lock(&tty_files_lock);
2177 if (!list_empty(&tty->tty_files)) {
2178 struct tty_file_private *file_priv;
2179
2180
2181
2182
2183
2184
2185 file_priv = list_first_entry(&tty->tty_files,
2186 struct tty_file_private, list);
2187 file = file_priv->file;
2188 if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))
2189 drop_tty = 1;
2190 }
2191 spin_unlock(&tty_files_lock);
2192 tty_kref_put(tty);
2193 }
2194
2195 if (drop_tty)
2196 no_tty();
2197
2198
2199 n = iterate_fd(files, 0, match_file, cred);
2200 if (!n)
2201 return;
2202
2203 devnull = dentry_open(&selinux_null, O_RDWR, cred);
2204 if (IS_ERR(devnull))
2205 devnull = NULL;
2206
2207 do {
2208 replace_fd(n - 1, devnull, 0);
2209 } while ((n = iterate_fd(files, n, match_file, cred)) != 0);
2210 if (devnull)
2211 fput(devnull);
2212}
2213
2214
2215
2216
2217static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2218{
2219 struct task_security_struct *new_tsec;
2220 struct rlimit *rlim, *initrlim;
2221 int rc, i;
2222
2223 new_tsec = bprm->cred->security;
2224 if (new_tsec->sid == new_tsec->osid)
2225 return;
2226
2227
2228 flush_unauthorized_files(bprm->cred, current->files);
2229
2230
2231 current->pdeath_signal = 0;
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2244 PROCESS__RLIMITINH, NULL);
2245 if (rc) {
2246
2247 task_lock(current);
2248 for (i = 0; i < RLIM_NLIMITS; i++) {
2249 rlim = current->signal->rlim + i;
2250 initrlim = init_task.signal->rlim + i;
2251 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2252 }
2253 task_unlock(current);
2254 update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
2255 }
2256}
2257
2258
2259
2260
2261
2262static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2263{
2264 const struct task_security_struct *tsec = current_security();
2265 struct itimerval itimer;
2266 u32 osid, sid;
2267 int rc, i;
2268
2269 osid = tsec->osid;
2270 sid = tsec->sid;
2271
2272 if (sid == osid)
2273 return;
2274
2275
2276
2277
2278
2279
2280
2281
2282 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2283 if (rc) {
2284 memset(&itimer, 0, sizeof itimer);
2285 for (i = 0; i < 3; i++)
2286 do_setitimer(i, &itimer, NULL);
2287 spin_lock_irq(¤t->sighand->siglock);
2288 if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) {
2289 __flush_signals(current);
2290 flush_signal_handlers(current, 1);
2291 sigemptyset(¤t->blocked);
2292 }
2293 spin_unlock_irq(¤t->sighand->siglock);
2294 }
2295
2296
2297
2298 read_lock(&tasklist_lock);
2299 __wake_up_parent(current, current->real_parent);
2300 read_unlock(&tasklist_lock);
2301}
2302
2303
2304
2305static int selinux_sb_alloc_security(struct super_block *sb)
2306{
2307 return superblock_alloc_security(sb);
2308}
2309
2310static void selinux_sb_free_security(struct super_block *sb)
2311{
2312 superblock_free_security(sb);
2313}
2314
2315static inline int match_prefix(char *prefix, int plen, char *option, int olen)
2316{
2317 if (plen > olen)
2318 return 0;
2319
2320 return !memcmp(prefix, option, plen);
2321}
2322
2323static inline int selinux_option(char *option, int len)
2324{
2325 return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) ||
2326 match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) ||
2327 match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) ||
2328 match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) ||
2329 match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len));
2330}
2331
2332static inline void take_option(char **to, char *from, int *first, int len)
2333{
2334 if (!*first) {
2335 **to = ',';
2336 *to += 1;
2337 } else
2338 *first = 0;
2339 memcpy(*to, from, len);
2340 *to += len;
2341}
2342
2343static inline void take_selinux_option(char **to, char *from, int *first,
2344 int len)
2345{
2346 int current_size = 0;
2347
2348 if (!*first) {
2349 **to = '|';
2350 *to += 1;
2351 } else
2352 *first = 0;
2353
2354 while (current_size < len) {
2355 if (*from != '"') {
2356 **to = *from;
2357 *to += 1;
2358 }
2359 from += 1;
2360 current_size += 1;
2361 }
2362}
2363
2364static int selinux_sb_copy_data(char *orig, char *copy)
2365{
2366 int fnosec, fsec, rc = 0;
2367 char *in_save, *in_curr, *in_end;
2368 char *sec_curr, *nosec_save, *nosec;
2369 int open_quote = 0;
2370
2371 in_curr = orig;
2372 sec_curr = copy;
2373
2374 nosec = (char *)get_zeroed_page(GFP_KERNEL);
2375 if (!nosec) {
2376 rc = -ENOMEM;
2377 goto out;
2378 }
2379
2380 nosec_save = nosec;
2381 fnosec = fsec = 1;
2382 in_save = in_end = orig;
2383
2384 do {
2385 if (*in_end == '"')
2386 open_quote = !open_quote;
2387 if ((*in_end == ',' && open_quote == 0) ||
2388 *in_end == '\0') {
2389 int len = in_end - in_curr;
2390
2391 if (selinux_option(in_curr, len))
2392 take_selinux_option(&sec_curr, in_curr, &fsec, len);
2393 else
2394 take_option(&nosec, in_curr, &fnosec, len);
2395
2396 in_curr = in_end + 1;
2397 }
2398 } while (*in_end++);
2399
2400 strcpy(in_save, nosec_save);
2401 free_page((unsigned long)nosec_save);
2402out:
2403 return rc;
2404}
2405
2406static int selinux_sb_remount(struct super_block *sb, void *data)
2407{
2408 int rc, i, *flags;
2409 struct security_mnt_opts opts;
2410 char *secdata, **mount_options;
2411 struct superblock_security_struct *sbsec = sb->s_security;
2412
2413 if (!(sbsec->flags & SE_SBINITIALIZED))
2414 return 0;
2415
2416 if (!data)
2417 return 0;
2418
2419 if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
2420 return 0;
2421
2422 security_init_mnt_opts(&opts);
2423 secdata = alloc_secdata();
2424 if (!secdata)
2425 return -ENOMEM;
2426 rc = selinux_sb_copy_data(data, secdata);
2427 if (rc)
2428 goto out_free_secdata;
2429
2430 rc = selinux_parse_opts_str(secdata, &opts);
2431 if (rc)
2432 goto out_free_secdata;
2433
2434 mount_options = opts.mnt_opts;
2435 flags = opts.mnt_opts_flags;
2436
2437 for (i = 0; i < opts.num_mnt_opts; i++) {
2438 u32 sid;
2439 size_t len;
2440
2441 if (flags[i] == SE_SBLABELSUPP)
2442 continue;
2443 len = strlen(mount_options[i]);
2444 rc = security_context_to_sid(mount_options[i], len, &sid);
2445 if (rc) {
2446 printk(KERN_WARNING "SELinux: security_context_to_sid"
2447 "(%s) failed for (dev %s, type %s) errno=%d\n",
2448 mount_options[i], sb->s_id, sb->s_type->name, rc);
2449 goto out_free_opts;
2450 }
2451 rc = -EINVAL;
2452 switch (flags[i]) {
2453 case FSCONTEXT_MNT:
2454 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
2455 goto out_bad_option;
2456 break;
2457 case CONTEXT_MNT:
2458 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
2459 goto out_bad_option;
2460 break;
2461 case ROOTCONTEXT_MNT: {
2462 struct inode_security_struct *root_isec;
2463 root_isec = sb->s_root->d_inode->i_security;
2464
2465 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
2466 goto out_bad_option;
2467 break;
2468 }
2469 case DEFCONTEXT_MNT:
2470 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
2471 goto out_bad_option;
2472 break;
2473 default:
2474 goto out_free_opts;
2475 }
2476 }
2477
2478 rc = 0;
2479out_free_opts:
2480 security_free_mnt_opts(&opts);
2481out_free_secdata:
2482 free_secdata(secdata);
2483 return rc;
2484out_bad_option:
2485 printk(KERN_WARNING "SELinux: unable to change security options "
2486 "during remount (dev %s, type=%s)\n", sb->s_id,
2487 sb->s_type->name);
2488 goto out_free_opts;
2489}
2490
2491static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2492{
2493 const struct cred *cred = current_cred();
2494 struct common_audit_data ad;
2495 int rc;
2496
2497 rc = superblock_doinit(sb, data);
2498 if (rc)
2499 return rc;
2500
2501
2502 if (flags & MS_KERNMOUNT)
2503 return 0;
2504
2505 ad.type = LSM_AUDIT_DATA_DENTRY;
2506 ad.u.dentry = sb->s_root;
2507 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2508}
2509
2510static int selinux_sb_statfs(struct dentry *dentry)
2511{
2512 const struct cred *cred = current_cred();
2513 struct common_audit_data ad;
2514
2515 ad.type = LSM_AUDIT_DATA_DENTRY;
2516 ad.u.dentry = dentry->d_sb->s_root;
2517 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2518}
2519
2520static int selinux_mount(const char *dev_name,
2521 struct path *path,
2522 const char *type,
2523 unsigned long flags,
2524 void *data)
2525{
2526 const struct cred *cred = current_cred();
2527
2528 if (flags & MS_REMOUNT)
2529 return superblock_has_perm(cred, path->dentry->d_sb,
2530 FILESYSTEM__REMOUNT, NULL);
2531 else
2532 return path_has_perm(cred, path, FILE__MOUNTON);
2533}
2534
2535static int selinux_umount(struct vfsmount *mnt, int flags)
2536{
2537 const struct cred *cred = current_cred();
2538
2539 return superblock_has_perm(cred, mnt->mnt_sb,
2540 FILESYSTEM__UNMOUNT, NULL);
2541}
2542
2543
2544
2545static int selinux_inode_alloc_security(struct inode *inode)
2546{
2547 return inode_alloc_security(inode);
2548}
2549
2550static void selinux_inode_free_security(struct inode *inode)
2551{
2552 inode_free_security(inode);
2553}
2554
2555static int selinux_dentry_init_security(struct dentry *dentry, int mode,
2556 struct qstr *name, void **ctx,
2557 u32 *ctxlen)
2558{
2559 const struct cred *cred = current_cred();
2560 struct task_security_struct *tsec;
2561 struct inode_security_struct *dsec;
2562 struct superblock_security_struct *sbsec;
2563 struct inode *dir = dentry->d_parent->d_inode;
2564 u32 newsid;
2565 int rc;
2566
2567 tsec = cred->security;
2568 dsec = dir->i_security;
2569 sbsec = dir->i_sb->s_security;
2570
2571 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
2572 newsid = tsec->create_sid;
2573 } else {
2574 rc = security_transition_sid(tsec->sid, dsec->sid,
2575 inode_mode_to_security_class(mode),
2576 name,
2577 &newsid);
2578 if (rc) {
2579 printk(KERN_WARNING
2580 "%s: security_transition_sid failed, rc=%d\n",
2581 __func__, -rc);
2582 return rc;
2583 }
2584 }
2585
2586 return security_sid_to_context(newsid, (char **)ctx, ctxlen);
2587}
2588
2589static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2590 const struct qstr *qstr, char **name,
2591 void **value, size_t *len)
2592{
2593 const struct task_security_struct *tsec = current_security();
2594 struct inode_security_struct *dsec;
2595 struct superblock_security_struct *sbsec;
2596 u32 sid, newsid, clen;
2597 int rc;
2598 char *namep = NULL, *context;
2599
2600 dsec = dir->i_security;
2601 sbsec = dir->i_sb->s_security;
2602
2603 sid = tsec->sid;
2604 newsid = tsec->create_sid;
2605
2606 if ((sbsec->flags & SE_SBINITIALIZED) &&
2607 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT))
2608 newsid = sbsec->mntpoint_sid;
2609 else if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
2610 rc = security_transition_sid(sid, dsec->sid,
2611 inode_mode_to_security_class(inode->i_mode),
2612 qstr, &newsid);
2613 if (rc) {
2614 printk(KERN_WARNING "%s: "
2615 "security_transition_sid failed, rc=%d (dev=%s "
2616 "ino=%ld)\n",
2617 __func__,
2618 -rc, inode->i_sb->s_id, inode->i_ino);
2619 return rc;
2620 }
2621 }
2622
2623
2624 if (sbsec->flags & SE_SBINITIALIZED) {
2625 struct inode_security_struct *isec = inode->i_security;
2626 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2627 isec->sid = newsid;
2628 isec->initialized = 1;
2629 }
2630
2631 if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP))
2632 return -EOPNOTSUPP;
2633
2634 if (name) {
2635 namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS);
2636 if (!namep)
2637 return -ENOMEM;
2638 *name = namep;
2639 }
2640
2641 if (value && len) {
2642 rc = security_sid_to_context_force(newsid, &context, &clen);
2643 if (rc) {
2644 kfree(namep);
2645 return rc;
2646 }
2647 *value = context;
2648 *len = clen;
2649 }
2650
2651 return 0;
2652}
2653
2654static int selinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
2655{
2656 return may_create(dir, dentry, SECCLASS_FILE);
2657}
2658
