1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26#include <linux/init.h>
27#include <linux/kd.h>
28#include <linux/kernel.h>
29#include <linux/tracehook.h>
30#include <linux/errno.h>
31#include <linux/sched.h>
32#include <linux/security.h>
33#include <linux/xattr.h>
34#include <linux/capability.h>
35#include <linux/unistd.h>
36#include <linux/mm.h>
37#include <linux/mman.h>
38#include <linux/slab.h>
39#include <linux/pagemap.h>
40#include <linux/proc_fs.h>
41#include <linux/swap.h>
42#include <linux/spinlock.h>
43#include <linux/syscalls.h>
44#include <linux/dcache.h>
45#include <linux/file.h>
46#include <linux/fdtable.h>
47#include <linux/namei.h>
48#include <linux/mount.h>
49#include <linux/netfilter_ipv4.h>
50#include <linux/netfilter_ipv6.h>
51#include <linux/tty.h>
52#include <net/icmp.h>
53#include <net/ip.h>
54#include <net/sock.h>
55#include <net/tcp.h>
56#include <net/inet_connection_sock.h>
57#include <net/net_namespace.h>
58#include <net/netlabel.h>
59#include <linux/uaccess.h>
60#include <asm/ioctls.h>
61#include <linux/atomic.h>
62#include <linux/bitops.h>
63#include <linux/interrupt.h>
64#include <linux/netdevice.h>
65#include <net/netlink.h>
66#include <linux/tcp.h>
67#include <linux/udp.h>
68#include <linux/dccp.h>
69#include <linux/quota.h>
70#include <linux/un.h>
71#include <net/af_unix.h>
72#include <linux/parser.h>
73#include <linux/nfs_mount.h>
74#include <net/ipv6.h>
75#include <linux/hugetlb.h>
76#include <linux/personality.h>
77#include <linux/audit.h>
78#include <linux/string.h>
79#include <linux/selinux.h>
80#include <linux/mutex.h>
81#include <linux/posix-timers.h>
82#include <linux/syslog.h>
83#include <linux/user_namespace.h>
84#include <linux/export.h>
85#include <linux/security.h>
86#include <linux/msg.h>
87#include <linux/shm.h>
88
89#include "avc.h"
90#include "objsec.h"
91#include "netif.h"
92#include "netnode.h"
93#include "netport.h"
94#include "xfrm.h"
95#include "netlabel.h"
96#include "audit.h"
97#include "avc_ss.h"
98
99extern struct security_operations *security_ops;
100
101
102static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
103
104#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
105int selinux_enforcing;
106
107static int __init enforcing_setup(char *str)
108{
109 unsigned long enforcing;
110 if (!strict_strtoul(str, 0, &enforcing))
111 selinux_enforcing = enforcing ? 1 : 0;
112 return 1;
113}
114__setup("enforcing=", enforcing_setup);
115#endif
116
117#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
118int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
119
120static int __init selinux_enabled_setup(char *str)
121{
122 unsigned long enabled;
123 if (!strict_strtoul(str, 0, &enabled))
124 selinux_enabled = enabled ? 1 : 0;
125 return 1;
126}
127__setup("selinux=", selinux_enabled_setup);
128#else
129int selinux_enabled = 1;
130#endif
131
132static struct kmem_cache *sel_inode_cache;
133
134
135
136
137
138
139
140
141
142
143
144
145static int selinux_secmark_enabled(void)
146{
147 return (selinux_policycap_alwaysnetwork || atomic_read(&selinux_secmark_refcount));
148}
149
150
151
152
153
154
155
156
157
158
159
160static int selinux_peerlbl_enabled(void)
161{
162 return (selinux_policycap_alwaysnetwork || netlbl_enabled() || selinux_xfrm_enabled());
163}
164
165
166
167
168static void cred_init_security(void)
169{
170 struct cred *cred = (struct cred *) current->real_cred;
171 struct task_security_struct *tsec;
172
173 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
174 if (!tsec)
175 panic("SELinux: Failed to initialize initial task.\n");
176
177 tsec->osid = tsec->sid = SECINITSID_KERNEL;
178 cred->security = tsec;
179}
180
181
182
183
184static inline u32 cred_sid(const struct cred *cred)
185{
186 const struct task_security_struct *tsec;
187
188 tsec = cred->security;
189 return tsec->sid;
190}
191
192
193
194
195static inline u32 task_sid(const struct task_struct *task)
196{
197 u32 sid;
198
199 rcu_read_lock();
200 sid = cred_sid(__task_cred(task));
201 rcu_read_unlock();
202 return sid;
203}
204
205
206
207
208static inline u32 current_sid(void)
209{
210 const struct task_security_struct *tsec = current_security();
211
212 return tsec->sid;
213}
214
215
216
217static int inode_alloc_security(struct inode *inode)
218{
219 struct inode_security_struct *isec;
220 u32 sid = current_sid();
221
222 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
223 if (!isec)
224 return -ENOMEM;
225
226 mutex_init(&isec->lock);
227 INIT_LIST_HEAD(&isec->list);
228 isec->inode = inode;
229 isec->sid = SECINITSID_UNLABELED;
230 isec->sclass = SECCLASS_FILE;
231 isec->task_sid = sid;
232 inode->i_security = isec;
233
234 return 0;
235}
236
237static void inode_free_rcu(struct rcu_head *head)
238{
239 struct inode_security_struct *isec;
240
241 isec = container_of(head, struct inode_security_struct, rcu);
242 kmem_cache_free(sel_inode_cache, isec);
243}
244
245static void inode_free_security(struct inode *inode)
246{
247 struct inode_security_struct *isec = inode->i_security;
248 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
249
250 spin_lock(&sbsec->isec_lock);
251 if (!list_empty(&isec->list))
252 list_del_init(&isec->list);
253 spin_unlock(&sbsec->isec_lock);
254
255
256
257
258
259
260
261
262
263
264 call_rcu(&isec->rcu, inode_free_rcu);
265}
266
267static int file_alloc_security(struct file *file)
268{
269 struct file_security_struct *fsec;
270 u32 sid = current_sid();
271
272 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
273 if (!fsec)
274 return -ENOMEM;
275
276 fsec->sid = sid;
277 fsec->fown_sid = sid;
278 file->f_security = fsec;
279
280 return 0;
281}
282
283static void file_free_security(struct file *file)
284{
285 struct file_security_struct *fsec = file->f_security;
286 file->f_security = NULL;
287 kfree(fsec);
288}
289
290static int superblock_alloc_security(struct super_block *sb)
291{
292 struct superblock_security_struct *sbsec;
293
294 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
295 if (!sbsec)
296 return -ENOMEM;
297
298 mutex_init(&sbsec->lock);
299 INIT_LIST_HEAD(&sbsec->isec_head);
300 spin_lock_init(&sbsec->isec_lock);
301 sbsec->sb = sb;
302 sbsec->sid = SECINITSID_UNLABELED;
303 sbsec->def_sid = SECINITSID_FILE;
304 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
305 sb->s_security = sbsec;
306
307 return 0;
308}
309
310static void superblock_free_security(struct super_block *sb)
311{
312 struct superblock_security_struct *sbsec = sb->s_security;
313 sb->s_security = NULL;
314 kfree(sbsec);
315}
316
317
318
319static const char *labeling_behaviors[7] = {
320 "uses xattr",
321 "uses transition SIDs",
322 "uses task SIDs",
323 "uses genfs_contexts",
324 "not configured for labeling",
325 "uses mountpoint labeling",
326 "uses native labeling",
327};
328
329static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
330
331static inline int inode_doinit(struct inode *inode)
332{
333 return inode_doinit_with_dentry(inode, NULL);
334}
335
336enum {
337 Opt_error = -1,
338 Opt_context = 1,
339 Opt_fscontext = 2,
340 Opt_defcontext = 3,
341 Opt_rootcontext = 4,
342 Opt_labelsupport = 5,
343 Opt_nextmntopt = 6,
344};
345
346#define NUM_SEL_MNT_OPTS (Opt_nextmntopt - 1)
347
348static const match_table_t tokens = {
349 {Opt_context, CONTEXT_STR "%s"},
350 {Opt_fscontext, FSCONTEXT_STR "%s"},
351 {Opt_defcontext, DEFCONTEXT_STR "%s"},
352 {Opt_rootcontext, ROOTCONTEXT_STR "%s"},
353 {Opt_labelsupport, LABELSUPP_STR},
354 {Opt_error, NULL},
355};
356
357#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
358
359static int may_context_mount_sb_relabel(u32 sid,
360 struct superblock_security_struct *sbsec,
361 const struct cred *cred)
362{
363 const struct task_security_struct *tsec = cred->security;
364 int rc;
365
366 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
367 FILESYSTEM__RELABELFROM, NULL);
368 if (rc)
369 return rc;
370
371 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
372 FILESYSTEM__RELABELTO, NULL);
373 return rc;
374}
375
376static int may_context_mount_inode_relabel(u32 sid,
377 struct superblock_security_struct *sbsec,
378 const struct cred *cred)
379{
380 const struct task_security_struct *tsec = cred->security;
381 int rc;
382 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
383 FILESYSTEM__RELABELFROM, NULL);
384 if (rc)
385 return rc;
386
387 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
388 FILESYSTEM__ASSOCIATE, NULL);
389 return rc;
390}
391
392static int selinux_is_sblabel_mnt(struct super_block *sb)
393{
394 struct superblock_security_struct *sbsec = sb->s_security;
395
396 if (sbsec->behavior == SECURITY_FS_USE_XATTR ||
397 sbsec->behavior == SECURITY_FS_USE_TRANS ||
398 sbsec->behavior == SECURITY_FS_USE_TASK)
399 return 1;
400
401
402 if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
403 return 1;
404
405
406
407
408
409 if (strncmp(sb->s_type->name, "rootfs", sizeof("rootfs")) == 0)
410 return 1;
411
412 return 0;
413}
414
415static int sb_finish_set_opts(struct super_block *sb)
416{
417 struct superblock_security_struct *sbsec = sb->s_security;
418 struct dentry *root = sb->s_root;
419 struct inode *root_inode = root->d_inode;
420 int rc = 0;
421
422 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
423
424
425
426
427
428 if (!root_inode->i_op->getxattr) {
429 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
430 "xattr support\n", sb->s_id, sb->s_type->name);
431 rc = -EOPNOTSUPP;
432 goto out;
433 }
434 rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
435 if (rc < 0 && rc != -ENODATA) {
436 if (rc == -EOPNOTSUPP)
437 printk(KERN_WARNING "SELinux: (dev %s, type "
438 "%s) has no security xattr handler\n",
439 sb->s_id, sb->s_type->name);
440 else
441 printk(KERN_WARNING "SELinux: (dev %s, type "
442 "%s) getxattr errno %d\n", sb->s_id,
443 sb->s_type->name, -rc);
444 goto out;
445 }
446 }
447
448 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
449 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
450 sb->s_id, sb->s_type->name);
451 else
452 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
453 sb->s_id, sb->s_type->name,
454 labeling_behaviors[sbsec->behavior-1]);
455
456 sbsec->flags |= SE_SBINITIALIZED;
457 if (selinux_is_sblabel_mnt(sb))
458 sbsec->flags |= SBLABEL_MNT;
459
460
461 rc = inode_doinit_with_dentry(root_inode, root);
462
463
464
465
466
467 spin_lock(&sbsec->isec_lock);
468next_inode:
469 if (!list_empty(&sbsec->isec_head)) {
470 struct inode_security_struct *isec =
471 list_entry(sbsec->isec_head.next,
472 struct inode_security_struct, list);
473 struct inode *inode = isec->inode;
474 spin_unlock(&sbsec->isec_lock);
475 inode = igrab(inode);
476 if (inode) {
477 if (!IS_PRIVATE(inode))
478 inode_doinit(inode);
479 iput(inode);
480 }
481 spin_lock(&sbsec->isec_lock);
482 list_del_init(&isec->list);
483 goto next_inode;
484 }
485 spin_unlock(&sbsec->isec_lock);
486out:
487 return rc;
488}
489
490
491
492
493
494
495static int selinux_get_mnt_opts(const struct super_block *sb,
496 struct security_mnt_opts *opts)
497{
498 int rc = 0, i;
499 struct superblock_security_struct *sbsec = sb->s_security;
500 char *context = NULL;
501 u32 len;
502 char tmp;
503
504 security_init_mnt_opts(opts);
505
506 if (!(sbsec->flags & SE_SBINITIALIZED))
507 return -EINVAL;
508
509 if (!ss_initialized)
510 return -EINVAL;
511
512
513 BUILD_BUG_ON(SE_MNTMASK >= (1 << NUM_SEL_MNT_OPTS));
514
515 tmp = sbsec->flags & SE_MNTMASK;
516
517 for (i = 0; i < NUM_SEL_MNT_OPTS; i++) {
518 if (tmp & 0x01)
519 opts->num_mnt_opts++;