2659static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2660{
2661 return may_link(dir, old_dentry, MAY_LINK);
2662}
2663
2664static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2665{
2666 return may_link(dir, dentry, MAY_UNLINK);
2667}
2668
2669static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2670{
2671 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2672}
2673
2674static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask)
2675{
2676 return may_create(dir, dentry, SECCLASS_DIR);
2677}
2678
2679static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2680{
2681 return may_link(dir, dentry, MAY_RMDIR);
2682}
2683
2684static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
2685{
2686 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2687}
2688
2689static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2690 struct inode *new_inode, struct dentry *new_dentry)
2691{
2692 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2693}
2694
2695static int selinux_inode_readlink(struct dentry *dentry)
2696{
2697 const struct cred *cred = current_cred();
2698
2699 return dentry_has_perm(cred, dentry, FILE__READ);
2700}
2701
2702static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
2703{
2704 const struct cred *cred = current_cred();
2705
2706 return dentry_has_perm(cred, dentry, FILE__READ);
2707}
2708
2709static noinline int audit_inode_permission(struct inode *inode,
2710 u32 perms, u32 audited, u32 denied,
2711 unsigned flags)
2712{
2713 struct common_audit_data ad;
2714 struct inode_security_struct *isec = inode->i_security;
2715 int rc;
2716
2717 ad.type = LSM_AUDIT_DATA_INODE;
2718 ad.u.inode = inode;
2719
2720 rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms,
2721 audited, denied, &ad, flags);
2722 if (rc)
2723 return rc;
2724 return 0;
2725}
2726
2727static int selinux_inode_permission(struct inode *inode, int mask)
2728{
2729 const struct cred *cred = current_cred();
2730 u32 perms;
2731 bool from_access;
2732 unsigned flags = mask & MAY_NOT_BLOCK;
2733 struct inode_security_struct *isec;
2734 u32 sid;
2735 struct av_decision avd;
2736 int rc, rc2;
2737 u32 audited, denied;
2738
2739 from_access = mask & MAY_ACCESS;
2740 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
2741
2742
2743 if (!mask)
2744 return 0;
2745
2746 validate_creds(cred);
2747
2748 if (unlikely(IS_PRIVATE(inode)))
2749 return 0;
2750
2751 perms = file_mask_to_av(inode->i_mode, mask);
2752
2753 sid = cred_sid(cred);
2754 isec = inode->i_security;
2755
2756 rc = avc_has_perm_noaudit(sid, isec->sid, isec->sclass, perms, 0, &avd);
2757 audited = avc_audit_required(perms, &avd, rc,
2758 from_access ? FILE__AUDIT_ACCESS : 0,
2759 &denied);
2760 if (likely(!audited))
2761 return rc;
2762
2763 rc2 = audit_inode_permission(inode, perms, audited, denied, flags);
2764 if (rc2)
2765 return rc2;
2766 return rc;
2767}
2768
2769static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2770{
2771 const struct cred *cred = current_cred();
2772 unsigned int ia_valid = iattr->ia_valid;
2773 __u32 av = FILE__WRITE;
2774
2775
2776 if (ia_valid & ATTR_FORCE) {
2777 ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE |
2778 ATTR_FORCE);
2779 if (!ia_valid)
2780 return 0;
2781 }
2782
2783 if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
2784 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
2785 return dentry_has_perm(cred, dentry, FILE__SETATTR);
2786
2787 if (selinux_policycap_openperm && (ia_valid & ATTR_SIZE))
2788 av |= FILE__OPEN;
2789
2790 return dentry_has_perm(cred, dentry, av);
2791}
2792
2793static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
2794{
2795 const struct cred *cred = current_cred();
2796 struct path path;
2797
2798 path.dentry = dentry;
2799 path.mnt = mnt;
2800
2801 return path_has_perm(cred, &path, FILE__GETATTR);
2802}
2803
2804static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
2805{
2806 const struct cred *cred = current_cred();
2807
2808 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2809 sizeof XATTR_SECURITY_PREFIX - 1)) {
2810 if (!strcmp(name, XATTR_NAME_CAPS)) {
2811 if (!capable(CAP_SETFCAP))
2812 return -EPERM;
2813 } else if (!capable(CAP_SYS_ADMIN)) {
2814
2815
2816 return -EPERM;
2817 }
2818 }
2819
2820
2821
2822 return dentry_has_perm(cred, dentry, FILE__SETATTR);
2823}
2824
2825static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2826 const void *value, size_t size, int flags)
2827{
2828 struct inode *inode = dentry->d_inode;
2829 struct inode_security_struct *isec = inode->i_security;
2830 struct superblock_security_struct *sbsec;
2831 struct common_audit_data ad;
2832 u32 newsid, sid = current_sid();
2833 int rc = 0;
2834
2835 if (strcmp(name, XATTR_NAME_SELINUX))
2836 return selinux_inode_setotherxattr(dentry, name);
2837
2838 sbsec = inode->i_sb->s_security;
2839 if (!(sbsec->flags & SE_SBLABELSUPP))
2840 return -EOPNOTSUPP;
2841
2842 if (!inode_owner_or_capable(inode))
2843 return -EPERM;
2844
2845 ad.type = LSM_AUDIT_DATA_DENTRY;
2846 ad.u.dentry = dentry;
2847
2848 rc = avc_has_perm(sid, isec->sid, isec->sclass,
2849 FILE__RELABELFROM, &ad);
2850 if (rc)
2851 return rc;
2852
2853 rc = security_context_to_sid(value, size, &newsid);
2854 if (rc == -EINVAL) {
2855 if (!capable(CAP_MAC_ADMIN)) {
2856 struct audit_buffer *ab;
2857 size_t audit_size;
2858 const char *str;
2859
2860
2861
2862 if (value) {
2863 str = value;
2864 if (str[size - 1] == '\0')
2865 audit_size = size - 1;
2866 else
2867 audit_size = size;
2868 } else {
2869 str = "";
2870 audit_size = 0;
2871 }
2872 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
2873 audit_log_format(ab, "op=setxattr invalid_context=");
2874 audit_log_n_untrustedstring(ab, value, audit_size);
2875 audit_log_end(ab);
2876
2877 return rc;
2878 }
2879 rc = security_context_to_sid_force(value, size, &newsid);
2880 }
2881 if (rc)
2882 return rc;
2883
2884 rc = avc_has_perm(sid, newsid, isec->sclass,
2885 FILE__RELABELTO, &ad);
2886 if (rc)
2887 return rc;
2888
2889 rc = security_validate_transition(isec->sid, newsid, sid,
2890 isec->sclass);
2891 if (rc)
2892 return rc;
2893
2894 return avc_has_perm(newsid,
2895 sbsec->sid,
2896 SECCLASS_FILESYSTEM,
2897 FILESYSTEM__ASSOCIATE,
2898 &ad);
2899}
2900
2901static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
2902 const void *value, size_t size,
2903 int flags)
2904{
2905 struct inode *inode = dentry->d_inode;
2906 struct inode_security_struct *isec = inode->i_security;
2907 u32 newsid;
2908 int rc;
2909
2910 if (strcmp(name, XATTR_NAME_SELINUX)) {
2911
2912 return;
2913 }
2914
2915 rc = security_context_to_sid_force(value, size, &newsid);
2916 if (rc) {
2917 printk(KERN_ERR "SELinux: unable to map context to SID"
2918 "for (%s, %lu), rc=%d\n",
2919 inode->i_sb->s_id, inode->i_ino, -rc);
2920 return;
2921 }
2922
2923 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2924 isec->sid = newsid;
2925 isec->initialized = 1;
2926
2927 return;
2928}
2929
2930static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
2931{
2932 const struct cred *cred = current_cred();
2933
2934 return dentry_has_perm(cred, dentry, FILE__GETATTR);
2935}
2936
2937static int selinux_inode_listxattr(struct dentry *dentry)
2938{
2939 const struct cred *cred = current_cred();
2940
2941 return dentry_has_perm(cred, dentry, FILE__GETATTR);
2942}
2943
2944static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
2945{
2946 if (strcmp(name, XATTR_NAME_SELINUX))
2947 return selinux_inode_setotherxattr(dentry, name);
2948
2949
2950
2951 return -EACCES;
2952}
2953
2954
2955
2956
2957
2958
2959static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
2960{
2961 u32 size;
2962 int error;
2963 char *context = NULL;
2964 struct inode_security_struct *isec = inode->i_security;
2965
2966 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2967 return -EOPNOTSUPP;
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978 error = selinux_capable(current_cred(), &init_user_ns, CAP_MAC_ADMIN,
2979 SECURITY_CAP_NOAUDIT);
2980 if (!error)
2981 error = security_sid_to_context_force(isec->sid, &context,
2982 &size);
2983 else
2984 error = security_sid_to_context(isec->sid, &context, &size);
2985 if (error)
2986 return error;
2987 error = size;
2988 if (alloc) {
2989 *buffer = context;
2990 goto out_nofree;
2991 }
2992 kfree(context);
2993out_nofree:
2994 return error;
2995}
2996
2997static int selinux_inode_setsecurity(struct inode *inode, const char *name,
2998 const void *value, size_t size, int flags)
2999{
3000 struct inode_security_struct *isec = inode->i_security;
3001 u32 newsid;
3002 int rc;
3003
3004 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3005 return -EOPNOTSUPP;
3006
3007 if (!value || !size)
3008 return -EACCES;
3009
3010 rc = security_context_to_sid((void *)value, size, &newsid);
3011 if (rc)
3012 return rc;
3013
3014 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3015 isec->sid = newsid;
3016 isec->initialized = 1;
3017 return 0;
3018}
3019
3020static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
3021{
3022 const int len = sizeof(XATTR_NAME_SELINUX);
3023 if (buffer && len <= buffer_size)
3024 memcpy(buffer, XATTR_NAME_SELINUX, len);
3025 return len;
3026}
3027
3028static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
3029{
3030 struct inode_security_struct *isec = inode->i_security;
3031 *secid = isec->sid;
3032}
3033
3034
3035
3036static int selinux_revalidate_file_permission(struct file *file, int mask)
3037{
3038 const struct cred *cred = current_cred();
3039 struct inode *inode = file_inode(file);
3040
3041
3042 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
3043 mask |= MAY_APPEND;
3044
3045 return file_has_perm(cred, file,
3046 file_mask_to_av(inode->i_mode, mask));
3047}
3048
3049static int selinux_file_permission(struct file *file, int mask)
3050{
3051 struct inode *inode = file_inode(file);
3052 struct file_security_struct *fsec = file->f_security;
3053 struct inode_security_struct *isec = inode->i_security;
3054 u32 sid = current_sid();
3055
3056 if (!mask)
3057
3058 return 0;
3059
3060 if (sid == fsec->sid && fsec->isid == isec->sid &&
3061 fsec->pseqno == avc_policy_seqno())
3062
3063 return 0;
3064
3065 return selinux_revalidate_file_permission(file, mask);
3066}
3067
3068static int selinux_file_alloc_security(struct file *file)
3069{
3070 return file_alloc_security(file);
3071}
3072
3073static void selinux_file_free_security(struct file *file)
3074{
3075 file_free_security(file);
3076}
3077
3078static int selinux_file_ioctl(struct file *file, unsigned int cmd,
3079 unsigned long arg)
3080{
3081 const struct cred *cred = current_cred();
3082 int error = 0;
3083
3084 switch (cmd) {
3085 case FIONREAD:
3086
3087 case FIBMAP:
3088
3089 case FIGETBSZ:
3090
3091 case FS_IOC_GETFLAGS:
3092
3093 case FS_IOC_GETVERSION:
3094 error = file_has_perm(cred, file, FILE__GETATTR);
3095 break;
3096
3097 case FS_IOC_SETFLAGS:
3098
3099 case FS_IOC_SETVERSION:
3100 error = file_has_perm(cred, file, FILE__SETATTR);
3101 break;
3102
3103
3104 case FIONBIO:
3105
3106 case FIOASYNC:
3107 error = file_has_perm(cred, file, 0);
3108 break;
3109
3110 case KDSKBENT:
3111 case KDSKBSENT:
3112 error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG,
3113 SECURITY_CAP_AUDIT);
3114 break;
3115
3116
3117
3118
3119 default:
3120 error = file_has_perm(cred, file, FILE__IOCTL);
3121 }
3122 return error;
3123}
3124
3125static int default_noexec;
3126
3127static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
3128{
3129 const struct cred *cred = current_cred();
3130 int rc = 0;
3131
3132 if (default_noexec &&
3133 (prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
3134
3135
3136
3137
3138
3139 rc = cred_has_perm(cred, cred, PROCESS__EXECMEM);
3140 if (rc)
3141 goto error;