520 tmp >>= 1;
521 }
522
523 if (sbsec->flags & SBLABEL_MNT)
524 opts->num_mnt_opts++;
525
526 opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
527 if (!opts->mnt_opts) {
528 rc = -ENOMEM;
529 goto out_free;
530 }
531
532 opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);
533 if (!opts->mnt_opts_flags) {
534 rc = -ENOMEM;
535 goto out_free;
536 }
537
538 i = 0;
539 if (sbsec->flags & FSCONTEXT_MNT) {
540 rc = security_sid_to_context(sbsec->sid, &context, &len);
541 if (rc)
542 goto out_free;
543 opts->mnt_opts[i] = context;
544 opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
545 }
546 if (sbsec->flags & CONTEXT_MNT) {
547 rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
548 if (rc)
549 goto out_free;
550 opts->mnt_opts[i] = context;
551 opts->mnt_opts_flags[i++] = CONTEXT_MNT;
552 }
553 if (sbsec->flags & DEFCONTEXT_MNT) {
554 rc = security_sid_to_context(sbsec->def_sid, &context, &len);
555 if (rc)
556 goto out_free;
557 opts->mnt_opts[i] = context;
558 opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;
559 }
560 if (sbsec->flags & ROOTCONTEXT_MNT) {
561 struct inode *root = sbsec->sb->s_root->d_inode;
562 struct inode_security_struct *isec = root->i_security;
563
564 rc = security_sid_to_context(isec->sid, &context, &len);
565 if (rc)
566 goto out_free;
567 opts->mnt_opts[i] = context;
568 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
569 }
570 if (sbsec->flags & SBLABEL_MNT) {
571 opts->mnt_opts[i] = NULL;
572 opts->mnt_opts_flags[i++] = SBLABEL_MNT;
573 }
574
575 BUG_ON(i != opts->num_mnt_opts);
576
577 return 0;
578
579out_free:
580 security_free_mnt_opts(opts);
581 return rc;
582}
583
584static int bad_option(struct superblock_security_struct *sbsec, char flag,
585 u32 old_sid, u32 new_sid)
586{
587 char mnt_flags = sbsec->flags & SE_MNTMASK;
588
589
590 if (sbsec->flags & SE_SBINITIALIZED)
591 if (!(sbsec->flags & flag) ||
592 (old_sid != new_sid))
593 return 1;
594
595
596
597
598 if (!(sbsec->flags & SE_SBINITIALIZED))
599 if (mnt_flags & flag)
600 return 1;
601 return 0;
602}
603
604
605
606
607
608static int selinux_set_mnt_opts(struct super_block *sb,
609 struct security_mnt_opts *opts,
610 unsigned long kern_flags,
611 unsigned long *set_kern_flags)
612{
613 const struct cred *cred = current_cred();
614 int rc = 0, i;
615 struct superblock_security_struct *sbsec = sb->s_security;
616 const char *name = sb->s_type->name;
617 struct inode *inode = sbsec->sb->s_root->d_inode;
618 struct inode_security_struct *root_isec = inode->i_security;
619 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
620 u32 defcontext_sid = 0;
621 char **mount_options = opts->mnt_opts;
622 int *flags = opts->mnt_opts_flags;
623 int num_opts = opts->num_mnt_opts;
624
625 mutex_lock(&sbsec->lock);
626
627 if (!ss_initialized) {
628 if (!num_opts) {
629
630
631
632 goto out;
633 }
634 rc = -EINVAL;
635 printk(KERN_WARNING "SELinux: Unable to set superblock options "
636 "before the security server is initialized\n");
637 goto out;
638 }
639 if (kern_flags && !set_kern_flags) {
640
641
642 rc = -EINVAL;
643 goto out;
644 }
645
646
647
648
649
650
651
652
653
654
655
656
657 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
658 && (num_opts == 0))
659 goto out;
660
661
662
663
664
665
666 for (i = 0; i < num_opts; i++) {
667 u32 sid;
668
669 if (flags[i] == SBLABEL_MNT)
670 continue;
671 rc = security_context_to_sid(mount_options[i],
672 strlen(mount_options[i]), &sid);
673 if (rc) {
674 printk(KERN_WARNING "SELinux: security_context_to_sid"
675 "(%s) failed for (dev %s, type %s) errno=%d\n",
676 mount_options[i], sb->s_id, name, rc);
677 goto out;
678 }
679 switch (flags[i]) {
680 case FSCONTEXT_MNT:
681 fscontext_sid = sid;
682
683 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
684 fscontext_sid))
685 goto out_double_mount;
686
687 sbsec->flags |= FSCONTEXT_MNT;
688 break;
689 case CONTEXT_MNT:
690 context_sid = sid;
691
692 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
693 context_sid))
694 goto out_double_mount;
695
696 sbsec->flags |= CONTEXT_MNT;
697 break;
698 case ROOTCONTEXT_MNT:
699 rootcontext_sid = sid;
700
701 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
702 rootcontext_sid))
703 goto out_double_mount;
704
705 sbsec->flags |= ROOTCONTEXT_MNT;
706
707 break;
708 case DEFCONTEXT_MNT:
709 defcontext_sid = sid;
710
711 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
712 defcontext_sid))
713 goto out_double_mount;
714
715 sbsec->flags |= DEFCONTEXT_MNT;
716
717 break;
718 default:
719 rc = -EINVAL;
720 goto out;
721 }
722 }
723
724 if (sbsec->flags & SE_SBINITIALIZED) {
725
726 if ((sbsec->flags & SE_MNTMASK) && !num_opts)
727 goto out_double_mount;
728 rc = 0;
729 goto out;
730 }
731
732 if (strcmp(sb->s_type->name, "proc") == 0)
733 sbsec->flags |= SE_SBPROC;
734
735 if (!sbsec->behavior) {
736
737
738
739
740 rc = security_fs_use(sb);
741 if (rc) {
742 printk(KERN_WARNING
743 "%s: security_fs_use(%s) returned %d\n",
744 __func__, sb->s_type->name, rc);
745 goto out;
746 }
747 }
748
749 if (fscontext_sid) {
750 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
751 if (rc)
752 goto out;
753
754 sbsec->sid = fscontext_sid;
755 }
756
757
758
759
760
761
762 if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !context_sid) {
763 sbsec->behavior = SECURITY_FS_USE_NATIVE;
764 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
765 }
766
767 if (context_sid) {
768 if (!fscontext_sid) {
769 rc = may_context_mount_sb_relabel(context_sid, sbsec,
770 cred);
771 if (rc)
772 goto out;
773 sbsec->sid = context_sid;
774 } else {
775 rc = may_context_mount_inode_relabel(context_sid, sbsec,
776 cred);
777 if (rc)
778 goto out;
779 }
780 if (!rootcontext_sid)
781 rootcontext_sid = context_sid;
782
783 sbsec->mntpoint_sid = context_sid;
784 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
785 }
786
787 if (rootcontext_sid) {
788 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
789 cred);
790 if (rc)
791 goto out;
792
793 root_isec->sid = rootcontext_sid;
794 root_isec->initialized = 1;
795 }
796
797 if (defcontext_sid) {
798 if (sbsec->behavior != SECURITY_FS_USE_XATTR &&
799 sbsec->behavior != SECURITY_FS_USE_NATIVE) {
800 rc = -EINVAL;
801 printk(KERN_WARNING "SELinux: defcontext option is "
802 "invalid for this filesystem type\n");
803 goto out;
804 }
805
806 if (defcontext_sid != sbsec->def_sid) {
807 rc = may_context_mount_inode_relabel(defcontext_sid,
808 sbsec, cred);
809 if (rc)
810 goto out;
811 }
812
813 sbsec->def_sid = defcontext_sid;
814 }
815
816 rc = sb_finish_set_opts(sb);
817out:
818 mutex_unlock(&sbsec->lock);
819 return rc;
820out_double_mount:
821 rc = -EINVAL;
822 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
823 "security settings for (dev %s, type %s)\n", sb->s_id, name);
824 goto out;
825}
826
827static int selinux_cmp_sb_context(const struct super_block *oldsb,
828 const struct super_block *newsb)
829{
830 struct superblock_security_struct *old = oldsb->s_security;
831 struct superblock_security_struct *new = newsb->s_security;
832 char oldflags = old->flags & SE_MNTMASK;
833 char newflags = new->flags & SE_MNTMASK;
834
835 if (oldflags != newflags)
836 goto mismatch;
837 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid)
838 goto mismatch;
839 if ((oldflags & CONTEXT_MNT) && old->mntpoint_sid != new->mntpoint_sid)
840 goto mismatch;
841 if ((oldflags & DEFCONTEXT_MNT) && old->def_sid != new->def_sid)
842 goto mismatch;
843 if (oldflags & ROOTCONTEXT_MNT) {
844 struct inode_security_struct *oldroot = oldsb->s_root->d_inode->i_security;
845 struct inode_security_struct *newroot = newsb->s_root->d_inode->i_security;
846 if (oldroot->sid != newroot->sid)
847 goto mismatch;
848 }
849 return 0;
850mismatch:
851 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, "
852 "different security settings for (dev %s, "
853 "type %s)\n", newsb->s_id, newsb->s_type->name);
854 return -EBUSY;
855}
856
857static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
858 struct super_block *newsb)
859{
860 const struct superblock_security_struct *oldsbsec = oldsb->s_security;
861 struct superblock_security_struct *newsbsec = newsb->s_security;
862
863 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
864 int set_context = (oldsbsec->flags & CONTEXT_MNT);
865 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
866
867
868
869
870
871 if (!ss_initialized)
872 return 0;
873
874
875 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
876
877
878 if (newsbsec->flags & SE_SBINITIALIZED)
879 return selinux_cmp_sb_context(oldsb, newsb);
880
881 mutex_lock(&newsbsec->lock);
882
883 newsbsec->flags = oldsbsec->flags;
884
885 newsbsec->sid = oldsbsec->sid;
886 newsbsec->def_sid = oldsbsec->def_sid;
887 newsbsec->behavior = oldsbsec->behavior;
888
889 if (set_context) {
890 u32 sid = oldsbsec->mntpoint_sid;
891
892 if (!set_fscontext)
893 newsbsec->sid = sid;
894 if (!set_rootcontext) {
895 struct inode *newinode = newsb->s_root->d_inode;
896 struct inode_security_struct *newisec = newinode->i_security;
897 newisec->sid = sid;
898 }
899 newsbsec->mntpoint_sid = sid;
900 }
901 if (set_rootcontext) {
902 const struct inode *oldinode = oldsb->s_root->d_inode;
903 const struct inode_security_struct *oldisec = oldinode->i_security;
904 struct inode *newinode = newsb->s_root->d_inode;
905 struct inode_security_struct *newisec = newinode->i_security;
906
907 newisec->sid = oldisec->sid;
908 }
909
910 sb_finish_set_opts(newsb);
911 mutex_unlock(&newsbsec->lock);
912 return 0;
913}
914
915static int selinux_parse_opts_str(char *options,
916 struct security_mnt_opts *opts)
917{
918 char *p;
919 char *context = NULL, *defcontext = NULL;
920 char *fscontext = NULL, *rootcontext = NULL;
921 int rc, num_mnt_opts = 0;
922
923 opts->num_mnt_opts = 0;
924
925
926 while ((p = strsep(&options, "|")) != NULL) {
927 int token;
928 substring_t args[MAX_OPT_ARGS];
929
930 if (!*p)
931 continue;
932
933 token = match_token(p, tokens, args);
934
935 switch (token) {
936 case Opt_context:
937 if (context || defcontext) {
938 rc = -EINVAL;
939 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
940 goto out_err;
941 }
942 context = match_strdup(&args[0]);
943 if (!context) {
944 rc = -ENOMEM;
945 goto out_err;
946 }
947 break;
948
949 case Opt_fscontext:
950 if (fscontext) {
951 rc = -EINVAL;
952 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
953 goto out_err;
954 }
955 fscontext = match_strdup(&args[0]);
956 if (!fscontext) {
957 rc = -ENOMEM;
958 goto out_err;
959 }
960 break;
961
962 case Opt_rootcontext:
963 if (rootcontext) {
964 rc = -EINVAL;
965 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
966 goto out_err;
967 }
968 rootcontext = match_strdup(&args[0]);
969 if (!rootcontext) {
970 rc = -ENOMEM;
971 goto out_err;
972 }
973 break;
974
975 case Opt_defcontext:
976 if (context || defcontext) {
977 rc = -EINVAL;
978 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
979 goto out_err;
980 }
981 defcontext = match_strdup(&args[0]);
982 if (!defcontext) {
983 rc = -ENOMEM;
984 goto out_err;
985 }
986 break;
987 case Opt_labelsupport:
988 break;
989 default:
990 rc = -EINVAL;
991 printk(KERN_WARNING "SELinux: unknown mount option\n");
992 goto out_err;
993
994 }
995 }
996
997 rc = -ENOMEM;
998 opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC);
999 if (!opts->mnt_opts)
1000 goto out_err;
1001
1002 opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC);
1003 if (!opts->mnt_opts_flags) {
1004 kfree(opts->mnt_opts);
1005 goto out_err;
1006 }
1007
1008 if (fscontext) {
1009 opts->mnt_opts[num_mnt_opts] = fscontext;
1010 opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;
1011 }
1012 if (context) {
1013 opts->mnt_opts[num_mnt_opts] = context;
1014 opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;
1015 }
1016 if (rootcontext) {
1017 opts->mnt_opts[num_mnt_opts] = rootcontext;
1018 opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;
1019 }
1020 if (defcontext) {
1021 opts->mnt_opts[num_mnt_opts] = defcontext;
1022 opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;
1023 }
1024
1025 opts->num_mnt_opts = num_mnt_opts;
1026 return 0;
1027
1028out_err:
1029 kfree(context);
1030 kfree(defcontext);
1031 kfree(fscontext);
1032 kfree(rootcontext);
1033 return rc;
1034}
1035
1036
1037
1038static int superblock_doinit(struct super_block *sb, void *data)
1039{
1040 int rc = 0;
1041 char *options = data;
1042 struct security_mnt_opts opts;
1043
1044 security_init_mnt_opts(&opts);
1045
1046 if (!data)
1047 goto out;
1048
1049 BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
1050
1051 rc = selinux_parse_opts_str(options, &opts);
1052 if (rc)
1053 goto out_err;
1054
1055out:
1056 rc = selinux_set_mnt_opts(sb, &opts, 0, NULL);
1057
1058out_err:
1059 security_free_mnt_opts(&opts);
1060 return rc;
1061}
1062
1063static void selinux_write_opts(struct seq_file *m,
1064 struct security_mnt_opts *opts)
1065{
1066 int i;
1067 char *prefix;
1068
1069 for (i = 0; i < opts->num_mnt_opts; i++) {
1070 char *has_comma;
1071
1072 if (opts->mnt_opts[i])
1073 has_comma = strchr(opts->mnt_opts[i], ',');
1074 else
1075 has_comma = NULL;
1076
1077 switch (opts->mnt_opts_flags[i]) {
1078 case CONTEXT_MNT:
1079 prefix = CONTEXT_STR;
1080 break;
1081 case FSCONTEXT_MNT:
1082 prefix = FSCONTEXT_STR;
1083 break;
1084 case ROOTCONTEXT_MNT:
1085 prefix = ROOTCONTEXT_STR;
1086 break;
1087 case DEFCONTEXT_MNT:
1088 prefix = DEFCONTEXT_STR;
1089 break;
1090 case SBLABEL_MNT:
1091 seq_putc(m, ',');
1092 seq_puts(m, LABELSUPP_STR);
1093 continue;
1094 default:
1095 BUG();
1096 return;
1097 };
1098
1099 seq_putc(m, ',');
1100 seq_puts(m, prefix);
1101 if (has_comma)
1102 seq_putc(m, '\"');
1103 seq_puts(m, opts->mnt_opts[i]);
1104 if (has_comma)
1105 seq_putc(m, '\"');
1106 }
1107}
1108
1109static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
1110{
1111 struct security_mnt_opts opts;
1112 int rc;
1113
1114 rc = selinux_get_mnt_opts(sb, &opts);
1115 if (rc) {
1116
1117 if (rc == -EINVAL)
1118 rc = 0;
1119 return rc;
1120 }
1121
1122 selinux_write_opts(m, &opts);
1123
1124 security_free_mnt_opts(&opts);
1125
1126 return rc;
1127}
1128
1129static inline u16 inode_mode_to_security_class(umode_t mode)
1130{
1131 switch (mode & S_IFMT) {
1132 case S_IFSOCK:
1133 return SECCLASS_SOCK_FILE;
1134 case S_IFLNK:
1135 return SECCLASS_LNK_FILE;
1136 case S_IFREG:
1137 return SECCLASS_FILE;
1138 case S_IFBLK:
1139 return SECCLASS_BLK_FILE;
1140 case S_IFDIR:
1141 return SECCLASS_DIR;
1142 case S_IFCHR:
1143 return SECCLASS_CHR_FILE;
1144 case S_IFIFO:
1145 return SECCLASS_FIFO_FILE;
1146
1147 }
1148
1149 return SECCLASS_FILE;
1150}
1151
1152static inline int default_protocol_stream(int protocol)
1153{
1154 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
1155}
1156
1157static inline int default_protocol_dgram(int protocol)
1158{
1159 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
1160}
1161
1162static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1163{
1164 switch (family) {
1165 case PF_UNIX:
1166 switch (type) {
1167 case SOCK_STREAM:
1168 case SOCK_SEQPACKET:
1169 return SECCLASS_UNIX_STREAM_SOCKET;
1170 case SOCK_DGRAM:
1171 return SECCLASS_UNIX_DGRAM_SOCKET;
1172 }
1173 break;
1174 case PF_INET:
1175 case PF_INET6:
1176 switch (type) {
1177 case SOCK_STREAM:
1178 if (default_protocol_stream(protocol))
1179 return SECCLASS_TCP_SOCKET;
1180 else
1181 return SECCLASS_RAWIP_SOCKET;
1182 case SOCK_DGRAM:
1183 if (default_protocol_dgram(protocol))
1184 return SECCLASS_UDP_SOCKET;
1185 else
1186 return SECCLASS_RAWIP_SOCKET;
1187 case SOCK_DCCP:
1188 return SECCLASS_DCCP_SOCKET;
1189 default:
1190 return SECCLASS_RAWIP_SOCKET;
1191 }
1192 break;
1193 case PF_NETLINK:
1194 switch (protocol) {
1195 case NETLINK_ROUTE:
1196 return SECCLASS_NETLINK_ROUTE_SOCKET;
1197 case NETLINK_FIREWALL:
1198 return SECCLASS_NETLINK_FIREWALL_SOCKET;
1199 case NETLINK_SOCK_DIAG:
1200 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1201 case NETLINK_NFLOG:
1202 return SECCLASS_NETLINK_NFLOG_SOCKET;
1203 case NETLINK_XFRM:
1204 return SECCLASS_NETLINK_XFRM_SOCKET;
1205 case NETLINK_SELINUX:
1206 return SECCLASS_NETLINK_SELINUX_SOCKET;
1207 case NETLINK_AUDIT:
1208 return SECCLASS_NETLINK_AUDIT_SOCKET;
1209 case NETLINK_IP6_FW:
1210 return SECCLASS_NETLINK_IP6FW_SOCKET;
1211 case NETLINK_DNRTMSG:
1212 return SECCLASS_NETLINK_DNRT_SOCKET;
1213 case NETLINK_KOBJECT_UEVENT:
1214 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1215 default:
1216 return SECCLASS_NETLINK_SOCKET;
1217 }
1218 case PF_PACKET:
1219 return SECCLASS_PACKET_SOCKET;
1220 case PF_KEY:
1221 return SECCLASS_KEY_SOCKET;
1222 case PF_APPLETALK:
1223 return SECCLASS_APPLETALK_SOCKET;
1224 }
1225
1226 return SECCLASS_SOCKET;
1227}
1228
1229#ifdef CONFIG_PROC_FS
1230static int selinux_proc_get_sid(struct dentry *dentry,
1231 u16 tclass,
1232 u32 *sid)
1233{
1234 int rc;
1235 char *buffer, *path;
1236
1237 buffer = (char *)__get_free_page(GFP_KERNEL);
1238 if (!buffer)
1239 return -ENOMEM;
1240
1241 path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
1242 if (IS_ERR(path))
1243 rc = PTR_ERR(path);
1244 else {
1245
1246
1247
1248 while (path[1] >= '0' && path[1] <= '9') {
1249 path[1] = '/';
1250 path++;
1251 }
1252 rc = security_genfs_sid("proc", path, tclass, sid);
1253 }
1254 free_page((unsigned long)buffer);
1255 return rc;
1256}
1257#else
1258static int selinux_proc_get_sid(struct dentry *dentry,
1259 u16 tclass,
1260 u32 *sid)
1261{
1262 return -EINVAL;
1263}
1264#endif
1265
1266
1267static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1268{
1269 struct superblock_security_struct *sbsec = NULL;
1270 struct inode_security_struct *isec = inode->i_security;
1271 u32 sid;
1272 struct dentry *dentry;
1273#define INITCONTEXTLEN 255
1274 char *context = NULL;
1275 unsigned len = 0;
1276 int rc = 0;
1277
1278 if (isec->initialized)
1279 goto out;
1280
1281 mutex_lock(&isec->lock);
1282 if (isec->initialized)
1283 goto out_unlock;
1284
1285 sbsec = inode->i_sb->s_security;
1286 if (!(sbsec->flags & SE_SBINITIALIZED)) {
1287
1288
1289
1290 spin_lock(&sbsec->isec_lock);
1291 if (list_empty(&isec->list))
1292 list_add(&isec->list, &sbsec->isec_head);
1293 spin_unlock(&sbsec->isec_lock);
1294 goto out_unlock;
1295 }
1296
1297 switch (sbsec->behavior) {
1298 case SECURITY_FS_USE_NATIVE:
1299 break;
1300 case SECURITY_FS_USE_XATTR:
1301 if (!inode->i_op->getxattr) {
1302 isec->sid = sbsec->def_sid;
1303 break;
1304 }
1305
1306
1307
1308 if (opt_dentry) {
1309
1310 dentry = dget(opt_dentry);
1311 } else {
1312
1313 dentry = d_find_alias(inode);
1314 }
1315 if (!dentry) {
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325 goto out_unlock;
1326 }
1327
1328 len = INITCONTEXTLEN;
1329 context = kmalloc(len+1, GFP_NOFS);
1330 if (!context) {
1331 rc = -ENOMEM;
1332 dput(dentry);
1333 goto out_unlock;
1334 }
1335 context[len] = '\0';
1336 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1337 context, len);
1338 if (rc == -ERANGE) {
1339 kfree(context);
1340
1341
1342 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1343 NULL, 0);
1344 if (rc < 0) {
1345 dput(dentry);
1346 goto out_unlock;
1347 }
1348 len = rc;
1349 context = kmalloc(len+1, GFP_NOFS);
1350 if (!context) {
1351 rc = -ENOMEM;
1352 dput(dentry);
1353 goto out_unlock;
1354 }
1355 context[len] = '\0';
1356 rc = inode->i_op->getxattr(dentry,
1357 XATTR_NAME_SELINUX,
1358 context, len);
1359 }
1360 dput(dentry);
1361 if (rc < 0) {
1362 if (rc != -ENODATA) {
1363 printk(KERN_WARNING "SELinux: %s: getxattr returned "
1364 "%d for dev=%s ino=%ld\n", __func__,
1365 -rc, inode->i_sb->s_id, inode->i_ino);
1366 kfree(context);
1367 goto out_unlock;
1368 }
1369
1370 sid = sbsec->def_sid;
1371 rc = 0;
1372 } else {
1373 rc = security_context_to_sid_default(context, rc, &sid,
1374 sbsec->def_sid,
1375 GFP_NOFS);
1376 if (rc) {
1377 char *dev = inode->i_sb->s_id;
1378 unsigned long ino = inode->i_ino;
1379
1380 if (rc == -EINVAL) {
1381 if (printk_ratelimit())
1382 printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
1383 "context=%s. This indicates you may need to relabel the inode or the "
1384 "filesystem in question.\n", ino, dev, context);
1385 } else {
1386 printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
1387 "returned %d for dev=%s ino=%ld\n",
1388 __func__, context, -rc, dev, ino);
1389 }
1390 kfree(context);
1391
1392 rc = 0;
1393 break;
1394 }
1395 }
1396 kfree(context);
1397 isec->sid = sid;
1398 break;
1399 case SECURITY_FS_USE_TASK:
1400 isec->sid = isec->task_sid;
1401 break;
1402 case SECURITY_FS_USE_TRANS:
1403
1404 isec->sid = sbsec->sid;
1405
1406
1407 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1408 rc = security_transition_sid(isec->task_sid, sbsec->sid,
1409 isec->sclass, NULL, &sid);
1410 if (rc)
1411 goto out_unlock;
1412 isec->sid = sid;
1413 break;
1414 case SECURITY_FS_USE_MNTPOINT:
1415 isec->sid = sbsec->mntpoint_sid;
1416 break;
1417 default:
1418
1419 isec->sid = sbsec->sid;
1420
1421 if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
1422 if (opt_dentry) {
1423 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1424 rc = selinux_proc_get_sid(opt_dentry,
1425 isec->sclass,
1426 &sid);
1427 if (rc)
1428 goto out_unlock;
1429 isec->sid = sid;
1430 }
1431 }
1432 break;
1433 }
1434
1435 isec->initialized = 1;
1436
1437out_unlock:
1438 mutex_unlock(&isec->lock);
1439out:
1440 if (isec->sclass == SECCLASS_FILE)
1441 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1442 return rc;
1443}
1444
1445
1446static inline u32 signal_to_av(int sig)
1447{
1448 u32 perm = 0;
1449
1450 switch (sig) {
1451 case SIGCHLD:
1452
1453 perm = PROCESS__SIGCHLD;
1454 break;
1455 case SIGKILL:
1456
1457 perm = PROCESS__SIGKILL;
1458 break;
1459 case SIGSTOP:
1460
1461 perm = PROCESS__SIGSTOP;
1462 break;
1463 default:
1464
1465 perm = PROCESS__SIGNAL;
1466 break;
1467 }
1468
1469 return perm;
1470}
1471
1472
1473
1474
1475
1476static int cred_has_perm(const struct cred *actor,
1477 const struct cred *target,
1478 u32 perms)
1479{
1480 u32 asid = cred_sid(actor), tsid = cred_sid(target);
1481
1482 return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL);
1483}
1484
1485
1486
1487
1488
1489
1490
1491static int task_has_perm(const struct task_struct *tsk1,
1492 const struct task_struct *tsk2,
1493 u32 perms)
1494{
1495 const struct task_security_struct *__tsec1, *__tsec2;
1496 u32 sid1, sid2;
1497
1498 rcu_read_lock();
1499 __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid;
1500 __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid;
1501 rcu_read_unlock();
1502 return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL);
1503}
1504
1505
1506
1507
1508
1509
1510
1511static int current_has_perm(const struct task_struct *tsk,
1512 u32 perms)
1513{
1514 u32 sid, tsid;
1515
1516 sid = current_sid();
1517 tsid = task_sid(tsk);
1518 return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL);
1519}
1520
1521#if CAP_LAST_CAP > 63
1522#error Fix SELinux to handle capabilities > 63.