3142 }
3143
3144 if (file) {
3145
3146 u32 av = FILE__READ;
3147
3148
3149 if (shared && (prot & PROT_WRITE))
3150 av |= FILE__WRITE;
3151
3152 if (prot & PROT_EXEC)
3153 av |= FILE__EXECUTE;
3154
3155 return file_has_perm(cred, file, av);
3156 }
3157
3158error:
3159 return rc;
3160}
3161
3162static int selinux_mmap_addr(unsigned long addr)
3163{
3164 int rc = 0;
3165 u32 sid = current_sid();
3166
3167
3168
3169
3170
3171
3172
3173 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
3174 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
3175 MEMPROTECT__MMAP_ZERO, NULL);
3176 if (rc)
3177 return rc;
3178 }
3179
3180
3181 return cap_mmap_addr(addr);
3182}
3183
3184static int selinux_mmap_file(struct file *file, unsigned long reqprot,
3185 unsigned long prot, unsigned long flags)
3186{
3187 if (selinux_checkreqprot)
3188 prot = reqprot;
3189
3190 return file_map_prot_check(file, prot,
3191 (flags & MAP_TYPE) == MAP_SHARED);
3192}
3193
3194static int selinux_file_mprotect(struct vm_area_struct *vma,
3195 unsigned long reqprot,
3196 unsigned long prot)
3197{
3198 const struct cred *cred = current_cred();
3199
3200 if (selinux_checkreqprot)
3201 prot = reqprot;
3202
3203 if (default_noexec &&
3204 (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3205 int rc = 0;
3206 if (vma->vm_start >= vma->vm_mm->start_brk &&
3207 vma->vm_end <= vma->vm_mm->brk) {
3208 rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP);
3209 } else if (!vma->vm_file &&
3210 vma->vm_start <= vma->vm_mm->start_stack &&
3211 vma->vm_end >= vma->vm_mm->start_stack) {
3212 rc = current_has_perm(current, PROCESS__EXECSTACK);
3213 } else if (vma->vm_file && vma->anon_vma) {
3214
3215
3216
3217
3218
3219
3220
3221 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3222 }
3223 if (rc)
3224 return rc;
3225 }
3226
3227 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3228}
3229
3230static int selinux_file_lock(struct file *file, unsigned int cmd)
3231{
3232 const struct cred *cred = current_cred();
3233
3234 return file_has_perm(cred, file, FILE__LOCK);
3235}
3236
3237static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3238 unsigned long arg)
3239{
3240 const struct cred *cred = current_cred();
3241 int err = 0;
3242
3243 switch (cmd) {
3244 case F_SETFL:
3245 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3246 err = file_has_perm(cred, file, FILE__WRITE);
3247 break;
3248 }
3249
3250 case F_SETOWN:
3251 case F_SETSIG:
3252 case F_GETFL:
3253 case F_GETOWN:
3254 case F_GETSIG:
3255 case F_GETOWNER_UIDS:
3256
3257 err = file_has_perm(cred, file, 0);
3258 break;
3259 case F_GETLK:
3260 case F_SETLK:
3261 case F_SETLKW:
3262#if BITS_PER_LONG == 32
3263 case F_GETLK64:
3264 case F_SETLK64:
3265 case F_SETLKW64:
3266#endif
3267 err = file_has_perm(cred, file, FILE__LOCK);
3268 break;
3269 }
3270
3271 return err;
3272}
3273
3274static int selinux_file_set_fowner(struct file *file)
3275{
3276 struct file_security_struct *fsec;
3277
3278 fsec = file->f_security;
3279 fsec->fown_sid = current_sid();
3280
3281 return 0;
3282}
3283
3284static int selinux_file_send_sigiotask(struct task_struct *tsk,
3285 struct fown_struct *fown, int signum)
3286{
3287 struct file *file;
3288 u32 sid = task_sid(tsk);
3289 u32 perm;
3290 struct file_security_struct *fsec;
3291
3292
3293 file = container_of(fown, struct file, f_owner);
3294
3295 fsec = file->f_security;
3296
3297 if (!signum)
3298 perm = signal_to_av(SIGIO);
3299 else
3300 perm = signal_to_av(signum);
3301
3302 return avc_has_perm(fsec->fown_sid, sid,
3303 SECCLASS_PROCESS, perm, NULL);
3304}
3305
3306static int selinux_file_receive(struct file *file)
3307{
3308 const struct cred *cred = current_cred();
3309
3310 return file_has_perm(cred, file, file_to_av(file));
3311}
3312
3313static int selinux_file_open(struct file *file, const struct cred *cred)
3314{
3315 struct file_security_struct *fsec;
3316 struct inode_security_struct *isec;
3317
3318 fsec = file->f_security;
3319 isec = file_inode(file)->i_security;
3320
3321
3322
3323
3324
3325
3326
3327 fsec->isid = isec->sid;
3328 fsec->pseqno = avc_policy_seqno();
3329
3330
3331
3332
3333
3334
3335
3336
3337 return file_path_has_perm(cred, file, open_file_to_av(file));
3338}
3339
3340
3341
3342static int selinux_task_create(unsigned long clone_flags)
3343{
3344 return current_has_perm(current, PROCESS__FORK);
3345}
3346
3347
3348
3349
3350static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp)
3351{
3352 struct task_security_struct *tsec;
3353
3354 tsec = kzalloc(sizeof(struct task_security_struct), gfp);
3355 if (!tsec)
3356 return -ENOMEM;
3357
3358 cred->security = tsec;
3359 return 0;
3360}
3361
3362
3363
3364
3365static void selinux_cred_free(struct cred *cred)
3366{
3367 struct task_security_struct *tsec = cred->security;
3368
3369
3370
3371
3372
3373 BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE);
3374 cred->security = (void *) 0x7UL;
3375 kfree(tsec);
3376}
3377
3378
3379
3380
3381static int selinux_cred_prepare(struct cred *new, const struct cred *old,
3382 gfp_t gfp)
3383{
3384 const struct task_security_struct *old_tsec;
3385 struct task_security_struct *tsec;
3386
3387 old_tsec = old->security;
3388
3389 tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp);
3390 if (!tsec)
3391 return -ENOMEM;
3392
3393 new->security = tsec;
3394 return 0;
3395}
3396
3397
3398
3399
3400static void selinux_cred_transfer(struct cred *new, const struct cred *old)
3401{
3402 const struct task_security_struct *old_tsec = old->security;
3403 struct task_security_struct *tsec = new->security;
3404
3405 *tsec = *old_tsec;
3406}
3407
3408
3409
3410
3411
3412static int selinux_kernel_act_as(struct cred *new, u32 secid)
3413{
3414 struct task_security_struct *tsec = new->security;
3415 u32 sid = current_sid();
3416 int ret;
3417
3418 ret = avc_has_perm(sid, secid,
3419 SECCLASS_KERNEL_SERVICE,
3420 KERNEL_SERVICE__USE_AS_OVERRIDE,
3421 NULL);
3422 if (ret == 0) {
3423 tsec->sid = secid;
3424 tsec->create_sid = 0;
3425 tsec->keycreate_sid = 0;
3426 tsec->sockcreate_sid = 0;
3427 }
3428 return ret;
3429}
3430
3431
3432
3433
3434
3435static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3436{
3437 struct inode_security_struct *isec = inode->i_security;
3438 struct task_security_struct *tsec = new->security;
3439 u32 sid = current_sid();
3440 int ret;
3441
3442 ret = avc_has_perm(sid, isec->sid,
3443 SECCLASS_KERNEL_SERVICE,
3444 KERNEL_SERVICE__CREATE_FILES_AS,
3445 NULL);
3446
3447 if (ret == 0)
3448 tsec->create_sid = isec->sid;
3449 return ret;
3450}
3451
3452static int selinux_kernel_module_request(char *kmod_name)
3453{
3454 u32 sid;
3455 struct common_audit_data ad;
3456
3457 sid = task_sid(current);
3458
3459 ad.type = LSM_AUDIT_DATA_KMOD;
3460 ad.u.kmod_name = kmod_name;
3461
3462 return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM,
3463 SYSTEM__MODULE_REQUEST, &ad);
3464}
3465
3466static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
3467{
3468 return current_has_perm(p, PROCESS__SETPGID);
3469}
3470
3471static int selinux_task_getpgid(struct task_struct *p)
3472{
3473 return current_has_perm(p, PROCESS__GETPGID);
3474}
3475
3476static int selinux_task_getsid(struct task_struct *p)
3477{
3478 return current_has_perm(p, PROCESS__GETSESSION);
3479}
3480
3481static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
3482{
3483 *secid = task_sid(p);
3484}
3485
3486static int selinux_task_setnice(struct task_struct *p, int nice)
3487{
3488 int rc;
3489
3490 rc = cap_task_setnice(p, nice);
3491 if (rc)
3492 return rc;
3493
3494 return current_has_perm(p, PROCESS__SETSCHED);
3495}
3496
3497static int selinux_task_setioprio(struct task_struct *p, int ioprio)
3498{
3499 int rc;
3500
3501 rc = cap_task_setioprio(p, ioprio);
3502 if (rc)
3503 return rc;
3504
3505 return current_has_perm(p, PROCESS__SETSCHED);
3506}
3507
3508static int selinux_task_getioprio(struct task_struct *p)
3509{
3510 return current_has_perm(p, PROCESS__GETSCHED);
3511}
3512
3513static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
3514 struct rlimit *new_rlim)
3515{
3516 struct rlimit *old_rlim = p->signal->rlim + resource;
3517
3518
3519
3520
3521
3522 if (old_rlim->rlim_max != new_rlim->rlim_max)
3523 return current_has_perm(p, PROCESS__SETRLIMIT);
3524
3525 return 0;
3526}
3527
3528static int selinux_task_setscheduler(struct task_struct *p)
3529{
3530 int rc;
3531
3532 rc = cap_task_setscheduler(p);
3533 if (rc)
3534 return rc;
3535
3536 return current_has_perm(p, PROCESS__SETSCHED);
3537}
3538
3539static int selinux_task_getscheduler(struct task_struct *p)
3540{
3541 return current_has_perm(p, PROCESS__GETSCHED);
3542}
3543
3544static int selinux_task_movememory(struct task_struct *p)
3545{
3546 return current_has_perm(p, PROCESS__SETSCHED);
3547}
3548
3549static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
3550 int sig, u32 secid)
3551{
3552 u32 perm;
3553 int rc;
3554
3555 if (!sig)
3556 perm = PROCESS__SIGNULL;
3557 else
3558 perm = signal_to_av(sig);
3559 if (secid)
3560 rc = avc_has_perm(secid, task_sid(p),
3561 SECCLASS_PROCESS, perm, NULL);
3562 else
3563 rc = current_has_perm(p, perm);
3564 return rc;
3565}
3566
3567static int selinux_task_wait(struct task_struct *p)
3568{
3569 return task_has_perm(p, current, PROCESS__SIGCHLD);
3570}
3571
3572static void selinux_task_to_inode(struct task_struct *p,
3573 struct inode *inode)
3574{
3575 struct inode_security_struct *isec = inode->i_security;
3576 u32 sid = task_sid(p);
3577
3578 isec->sid = sid;
3579 isec->initialized = 1;
3580}
3581
3582
3583static int selinux_parse_skb_ipv4(struct sk_buff *skb,
3584 struct common_audit_data *ad, u8 *proto)
3585{
3586 int offset, ihlen, ret = -EINVAL;
3587 struct iphdr _iph, *ih;
3588
3589 offset = skb_network_offset(skb);
3590 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
3591 if (ih == NULL)
3592 goto out;
3593
3594 ihlen = ih->ihl * 4;
3595 if (ihlen < sizeof(_iph))
3596 goto out;
3597
3598 ad->u.net->v4info.saddr = ih->saddr;
3599 ad->u.net->v4info.daddr = ih->daddr;
3600 ret = 0;
3601
3602 if (proto)
3603 *proto = ih->protocol;
3604
3605 switch (ih->protocol) {
3606 case IPPROTO_TCP: {
3607 struct tcphdr _tcph, *th;
3608
3609 if (ntohs(ih->frag_off) & IP_OFFSET)
3610 break;
3611
3612 offset += ihlen;
3613 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3614 if (th == NULL)
3615 break;
3616
3617 ad->u.net->sport = th->source;
3618 ad->u.net->dport = th->dest;
3619 break;
3620 }
3621
3622 case IPPROTO_UDP: {
3623 struct udphdr _udph, *uh;
3624
3625 if (ntohs(ih->frag_off) & IP_OFFSET)
3626 break;
3627
3628 offset += ihlen;
3629 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3630 if (uh == NULL)
3631 break;
3632
3633 ad->u.net->sport = uh->source;
3634 ad->u.net->dport = uh->dest;
3635 break;
3636 }
3637
3638 case IPPROTO_DCCP: {
3639 struct dccp_hdr _dccph, *dh;
3640
3641 if (ntohs(ih->frag_off) & IP_OFFSET)
3642 break;
3643
3644 offset += ihlen;
3645 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3646 if (dh == NULL)
3647 break;
3648
3649 ad->u.net->sport = dh->dccph_sport;
3650 ad->u.net->dport = dh->dccph_dport;
3651 break;
3652 }
3653
3654 default:
3655 break;
3656 }
3657out:
3658 return ret;
3659}
3660
3661#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3662
3663
3664static int selinux_parse_skb_ipv6(struct sk_buff *skb,
3665 struct common_audit_data *ad, u8 *proto)
3666{
3667 u8 nexthdr;
3668 int ret = -EINVAL, offset;
3669 struct ipv6hdr _ipv6h, *ip6;
3670 __be16 frag_off;
3671
3672 offset = skb_network_offset(skb);
3673 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3674 if (ip6 == NULL)
3675 goto out;
3676
3677 ad->u.net->v6info.saddr = ip6->saddr;
3678 ad->u.net->v6info.daddr = ip6->daddr;
3679 ret = 0;
3680
3681 nexthdr = ip6->nexthdr;
3682 offset += sizeof(_ipv6h);
3683 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3684 if (offset < 0)
3685 goto out;
3686
3687 if (proto)
3688 *proto = nexthdr;
3689
3690 switch (nexthdr) {
3691 case IPPROTO_TCP: {
3692 struct tcphdr _tcph, *th;
3693
3694 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3695 if (th == NULL)
3696 break;
3697
3698 ad->u.net->sport = th->source;
3699 ad->u.net->dport = th->dest;
3700 break;
3701 }
3702
3703 case IPPROTO_UDP: {
3704 struct udphdr _udph, *uh;
3705
3706 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3707 if (uh == NULL)
3708 break;
3709
3710 ad->u.net->sport = uh->source;
3711 ad->u.net->dport = uh->dest;
3712 break;
3713 }
3714
3715 case IPPROTO_DCCP: {
3716 struct dccp_hdr _dccph, *dh;
3717
3718 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3719 if (dh == NULL)
3720 break;
3721
3722 ad->u.net->sport = dh->dccph_sport;
3723 ad->u.net->dport = dh->dccph_dport;
3724 break;
3725 }
3726
3727
3728 default:
3729 break;
3730 }
3731out:
3732 return ret;
3733}
3734
3735#endif
3736
3737static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
3738 char **_addrp, int src, u8 *proto)
3739{
3740 char *addrp;
3741 int ret;
3742
3743 switch (ad->u.net->family) {
3744 case PF_INET:
3745 ret = selinux_parse_skb_ipv4(skb, ad, proto);
3746 if (ret)
3747 goto parse_error;
3748 addrp = (char *)(src ? &ad->u.net->v4info.saddr :
3749 &ad->u.net->v4info.daddr);
3750 goto okay;
3751
3752#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3753 case PF_INET6:
3754 ret = selinux_parse_skb_ipv6(skb, ad, proto);
3755 if (ret)
3756 goto parse_error;
3757 addrp = (char *)(src ? &ad->u.net->v6info.saddr :
3758 &ad->u.net->v6info.daddr);
3759 goto okay;
3760#endif
3761 default:
3762 addrp = NULL;
3763 goto okay;
3764 }
3765
3766parse_error:
3767 printk(KERN_WARNING
3768 "SELinux: failure in selinux_parse_skb(),"
3769 " unable to parse packet\n");
3770 return ret;
3771
3772okay:
3773 if (_addrp)
3774 *_addrp = addrp;
3775 return 0;
3776}
3777
3778
3779
3780
3781
3782
3783
3784
3785
3786
3787
3788
3789
3790
3791
3792
3793static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
3794{
3795 int err;
3796 u32 xfrm_sid;
3797 u32 nlbl_sid;
3798 u32 nlbl_type;
3799
3800 selinux_skb_xfrm_sid(skb, &xfrm_sid);
3801 selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
3802
3803 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
3804 if (unlikely(err)) {
3805 printk(KERN_WARNING
3806 "SELinux: failure in selinux_skb_peerlbl_sid(),"
3807 " unable to determine packet's peer label\n");
3808 return -EACCES;
3809 }
3810
3811 return 0;
3812}
3813
3814
3815
3816static int socket_sockcreate_sid(const struct task_security_struct *tsec,
3817 u16 secclass, u32 *socksid)
3818{
3819 if (tsec->sockcreate_sid > SECSID_NULL) {
3820 *socksid = tsec->sockcreate_sid;
3821 return 0;
3822 }
3823
3824 return security_transition_sid(tsec->sid, tsec->sid, secclass, NULL,
3825 socksid);
3826}
3827
3828static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms)
3829{
3830 struct sk_security_struct *sksec = sk->sk_security;
3831 struct common_audit_data ad;
3832 struct lsm_network_audit net = {0,};
3833 u32 tsid = task_sid(task);
3834
3835 if (sksec->sid == SECINITSID_KERNEL)
3836 return 0;
3837
3838 ad.type = LSM_AUDIT_DATA_NET;
3839 ad.u.net = &net;
3840 ad.u.net->sk = sk;
3841
3842 return avc_has_perm(tsid, sksec->sid, sksec->sclass, perms, &ad);
3843}
3844
3845static int selinux_socket_create(int family, int type,
3846 int protocol, int kern)
3847{
3848 const struct task_security_struct *tsec = current_security();
3849 u32 newsid;
3850 u16 secclass;
3851 int rc;
3852
3853 if (kern)
3854 return 0;
3855
3856 secclass = socket_type_to_security_class(family, type, protocol);
3857 rc = socket_sockcreate_sid(tsec, secclass, &newsid);
3858 if (rc)
3859 return rc;
3860
3861 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
3862}
3863
3864static int selinux_socket_post_create(struct socket *sock, int family,
3865 int type, int protocol, int kern)
3866{
3867 const struct task_security_struct *tsec = current_security();
3868 struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;
3869 struct sk_security_struct *sksec;
3870 int err = 0;
3871
3872 isec->sclass = socket_type_to_security_class(family, type, protocol);
3873
3874 if (kern)
3875 isec->sid = SECINITSID_KERNEL;
3876 else {
3877 err = socket_sockcreate_sid(tsec, isec->sclass, &(isec->sid));
3878 if (err)
3879 return err;
3880 }
3881
3882 isec->initialized = 1;
3883
3884 if (sock->sk) {
3885 sksec = sock->sk->sk_security;
3886 sksec->sid = isec->sid;
3887 sksec->sclass = isec->sclass;
3888 err = selinux_netlbl_socket_post_create(sock->sk, family);
3889 }
3890
3891 return err;
3892}
3893
3894
3895
3896
3897
3898static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
3899{
3900 struct sock *sk = sock->sk;
3901 u16 family;
3902 int err;
3903
3904 err = sock_has_perm(current, sk, SOCKET__BIND);
3905 if (err)
3906 goto out;
3907
3908
3909
3910
3911
3912
3913 family = sk->sk_family;
3914 if (family == PF_INET || family == PF_INET6) {
3915 char *addrp;
3916 struct sk_security_struct *sksec = sk->sk_security;
3917 struct common_audit_data ad;
3918 struct lsm_network_audit net = {0,};
3919 struct sockaddr_in *addr4 = NULL;
3920 struct sockaddr_in6 *addr6 = NULL;
3921 unsigned short snum;
3922 u32 sid, node_perm;
3923
3924 if (family == PF_INET) {
3925 addr4 = (struct sockaddr_in *)address;
3926 snum = ntohs(addr4->sin_port);
3927 addrp = (char *)&addr4->sin_addr.s_addr;
3928 } else {
3929 addr6 = (struct sockaddr_in6 *)address;
3930 snum = ntohs(addr6->sin6_port);
3931 addrp = (char *)&addr6->sin6_addr.s6_addr;
3932 }
3933
3934 if (snum) {
3935 int low, high;
3936
3937 inet_get_local_port_range(&low, &high);
3938
3939 if (snum < max(PROT_SOCK, low) || snum > high) {
3940 err = sel_netport_sid(sk->sk_protocol,
3941 snum, &sid);
3942 if (err)
3943 goto out;
3944 ad.type = LSM_AUDIT_DATA_NET;
3945 ad.u.net = &net;
3946 ad.u.net->sport = htons(snum);
3947 ad.u.net->family = family;
3948 err = avc_has_perm(sksec->sid, sid,
3949 sksec->sclass,
3950 SOCKET__NAME_BIND, &ad);
3951 if (err)
3952 goto out;
3953 }
3954 }
3955
3956 switch (sksec->sclass) {
3957 case SECCLASS_TCP_SOCKET:
3958 node_perm = TCP_SOCKET__NODE_BIND;
3959 break;
3960
3961 case SECCLASS_UDP_SOCKET:
3962 node_perm = UDP_SOCKET__NODE_BIND;
3963 break;
3964
3965 case SECCLASS_DCCP_SOCKET:
3966 node_perm = DCCP_SOCKET__NODE_BIND;
3967 break;
3968
3969 default:
3970 node_perm = RAWIP_SOCKET__NODE_BIND;
3971 break;
3972 }
3973
3974 err = sel_netnode_sid(addrp, family, &sid);
3975 if (err)
3976 goto out;
3977
3978 ad.type = LSM_AUDIT_DATA_NET;
3979 ad.u.net = &net;
3980 ad.u.net->sport = htons(snum);
3981 ad.u.net->family = family;
3982
3983 if (family == PF_INET)
3984 ad.u.net->v4info.saddr = addr4->sin_addr.s_addr;
3985 else
3986 ad.u.net->v6info.saddr = addr6->sin6_addr;
3987
3988 err = avc_has_perm(sksec->sid, sid,
3989 sksec->sclass, node_perm, &ad);
3990 if (err)
3991 goto out;
3992 }
3993out:
3994 return err;
3995}
3996
3997static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
3998{
3999 struct sock *sk = sock->sk;
4000 struct sk_security_struct *sksec = sk->sk_security;
4001 int err;
4002
4003 err = sock_has_perm(current, sk, SOCKET__CONNECT);
4004 if (err)
4005 return err;
4006
4007
4008
4009
4010 if (sksec->sclass == SECCLASS_TCP_SOCKET ||
4011 sksec->sclass == SECCLASS_DCCP_SOCKET) {
4012 struct common_audit_data ad;
4013 struct lsm_network_audit net = {0,};
4014 struct sockaddr_in *addr4 = NULL;
4015 struct sockaddr_in6 *addr6 = NULL;
4016 unsigned short snum;
4017 u32 sid, perm;
4018
4019 if (sk->sk_family == PF_INET) {
4020 addr4 = (struct sockaddr_in *)address;
4021 if (addrlen < sizeof(struct sockaddr_in))
4022 return -EINVAL;
4023 snum = ntohs(addr4->sin_port);
4024 } else {
4025 addr6 = (struct sockaddr_in6 *)address;
4026 if (addrlen < SIN6_LEN_RFC2133)
4027 return -EINVAL;
4028 snum = ntohs(addr6->sin6_port);
4029 }
4030
4031 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
4032 if (err)
4033 goto out;
4034
4035 perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ?
4036 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
4037
4038 ad.type = LSM_AUDIT_DATA_NET;
4039 ad.u.net = &net;
4040 ad.u.net->dport = htons(snum);
4041 ad.u.net->family = sk->sk_family;
4042 err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad);
4043 if (err)
4044 goto out;
4045 }
4046
4047 err = selinux_netlbl_socket_connect(sk, address);
4048
4049out:
4050 return err;
4051}
4052
4053static int selinux_socket_listen(struct socket *sock, int backlog)
4054{
4055 return sock_has_perm(current, sock->sk, SOCKET__LISTEN);
4056}
4057
4058static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
4059{
4060 int err;
4061 struct inode_security_struct *isec;
4062 struct inode_security_struct *newisec;
4063
4064 err = sock_has_perm(current, sock->sk, SOCKET__ACCEPT);
4065 if (err)
4066 return err;
4067
4068 newisec = SOCK_INODE(newsock)->i_security;
4069
4070 isec = SOCK_INODE(sock)->i_security;
4071 newisec->sclass = isec->sclass;
4072 newisec->sid = isec->sid;
4073 newisec->initialized = 1;
4074
4075 return 0;
4076}
4077
4078static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
4079 int size)
4080{
4081 return sock_has_perm(current, sock->sk, SOCKET__WRITE);
4082}
4083
4084static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
4085 int size, int flags)
4086{
4087 return sock_has_perm(current, sock->sk, SOCKET__READ);
4088}
4089
4090static int selinux_socket_getsockname(struct socket *sock)
4091{
4092 return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
4093}
4094
4095static int selinux_socket_getpeername(struct socket *sock)
4096{
4097 return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
4098}
4099
4100static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
4101{
4102 int err;
4103
4104 err = sock_has_perm(current, sock->sk, SOCKET__SETOPT);
4105 if (err)
4106 return err;
4107
4108 return selinux_netlbl_socket_setsockopt(sock, level, optname);
4109}
4110
4111static int selinux_socket_getsockopt(struct socket *sock, int level,
4112 int optname)
4113{
4114 return sock_has_perm(current, sock->sk, SOCKET__GETOPT);
4115}
4116
4117static int selinux_socket_shutdown(struct socket *sock, int how)
4118{
4119 return sock_has_perm(current, sock->sk, SOCKET__SHUTDOWN);
4120}
4121
4122static int selinux_socket_unix_stream_connect(struct sock *sock,
4123 struct sock *other,
4124 struct sock *newsk)
4125{
4126 struct sk_security_struct *sksec_sock = sock->sk_security;
4127 struct sk_security_struct *sksec_other = other->sk_security;
4128 struct sk_security_struct *sksec_new = newsk->sk_security;
4129 struct common_audit_data ad;
4130 struct lsm_network_audit net = {0,};
4131 int err;
4132
4133 ad.type = LSM_AUDIT_DATA_NET;
4134 ad.u.net = &net;
4135 ad.u.net->sk = other;
4136
4137 err = avc_has_perm(sksec_sock->sid, sksec_other->sid,
4138 sksec_other->sclass,
4139 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
4140 if (err)
4141 return err;
4142
4143
4144 sksec_new->peer_sid = sksec_sock->sid;
4145 err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid,
4146 &sksec_new->sid);
4147 if (err)
4148 return err;
4149
4150
4151 sksec_sock->peer_sid = sksec_new->sid;
4152
4153 return 0;
4154}
4155
4156static int selinux_socket_unix_may_send(struct socket *sock,
4157 struct socket *other)
4158{
4159 struct sk_security_struct *ssec = sock->sk->sk_security;
4160 struct sk_security_struct *osec = other->sk->sk_security;
4161 struct common_audit_data ad;
4162 struct lsm_network_audit net = {0,};
4163
4164 ad.type = LSM_AUDIT_DATA_NET;
4165 ad.u.net = &net;