1523#endif
1524
1525
1526static int cred_has_capability(const struct cred *cred,
1527 int cap, int audit)
1528{
1529 struct common_audit_data ad;
1530 struct av_decision avd;
1531 u16 sclass;
1532 u32 sid = cred_sid(cred);
1533 u32 av = CAP_TO_MASK(cap);
1534 int rc;
1535
1536 ad.type = LSM_AUDIT_DATA_CAP;
1537 ad.u.cap = cap;
1538
1539 switch (CAP_TO_INDEX(cap)) {
1540 case 0:
1541 sclass = SECCLASS_CAPABILITY;
1542 break;
1543 case 1:
1544 sclass = SECCLASS_CAPABILITY2;
1545 break;
1546 default:
1547 printk(KERN_ERR
1548 "SELinux: out of range capability %d\n", cap);
1549 BUG();
1550 return -EINVAL;
1551 }
1552
1553 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
1554 if (audit == SECURITY_CAP_AUDIT) {
1555 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad);
1556 if (rc2)
1557 return rc2;
1558 }
1559 return rc;
1560}
1561
1562
1563static int task_has_system(struct task_struct *tsk,
1564 u32 perms)
1565{
1566 u32 sid = task_sid(tsk);
1567
1568 return avc_has_perm(sid, SECINITSID_KERNEL,
1569 SECCLASS_SYSTEM, perms, NULL);
1570}
1571
1572
1573
1574
1575static int inode_has_perm(const struct cred *cred,
1576 struct inode *inode,
1577 u32 perms,
1578 struct common_audit_data *adp)
1579{
1580 struct inode_security_struct *isec;
1581 u32 sid;
1582
1583 validate_creds(cred);
1584
1585 if (unlikely(IS_PRIVATE(inode)))
1586 return 0;
1587
1588 sid = cred_sid(cred);
1589 isec = inode->i_security;
1590
1591 return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);
1592}
1593
1594
1595
1596
1597static inline int dentry_has_perm(const struct cred *cred,
1598 struct dentry *dentry,
1599 u32 av)
1600{
1601 struct inode *inode = dentry->d_inode;
1602 struct common_audit_data ad;
1603
1604 ad.type = LSM_AUDIT_DATA_DENTRY;
1605 ad.u.dentry = dentry;
1606 return inode_has_perm(cred, inode, av, &ad);
1607}
1608
1609
1610
1611
1612static inline int path_has_perm(const struct cred *cred,
1613 struct path *path,
1614 u32 av)
1615{
1616 struct inode *inode = path->dentry->d_inode;
1617 struct common_audit_data ad;
1618
1619 ad.type = LSM_AUDIT_DATA_PATH;
1620 ad.u.path = *path;
1621 return inode_has_perm(cred, inode, av, &ad);
1622}
1623
1624
1625static inline int file_path_has_perm(const struct cred *cred,
1626 struct file *file,
1627 u32 av)
1628{
1629 struct common_audit_data ad;
1630
1631 ad.type = LSM_AUDIT_DATA_PATH;
1632 ad.u.path = file->f_path;
1633 return inode_has_perm(cred, file_inode(file), av, &ad);
1634}
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644static int file_has_perm(const struct cred *cred,
1645 struct file *file,
1646 u32 av)
1647{
1648 struct file_security_struct *fsec = file->f_security;
1649 struct inode *inode = file_inode(file);
1650 struct common_audit_data ad;
1651 u32 sid = cred_sid(cred);
1652 int rc;
1653
1654 ad.type = LSM_AUDIT_DATA_PATH;
1655 ad.u.path = file->f_path;
1656
1657 if (sid != fsec->sid) {
1658 rc = avc_has_perm(sid, fsec->sid,
1659 SECCLASS_FD,
1660 FD__USE,
1661 &ad);
1662 if (rc)
1663 goto out;
1664 }
1665
1666
1667 rc = 0;
1668 if (av)
1669 rc = inode_has_perm(cred, inode, av, &ad);
1670
1671out:
1672 return rc;
1673}
1674
1675
1676static int may_create(struct inode *dir,
1677 struct dentry *dentry,
1678 u16 tclass)
1679{
1680 const struct task_security_struct *tsec = current_security();
1681 struct inode_security_struct *dsec;
1682 struct superblock_security_struct *sbsec;
1683 u32 sid, newsid;
1684 struct common_audit_data ad;
1685 int rc;
1686
1687 dsec = dir->i_security;
1688 sbsec = dir->i_sb->s_security;
1689
1690 sid = tsec->sid;
1691 newsid = tsec->create_sid;
1692
1693 ad.type = LSM_AUDIT_DATA_DENTRY;
1694 ad.u.dentry = dentry;
1695
1696 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
1697 DIR__ADD_NAME | DIR__SEARCH,
1698 &ad);
1699 if (rc)
1700 return rc;
1701
1702 if (!newsid || !(sbsec->flags & SBLABEL_MNT)) {
1703 rc = security_transition_sid(sid, dsec->sid, tclass,
1704 &dentry->d_name, &newsid);
1705 if (rc)
1706 return rc;
1707 }
1708
1709 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);
1710 if (rc)
1711 return rc;
1712
1713 return avc_has_perm(newsid, sbsec->sid,
1714 SECCLASS_FILESYSTEM,
1715 FILESYSTEM__ASSOCIATE, &ad);
1716}
1717
1718
1719static int may_create_key(u32 ksid,
1720 struct task_struct *ctx)
1721{
1722 u32 sid = task_sid(ctx);
1723
1724 return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1725}
1726
1727#define MAY_LINK 0
1728#define MAY_UNLINK 1
1729#define MAY_RMDIR 2
1730
1731
1732static int may_link(struct inode *dir,
1733 struct dentry *dentry,
1734 int kind)
1735
1736{
1737 struct inode_security_struct *dsec, *isec;
1738 struct common_audit_data ad;
1739 u32 sid = current_sid();
1740 u32 av;
1741 int rc;
1742
1743 dsec = dir->i_security;
1744 isec = dentry->d_inode->i_security;
1745
1746 ad.type = LSM_AUDIT_DATA_DENTRY;
1747 ad.u.dentry = dentry;
1748
1749 av = DIR__SEARCH;
1750 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1751 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);
1752 if (rc)
1753 return rc;
1754
1755 switch (kind) {
1756 case MAY_LINK:
1757 av = FILE__LINK;
1758 break;
1759 case MAY_UNLINK:
1760 av = FILE__UNLINK;
1761 break;
1762 case MAY_RMDIR:
1763 av = DIR__RMDIR;
1764 break;
1765 default:
1766 printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
1767 __func__, kind);
1768 return 0;
1769 }
1770
1771 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);
1772 return rc;
1773}
1774
1775static inline int may_rename(struct inode *old_dir,
1776 struct dentry *old_dentry,
1777 struct inode *new_dir,
1778 struct dentry *new_dentry)
1779{
1780 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1781 struct common_audit_data ad;
1782 u32 sid = current_sid();
1783 u32 av;
1784 int old_is_dir, new_is_dir;
1785 int rc;
1786
1787 old_dsec = old_dir->i_security;
1788 old_isec = old_dentry->d_inode->i_security;
1789 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
1790 new_dsec = new_dir->i_security;
1791
1792 ad.type = LSM_AUDIT_DATA_DENTRY;
1793
1794 ad.u.dentry = old_dentry;
1795 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
1796 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1797 if (rc)
1798 return rc;
1799 rc = avc_has_perm(sid, old_isec->sid,
1800 old_isec->sclass, FILE__RENAME, &ad);
1801 if (rc)
1802 return rc;
1803 if (old_is_dir && new_dir != old_dir) {
1804 rc = avc_has_perm(sid, old_isec->sid,
1805 old_isec->sclass, DIR__REPARENT, &ad);
1806 if (rc)
1807 return rc;
1808 }
1809
1810 ad.u.dentry = new_dentry;
1811 av = DIR__ADD_NAME | DIR__SEARCH;
1812 if (new_dentry->d_inode)
1813 av |= DIR__REMOVE_NAME;
1814 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1815 if (rc)
1816 return rc;
1817 if (new_dentry->d_inode) {
1818 new_isec = new_dentry->d_inode->i_security;
1819 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
1820 rc = avc_has_perm(sid, new_isec->sid,
1821 new_isec->sclass,
1822 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1823 if (rc)
1824 return rc;
1825 }
1826
1827 return 0;
1828}
1829
1830
1831static int superblock_has_perm(const struct cred *cred,
1832 struct super_block *sb,
1833 u32 perms,
1834 struct common_audit_data *ad)
1835{
1836 struct superblock_security_struct *sbsec;
1837 u32 sid = cred_sid(cred);
1838
1839 sbsec = sb->s_security;
1840 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
1841}
1842
1843
1844static inline u32 file_mask_to_av(int mode, int mask)
1845{
1846 u32 av = 0;
1847
1848 if (!S_ISDIR(mode)) {
1849 if (mask & MAY_EXEC)
1850 av |= FILE__EXECUTE;
1851 if (mask & MAY_READ)
1852 av |= FILE__READ;
1853
1854 if (mask & MAY_APPEND)
1855 av |= FILE__APPEND;
1856 else if (mask & MAY_WRITE)
1857 av |= FILE__WRITE;
1858
1859 } else {
1860 if (mask & MAY_EXEC)
1861 av |= DIR__SEARCH;
1862 if (mask & MAY_WRITE)
1863 av |= DIR__WRITE;
1864 if (mask & MAY_READ)
1865 av |= DIR__READ;
1866 }
1867
1868 return av;
1869}
1870
1871
1872static inline u32 file_to_av(struct file *file)
1873{
1874 u32 av = 0;
1875
1876 if (file->f_mode & FMODE_READ)
1877 av |= FILE__READ;
1878 if (file->f_mode & FMODE_WRITE) {
1879 if (file->f_flags & O_APPEND)
1880 av |= FILE__APPEND;
1881 else
1882 av |= FILE__WRITE;
1883 }
1884 if (!av) {
1885
1886
1887
1888 av = FILE__IOCTL;
1889 }
1890
1891 return av;
1892}
1893
1894
1895
1896
1897
1898static inline u32 open_file_to_av(struct file *file)
1899{
1900 u32 av = file_to_av(file);
1901
1902 if (selinux_policycap_openperm)
1903 av |= FILE__OPEN;
1904
1905 return av;
1906}
1907
1908
1909
1910static int selinux_ptrace_access_check(struct task_struct *child,
1911 unsigned int mode)
1912{
1913 int rc;
1914
1915 rc = cap_ptrace_access_check(child, mode);
1916 if (rc)
1917 return rc;
1918
1919 if (mode & PTRACE_MODE_READ) {
1920 u32 sid = current_sid();
1921 u32 csid = task_sid(child);
1922 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
1923 }
1924
1925 return current_has_perm(child, PROCESS__PTRACE);
1926}
1927
1928static int selinux_ptrace_traceme(struct task_struct *parent)
1929{
1930 int rc;
1931
1932 rc = cap_ptrace_traceme(parent);
1933 if (rc)
1934 return rc;
1935
1936 return task_has_perm(parent, current, PROCESS__PTRACE);
1937}
1938
1939static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
1940 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1941{
1942 int error;
1943
1944 error = current_has_perm(target, PROCESS__GETCAP);
1945 if (error)
1946 return error;
1947
1948 return cap_capget(target, effective, inheritable, permitted);
1949}
1950
1951static int selinux_capset(struct cred *new, const struct cred *old,
1952 const kernel_cap_t *effective,
1953 const kernel_cap_t *inheritable,
1954 const kernel_cap_t *permitted)
1955{
1956 int error;
1957
1958 error = cap_capset(new, old,
1959 effective, inheritable, permitted);
1960 if (error)
1961 return error;
1962
1963 return cred_has_perm(old, new, PROCESS__SETCAP);
1964}
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
1977 int cap, int audit)
1978{
1979 int rc;
1980
1981 rc = cap_capable(cred, ns, cap, audit);
1982 if (rc)
1983 return rc;
1984
1985 return cred_has_capability(cred, cap, audit);
1986}
1987
1988static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1989{
1990 const struct cred *cred = current_cred();
1991 int rc = 0;
1992
1993 if (!sb)
1994 return 0;
1995
1996 switch (cmds) {
1997 case Q_SYNC:
1998 case Q_QUOTAON:
1999 case Q_QUOTAOFF:
2000 case Q_SETINFO:
2001 case Q_SETQUOTA:
2002 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
2003 break;
2004 case Q_GETFMT:
2005 case Q_GETINFO:
2006 case Q_GETQUOTA:
2007 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
2008 break;
2009 default:
2010 rc = 0;
2011 break;
2012 }
2013 return rc;
2014}
2015
2016static int selinux_quota_on(struct dentry *dentry)
2017{
2018 const struct cred *cred = current_cred();
2019
2020 return dentry_has_perm(cred, dentry, FILE__QUOTAON);
2021}
2022
2023static int selinux_syslog(int type)
2024{
2025 int rc;
2026
2027 switch (type) {
2028 case SYSLOG_ACTION_READ_ALL:
2029 case SYSLOG_ACTION_SIZE_BUFFER:
2030 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
2031 break;
2032 case SYSLOG_ACTION_CONSOLE_OFF:
2033 case SYSLOG_ACTION_CONSOLE_ON:
2034
2035 case SYSLOG_ACTION_CONSOLE_LEVEL:
2036 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
2037 break;
2038 case SYSLOG_ACTION_CLOSE:
2039 case SYSLOG_ACTION_OPEN:
2040 case SYSLOG_ACTION_READ:
2041 case SYSLOG_ACTION_READ_CLEAR:
2042 case SYSLOG_ACTION_CLEAR:
2043 default:
2044 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
2045 break;
2046 }
2047 return rc;
2048}
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
2059{
2060 int rc, cap_sys_admin = 0;
2061
2062 rc = selinux_capable(current_cred(), &init_user_ns, CAP_SYS_ADMIN,
2063 SECURITY_CAP_NOAUDIT);
2064 if (rc == 0)
2065 cap_sys_admin = 1;
2066
2067 return __vm_enough_memory(mm, pages, cap_sys_admin);
2068}
2069
2070
2071
2072static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2073{
2074 const struct task_security_struct *old_tsec;
2075 struct task_security_struct *new_tsec;
2076 struct inode_security_struct *isec;
2077 struct common_audit_data ad;
2078 struct inode *inode = file_inode(bprm->file);
2079 int rc;
2080
2081 rc = cap_bprm_set_creds(bprm);
2082 if (rc)
2083 return rc;
2084
2085
2086
2087 if (bprm->cred_prepared)
2088 return 0;
2089
2090 old_tsec = current_security();
2091 new_tsec = bprm->cred->security;
2092 isec = inode->i_security;
2093
2094
2095 new_tsec->sid = old_tsec->sid;
2096 new_tsec->osid = old_tsec->sid;
2097
2098
2099 new_tsec->create_sid = 0;
2100 new_tsec->keycreate_sid = 0;
2101 new_tsec->sockcreate_sid = 0;
2102
2103 if (old_tsec->exec_sid) {
2104 new_tsec->sid = old_tsec->exec_sid;
2105
2106 new_tsec->exec_sid = 0;
2107
2108
2109
2110
2111
2112 if (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS)
2113 return -EPERM;
2114 } else {
2115
2116 rc = security_transition_sid(old_tsec->sid, isec->sid,
2117 SECCLASS_PROCESS, NULL,
2118 &new_tsec->sid);
2119 if (rc)
2120 return rc;
2121 }
2122
2123 ad.type = LSM_AUDIT_DATA_PATH;
2124 ad.u.path = bprm->file->f_path;
2125
2126 if ((bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) ||
2127 (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS))
2128 new_tsec->sid = old_tsec->sid;
2129
2130 if (new_tsec->sid == old_tsec->sid) {
2131 rc = avc_has_perm(old_tsec->sid, isec->sid,
2132 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2133 if (rc)
2134 return rc;
2135 } else {
2136
2137 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2138 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2139 if (rc)
2140 return rc;
2141
2142 rc = avc_has_perm(new_tsec->sid, isec->sid,
2143 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2144 if (rc)
2145 return rc;
2146
2147
2148 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2149 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2150 SECCLASS_PROCESS, PROCESS__SHARE,
2151 NULL);
2152 if (rc)
2153 return -EPERM;
2154 }
2155
2156
2157
2158 if (bprm->unsafe &
2159 (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
2160 struct task_struct *tracer;
2161 struct task_security_struct *sec;
2162 u32 ptsid = 0;
2163
2164 rcu_read_lock();
2165 tracer = ptrace_parent(current);
2166 if (likely(tracer != NULL)) {
2167 sec = __task_cred(tracer)->security;
2168 ptsid = sec->sid;
2169 }
2170 rcu_read_unlock();
2171
2172 if (ptsid != 0) {
2173 rc = avc_has_perm(ptsid, new_tsec->sid,
2174 SECCLASS_PROCESS,
2175 PROCESS__PTRACE, NULL);
2176 if (rc)
2177 return -EPERM;
2178 }
2179 }
2180
2181
2182 bprm->per_clear |= PER_CLEAR_ON_SETID;
2183 }
2184
2185 return 0;
2186}
2187
2188static int selinux_bprm_secureexec(struct linux_binprm *bprm)
2189{
2190 const struct task_security_struct *tsec = current_security();
2191 u32 sid, osid;
2192 int atsecure = 0;
2193
2194 sid = tsec->sid;
2195 osid = tsec->osid;
2196
2197 if (osid != sid) {
2198
2199
2200
2201 atsecure = avc_has_perm(osid, sid,
2202 SECCLASS_PROCESS,
2203 PROCESS__NOATSECURE, NULL);
2204 }
2205
2206 return (atsecure || cap_bprm_secureexec(bprm));
2207}
2208
2209static int match_file(const void *p, struct file *file, unsigned fd)
2210{
2211 return file_has_perm(p, file, file_to_av(file)) ? fd + 1 : 0;
2212}
2213
2214
2215static inline void flush_unauthorized_files(const struct cred *cred,
2216 struct files_struct *files)
2217{
2218 struct file *file, *devnull = NULL;
2219 struct tty_struct *tty;
2220 int drop_tty = 0;
2221 unsigned n;
2222
2223 tty = get_current_tty();
2224 if (tty) {
2225 spin_lock(&tty_files_lock);
2226 if (!list_empty(&tty->tty_files)) {
2227 struct tty_file_private *file_priv;
2228
2229
2230
2231
2232
2233
2234 file_priv = list_first_entry(&tty->tty_files,
2235 struct tty_file_private, list);
2236 file = file_priv->file;
2237 if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))
2238 drop_tty = 1;
2239 }
2240 spin_unlock(&tty_files_lock);
2241 tty_kref_put(tty);
2242 }
2243
2244 if (drop_tty)
2245 no_tty();
2246
2247
2248 n = iterate_fd(files, 0, match_file, cred);
2249 if (!n)
2250 return;
2251
2252 devnull = dentry_open(&selinux_null, O_RDWR, cred);
2253 if (IS_ERR(devnull))
2254 devnull = NULL;
2255
2256 do {
2257 replace_fd(n - 1, devnull, 0);
2258 } while ((n = iterate_fd(files, n, match_file, cred)) != 0);
2259 if (devnull)
2260 fput(devnull);
2261}
2262
2263
2264
2265
2266static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2267{
2268 struct task_security_struct *new_tsec;
2269 struct rlimit *rlim, *initrlim;
2270 int rc, i;
2271
2272 new_tsec = bprm->cred->security;
2273 if (new_tsec->sid == new_tsec->osid)
2274 return;
2275
2276
2277 flush_unauthorized_files(bprm->cred, current->files);
2278
2279
2280 current->pdeath_signal = 0;
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2293 PROCESS__RLIMITINH, NULL);
2294 if (rc) {
2295
2296 task_lock(current);
2297 for (i = 0; i < RLIM_NLIMITS; i++) {
2298 rlim = current->signal->rlim + i;
2299 initrlim = init_task.signal->rlim + i;
2300 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2301 }
2302 task_unlock(current);
2303 update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
2304 }
2305}
2306
2307
2308
2309
2310
2311static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2312{
2313 const struct task_security_struct *tsec = current_security();
2314 struct itimerval itimer;
2315 u32 osid, sid;
2316 int rc, i;
2317
2318 osid = tsec->osid;
2319 sid = tsec->sid;
2320
2321 if (sid == osid)
2322 return;
2323
2324
2325
2326
2327
2328
2329
2330
2331 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2332 if (rc) {
2333 memset(&itimer, 0, sizeof itimer);
2334 for (i = 0; i < 3; i++)
2335 do_setitimer(i, &itimer, NULL);
2336 spin_lock_irq(¤t->sighand->siglock);
2337 if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) {
2338 __flush_signals(current);
2339 flush_signal_handlers(current, 1);
2340 sigemptyset(¤t->blocked);
2341 }
2342 spin_unlock_irq(¤t->sighand->siglock);
2343 }
2344
2345
2346
2347 read_lock(&tasklist_lock);
2348 __wake_up_parent(current, current->real_parent);
2349 read_unlock(&tasklist_lock);
2350}
2351
2352
2353
2354static int selinux_sb_alloc_security(struct super_block *sb)
2355{
2356 return superblock_alloc_security(sb);
2357}
2358
2359static void selinux_sb_free_security(struct super_block *sb)
2360{
2361 superblock_free_security(sb);
2362}
2363
2364static inline int match_prefix(char *prefix, int plen, char *option, int olen)
2365{
2366 if (plen > olen)
2367 return 0;
2368
2369 return !memcmp(prefix, option, plen);
2370}
2371
2372static inline int selinux_option(char *option, int len)
2373{
2374 return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) ||
2375 match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) ||
2376 match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) ||
2377 match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) ||
2378 match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len));
2379}
2380
2381static inline void take_option(char **to, char *from, int *first, int len)
2382{
2383 if (!*first) {
2384 **to = ',';
2385 *to += 1;
2386 } else
2387 *first = 0;
2388 memcpy(*to, from, len);
2389 *to += len;
2390}
2391
2392static inline void take_selinux_option(char **to, char *from, int *first,
2393 int len)
2394{
2395 int current_size = 0;
2396
2397 if (!*first) {
2398 **to = '|';
2399 *to += 1;
2400 } else
2401 *first = 0;
2402
2403 while (current_size < len) {
2404 if (*from != '"') {
2405 **to = *from;
2406 *to += 1;
2407 }
2408 from += 1;
2409 current_size += 1;
2410 }
2411}
2412
2413static int selinux_sb_copy_data(char *orig, char *copy)
2414{
2415 int fnosec, fsec, rc = 0;
2416 char *in_save, *in_curr, *in_end;
2417 char *sec_curr, *nosec_save, *nosec;
2418 int open_quote = 0;
2419
2420 in_curr = orig;
2421 sec_curr = copy;
2422
2423 nosec = (char *)get_zeroed_page(GFP_KERNEL);
2424 if (!nosec) {
2425 rc = -ENOMEM;
2426 goto out;
2427 }
2428
2429 nosec_save = nosec;
2430 fnosec = fsec = 1;
2431 in_save = in_end = orig;
2432
2433 do {
2434 if (*in_end == '"')
2435 open_quote = !open_quote;
2436 if ((*in_end == ',' && open_quote == 0) ||
2437 *in_end == '\0') {
2438 int len = in_end - in_curr;
2439
2440 if (selinux_option(in_curr, len))
2441 take_selinux_option(&sec_curr, in_curr, &fsec, len);
2442 else
2443 take_option(&nosec, in_curr, &fnosec, len);
2444
2445 in_curr = in_end + 1;
2446 }
2447 } while (*in_end++);
2448
2449 strcpy(in_save, nosec_save);
2450 free_page((unsigned long)nosec_save);
2451out:
2452 return rc;
2453}
2454
2455static int selinux_sb_remount(struct super_block *sb, void *data)
2456{
2457 int rc, i, *flags;
2458 struct security_mnt_opts opts;
2459 char *secdata, **mount_options;
2460 struct superblock_security_struct *sbsec = sb->s_security;
2461
2462 if (!(sbsec->flags & SE_SBINITIALIZED))
2463 return 0;
2464
2465 if (!data)
2466 return 0;
2467
2468 if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
2469 return 0;
2470
2471 security_init_mnt_opts(&opts);
2472 secdata = alloc_secdata();
2473 if (!secdata)
2474 return -ENOMEM;
2475 rc = selinux_sb_copy_data(data, secdata);
2476 if (rc)
2477 goto out_free_secdata;
2478
2479 rc = selinux_parse_opts_str(secdata, &opts);
2480 if (rc)
2481 goto out_free_secdata;
2482
2483 mount_options = opts.mnt_opts;
2484 flags = opts.mnt_opts_flags;
2485
2486 for (i = 0; i < opts.num_mnt_opts; i++) {
2487 u32 sid;
2488 size_t len;
2489
2490 if (flags[i] == SBLABEL_MNT)
2491 continue;
2492 len = strlen(mount_options[i]);
2493 rc = security_context_to_sid(mount_options[i], len, &sid);
2494 if (rc) {
2495 printk(KERN_WARNING "SELinux: security_context_to_sid"
2496 "(%s) failed for (dev %s, type %s) errno=%d\n",
2497 mount_options[i], sb->s_id, sb->s_type->name, rc);
2498 goto out_free_opts;
2499 }
2500 rc = -EINVAL;
2501 switch (flags[i]) {
2502 case FSCONTEXT_MNT:
2503 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
2504 goto out_bad_option;
2505 break;
2506 case CONTEXT_MNT:
2507 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
2508 goto out_bad_option;
2509 break;
2510 case ROOTCONTEXT_MNT: {
2511 struct inode_security_struct *root_isec;
2512 root_isec = sb->s_root->d_inode->i_security;
2513
2514 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
2515 goto out_bad_option;
2516 break;
2517 }
2518 case DEFCONTEXT_MNT:
2519 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
2520 goto out_bad_option;
2521 break;
2522 default:
2523 goto out_free_opts;
2524 }
2525 }
2526
2527 rc = 0;
2528out_free_opts:
2529 security_free_mnt_opts(&opts);
2530out_free_secdata:
2531 free_secdata(secdata);
2532 return rc;
2533out_bad_option:
2534 printk(KERN_WARNING "SELinux: unable to change security options "
2535 "during remount (dev %s, type=%s)\n", sb->s_id,
2536 sb->s_type->name);
2537 goto out_free_opts;
2538}
2539
2540static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2541{
2542 const struct cred *cred = current_cred();
2543 struct common_audit_data ad;
2544 int rc;
2545
2546 rc = superblock_doinit(sb, data);
2547 if (rc)
2548 return rc;
2549
2550
2551 if (flags & MS_KERNMOUNT)
2552 return 0;
2553
2554 ad.type = LSM_AUDIT_DATA_DENTRY;
2555 ad.u.dentry = sb->s_root;
2556 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2557}
2558
2559static int selinux_sb_statfs(struct dentry *dentry)
2560{
2561 const struct cred *cred = current_cred();
2562 struct common_audit_data ad;
2563
2564 ad.type = LSM_AUDIT_DATA_DENTRY;
2565 ad.u.dentry = dentry->d_sb->s_root;
2566 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2567}
2568
2569static int selinux_mount(const char *dev_name,
2570 struct path *path,
2571 const char *type,
2572 unsigned long flags,
2573 void *data)
2574{
2575 const struct cred *cred = current_cred();
2576
2577 if (flags & MS_REMOUNT)
2578 return superblock_has_perm(cred, path->dentry->d_sb,
2579 FILESYSTEM__REMOUNT, NULL);
2580 else
2581 return path_has_perm(cred, path, FILE__MOUNTON);
2582}
2583
2584static int selinux_umount(struct vfsmount *mnt, int flags)
2585{
2586 const struct cred *cred = current_cred();
2587
2588 return superblock_has_perm(cred, mnt->mnt_sb,
2589 FILESYSTEM__UNMOUNT, NULL);
2590}
2591
2592
2593
2594static int selinux_inode_alloc_security(struct inode *inode)
2595{
2596 return inode_alloc_security(inode);
2597}
2598
2599static void selinux_inode_free_security(struct inode *inode)
2600{