4166 ad.u.net->sk = other->sk;
4167
4168 return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
4169 &ad);
4170}
4171
4172static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family,
4173 u32 peer_sid,
4174 struct common_audit_data *ad)
4175{
4176 int err;
4177 u32 if_sid;
4178 u32 node_sid;
4179
4180 err = sel_netif_sid(ifindex, &if_sid);
4181 if (err)
4182 return err;
4183 err = avc_has_perm(peer_sid, if_sid,
4184 SECCLASS_NETIF, NETIF__INGRESS, ad);
4185 if (err)
4186 return err;
4187
4188 err = sel_netnode_sid(addrp, family, &node_sid);
4189 if (err)
4190 return err;
4191 return avc_has_perm(peer_sid, node_sid,
4192 SECCLASS_NODE, NODE__RECVFROM, ad);
4193}
4194
4195static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4196 u16 family)
4197{
4198 int err = 0;
4199 struct sk_security_struct *sksec = sk->sk_security;
4200 u32 sk_sid = sksec->sid;
4201 struct common_audit_data ad;
4202 struct lsm_network_audit net = {0,};
4203 char *addrp;
4204
4205 ad.type = LSM_AUDIT_DATA_NET;
4206 ad.u.net = &net;
4207 ad.u.net->netif = skb->skb_iif;
4208 ad.u.net->family = family;
4209 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4210 if (err)
4211 return err;
4212
4213 if (selinux_secmark_enabled()) {
4214 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4215 PACKET__RECV, &ad);
4216 if (err)
4217 return err;
4218 }
4219
4220 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
4221 if (err)
4222 return err;
4223 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
4224
4225 return err;
4226}
4227
4228static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4229{
4230 int err;
4231 struct sk_security_struct *sksec = sk->sk_security;
4232 u16 family = sk->sk_family;
4233 u32 sk_sid = sksec->sid;
4234 struct common_audit_data ad;
4235 struct lsm_network_audit net = {0,};
4236 char *addrp;
4237 u8 secmark_active;
4238 u8 peerlbl_active;
4239
4240 if (family != PF_INET && family != PF_INET6)
4241 return 0;
4242
4243
4244 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4245 family = PF_INET;
4246
4247
4248
4249
4250
4251 if (!selinux_policycap_netpeer)
4252 return selinux_sock_rcv_skb_compat(sk, skb, family);
4253
4254 secmark_active = selinux_secmark_enabled();
4255 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4256 if (!secmark_active && !peerlbl_active)
4257 return 0;
4258
4259 ad.type = LSM_AUDIT_DATA_NET;
4260 ad.u.net = &net;
4261 ad.u.net->netif = skb->skb_iif;
4262 ad.u.net->family = family;
4263 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4264 if (err)
4265 return err;
4266
4267 if (peerlbl_active) {
4268 u32 peer_sid;
4269
4270 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4271 if (err)
4272 return err;
4273 err = selinux_inet_sys_rcv_skb(skb->skb_iif, addrp, family,
4274 peer_sid, &ad);
4275 if (err) {
4276 selinux_netlbl_err(skb, err, 0);
4277 return err;
4278 }
4279 err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
4280 PEER__RECV, &ad);
4281 if (err)
4282 selinux_netlbl_err(skb, err, 0);
4283 }
4284
4285 if (secmark_active) {
4286 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4287 PACKET__RECV, &ad);
4288 if (err)
4289 return err;
4290 }
4291
4292 return err;
4293}
4294
4295static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
4296 int __user *optlen, unsigned len)
4297{
4298 int err = 0;
4299 char *scontext;
4300 u32 scontext_len;
4301 struct sk_security_struct *sksec = sock->sk->sk_security;
4302 u32 peer_sid = SECSID_NULL;
4303
4304 if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
4305 sksec->sclass == SECCLASS_TCP_SOCKET)
4306 peer_sid = sksec->peer_sid;
4307 if (peer_sid == SECSID_NULL)
4308 return -ENOPROTOOPT;
4309
4310 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
4311 if (err)
4312 return err;
4313
4314 if (scontext_len > len) {
4315 err = -ERANGE;
4316 goto out_len;
4317 }
4318
4319 if (copy_to_user(optval, scontext, scontext_len))
4320 err = -EFAULT;
4321
4322out_len:
4323 if (put_user(scontext_len, optlen))
4324 err = -EFAULT;
4325 kfree(scontext);
4326 return err;
4327}
4328
4329static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
4330{
4331 u32 peer_secid = SECSID_NULL;
4332 u16 family;
4333
4334 if (skb && skb->protocol == htons(ETH_P_IP))
4335 family = PF_INET;
4336 else if (skb && skb->protocol == htons(ETH_P_IPV6))
4337 family = PF_INET6;
4338 else if (sock)
4339 family = sock->sk->sk_family;
4340 else
4341 goto out;
4342
4343 if (sock && family == PF_UNIX)
4344 selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
4345 else if (skb)
4346 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
4347
4348out:
4349 *secid = peer_secid;
4350 if (peer_secid == SECSID_NULL)
4351 return -EINVAL;
4352 return 0;
4353}
4354
4355static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
4356{
4357 struct sk_security_struct *sksec;
4358
4359 sksec = kzalloc(sizeof(*sksec), priority);
4360 if (!sksec)
4361 return -ENOMEM;
4362
4363 sksec->peer_sid = SECINITSID_UNLABELED;
4364 sksec->sid = SECINITSID_UNLABELED;
4365 selinux_netlbl_sk_security_reset(sksec);
4366 sk->sk_security = sksec;
4367
4368 return 0;
4369}
4370
4371static void selinux_sk_free_security(struct sock *sk)
4372{
4373 struct sk_security_struct *sksec = sk->sk_security;
4374
4375 sk->sk_security = NULL;
4376 selinux_netlbl_sk_security_free(sksec);
4377 kfree(sksec);
4378}
4379
4380static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
4381{
4382 struct sk_security_struct *sksec = sk->sk_security;
4383 struct sk_security_struct *newsksec = newsk->sk_security;
4384
4385 newsksec->sid = sksec->sid;
4386 newsksec->peer_sid = sksec->peer_sid;
4387 newsksec->sclass = sksec->sclass;
4388
4389 selinux_netlbl_sk_security_reset(newsksec);
4390}
4391
4392static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
4393{
4394 if (!sk)
4395 *secid = SECINITSID_ANY_SOCKET;
4396 else {
4397 struct sk_security_struct *sksec = sk->sk_security;
4398
4399 *secid = sksec->sid;
4400 }
4401}
4402
4403static void selinux_sock_graft(struct sock *sk, struct socket *parent)
4404{
4405 struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
4406 struct sk_security_struct *sksec = sk->sk_security;
4407
4408 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
4409 sk->sk_family == PF_UNIX)
4410 isec->sid = sksec->sid;
4411 sksec->sclass = isec->sclass;
4412}
4413
4414static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4415 struct request_sock *req)
4416{
4417 struct sk_security_struct *sksec = sk->sk_security;
4418 int err;
4419 u16 family = sk->sk_family;
4420 u32 newsid;
4421 u32 peersid;
4422
4423
4424 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4425 family = PF_INET;
4426
4427 err = selinux_skb_peerlbl_sid(skb, family, &peersid);
4428 if (err)
4429 return err;
4430 if (peersid == SECSID_NULL) {
4431 req->secid = sksec->sid;
4432 req->peer_secid = SECSID_NULL;
4433 } else {
4434 err = security_sid_mls_copy(sksec->sid, peersid, &newsid);
4435 if (err)
4436 return err;
4437 req->secid = newsid;
4438 req->peer_secid = peersid;
4439 }
4440
4441 return selinux_netlbl_inet_conn_request(req, family);
4442}
4443
4444static void selinux_inet_csk_clone(struct sock *newsk,
4445 const struct request_sock *req)
4446{
4447 struct sk_security_struct *newsksec = newsk->sk_security;
4448
4449 newsksec->sid = req->secid;
4450 newsksec->peer_sid = req->peer_secid;
4451
4452
4453
4454
4455
4456
4457
4458 selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
4459}
4460
4461static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
4462{
4463 u16 family = sk->sk_family;
4464 struct sk_security_struct *sksec = sk->sk_security;
4465
4466
4467 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4468 family = PF_INET;
4469
4470 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
4471}
4472
4473static void selinux_skb_owned_by(struct sk_buff *skb, struct sock *sk)
4474{
4475 skb_set_owner_w(skb, sk);
4476}
4477
4478static int selinux_secmark_relabel_packet(u32 sid)
4479{
4480 const struct task_security_struct *__tsec;
4481 u32 tsid;
4482
4483 __tsec = current_security();
4484 tsid = __tsec->sid;
4485
4486 return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL);
4487}
4488
4489static void selinux_secmark_refcount_inc(void)
4490{
4491 atomic_inc(&selinux_secmark_refcount);
4492}
4493
4494static void selinux_secmark_refcount_dec(void)
4495{
4496 atomic_dec(&selinux_secmark_refcount);
4497}
4498
4499static void selinux_req_classify_flow(const struct request_sock *req,
4500 struct flowi *fl)
4501{
4502 fl->flowi_secid = req->secid;
4503}
4504
4505static int selinux_tun_dev_alloc_security(void **security)
4506{
4507 struct tun_security_struct *tunsec;
4508
4509 tunsec = kzalloc(sizeof(*tunsec), GFP_KERNEL);
4510 if (!tunsec)
4511 return -ENOMEM;
4512 tunsec->sid = current_sid();
4513
4514 *security = tunsec;
4515 return 0;
4516}
4517
4518static void selinux_tun_dev_free_security(void *security)
4519{
4520 kfree(security);
4521}
4522
4523static int selinux_tun_dev_create(void)
4524{
4525 u32 sid = current_sid();
4526
4527
4528
4529
4530
4531
4532
4533
4534 return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
4535 NULL);
4536}
4537
4538static int selinux_tun_dev_attach_queue(void *security)
4539{
4540 struct tun_security_struct *tunsec = security;
4541
4542 return avc_has_perm(current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET,
4543 TUN_SOCKET__ATTACH_QUEUE, NULL);
4544}
4545
4546static int selinux_tun_dev_attach(struct sock *sk, void *security)
4547{
4548 struct tun_security_struct *tunsec = security;
4549 struct sk_security_struct *sksec = sk->sk_security;
4550
4551
4552
4553
4554
4555
4556
4557
4558 sksec->sid = tunsec->sid;
4559 sksec->sclass = SECCLASS_TUN_SOCKET;
4560
4561 return 0;
4562}
4563
4564static int selinux_tun_dev_open(void *security)
4565{
4566 struct tun_security_struct *tunsec = security;
4567 u32 sid = current_sid();
4568 int err;
4569
4570 err = avc_has_perm(sid, tunsec->sid, SECCLASS_TUN_SOCKET,
4571 TUN_SOCKET__RELABELFROM, NULL);
4572 if (err)
4573 return err;
4574 err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET,
4575 TUN_SOCKET__RELABELTO, NULL);
4576 if (err)
4577 return err;
4578 tunsec->sid = sid;
4579
4580 return 0;
4581}
4582
4583static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
4584{
4585 int err = 0;
4586 u32 perm;
4587 struct nlmsghdr *nlh;
4588 struct sk_security_struct *sksec = sk->sk_security;
4589
4590 if (skb->len < NLMSG_HDRLEN) {
4591 err = -EINVAL;
4592 goto out;
4593 }
4594 nlh = nlmsg_hdr(skb);
4595
4596 err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);
4597 if (err) {
4598 if (err == -EINVAL) {
4599 audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR,
4600 "SELinux: unrecognized netlink message"
4601 " type=%hu for sclass=%hu\n",
4602 nlh->nlmsg_type, sksec->sclass);
4603 if (!selinux_enforcing || security_get_allow_unknown())
4604 err = 0;
4605 }
4606
4607
4608 if (err == -ENOENT)
4609 err = 0;
4610 goto out;
4611 }
4612
4613 err = sock_has_perm(current, sk, perm);
4614out:
4615 return err;
4616}
4617
4618#ifdef CONFIG_NETFILTER
4619
4620static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
4621 u16 family)
4622{
4623 int err;
4624 char *addrp;
4625 u32 peer_sid;
4626 struct common_audit_data ad;
4627 struct lsm_network_audit net = {0,};
4628 u8 secmark_active;
4629 u8 netlbl_active;
4630 u8 peerlbl_active;
4631
4632 if (!selinux_policycap_netpeer)
4633 return NF_ACCEPT;
4634
4635 secmark_active = selinux_secmark_enabled();
4636 netlbl_active = netlbl_enabled();
4637 peerlbl_active = netlbl_active || selinux_xfrm_enabled();
4638 if (!secmark_active && !peerlbl_active)
4639 return NF_ACCEPT;
4640
4641 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
4642 return NF_DROP;
4643