2601 inode_free_security(inode);
2602}
2603
2604static int selinux_dentry_init_security(struct dentry *dentry, int mode,
2605 struct qstr *name, void **ctx,
2606 u32 *ctxlen)
2607{
2608 const struct cred *cred = current_cred();
2609 struct task_security_struct *tsec;
2610 struct inode_security_struct *dsec;
2611 struct superblock_security_struct *sbsec;
2612 struct inode *dir = dentry->d_parent->d_inode;
2613 u32 newsid;
2614 int rc;
2615
2616 tsec = cred->security;
2617 dsec = dir->i_security;
2618 sbsec = dir->i_sb->s_security;
2619
2620 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
2621 newsid = tsec->create_sid;
2622 } else {
2623 rc = security_transition_sid(tsec->sid, dsec->sid,
2624 inode_mode_to_security_class(mode),
2625 name,
2626 &newsid);
2627 if (rc) {
2628 printk(KERN_WARNING
2629 "%s: security_transition_sid failed, rc=%d\n",
2630 __func__, -rc);
2631 return rc;
2632 }
2633 }
2634
2635 return security_sid_to_context(newsid, (char **)ctx, ctxlen);
2636}
2637
2638static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2639 const struct qstr *qstr,
2640 const char **name,
2641 void **value, size_t *len)
2642{
2643 const struct task_security_struct *tsec = current_security();
2644 struct inode_security_struct *dsec;
2645 struct superblock_security_struct *sbsec;
2646 u32 sid, newsid, clen;
2647 int rc;
2648 char *context;
2649
2650 dsec = dir->i_security;
2651 sbsec = dir->i_sb->s_security;
2652
2653 sid = tsec->sid;
2654 newsid = tsec->create_sid;
2655
2656 if ((sbsec->flags & SE_SBINITIALIZED) &&
2657 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT))
2658 newsid = sbsec->mntpoint_sid;
2659 else if (!newsid || !(sbsec->flags & SBLABEL_MNT)) {
2660 rc = security_transition_sid(sid, dsec->sid,
2661 inode_mode_to_security_class(inode->i_mode),
2662 qstr, &newsid);
2663 if (rc) {
2664 printk(KERN_WARNING "%s: "
2665 "security_transition_sid failed, rc=%d (dev=%s "
2666 "ino=%ld)\n",
2667 __func__,
2668 -rc, inode->i_sb->s_id, inode->i_ino);
2669 return rc;
2670 }
2671 }
2672
2673
2674 if (sbsec->flags & SE_SBINITIALIZED) {
2675 struct inode_security_struct *isec = inode->i_security;
2676 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2677 isec->sid = newsid;
2678 isec->initialized = 1;
2679 }
2680
2681 if (!ss_initialized || !(sbsec->flags & SBLABEL_MNT))
2682 return -EOPNOTSUPP;
2683
2684 if (name)
2685 *name = XATTR_SELINUX_SUFFIX;
2686
2687 if (value && len) {
2688 rc = security_sid_to_context_force(newsid, &context, &clen);
2689 if (rc)
2690 return rc;
2691 *value = context;
2692 *len = clen;
2693 }
2694
2695 return 0;
2696}
2697
2698static int selinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
2699{
2700 return may_create(dir, dentry, SECCLASS_FILE);
2701}
2702
2703static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2704{
2705 return may_link(dir, old_dentry, MAY_LINK);
2706}
2707
2708static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2709{
2710 return may_link(dir, dentry, MAY_UNLINK);
2711}
2712
2713static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2714{
2715 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2716}
2717
2718static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask)
2719{
2720 return may_create(dir, dentry, SECCLASS_DIR);
2721}
2722
2723static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2724{
2725 return may_link(dir, dentry, MAY_RMDIR);
2726}
2727
2728static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
2729{
2730 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2731}
2732
2733static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2734 struct inode *new_inode, struct dentry *new_dentry)
2735{
2736 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2737}
2738
2739static int selinux_inode_readlink(struct dentry *dentry)
2740{
2741 const struct cred *cred = current_cred();
2742
2743 return dentry_has_perm(cred, dentry, FILE__READ);
2744}
2745
2746static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
2747{
2748 const struct cred *cred = current_cred();
2749
2750 return dentry_has_perm(cred, dentry, FILE__READ);
2751}
2752
2753static noinline int audit_inode_permission(struct inode *inode,
2754 u32 perms, u32 audited, u32 denied,
2755 unsigned flags)
2756{
2757 struct common_audit_data ad;
2758 struct inode_security_struct *isec = inode->i_security;
2759 int rc;
2760
2761 ad.type = LSM_AUDIT_DATA_INODE;
2762 ad.u.inode = inode;
2763
2764 rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms,
2765 audited, denied, &ad, flags);
2766 if (rc)
2767 return rc;
2768 return 0;
2769}
2770
2771static int selinux_inode_permission(struct inode *inode, int mask)
2772{
2773 const struct cred *cred = current_cred();
2774 u32 perms;
2775 bool from_access;
2776 unsigned flags = mask & MAY_NOT_BLOCK;
2777 struct inode_security_struct *isec;
2778 u32 sid;
2779 struct av_decision avd;
2780 int rc, rc2;
2781 u32 audited, denied;
2782
2783 from_access = mask & MAY_ACCESS;
2784 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
2785
2786
2787 if (!mask)
2788 return 0;
2789
2790 validate_creds(cred);
2791
2792 if (unlikely(IS_PRIVATE(inode)))
2793 return 0;
2794
2795 perms = file_mask_to_av(inode->i_mode, mask);
2796
2797 sid = cred_sid(cred);
2798 isec = inode->i_security;
2799
2800 rc = avc_has_perm_noaudit(sid, isec->sid, isec->sclass, perms, 0, &avd);
2801 audited = avc_audit_required(perms, &avd, rc,
2802 from_access ? FILE__AUDIT_ACCESS : 0,
2803 &denied);
2804 if (likely(!audited))
2805 return rc;
2806
2807 rc2 = audit_inode_permission(inode, perms, audited, denied, flags);
2808 if (rc2)
2809 return rc2;
2810 return rc;
2811}
2812
2813static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2814{
2815 const struct cred *cred = current_cred();
2816 unsigned int ia_valid = iattr->ia_valid;
2817 __u32 av = FILE__WRITE;
2818
2819
2820 if (ia_valid & ATTR_FORCE) {
2821 ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE |
2822 ATTR_FORCE);
2823 if (!ia_valid)
2824 return 0;
2825 }
2826
2827 if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
2828 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
2829 return dentry_has_perm(cred, dentry, FILE__SETATTR);
2830
2831 if (selinux_policycap_openperm && (ia_valid & ATTR_SIZE))
2832 av |= FILE__OPEN;
2833
2834 return dentry_has_perm(cred, dentry, av);
2835}
2836
2837static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
2838{
2839 const struct cred *cred = current_cred();
2840 struct path path;
2841
2842 path.dentry = dentry;
2843 path.mnt = mnt;
2844
2845 return path_has_perm(cred, &path, FILE__GETATTR);
2846}
2847
2848static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
2849{
2850 const struct cred *cred = current_cred();
2851
2852 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2853 sizeof XATTR_SECURITY_PREFIX - 1)) {
2854 if (!strcmp(name, XATTR_NAME_CAPS)) {
2855 if (!capable(CAP_SETFCAP))
2856 return -EPERM;
2857 } else if (!capable(CAP_SYS_ADMIN)) {
2858
2859
2860 return -EPERM;
2861 }
2862 }
2863
2864
2865
2866 return dentry_has_perm(cred, dentry, FILE__SETATTR);
2867}
2868
2869static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2870 const void *value, size_t size, int flags)
2871{
2872 struct inode *inode = dentry->d_inode;
2873 struct inode_security_struct *isec = inode->i_security;
2874 struct superblock_security_struct *sbsec;
2875 struct common_audit_data ad;
2876 u32 newsid, sid = current_sid();
2877 int rc = 0;
2878
2879 if (strcmp(name, XATTR_NAME_SELINUX))
2880 return selinux_inode_setotherxattr(dentry, name);
2881
2882 sbsec = inode->i_sb->s_security;
2883 if (!(sbsec->flags & SBLABEL_MNT))
2884 return -EOPNOTSUPP;
2885
2886 if (!inode_owner_or_capable(inode))
2887 return -EPERM;
2888
2889 ad.type = LSM_AUDIT_DATA_DENTRY;
2890 ad.u.dentry = dentry;
2891
2892 rc = avc_has_perm(sid, isec->sid, isec->sclass,
2893 FILE__RELABELFROM, &ad);
2894 if (rc)
2895 return rc;
2896
2897 rc = security_context_to_sid(value, size, &newsid);
2898 if (rc == -EINVAL) {
2899 if (!capable(CAP_MAC_ADMIN)) {
2900 struct audit_buffer *ab;
2901 size_t audit_size;
2902 const char *str;
2903
2904
2905
2906 if (value) {
2907 str = value;
2908 if (str[size - 1] == '\0')
2909 audit_size = size - 1;
2910 else
2911 audit_size = size;
2912 } else {
2913 str = "";
2914 audit_size = 0;
2915 }
2916 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
2917 audit_log_format(ab, "op=setxattr invalid_context=");
2918 audit_log_n_untrustedstring(ab, value, audit_size);
2919 audit_log_end(ab);
2920
2921 return rc;
2922 }
2923 rc = security_context_to_sid_force(value, size, &newsid);
2924 }
2925 if (rc)
2926 return rc;
2927
2928 rc = avc_has_perm(sid, newsid, isec->sclass,
2929 FILE__RELABELTO, &ad);
2930 if (rc)
2931 return rc;
2932
2933 rc = security_validate_transition(isec->sid, newsid, sid,
2934 isec->sclass);
2935 if (rc)
2936 return rc;
2937
2938 return avc_has_perm(newsid,
2939 sbsec->sid,
2940 SECCLASS_FILESYSTEM,
2941 FILESYSTEM__ASSOCIATE,
2942 &ad);
2943}
2944
2945static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
2946 const void *value, size_t size,
2947 int flags)
2948{
2949 struct inode *inode = dentry->d_inode;
2950 struct inode_security_struct *isec = inode->i_security;
2951 u32 newsid;
2952 int rc;
2953
2954 if (strcmp(name, XATTR_NAME_SELINUX)) {
2955
2956 return;
2957 }
2958
2959 rc = security_context_to_sid_force(value, size, &newsid);
2960 if (rc) {
2961 printk(KERN_ERR "SELinux: unable to map context to SID"
2962 "for (%s, %lu), rc=%d\n",
2963 inode->i_sb->s_id, inode->i_ino, -rc);
2964 return;
2965 }
2966
2967 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2968 isec->sid = newsid;
2969 isec->initialized = 1;
2970
2971 return;
2972}
2973
2974static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
2975{
2976 const struct cred *cred = current_cred();
2977
2978 return dentry_has_perm(cred, dentry, FILE__GETATTR);
2979}
2980
2981static int selinux_inode_listxattr(struct dentry *dentry)
2982{
2983 const struct cred *cred = current_cred();
2984
2985 return dentry_has_perm(cred, dentry, FILE__GETATTR);
2986}
2987
2988static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
2989{
2990 if (strcmp(name, XATTR_NAME_SELINUX))
2991 return selinux_inode_setotherxattr(dentry, name);
2992
2993
2994
2995 return -EACCES;
2996}
2997
2998
2999
3000
3001
3002
3003static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
3004{
3005 u32 size;
3006 int error;
3007 char *context = NULL;
3008 struct inode_security_struct *isec = inode->i_security;
3009
3010 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3011 return -EOPNOTSUPP;
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022 error = selinux_capable(current_cred(), &init_user_ns, CAP_MAC_ADMIN,
3023 SECURITY_CAP_NOAUDIT);
3024 if (!error)
3025 error = security_sid_to_context_force(isec->sid, &context,
3026 &size);
3027 else
3028 error = security_sid_to_context(isec->sid, &context, &size);
3029 if (error)
3030 return error;
3031 error = size;
3032 if (alloc) {
3033 *buffer = context;
3034 goto out_nofree;
3035 }
3036 kfree(context);
3037out_nofree:
3038 return error;
3039}
3040
3041static int selinux_inode_setsecurity(struct inode *inode, const char *name,
3042 const void *value, size_t size, int flags)
3043{
3044 struct inode_security_struct *isec = inode->i_security;
3045 u32 newsid;
3046 int rc;
3047
3048 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3049 return -EOPNOTSUPP;
3050
3051 if (!value || !size)
3052 return -EACCES;
3053
3054 rc = security_context_to_sid((void *)value, size, &newsid);
3055 if (rc)
3056 return rc;
3057
3058 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3059 isec->sid = newsid;
3060 isec->initialized = 1;
3061 return 0;
3062}
3063
3064static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
3065{
3066 const int len = sizeof(XATTR_NAME_SELINUX);
3067 if (buffer && len <= buffer_size)
3068 memcpy(buffer, XATTR_NAME_SELINUX, len);
3069 return len;
3070}
3071
3072static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
3073{
3074 struct inode_security_struct *isec = inode->i_security;
3075 *secid = isec->sid;
3076}
3077
3078
3079
3080static int selinux_revalidate_file_permission(struct file *file, int mask)
3081{
3082 const struct cred *cred = current_cred();
3083 struct inode *inode = file_inode(file);
3084
3085
3086 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
3087 mask |= MAY_APPEND;
3088
3089 return file_has_perm(cred, file,
3090 file_mask_to_av(inode->i_mode, mask));
3091}
3092
3093static int selinux_file_permission(struct file *file, int mask)
3094{
3095 struct inode *inode = file_inode(file);
3096 struct file_security_struct *fsec = file->f_security;
3097 struct inode_security_struct *isec = inode->i_security;
3098 u32 sid = current_sid();
3099
3100 if (!mask)
3101
3102 return 0;
3103
3104 if (sid == fsec->sid && fsec->isid == isec->sid &&
3105 fsec->pseqno == avc_policy_seqno())
3106
3107 return 0;
3108
3109 return selinux_revalidate_file_permission(file, mask);
3110}
3111
3112static int selinux_file_alloc_security(struct file *file)
3113{
3114 return file_alloc_security(file);
3115}
3116
3117static void selinux_file_free_security(struct file *file)
3118{
3119 file_free_security(file);
3120}
3121
3122static int selinux_file_ioctl(struct file *file, unsigned int cmd,
3123 unsigned long arg)
3124{
3125 const struct cred *cred = current_cred();
3126 int error = 0;
3127
3128 switch (cmd) {
3129 case FIONREAD:
3130
3131 case FIBMAP:
3132
3133 case FIGETBSZ:
3134
3135 case FS_IOC_GETFLAGS:
3136
3137 case FS_IOC_GETVERSION:
3138 error = file_has_perm(cred, file, FILE__GETATTR);
3139 break;
3140
3141 case FS_IOC_SETFLAGS:
3142
3143 case FS_IOC_SETVERSION:
3144 error = file_has_perm(cred, file, FILE__SETATTR);
3145 break;
3146
3147
3148 case FIONBIO:
3149
3150 case FIOASYNC:
3151 error = file_has_perm(cred, file, 0);
3152 break;
3153
3154 case KDSKBENT:
3155 case KDSKBSENT:
3156 error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG,
3157 SECURITY_CAP_AUDIT);
3158 break;
3159
3160
3161
3162
3163 default:
3164 error = file_has_perm(cred, file, FILE__IOCTL);
3165 }
3166 return error;
3167}
3168
3169static int default_noexec;
3170
3171static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
3172{
3173 const struct cred *cred = current_cred();
3174 int rc = 0;
3175
3176 if (default_noexec &&
3177 (prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
3178
3179
3180
3181
3182
3183 rc = cred_has_perm(cred, cred, PROCESS__EXECMEM);
3184 if (rc)
3185 goto error;
3186 }
3187
3188 if (file) {
3189
3190 u32 av = FILE__READ;
3191
3192
3193 if (shared && (prot & PROT_WRITE))
3194 av |= FILE__WRITE;
3195
3196 if (prot & PROT_EXEC)
3197 av |= FILE__EXECUTE;
3198
3199 return file_has_perm(cred, file, av);
3200 }
3201
3202error:
3203 return rc;
3204}
3205
3206static int selinux_mmap_addr(unsigned long addr)
3207{
3208 int rc = 0;
3209 u32 sid = current_sid();
3210
3211
3212
3213
3214
3215
3216
3217 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
3218 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
3219 MEMPROTECT__MMAP_ZERO, NULL);
3220 if (rc)
3221 return rc;
3222 }
3223
3224
3225 return cap_mmap_addr(addr);
3226}
3227
3228static int selinux_mmap_file(struct file *file, unsigned long reqprot,
3229 unsigned long prot, unsigned long flags)
3230{
3231 if (selinux_checkreqprot)
3232 prot = reqprot;
3233
3234 return file_map_prot_check(file, prot,
3235 (flags & MAP_TYPE) == MAP_SHARED);
3236}
3237
3238static int selinux_file_mprotect(struct vm_area_struct *vma,
3239 unsigned long reqprot,
3240 unsigned long prot)
3241{
3242 const struct cred *cred = current_cred();
3243
3244 if (selinux_checkreqprot)
3245 prot = reqprot;
3246
3247 if (default_noexec &&
3248 (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3249 int rc = 0;
3250 if (vma->vm_start >= vma->vm_mm->start_brk &&
3251 vma->vm_end <= vma->vm_mm->brk) {
3252 rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP);
3253 } else if (!vma->vm_file &&
3254 vma->vm_start <= vma->vm_mm->start_stack &&
3255 vma->vm_end >= vma->vm_mm->start_stack) {
3256 rc = current_has_perm(current, PROCESS__EXECSTACK);
3257 } else if (vma->vm_file && vma->anon_vma) {
3258
3259
3260
3261
3262
3263
3264
3265 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3266 }
3267 if (rc)
3268 return rc;
3269 }
3270
3271 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3272}
3273
3274static int selinux_file_lock(struct file *file, unsigned int cmd)
3275{
3276 const struct cred *cred = current_cred();
3277
3278 return file_has_perm(cred, file, FILE__LOCK);
3279}
3280
3281static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3282 unsigned long arg)
3283{
3284 const struct cred *cred = current_cred();
3285 int err = 0;
3286
3287 switch (cmd) {
3288 case F_SETFL:
3289 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3290 err = file_has_perm(cred, file, FILE__WRITE);
3291 break;
3292 }
3293
3294 case F_SETOWN:
3295 case F_SETSIG:
3296 case F_GETFL:
3297 case F_GETOWN:
3298 case F_GETSIG:
3299 case F_GETOWNER_UIDS:
3300
3301 err = file_has_perm(cred, file, 0);
3302 break;
3303 case F_GETLK:
3304 case F_SETLK:
3305 case F_SETLKW:
3306#if BITS_PER_LONG == 32
3307 case F_GETLK64:
3308 case F_SETLK64:
3309 case F_SETLKW64:
3310#endif
3311 err = file_has_perm(cred, file, FILE__LOCK);
3312 break;
3313 }
3314
3315 return err;
3316}
3317
3318static int selinux_file_set_fowner(struct file *file)
3319{
3320 struct file_security_struct *fsec;
3321
3322 fsec = file->f_security;
3323 fsec->fown_sid = current_sid();
3324
3325 return 0;
3326}
3327
3328static int selinux_file_send_sigiotask(struct task_struct *tsk,
3329 struct fown_struct *fown, int signum)
3330{
3331 struct file *file;
3332 u32 sid = task_sid(tsk);
3333 u32 perm;
3334 struct file_security_struct *fsec;
3335
3336
3337 file = container_of(fown, struct file, f_owner);
3338
3339 fsec = file->f_security;
3340
3341 if (!signum)
3342 perm = signal_to_av(SIGIO);
3343 else
3344 perm = signal_to_av(signum);
3345
3346 return avc_has_perm(fsec->fown_sid, sid,
3347 SECCLASS_PROCESS, perm, NULL);
3348}
3349
3350static int selinux_file_receive(struct file *file)
3351{
3352 const struct cred *cred = current_cred();
3353
3354 return file_has_perm(cred, file, file_to_av(file));
3355}
3356
3357static int selinux_file_open(struct file *file, const struct cred *cred)
3358{
3359 struct file_security_struct *fsec;
3360 struct inode_security_struct *isec;
3361
3362 fsec = file->f_security;
3363 isec = file_inode(file)->i_security;
3364
3365
3366
3367
3368
3369
3370
3371 fsec->isid = isec->sid;
3372 fsec->pseqno = avc_policy_seqno();
3373
3374
3375
3376
3377
3378
3379
3380
3381 return file_path_has_perm(cred, file, open_file_to_av(file));
3382}
3383
3384
3385
3386static int selinux_task_create(unsigned long clone_flags)
3387{
3388 return current_has_perm(current, PROCESS__FORK);
3389}
3390
3391
3392
3393
3394static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp)
3395{
3396 struct task_security_struct *tsec;
3397
3398 tsec = kzalloc(sizeof(struct task_security_struct), gfp);
3399 if (!tsec)
3400 return -ENOMEM;
3401
3402 cred->security = tsec;
3403 return 0;
3404}
3405
3406
3407
3408
3409static void selinux_cred_free(struct cred *cred)
3410{
3411 struct task_security_struct *tsec = cred->security;
3412
3413
3414
3415
3416
3417 BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE);
3418 cred->security = (void *) 0x7UL;
3419 kfree(tsec);
3420}
3421
3422
3423
3424
3425static int selinux_cred_prepare(struct cred *new, const struct cred *old,
3426 gfp_t gfp)
3427{
3428 const struct task_security_struct *old_tsec;
3429 struct task_security_struct *tsec;
3430
3431 old_tsec = old->security;
3432
3433 tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp);
3434 if (!tsec)
3435 return -ENOMEM;
3436
3437 new->security = tsec;
3438 return 0;
3439}
3440
3441
3442
3443
3444static void selinux_cred_transfer(struct cred *new, const struct cred *old)
3445{
3446 const struct task_security_struct *old_tsec = old->security;
3447 struct task_security_struct *tsec = new->security;
3448
3449 *tsec = *old_tsec;
3450}
3451
3452
3453
3454
3455
3456static int selinux_kernel_act_as(struct cred *new, u32 secid)
3457{
3458 struct task_security_struct *tsec = new->security;
3459 u32 sid = current_sid();
3460 int ret;
3461
3462 ret = avc_has_perm(sid, secid,
3463 SECCLASS_KERNEL_SERVICE,
3464 KERNEL_SERVICE__USE_AS_OVERRIDE,
3465 NULL);
3466 if (ret == 0) {
3467 tsec->sid = secid;
3468 tsec->create_sid = 0;
3469 tsec->keycreate_sid = 0;
3470 tsec->sockcreate_sid = 0;
3471 }
3472 return ret;
3473}
3474
3475
3476
3477
3478
3479static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3480{
3481 struct inode_security_struct *isec = inode->i_security;
3482 struct task_security_struct *tsec = new->security;
3483 u32 sid = current_sid();
3484 int ret;
3485
3486 ret = avc_has_perm(sid, isec->sid,
3487 SECCLASS_KERNEL_SERVICE,
3488 KERNEL_SERVICE__CREATE_FILES_AS,
3489 NULL);
3490
3491 if (ret == 0)
3492 tsec->create_sid = isec->sid;
3493 return ret;
3494}
3495
3496static int selinux_kernel_module_request(char *kmod_name)
3497{
3498 u32 sid;
3499 struct common_audit_data ad;
3500
3501 sid = task_sid(current);
3502
3503 ad.type = LSM_AUDIT_DATA_KMOD;
3504 ad.u.kmod_name = kmod_name;
3505
3506 return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM,
3507 SYSTEM__MODULE_REQUEST, &ad);
3508}
3509
3510static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
3511{
3512 return current_has_perm(p, PROCESS__SETPGID);
3513}
3514
3515static int selinux_task_getpgid(struct task_struct *p)
3516{
3517 return current_has_perm(p, PROCESS__GETPGID);
3518}
3519
3520static int selinux_task_getsid(struct task_struct *p)
3521{
3522 return current_has_perm(p, PROCESS__GETSESSION);
3523}
3524
3525static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
3526{
3527 *secid = task_sid(p);
3528}
3529
3530static int selinux_task_setnice(struct task_struct *p, int nice)
3531{
3532 int rc;
3533
3534 rc = cap_task_setnice(p, nice);
3535 if (rc)
3536 return rc;
3537
3538 return current_has_perm(p, PROCESS__SETSCHED);
3539}
3540
3541static int selinux_task_setioprio(struct task_struct *p, int ioprio)
3542{
3543 int rc;
3544
3545 rc = cap_task_setioprio(p, ioprio);
3546 if (rc)
3547 return rc;
3548
3549 return current_has_perm(p, PROCESS__SETSCHED);
3550}
3551
3552static int selinux_task_getioprio(struct task_struct *p)
3553{
3554 return current_has_perm(p, PROCESS__GETSCHED);
3555}
3556
3557static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
3558 struct rlimit *new_rlim)
3559{
3560 struct rlimit *old_rlim = p->signal->rlim + resource;
3561
3562
3563
3564
3565
3566 if (old_rlim->rlim_max != new_rlim->rlim_max)
3567 return current_has_perm(p, PROCESS__SETRLIMIT);
3568
3569 return 0;
3570}
3571
3572static int selinux_task_setscheduler(struct task_struct *p)
3573{
3574 int rc;
3575
3576 rc = cap_task_setscheduler(p);
3577 if (rc)
3578 return rc;
3579
3580 return current_has_perm(p, PROCESS__SETSCHED);
3581}
3582
3583static int selinux_task_getscheduler(struct task_struct *p)
3584{
3585 return current_has_perm(p, PROCESS__GETSCHED);
3586}
3587
3588static int selinux_task_movememory(struct task_struct *p)
3589{
3590 return current_has_perm(p, PROCESS__SETSCHED);
3591}
3592
3593static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
3594 int sig, u32 secid)
3595{
3596 u32 perm;
3597 int rc;
3598
3599 if (!sig)
3600 perm = PROCESS__SIGNULL;
3601 else
3602 perm = signal_to_av(sig);
3603 if (secid)
3604 rc = avc_has_perm(secid, task_sid(p),
3605 SECCLASS_PROCESS, perm, NULL);
3606 else
3607 rc = current_has_perm(p, perm);
3608 return rc;
3609}
3610
3611static int selinux_task_wait(struct task_struct *p)
3612{
3613 return task_has_perm(p, current, PROCESS__SIGCHLD);
3614}
3615
3616static void selinux_task_to_inode(struct task_struct *p,
3617 struct inode *inode)
3618{
3619 struct inode_security_struct *isec = inode->i_security;
3620 u32 sid = task_sid(p);
3621
3622 isec->sid = sid;
3623 isec->initialized = 1;
3624}
3625
3626
3627static int selinux_parse_skb_ipv4(struct sk_buff *skb,
3628 struct common_audit_data *ad, u8 *proto)
3629{
3630 int offset, ihlen, ret = -EINVAL;
3631 struct iphdr _iph, *ih;
3632
3633 offset = skb_network_offset(skb);