4644 ad.type = LSM_AUDIT_DATA_NET;
4645 ad.u.net = &net;
4646 ad.u.net->netif = ifindex;
4647 ad.u.net->family = family;
4648 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
4649 return NF_DROP;
4650
4651 if (peerlbl_active) {
4652 err = selinux_inet_sys_rcv_skb(ifindex, addrp, family,
4653 peer_sid, &ad);
4654 if (err) {
4655 selinux_netlbl_err(skb, err, 1);
4656 return NF_DROP;
4657 }
4658 }
4659
4660 if (secmark_active)
4661 if (avc_has_perm(peer_sid, skb->secmark,
4662 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
4663 return NF_DROP;
4664
4665 if (netlbl_active)
4666
4667
4668
4669
4670 if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
4671 return NF_DROP;
4672
4673 return NF_ACCEPT;
4674}
4675
4676static unsigned int selinux_ipv4_forward(unsigned int hooknum,
4677 struct sk_buff *skb,
4678 const struct net_device *in,
4679 const struct net_device *out,
4680 int (*okfn)(struct sk_buff *))
4681{
4682 return selinux_ip_forward(skb, in->ifindex, PF_INET);
4683}
4684
4685#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4686static unsigned int selinux_ipv6_forward(unsigned int hooknum,
4687 struct sk_buff *skb,
4688 const struct net_device *in,
4689 const struct net_device *out,
4690 int (*okfn)(struct sk_buff *))
4691{
4692 return selinux_ip_forward(skb, in->ifindex, PF_INET6);
4693}
4694#endif
4695
4696static unsigned int selinux_ip_output(struct sk_buff *skb,
4697 u16 family)
4698{
4699 u32 sid;
4700
4701 if (!netlbl_enabled())
4702 return NF_ACCEPT;
4703
4704
4705
4706
4707 if (skb->sk) {
4708 struct sk_security_struct *sksec = skb->sk->sk_security;
4709 sid = sksec->sid;
4710 } else
4711 sid = SECINITSID_KERNEL;
4712 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
4713 return NF_DROP;
4714
4715 return NF_ACCEPT;
4716}
4717
4718static unsigned int selinux_ipv4_output(unsigned int hooknum,
4719 struct sk_buff *skb,
4720 const struct net_device *in,
4721 const struct net_device *out,
4722 int (*okfn)(struct sk_buff *))
4723{
4724 return selinux_ip_output(skb, PF_INET);
4725}
4726
4727static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4728 int ifindex,
4729 u16 family)
4730{
4731 struct sock *sk = skb->sk;
4732 struct sk_security_struct *sksec;
4733 struct common_audit_data ad;
4734 struct lsm_network_audit net = {0,};
4735 char *addrp;
4736 u8 proto;
4737
4738 if (sk == NULL)
4739 return NF_ACCEPT;
4740 sksec = sk->sk_security;
4741
4742 ad.type = LSM_AUDIT_DATA_NET;
4743 ad.u.net = &net;
4744 ad.u.net->netif = ifindex;
4745 ad.u.net->family = family;
4746 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
4747 return NF_DROP;
4748
4749 if (selinux_secmark_enabled())
4750 if (avc_has_perm(sksec->sid, skb->secmark,
4751 SECCLASS_PACKET, PACKET__SEND, &ad))
4752 return NF_DROP_ERR(-ECONNREFUSED);
4753
4754 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
4755 return NF_DROP_ERR(-ECONNREFUSED);
4756
4757 return NF_ACCEPT;
4758}
4759
4760static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4761 u16 family)
4762{
4763 u32 secmark_perm;
4764 u32 peer_sid;
4765 struct sock *sk;
4766 struct common_audit_data ad;
4767 struct lsm_network_audit net = {0,};
4768 char *addrp;
4769 u8 secmark_active;
4770 u8 peerlbl_active;
4771
4772
4773
4774
4775
4776 if (!selinux_policycap_netpeer)
4777 return selinux_ip_postroute_compat(skb, ifindex, family);
4778#ifdef CONFIG_XFRM
4779
4780
4781
4782
4783
4784
4785 if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL)
4786 return NF_ACCEPT;
4787#endif
4788 secmark_active = selinux_secmark_enabled();
4789 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4790 if (!secmark_active && !peerlbl_active)
4791 return NF_ACCEPT;
4792
4793
4794
4795
4796
4797 sk = skb->sk;
4798 if (sk == NULL) {
4799 if (skb->skb_iif) {
4800 secmark_perm = PACKET__FORWARD_OUT;
4801 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
4802 return NF_DROP;
4803 } else {
4804 secmark_perm = PACKET__SEND;
4805 peer_sid = SECINITSID_KERNEL;
4806 }
4807 } else {
4808 struct sk_security_struct *sksec = sk->sk_security;
4809 peer_sid = sksec->sid;
4810 secmark_perm = PACKET__SEND;
4811 }
4812
4813 ad.type = LSM_AUDIT_DATA_NET;
4814 ad.u.net = &net;
4815 ad.u.net->netif = ifindex;
4816 ad.u.net->family = family;
4817 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
4818 return NF_DROP;
4819
4820 if (secmark_active)
4821 if (avc_has_perm(peer_sid, skb->secmark,
4822 SECCLASS_PACKET, secmark_perm, &ad))
4823 return NF_DROP_ERR(-ECONNREFUSED);
4824
4825 if (peerlbl_active) {
4826 u32 if_sid;
4827 u32 node_sid;
4828
4829 if (sel_netif_sid(ifindex, &if_sid))
4830 return NF_DROP;
4831 if (avc_has_perm(peer_sid, if_sid,
4832 SECCLASS_NETIF, NETIF__EGRESS, &ad))
4833 return NF_DROP_ERR(-ECONNREFUSED);
4834
4835 if (sel_netnode_sid(addrp, family, &node_sid))
4836 return NF_DROP;
4837 if (avc_has_perm(peer_sid, node_sid,
4838 SECCLASS_NODE, NODE__SENDTO, &ad))
4839 return NF_DROP_ERR(-ECONNREFUSED);
4840 }
4841
4842 return NF_ACCEPT;
4843}
4844
4845static unsigned int selinux_ipv4_postroute(unsigned int hooknum,
4846 struct sk_buff *skb,
4847 const struct net_device *in,
4848 const struct net_device *out,
4849 int (*okfn)(struct sk_buff *))
4850{
4851 return selinux_ip_postroute(skb, out->ifindex, PF_INET);
4852}
4853
4854#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4855static unsigned int selinux_ipv6_postroute(unsigned int hooknum,
4856 struct sk_buff *skb,
4857 const struct net_device *in,
4858 const struct net_device *out,
4859 int (*okfn)(struct sk_buff *))
4860{
4861 return selinux_ip_postroute(skb, out->ifindex, PF_INET6);
4862}
4863#endif
4864
4865#endif
4866
4867static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
4868{
4869 int err;
4870
4871 err = cap_netlink_send(sk, skb);
4872 if (err)
4873 return err;
4874
4875 return selinux_nlmsg_perm(sk, skb);
4876}
4877
4878static int ipc_alloc_security(struct task_struct *task,
4879 struct kern_ipc_perm *perm,
4880 u16 sclass)
4881{
4882 struct ipc_security_struct *isec;
4883 u32 sid;
4884
4885 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
4886 if (!isec)
4887 return -ENOMEM;
4888
4889 sid = task_sid(task);
4890 isec->sclass = sclass;
4891 isec->sid = sid;
4892 perm->security = isec;
4893
4894 return 0;
4895}
4896
4897static void ipc_free_security(struct kern_ipc_perm *perm)
4898{
4899 struct ipc_security_struct *isec = perm->security;
4900 perm->security = NULL;
4901 kfree(isec);
4902}
4903
4904static int msg_msg_alloc_security(struct msg_msg *msg)
4905{
4906 struct msg_security_struct *msec;
4907
4908 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
4909 if (!msec)
4910 return -ENOMEM;
4911
4912 msec->sid = SECINITSID_UNLABELED;
4913 msg->security = msec;
4914
4915 return 0;
4916}
4917
4918static void msg_msg_free_security(struct msg_msg *msg)
4919{
4920 struct msg_security_struct *msec = msg->security;
4921
4922 msg->security = NULL;
4923 kfree(msec);
4924}
4925
4926static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
4927 u32 perms)
4928{
4929 struct ipc_security_struct *isec;
4930 struct common_audit_data ad;
4931 u32 sid = current_sid();
4932
4933 isec = ipc_perms->security;
4934
4935 ad.type = LSM_AUDIT_DATA_IPC;
4936 ad.u.ipc_id = ipc_perms->key;
4937
4938 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
4939}
4940
4941static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
4942{
4943 return msg_msg_alloc_security(msg);
4944}
4945
4946static void selinux_msg_msg_free_security(struct msg_msg *msg)
4947{
4948 msg_msg_free_security(msg);
4949}
4950
4951
4952static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4953{
4954 struct ipc_security_struct *isec;
4955 struct common_audit_data ad;
4956 u32 sid = current_sid();
4957 int rc;
4958
4959 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
4960 if (rc)
4961 return rc;
4962
4963 isec = msq->q_perm.security;
4964
4965 ad.type = LSM_AUDIT_DATA_IPC;
4966 ad.u.ipc_id = msq->q_perm.key;
4967
4968 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4969 MSGQ__CREATE, &ad);
4970 if (rc) {
4971 ipc_free_security(&msq->q_perm);
4972 return rc;
4973 }
4974 return 0;
4975}
4976
4977static void selinux_msg_queue_free_security(struct msg_queue *msq)
4978{
4979 ipc_free_security(&msq->q_perm);
4980}
4981
4982static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
4983{
4984 struct ipc_security_struct *isec;
4985 struct common_audit_data ad;
4986 u32 sid = current_sid();
4987
4988 isec = msq->q_perm.security;
4989
4990 ad.type = LSM_AUDIT_DATA_IPC;
4991 ad.u.ipc_id = msq->q_perm.key;
4992
4993 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4994 MSGQ__ASSOCIATE, &ad);
4995}
4996
4997static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
4998{
4999 int err;
5000 int perms;
5001
5002 switch (cmd) {
5003 case IPC_INFO:
5004 case MSG_INFO:
5005
5006 return task_has_system(current, SYSTEM__IPC_INFO);
5007 case IPC_STAT:
5008 case MSG_STAT:
5009 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
5010 break;
5011 case IPC_SET:
5012 perms = MSGQ__SETATTR;
5013 break;
5014 case IPC_RMID:
5015 perms = MSGQ__DESTROY;
5016 break;
5017 default:
5018 return 0;
5019 }
5020
5021 err = ipc_has_perm(&msq->q_perm, perms);
5022 return err;
5023}
5024
5025static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
5026{
5027 struct ipc_security_struct *isec;
5028 struct msg_security_struct *msec;
5029 struct common_audit_data ad;
5030 u32 sid = current_sid();
5031 int rc;
5032
5033 isec = msq->q_perm.security;
5034 msec = msg->security;
5035
5036
5037
5038
5039 if (msec->sid == SECINITSID_UNLABELED) {
5040
5041
5042
5043
5044 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG,
5045 NULL, &msec->sid);
5046 if (rc)
5047 return rc;
5048 }
5049
5050 ad.type = LSM_AUDIT_DATA_IPC;
5051 ad.u.ipc_id = msq->q_perm.key;
5052
5053
5054 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5055 MSGQ__WRITE, &ad);
5056 if (!rc)
5057
5058 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG,
5059 MSG__SEND, &ad);
5060 if (!rc)
5061
5062 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ,
5063 MSGQ__ENQUEUE, &ad);
5064
5065 return rc;
5066}
5067
5068static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
5069 struct task_struct *target,
5070 long type, int mode)
5071{
5072 struct ipc_security_struct *isec;
5073 struct msg_security_struct *msec;
5074 struct common_audit_data ad;
5075 u32 sid = task_sid(target);
5076 int rc;
5077
5078 isec = msq->q_perm.security;
5079 msec = msg->security;
5080
5081 ad.type = LSM_AUDIT_DATA_IPC;
5082 ad.u.ipc_id = msq->q_perm.key;
5083
5084 rc = avc_has_perm(sid, isec->sid,
5085 SECCLASS_MSGQ, MSGQ__READ, &ad);
5086 if (!rc)
5087 rc = avc_has_perm(sid, msec->sid,
5088 SECCLASS_MSG, MSG__RECEIVE, &ad);
5089 return rc;
5090}
5091
5092
5093static int selinux_shm_alloc_security(struct shmid_kernel *shp)
5094{
5095 struct ipc_security_struct *isec;
5096 struct common_audit_data ad;
5097 u32 sid = current_sid();
5098 int rc;
5099
5100 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
5101 if (rc)
5102 return rc;
5103
5104 isec = shp->shm_perm.security;
5105
5106 ad.type = LSM_AUDIT_DATA_IPC;
5107 ad.u.ipc_id = shp->shm_perm.key;
5108
5109 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5110 SHM__CREATE, &ad);
5111 if (rc) {
5112 ipc_free_security(&shp->shm_perm);
5113 return rc;
5114 }
5115 return 0;
5116}
5117
5118static void selinux_shm_free_security(struct shmid_kernel *shp)
5119{
5120 ipc_free_security(&shp->shm_perm);
5121}
5122
5123static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
5124{
5125 struct ipc_security_struct *isec;
5126 struct common_audit_data ad;
5127 u32 sid = current_sid();
5128
5129 isec = shp->shm_perm.security;
5130
5131 ad.type = LSM_AUDIT_DATA_IPC;
5132 ad.u.ipc_id = shp->shm_perm.key;
5133
5134 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5135 SHM__ASSOCIATE, &ad);
5136}
5137
5138
5139static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
5140{
5141 int perms;
5142 int err;
5143
5144 switch (cmd) {
5145 case IPC_INFO:
5146 case SHM_INFO:
5147
5148 return task_has_system(current, SYSTEM__IPC_INFO);
5149 case IPC_STAT:
5150 case SHM_STAT:
5151 perms = SHM__GETATTR | SHM__ASSOCIATE;
5152 break;
5153 case IPC_SET:
5154 perms = SHM__SETATTR;
5155 break;
5156 case SHM_LOCK:
5157 case SHM_UNLOCK:
5158 perms = SHM__LOCK;
5159 break;
5160 case IPC_RMID:
5161 perms = SHM__DESTROY;
5162 break;
5163 default:
5164 return 0;
5165 }
5166
5167 err = ipc_has_perm(&shp->shm_perm, perms);
5168 return err;
5169}
5170
5171static int selinux_shm_shmat(struct shmid_kernel *shp,
5172 char __user *shmaddr, int shmflg)
5173{
5174 u32 perms;
5175
5176 if (shmflg & SHM_RDONLY)
5177 perms = SHM__READ;
5178 else
5179 perms = SHM__READ | SHM__WRITE;
5180
5181 return ipc_has_perm(&shp->shm_perm, perms);
5182}
5183
5184
5185static int selinux_sem_alloc_security(struct sem_array *sma)
5186{
5187 struct ipc_security_struct *isec;
5188 struct common_audit_data ad;
5189 u32 sid = current_sid();
5190 int rc;
5191
5192 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
5193 if (rc)
5194 return rc;
5195
5196 isec = sma->sem_perm.security;
5197
5198 ad.type = LSM_AUDIT_DATA_IPC;
5199 ad.u.ipc_id = sma->sem_perm.key;
5200
5201 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5202 SEM__CREATE, &ad);
5203 if (rc) {
5204 ipc_free_security(&sma->sem_perm);
5205 return rc;
5206 }
5207 return 0;
5208}
5209
5210static void selinux_sem_free_security(struct sem_array *sma)
5211{
5212 ipc_free_security(&sma->sem_perm);
5213}
5214
5215static int selinux_sem_associate(struct sem_array *sma, int semflg)
5216{
5217 struct ipc_security_struct *isec;
5218 struct common_audit_data ad;
5219 u32 sid = current_sid();
5220
5221 isec = sma->sem_perm.security;
5222
5223 ad.type = LSM_AUDIT_DATA_IPC;
5224 ad.u.ipc_id = sma->sem_perm.key;
5225
5226 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5227 SEM__ASSOCIATE, &ad);
5228}
5229
5230
5231static int selinux_sem_semctl(struct sem_array *sma, int cmd)
5232{
5233 int err;
5234 u32 perms;
5235
5236 switch (cmd) {
5237 case IPC_INFO:
5238 case SEM_INFO:
5239
5240 return task_has_system(current, SYSTEM__IPC_INFO);
5241 case GETPID:
5242 case GETNCNT:
5243 case GETZCNT:
5244 perms = SEM__GETATTR;
5245 break;
5246 case GETVAL:
5247 case GETALL:
5248 perms = SEM__READ;
5249 break;
5250 case SETVAL:
5251 case SETALL:
5252 perms = SEM__WRITE;
5253 break;
5254 case IPC_RMID:
5255 perms = SEM__DESTROY;
5256 break;
5257 case IPC_SET:
5258 perms = SEM__SETATTR;
5259 break;
5260 case IPC_STAT:
5261 case SEM_STAT:
5262 perms = SEM__GETATTR | SEM__ASSOCIATE;
5263 break;
5264 default:
5265 return 0;
5266 }
5267
5268 err = ipc_has_perm(&sma->sem_perm, perms);
5269 return err;
5270}
5271
5272static int selinux_sem_semop(struct sem_array *sma,
5273 struct sembuf *sops, unsigned nsops, int alter)
5274{
5275 u32 perms;
5276
5277 if (alter)
5278 perms = SEM__READ | SEM__WRITE;
5279 else
5280 perms = SEM__READ;
5281
5282 return ipc_has_perm(&sma->sem_perm, perms);
5283}
5284
5285static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
5286{
5287 u32 av = 0;
5288
5289 av = 0;
5290 if (flag & S_IRUGO)
5291 av |= IPC__UNIX_READ;
5292 if (flag & S_IWUGO)
5293 av |= IPC__UNIX_WRITE;
5294
5295 if (av == 0)
5296 return 0;
5297
5298 return ipc_has_perm(ipcp, av);
5299}
5300
5301static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
5302{
5303 struct ipc_security_struct *isec = ipcp->security;
5304 *secid = isec->sid;
5305}
5306
5307static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
5308{
5309 if (inode)
5310 inode_doinit_with_dentry(inode, dentry);
5311}
5312
5313static int selinux_getprocattr(struct task_struct *p,
5314 char *name, char **value)
5315{
5316 const struct task_security_struct *__tsec;
5317 u32 sid;
5318 int error;
5319 unsigned len;
5320
5321 if (current != p) {
5322 error = current_has_perm(p, PROCESS__GETATTR);
5323 if (error)
5324 return error;
5325 }
5326
5327 rcu_read_lock();
5328 __tsec = __task_cred(p)->security;
5329
5330 if (!strcmp(name, "current"))
5331 sid = __tsec->sid;
5332 else if (!strcmp(name, "prev"))
5333 sid = __tsec->osid;
5334 else if (!strcmp(name, "exec"))
5335 sid = __tsec->exec_sid;
5336 else if (!strcmp(name, "fscreate"))
5337 sid = __tsec->create_sid;
5338 else if (!strcmp(name, "keycreate"))
5339 sid = __tsec->keycreate_sid;
5340 else if (!strcmp(name, "sockcreate"))
5341 sid = __tsec->sockcreate_sid;
5342 else
5343 goto invalid;
5344 rcu_read_unlock();
5345
5346 if (!sid)
5347 return 0;
5348
5349 error = security_sid_to_context(sid, value, &len);
5350 if (error)
5351 return error;
5352 return len;
5353
5354invalid:
5355 rcu_read_unlock();
5356 return -EINVAL;
5357}
5358
5359static int selinux_setprocattr(struct task_struct *p,
5360 char *name, void *value, size_t size)
5361{
5362 struct task_security_struct *tsec;
5363 struct task_struct *tracer;
5364 struct cred *new;
5365 u32 sid = 0, ptsid;
5366 int error;
5367 char *str = value;
5368
5369 if (current != p) {
5370
5371
5372 return -EACCES;
5373 }
5374
5375
5376
5377
5378
5379
5380 if (!strcmp(name, "exec"))
5381 error = current_has_perm(p, PROCESS__SETEXEC);
5382 else if (!strcmp(name, "fscreate"))
5383 error = current_has_perm(p, PROCESS__SETFSCREATE);
5384 else if (!strcmp(name, "keycreate"))
5385 error = current_has_perm(p, PROCESS__SETKEYCREATE);
5386 else if (!strcmp(name, "sockcreate"))
5387 error = current_has_perm(p, PROCESS__SETSOCKCREATE);
5388 else if (!strcmp(name, "current"))
5389 error = current_has_perm(p, PROCESS__SETCURRENT);
5390 else
5391 error = -EINVAL;
5392 if (error)
5393 return error;
5394
5395
5396 if (size && str[1] && str[1] != '\n') {
5397 if (str[size-1] == '\n') {
5398 str[size-1] = 0;
5399 size--;
5400 }
5401 error = security_context_to_sid(value, size, &sid);
5402 if (error == -EINVAL && !strcmp(name, "fscreate")) {
5403 if (!capable(CAP_MAC_ADMIN)) {
5404 struct audit_buffer *ab;
5405 size_t audit_size;
5406
5407
5408
5409 if (str[size - 1] == '\0')
5410 audit_size = size - 1;
5411 else
5412 audit_size = size;
5413 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
5414 audit_log_format(ab, "op=fscreate invalid_context=");
5415 audit_log_n_untrustedstring(ab, value, audit_size);
5416 audit_log_end(ab);
5417
5418 return error;
5419 }
5420 error = security_context_to_sid_force(value, size,
5421 &sid);
5422 }
5423 if (error)
5424 return error;
5425 }
5426
5427 new = prepare_creds();
5428 if (!new)
5429 return -ENOMEM;
5430
5431
5432
5433
5434
5435
5436
5437 tsec = new->security;
5438 if (!strcmp(name, "exec")) {
5439 tsec->exec_sid = sid;
5440 } else if (!strcmp(name, "fscreate")) {
5441 tsec->create_sid = sid;
5442 } else if (!strcmp(name, "keycreate")) {
5443 error = may_create_key(sid, p);
5444 if (error)
5445 goto abort_change;
5446 tsec->keycreate_sid = sid;
5447 } else if (!strcmp(name, "sockcreate")) {
5448 tsec->sockcreate_sid = sid;
5449 } else if (!strcmp(name, "current")) {
5450 error = -EINVAL;
5451 if (sid == 0)
5452 goto abort_change;
5453
5454
5455 error = -EPERM;
5456 if (!current_is_single_threaded()) {
5457 error = security_bounded_transition(tsec->sid, sid);
5458 if (error)
5459 goto abort_change;
5460 }
5461
5462
5463 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
5464 PROCESS__DYNTRANSITION, NULL);
5465 if (error)
5466 goto abort_change;
5467
5468
5469
5470 ptsid = 0;
5471 task_lock(p);
5472 tracer = ptrace_parent(p);
5473 if (tracer)
5474 ptsid = task_sid(tracer);
5475 task_unlock(p);
5476
5477 if (tracer) {
5478 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
5479 PROCESS__PTRACE, NULL);
5480 if (error)
5481 goto abort_change;
5482 }
5483
5484 tsec->sid = sid;
5485 } else {
5486 error = -EINVAL;
5487 goto abort_change;
5488 }
5489
5490 commit_creds(new);
5491 return size;
5492
5493abort_change:
5494 abort_creds(new);
5495 return error;
5496}
5497
5498static int selinux_ismaclabel(const char *name)
5499{
5500 return (strcmp(name, XATTR_SELINUX_SUFFIX) == 0);
5501}
5502
5503static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
5504{
5505 return security_sid_to_context(secid, secdata, seclen);
5506}
5507
5508static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
5509{
5510 return security_context_to_sid(secdata, seclen, secid);
5511}
5512
5513static void selinux_release_secctx(char *secdata, u32 seclen)
5514{
5515 kfree(secdata);
5516}
5517
5518
5519
5520
5521static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
5522{
5523 return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0);
5524}
5525
5526
5527
5528
5529static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
5530{
5531 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
5532}
5533
5534static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
5535{
5536 int len = 0;
5537 len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,
5538 ctx, true);
5539 if (len < 0)
5540 return len;
5541 *ctxlen = len;
5542 return 0;
5543}
5544#ifdef CONFIG_KEYS
5545
5546static int selinux_key_alloc(struct key *k, const struct cred *cred,
5547 unsigned long flags)
5548{
5549 const struct task_security_struct *tsec;
5550 struct key_security_struct *ksec;
5551
5552 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
5553 if (!ksec)
5554 return -ENOMEM;
5555
5556 tsec = cred->security;
5557 if (tsec->keycreate_sid)
5558 ksec->sid = tsec->keycreate_sid;
5559 else
5560 ksec->sid = tsec->sid;
5561
5562 k->security = ksec;
5563 return 0;
5564}
5565
5566static void selinux_key_free(struct key *k)
5567{
5568 struct key_security_struct *ksec = k->security;
5569
5570 k->security = NULL;
5571 kfree(ksec);
5572}
5573
5574static int selinux_key_permission(key_ref_t key_ref,
5575 const struct cred *cred,
5576 key_perm_t perm)
5577{
5578 struct key *key;
5579 struct key_security_struct *ksec;
5580 u32 sid;
5581
5582
5583
5584
5585 if (perm == 0)
5586 return 0;
5587
5588 sid = cred_sid(cred);
5589
5590 key = key_ref_to_ptr(key_ref);
5591 ksec = key->security;
5592
5593 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL);
5594}
5595
5596static int selinux_key_getsecurity(struct key *key, char **_buffer)
5597{
5598 struct key_security_struct *ksec = key->security;
5599 char *context = NULL;
5600 unsigned len;
5601 int rc;
5602
5603 rc = security_sid_to_context(ksec->sid, &context, &len);
5604 if (!rc)
5605 rc = len;
5606 *_buffer = context;
5607 return rc;
5608}
5609
5610#endif
5611
5612static struct security_operations selinux_ops = {
5613 .name = "selinux",
5614
5615 .ptrace_access_check = selinux_ptrace_access_check,
5616 .ptrace_traceme = selinux_ptrace_traceme,
5617 .capget = selinux_capget,
5618 .capset = selinux_capset,
5619 .capable = selinux_capable,
5620 .quotactl = selinux_quotactl,
5621 .quota_on = selinux_quota_on,
5622 .syslog = selinux_syslog,
5623 .vm_enough_memory = selinux_vm_enough_memory,
5624
5625 .netlink_send = selinux_netlink_send,
5626
5627 .bprm_set_creds = selinux_bprm_set_creds,
5628 .bprm_committing_creds = selinux_bprm_committing_creds,
5629 .bprm_committed_creds = selinux_bprm_committed_creds,
5630 .bprm_secureexec = selinux_bprm_secureexec,
5631
5632 .sb_alloc_security = selinux_sb_alloc_security,
5633 .sb_free_security = selinux_sb_free_security,
5634 .sb_copy_data = selinux_sb_copy_data,
5635 .sb_remount = selinux_sb_remount,
5636 .sb_kern_mount = selinux_sb_kern_mount,
5637 .sb_show_options = selinux_sb_show_options,
5638 .sb_statfs = selinux_sb_statfs,
5639 .sb_mount = selinux_mount,
5640 .sb_umount = selinux_umount,
5641 .sb_set_mnt_opts = selinux_set_mnt_opts,
5642 .sb_clone_mnt_opts = selinux_sb_clone_mnt_opts,
5643 .sb_parse_opts_str = selinux_parse_opts_str,
5644
5645 .dentry_init_security = selinux_dentry_init_security,
5646
5647 .inode_alloc_security = selinux_inode_alloc_security,
5648 .inode_free_security = selinux_inode_free_security,
5649 .inode_init_security = selinux_inode_init_security,
5650 .inode_create = selinux_inode_create,
5651 .inode_link = selinux_inode_link,
5652 .inode_unlink = selinux_inode_unlink,
5653 .inode_symlink = selinux_inode_symlink,
5654 .inode_mkdir = selinux_inode_mkdir,
5655 .inode_rmdir = selinux_inode_rmdir,
5656 .inode_mknod = selinux_inode_mknod,
5657 .inode_rename = selinux_inode_rename,
5658 .inode_readlink = selinux_inode_readlink,
5659 .inode_follow_link = selinux_inode_follow_link,
5660 .inode_permission = selinux_inode_permission,
5661 .inode_setattr = selinux_inode_setattr,
5662 .inode_getattr = selinux_inode_getattr,
5663 .inode_setxattr = selinux_inode_setxattr,
5664 .inode_post_setxattr = selinux_inode_post_setxattr,
5665 .inode_getxattr = selinux_inode_getxattr,
5666 .inode_listxattr = selinux_inode_listxattr,
5667 .inode_removexattr = selinux_inode_removexattr,
5668 .inode_getsecurity = selinux_inode_getsecurity,
5669 .inode_setsecurity = selinux_inode_setsecurity,
5670 .inode_listsecurity = selinux_inode_listsecurity,
5671 .inode_getsecid = selinux_inode_getsecid,
5672
5673 .file_permission = selinux_file_permission,
5674 .file_alloc_security = selinux_file_alloc_security,
5675 .file_free_security = selinux_file_free_security,
5676 .file_ioctl = selinux_file_ioctl,
5677 .mmap_file = selinux_mmap_file,
5678 .mmap_addr = selinux_mmap_addr,
5679 .file_mprotect = selinux_file_mprotect,
5680 .file_lock = selinux_file_lock,
5681 .file_fcntl = selinux_file_fcntl,
5682 .file_set_fowner = selinux_file_set_fowner,
5683 .file_send_sigiotask = selinux_file_send_sigiotask,
5684 .file_receive = selinux_file_receive,
5685
5686 .file_open = selinux_file_open,
5687
5688 .task_create = selinux_task_create,
5689 .cred_alloc_blank = selinux_cred_alloc_blank,
5690 .cred_free = selinux_cred_free,
5691 .cred_prepare = selinux_cred_prepare,
5692 .cred_transfer = selinux_cred_transfer,
5693 .kernel_act_as = selinux_kernel_act_as,
5694 .kernel_create_files_as = selinux_kernel_create_files_as,
5695 .kernel_module_request = selinux_kernel_module_request,
5696 .task_setpgid = selinux_task_setpgid,
5697 .task_getpgid = selinux_task_getpgid,
5698 .task_getsid = selinux_task_getsid,
5699 .task_getsecid = selinux_task_getsecid,
5700 .task_setnice = selinux_task_setnice,
5701 .task_setioprio = selinux_task_setioprio,
5702 .task_getioprio = selinux_task_getioprio,
5703 .task_setrlimit = selinux_task_setrlimit,
5704 .task_setscheduler = selinux_task_setscheduler,
5705 .task_getscheduler = selinux_task_getscheduler,
5706 .task_movememory = selinux_task_movememory,
5707 .task_kill = selinux_task_kill,
5708 .task_wait = selinux_task_wait,
5709 .task_to_inode = selinux_task_to_inode,
5710
5711 .ipc_permission = selinux_ipc_permission,
5712 .ipc_getsecid = selinux_ipc_getsecid,
5713
5714 .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
5715 .msg_msg_free_security = selinux_msg_msg_free_security,
5716
5717 .msg_queue_alloc_security = selinux_msg_queue_alloc_security,
5718 .msg_queue_free_security = selinux_msg_queue_free_security,
5719 .msg_queue_associate = selinux_msg_queue_associate,
5720 .msg_queue_msgctl = selinux_msg_queue_msgctl,
5721 .msg_queue_msgsnd = selinux_msg_queue_msgsnd,
5722 .msg_queue_msgrcv = selinux_msg_queue_msgrcv,
5723
5724 .shm_alloc_security = selinux_shm_alloc_security,
5725 .shm_free_security = selinux_shm_free_security,
5726 .shm_associate = selinux_shm_associate,
5727 .shm_shmctl = selinux_shm_shmctl,
5728 .shm_shmat = selinux_shm_shmat,
5729
5730 .sem_alloc_security = selinux_sem_alloc_security,
5731 .sem_free_security = selinux_sem_free_security,
5732 .sem_associate = selinux_sem_associate,
5733 .sem_semctl = selinux_sem_semctl,
5734 .sem_semop = selinux_sem_semop,
5735
5736 .d_instantiate = selinux_d_instantiate,
5737
5738 .getprocattr = selinux_getprocattr,
5739 .setprocattr = selinux_setprocattr,
5740
5741 .ismaclabel = selinux_ismaclabel,
5742 .secid_to_secctx = selinux_secid_to_secctx,
5743 .secctx_to_secid = selinux_secctx_to_secid,
5744 .release_secctx = selinux_release_secctx,
5745 .inode_notifysecctx = selinux_inode_notifysecctx,
5746 .inode_setsecctx = selinux_inode_setsecctx,
5747 .inode_getsecctx = selinux_inode_getsecctx,
5748
5749 .unix_stream_connect = selinux_socket_unix_stream_connect,
5750 .unix_may_send = selinux_socket_unix_may_send,
5751
5752 .socket_create = selinux_socket_create,
5753 .socket_post_create = selinux_socket_post_create,
5754 .socket_bind = selinux_socket_bind,
5755 .socket_connect = selinux_socket_connect,
5756 .socket_listen = selinux_socket_listen,
5757 .socket_accept = selinux_socket_accept,
5758 .socket_sendmsg = selinux_socket_sendmsg,
5759 .socket_recvmsg = selinux_socket_recvmsg,
5760 .socket_getsockname = selinux_socket_getsockname,
5761 .socket_getpeername = selinux_socket_getpeername,
5762 .socket_getsockopt = selinux_socket_getsockopt,
5763 .socket_setsockopt = selinux_socket_setsockopt,
5764 .socket_shutdown = selinux_socket_shutdown,
5765 .socket_sock_rcv_skb = selinux_socket_sock_rcv_skb,
5766 .socket_getpeersec_stream = selinux_socket_getpeersec_stream,
5767 .socket_getpeersec_dgram = selinux_socket_getpeersec_dgram,
5768 .sk_alloc_security = selinux_sk_alloc_security,
5769 .sk_free_security = selinux_sk_free_security,
5770 .sk_clone_security = selinux_sk_clone_security,
5771 .sk_getsecid = selinux_sk_getsecid,
5772 .sock_graft = selinux_sock_graft,
5773 .inet_conn_request = selinux_inet_conn_request,
5774 .inet_csk_clone = selinux_inet_csk_clone,
5775 .inet_conn_established = selinux_inet_conn_established,
5776 .secmark_relabel_packet = selinux_secmark_relabel_packet,
5777 .secmark_refcount_inc = selinux_secmark_refcount_inc,
5778 .secmark_refcount_dec = selinux_secmark_refcount_dec,
5779 .req_classify_flow = selinux_req_classify_flow,
5780 .tun_dev_alloc_security = selinux_tun_dev_alloc_security,
5781 .tun_dev_free_security = selinux_tun_dev_free_security,
5782 .tun_dev_create = selinux_tun_dev_create,
5783 .tun_dev_attach_queue = selinux_tun_dev_attach_queue,
5784 .tun_dev_attach = selinux_tun_dev_attach,
5785 .tun_dev_open = selinux_tun_dev_open,
5786 .skb_owned_by = selinux_skb_owned_by,
5787
5788#ifdef CONFIG_SECURITY_NETWORK_XFRM
5789 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc,
5790 .xfrm_policy_clone_security = selinux_xfrm_policy_clone,
5791 .xfrm_policy_free_security = selinux_xfrm_policy_free,
5792 .xfrm_policy_delete_security = selinux_xfrm_policy_delete,
5793 .xfrm_state_alloc_security = selinux_xfrm_state_alloc,
5794 .xfrm_state_free_security = selinux_xfrm_state_free,
5795 .xfrm_state_delete_security = selinux_xfrm_state_delete,
5796 .xfrm_policy_lookup = selinux_xfrm_policy_lookup,
5797 .xfrm_state_pol_flow_match = selinux_xfrm_state_pol_flow_match,
5798 .xfrm_decode_session = selinux_xfrm_decode_session,
5799#endif
5800
5801#ifdef CONFIG_KEYS
5802 .key_alloc = selinux_key_alloc,
5803 .key_free = selinux_key_free,
5804 .key_permission = selinux_key_permission,
5805 .key_getsecurity = selinux_key_getsecurity,
5806#endif
5807
5808#ifdef CONFIG_AUDIT
5809 .audit_rule_init = selinux_audit_rule_init,
5810 .audit_rule_known = selinux_audit_rule_known,
5811 .audit_rule_match = selinux_audit_rule_match,
5812 .audit_rule_free = selinux_audit_rule_free,
5813#endif
5814};
5815
5816static __init int selinux_init(void)
5817{
5818 if (!security_module_enable(&selinux_ops)) {
5819 selinux_enabled = 0;
5820 return 0;
5821 }
5822
5823 if (!selinux_enabled) {
5824 printk(KERN_INFO "SELinux: Disabled at boot.\n");
5825 return 0;
5826 }
5827
5828 printk(KERN_INFO "SELinux: Initializing.\n");
5829
5830
5831 cred_init_security();
5832
5833 default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
5834
5835 sel_inode_cache = kmem_cache_create("selinux_inode_security",
5836 sizeof(struct inode_security_struct),
5837 0, SLAB_PANIC, NULL);
5838 avc_init();
5839
5840 if (register_security(&selinux_ops))
5841 panic("SELinux: Unable to register with kernel.\n");
5842
5843 if (selinux_enforcing)
5844 printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
5845 else
5846 printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
5847
5848 return 0;
5849}
5850
5851static void delayed_superblock_init(struct super_block *sb, void *unused)
5852{
5853 superblock_doinit(sb, NULL);
5854}
5855
5856void selinux_complete_init(void)
5857{
5858 printk(KERN_DEBUG "SELinux: Completing initialization.\n");
5859
5860
5861 printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
5862 iterate_supers(delayed_superblock_init, NULL);
5863}
5864
5865
5866
5867security_initcall(selinux_init);
5868
5869#if defined(CONFIG_NETFILTER)
5870
5871static struct nf_hook_ops selinux_ipv4_ops[] = {
5872 {
5873 .hook = selinux_ipv4_postroute,
5874 .owner = THIS_MODULE,
5875 .pf = NFPROTO_IPV4,
5876 .hooknum = NF_INET_POST_ROUTING,
5877 .priority = NF_IP_PRI_SELINUX_LAST,
5878 },
5879 {
5880 .hook = selinux_ipv4_forward,
5881 .owner = THIS_MODULE,
5882 .pf = NFPROTO_IPV4,
5883 .hooknum = NF_INET_FORWARD,
5884 .priority = NF_IP_PRI_SELINUX_FIRST,
5885 },
5886 {
5887 .hook = selinux_ipv4_output,
5888 .owner = THIS_MODULE,
5889 .pf = NFPROTO_IPV4,
5890 .hooknum = NF_INET_LOCAL_OUT,
5891 .priority = NF_IP_PRI_SELINUX_FIRST,
5892 }
5893};
5894
5895#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5896
5897static struct nf_hook_ops selinux_ipv6_ops[] = {
5898 {
5899 .hook = selinux_ipv6_postroute,
5900 .owner = THIS_MODULE,
5901 .pf = NFPROTO_IPV6,
5902 .hooknum = NF_INET_POST_ROUTING,
5903 .priority = NF_IP6_PRI_SELINUX_LAST,
5904 },
5905 {
5906 .hook = selinux_ipv6_forward,
5907 .owner = THIS_MODULE,
5908 .pf = NFPROTO_IPV6,
5909 .hooknum = NF_INET_FORWARD,
5910 .priority = NF_IP6_PRI_SELINUX_FIRST,
5911 }
5912};
5913
5914#endif
5915
5916static int __init selinux_nf_ip_init(void)
5917{
5918 int err = 0;
5919
5920 if (!selinux_enabled)
5921 goto out;
5922
5923 printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
5924
5925 err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
5926 if (err)
5927 panic("SELinux: nf_register_hooks for IPv4: error %d\n", err);
5928
5929#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5930 err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
5931 if (err)
5932 panic("SELinux: nf_register_hooks for IPv6: error %d\n", err);
5933#endif
5934
5935out:
5936 return err;
5937}
5938
5939__initcall(selinux_nf_ip_init);
5940
5941#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5942static void selinux_nf_ip_exit(void)
5943{
5944 printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
5945
5946 nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
5947#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5948 nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
5949#endif
5950}
5951#endif
5952
5953#else
5954
5955#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5956#define selinux_nf_ip_exit()
5957#endif
5958
5959#endif
5960
5961#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5962static int selinux_disabled;
5963
5964int selinux_disable(void)
5965{
5966 if (ss_initialized) {
5967
5968 return -EINVAL;
5969 }
5970
5971 if (selinux_disabled) {
5972
5973 return -EINVAL;
5974 }
5975
5976 printk(KERN_INFO "SELinux: Disabled at runtime.\n");
5977
5978 selinux_disabled = 1;
5979 selinux_enabled = 0;
5980
5981 reset_security_ops();
5982
5983
5984 avc_disable();
5985
5986
5987 selinux_nf_ip_exit();
5988
5989
5990 exit_sel_fs();
5991
5992 return 0;
5993}
5994#endif
5995