3634 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
3635 if (ih == NULL)
3636 goto out;
3637
3638 ihlen = ih->ihl * 4;
3639 if (ihlen < sizeof(_iph))
3640 goto out;
3641
3642 ad->u.net->v4info.saddr = ih->saddr;
3643 ad->u.net->v4info.daddr = ih->daddr;
3644 ret = 0;
3645
3646 if (proto)
3647 *proto = ih->protocol;
3648
3649 switch (ih->protocol) {
3650 case IPPROTO_TCP: {
3651 struct tcphdr _tcph, *th;
3652
3653 if (ntohs(ih->frag_off) & IP_OFFSET)
3654 break;
3655
3656 offset += ihlen;
3657 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3658 if (th == NULL)
3659 break;
3660
3661 ad->u.net->sport = th->source;
3662 ad->u.net->dport = th->dest;
3663 break;
3664 }
3665
3666 case IPPROTO_UDP: {
3667 struct udphdr _udph, *uh;
3668
3669 if (ntohs(ih->frag_off) & IP_OFFSET)
3670 break;
3671
3672 offset += ihlen;
3673 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3674 if (uh == NULL)
3675 break;
3676
3677 ad->u.net->sport = uh->source;
3678 ad->u.net->dport = uh->dest;
3679 break;
3680 }
3681
3682 case IPPROTO_DCCP: {
3683 struct dccp_hdr _dccph, *dh;
3684
3685 if (ntohs(ih->frag_off) & IP_OFFSET)
3686 break;
3687
3688 offset += ihlen;
3689 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3690 if (dh == NULL)
3691 break;
3692
3693 ad->u.net->sport = dh->dccph_sport;
3694 ad->u.net->dport = dh->dccph_dport;
3695 break;
3696 }
3697
3698 default:
3699 break;
3700 }
3701out:
3702 return ret;
3703}
3704
3705#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3706
3707
3708static int selinux_parse_skb_ipv6(struct sk_buff *skb,
3709 struct common_audit_data *ad, u8 *proto)
3710{
3711 u8 nexthdr;
3712 int ret = -EINVAL, offset;
3713 struct ipv6hdr _ipv6h, *ip6;
3714 __be16 frag_off;
3715
3716 offset = skb_network_offset(skb);
3717 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3718 if (ip6 == NULL)
3719 goto out;
3720
3721 ad->u.net->v6info.saddr = ip6->saddr;
3722 ad->u.net->v6info.daddr = ip6->daddr;
3723 ret = 0;
3724
3725 nexthdr = ip6->nexthdr;
3726 offset += sizeof(_ipv6h);
3727 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3728 if (offset < 0)
3729 goto out;
3730
3731 if (proto)
3732 *proto = nexthdr;
3733
3734 switch (nexthdr) {
3735 case IPPROTO_TCP: {
3736 struct tcphdr _tcph, *th;
3737
3738 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3739 if (th == NULL)
3740 break;
3741
3742 ad->u.net->sport = th->source;
3743 ad->u.net->dport = th->dest;
3744 break;
3745 }
3746
3747 case IPPROTO_UDP: {
3748 struct udphdr _udph, *uh;
3749
3750 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3751 if (uh == NULL)
3752 break;
3753
3754 ad->u.net->sport = uh->source;
3755 ad->u.net->dport = uh->dest;
3756 break;
3757 }
3758
3759 case IPPROTO_DCCP: {
3760 struct dccp_hdr _dccph, *dh;
3761
3762 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3763 if (dh == NULL)
3764 break;
3765
3766 ad->u.net->sport = dh->dccph_sport;
3767 ad->u.net->dport = dh->dccph_dport;
3768 break;
3769 }
3770
3771
3772 default:
3773 break;
3774 }
3775out:
3776 return ret;
3777}
3778
3779#endif
3780
3781static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
3782 char **_addrp, int src, u8 *proto)
3783{
3784 char *addrp;
3785 int ret;
3786
3787 switch (ad->u.net->family) {
3788 case PF_INET:
3789 ret = selinux_parse_skb_ipv4(skb, ad, proto);
3790 if (ret)
3791 goto parse_error;
3792 addrp = (char *)(src ? &ad->u.net->v4info.saddr :
3793 &ad->u.net->v4info.daddr);
3794 goto okay;
3795
3796#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3797 case PF_INET6:
3798 ret = selinux_parse_skb_ipv6(skb, ad, proto);
3799 if (ret)
3800 goto parse_error;
3801 addrp = (char *)(src ? &ad->u.net->v6info.saddr :
3802 &ad->u.net->v6info.daddr);
3803 goto okay;
3804#endif
3805 default:
3806 addrp = NULL;
3807 goto okay;
3808 }
3809
3810parse_error:
3811 printk(KERN_WARNING
3812 "SELinux: failure in selinux_parse_skb(),"
3813 " unable to parse packet\n");
3814 return ret;
3815
3816okay:
3817 if (_addrp)
3818 *_addrp = addrp;
3819 return 0;
3820}
3821
3822
3823
3824
3825
3826
3827
3828
3829
3830
3831
3832
3833
3834
3835
3836
3837static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
3838{
3839 int err;
3840 u32 xfrm_sid;
3841 u32 nlbl_sid;
3842 u32 nlbl_type;
3843
3844 err = selinux_xfrm_skb_sid(skb, &xfrm_sid);
3845 if (unlikely(err))
3846 return -EACCES;
3847 err = selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
3848 if (unlikely(err))
3849 return -EACCES;
3850
3851 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
3852 if (unlikely(err)) {
3853 printk(KERN_WARNING
3854 "SELinux: failure in selinux_skb_peerlbl_sid(),"
3855 " unable to determine packet's peer label\n");
3856 return -EACCES;
3857 }
3858
3859 return 0;
3860}
3861
3862
3863
3864
3865
3866
3867
3868
3869
3870
3871
3872
3873
3874static int selinux_conn_sid(u32 sk_sid, u32 skb_sid, u32 *conn_sid)
3875{
3876 int err = 0;
3877
3878 if (skb_sid != SECSID_NULL)
3879 err = security_sid_mls_copy(sk_sid, skb_sid, conn_sid);
3880 else
3881 *conn_sid = sk_sid;
3882
3883 return err;
3884}
3885
3886
3887
3888static int socket_sockcreate_sid(const struct task_security_struct *tsec,
3889 u16 secclass, u32 *socksid)
3890{
3891 if (tsec->sockcreate_sid > SECSID_NULL) {
3892 *socksid = tsec->sockcreate_sid;
3893 return 0;
3894 }
3895
3896 return security_transition_sid(tsec->sid, tsec->sid, secclass, NULL,
3897 socksid);
3898}
3899
3900static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms)
3901{
3902 struct sk_security_struct *sksec = sk->sk_security;
3903 struct common_audit_data ad;
3904 struct lsm_network_audit net = {0,};
3905 u32 tsid = task_sid(task);
3906
3907 if (sksec->sid == SECINITSID_KERNEL)
3908 return 0;
3909
3910 ad.type = LSM_AUDIT_DATA_NET;
3911 ad.u.net = &net;
3912 ad.u.net->sk = sk;
3913
3914 return avc_has_perm(tsid, sksec->sid, sksec->sclass, perms, &ad);
3915}
3916
3917static int selinux_socket_create(int family, int type,
3918 int protocol, int kern)
3919{
3920 const struct task_security_struct *tsec = current_security();
3921 u32 newsid;
3922 u16 secclass;
3923 int rc;
3924
3925 if (kern)
3926 return 0;
3927
3928 secclass = socket_type_to_security_class(family, type, protocol);
3929 rc = socket_sockcreate_sid(tsec, secclass, &newsid);
3930 if (rc)
3931 return rc;
3932
3933 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
3934}
3935
3936static int selinux_socket_post_create(struct socket *sock, int family,
3937 int type, int protocol, int kern)
3938{
3939 const struct task_security_struct *tsec = current_security();
3940 struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;
3941 struct sk_security_struct *sksec;
3942 int err = 0;
3943
3944 isec->sclass = socket_type_to_security_class(family, type, protocol);
3945
3946 if (kern)
3947 isec->sid = SECINITSID_KERNEL;
3948 else {
3949 err = socket_sockcreate_sid(tsec, isec->sclass, &(isec->sid));
3950 if (err)
3951 return err;
3952 }
3953
3954 isec->initialized = 1;
3955
3956 if (sock->sk) {
3957 sksec = sock->sk->sk_security;
3958 sksec->sid = isec->sid;
3959 sksec->sclass = isec->sclass;
3960 err = selinux_netlbl_socket_post_create(sock->sk, family);
3961 }
3962
3963 return err;
3964}
3965
3966
3967
3968
3969
3970static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
3971{
3972 struct sock *sk = sock->sk;
3973 u16 family;
3974 int err;
3975
3976 err = sock_has_perm(current, sk, SOCKET__BIND);
3977 if (err)
3978 goto out;
3979
3980
3981
3982
3983
3984
3985 family = sk->sk_family;
3986 if (family == PF_INET || family == PF_INET6) {
3987 char *addrp;
3988 struct sk_security_struct *sksec = sk->sk_security;
3989 struct common_audit_data ad;
3990 struct lsm_network_audit net = {0,};
3991 struct sockaddr_in *addr4 = NULL;
3992 struct sockaddr_in6 *addr6 = NULL;
3993 unsigned short snum;
3994 u32 sid, node_perm;
3995
3996 if (family == PF_INET) {
3997 addr4 = (struct sockaddr_in *)address;
3998 snum = ntohs(addr4->sin_port);
3999 addrp = (char *)&addr4->sin_addr.s_addr;
4000 } else {
4001 addr6 = (struct sockaddr_in6 *)address;
4002 snum = ntohs(addr6->sin6_port);
4003 addrp = (char *)&addr6->sin6_addr.s6_addr;
4004 }
4005
4006 if (snum) {
4007 int low, high;
4008
4009 inet_get_local_port_range(sock_net(sk), &low, &high);
4010
4011 if (snum < max(PROT_SOCK, low) || snum > high) {
4012 err = sel_netport_sid(sk->sk_protocol,
4013 snum, &sid);
4014 if (err)
4015 goto out;
4016 ad.type = LSM_AUDIT_DATA_NET;
4017 ad.u.net = &net;
4018 ad.u.net->sport = htons(snum);
4019 ad.u.net->family = family;
4020 err = avc_has_perm(sksec->sid, sid,
4021 sksec->sclass,
4022 SOCKET__NAME_BIND, &ad);
4023 if (err)
4024 goto out;
4025 }
4026 }
4027
4028 switch (sksec->sclass) {
4029 case SECCLASS_TCP_SOCKET:
4030 node_perm = TCP_SOCKET__NODE_BIND;
4031 break;
4032
4033 case SECCLASS_UDP_SOCKET:
4034 node_perm = UDP_SOCKET__NODE_BIND;
4035 break;
4036
4037 case SECCLASS_DCCP_SOCKET:
4038 node_perm = DCCP_SOCKET__NODE_BIND;
4039 break;
4040
4041 default:
4042 node_perm = RAWIP_SOCKET__NODE_BIND;
4043 break;
4044 }
4045
4046 err = sel_netnode_sid(addrp, family, &sid);
4047 if (err)
4048 goto out;
4049
4050 ad.type = LSM_AUDIT_DATA_NET;
4051 ad.u.net = &net;
4052 ad.u.net->sport = htons(snum);
4053 ad.u.net->family = family;
4054
4055 if (family == PF_INET)
4056 ad.u.net->v4info.saddr = addr4->sin_addr.s_addr;
4057 else
4058 ad.u.net->v6info.saddr = addr6->sin6_addr;
4059
4060 err = avc_has_perm(sksec->sid, sid,
4061 sksec->sclass, node_perm, &ad);
4062 if (err)
4063 goto out;
4064 }
4065out:
4066 return err;
4067}
4068
4069static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
4070{
4071 struct sock *sk = sock->sk;
4072 struct sk_security_struct *sksec = sk->sk_security;
4073 int err;
4074
4075 err = sock_has_perm(current, sk, SOCKET__CONNECT);
4076 if (err)
4077 return err;
4078
4079
4080
4081
4082 if (sksec->sclass == SECCLASS_TCP_SOCKET ||
4083 sksec->sclass == SECCLASS_DCCP_SOCKET) {
4084 struct common_audit_data ad;
4085 struct lsm_network_audit net = {0,};
4086 struct sockaddr_in *addr4 = NULL;
4087 struct sockaddr_in6 *addr6 = NULL;
4088 unsigned short snum;
4089 u32 sid, perm;
4090
4091 if (sk->sk_family == PF_INET) {
4092 addr4 = (struct sockaddr_in *)address;
4093 if (addrlen < sizeof(struct sockaddr_in))
4094 return -EINVAL;
4095 snum = ntohs(addr4->sin_port);
4096 } else {
4097 addr6 = (struct sockaddr_in6 *)address;
4098 if (addrlen < SIN6_LEN_RFC2133)
4099 return -EINVAL;
4100 snum = ntohs(addr6->sin6_port);
4101 }
4102
4103 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
4104 if (err)
4105 goto out;
4106
4107 perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ?
4108 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
4109
4110 ad.type = LSM_AUDIT_DATA_NET;
4111 ad.u.net = &net;
4112 ad.u.net->dport = htons(snum);
4113 ad.u.net->family = sk->sk_family;
4114 err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad);
4115 if (err)
4116 goto out;
4117 }
4118
4119 err = selinux_netlbl_socket_connect(sk, address);
4120
4121out:
4122 return err;
4123}
4124
4125static int selinux_socket_listen(struct socket *sock, int backlog)
4126{
4127 return sock_has_perm(current, sock->sk, SOCKET__LISTEN);
4128}
4129
4130static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
4131{
4132 int err;
4133 struct inode_security_struct *isec;
4134 struct inode_security_struct *newisec;
4135
4136 err = sock_has_perm(current, sock->sk, SOCKET__ACCEPT);
4137 if (err)
4138 return err;
4139
4140 newisec = SOCK_INODE(newsock)->i_security;
4141
4142 isec = SOCK_INODE(sock)->i_security;
4143 newisec->sclass = isec->sclass;
4144 newisec->sid = isec->sid;
4145 newisec->initialized = 1;
4146
4147 return 0;
4148}
4149
4150static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
4151 int size)
4152{
4153 return sock_has_perm(current, sock->sk, SOCKET__WRITE);
4154}
4155
4156static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
4157 int size, int flags)
4158{
4159 return sock_has_perm(current, sock->sk, SOCKET__READ);
4160}
4161
4162static int selinux_socket_getsockname(struct socket *sock)
4163{
4164 return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
4165}
4166
4167static int selinux_socket_getpeername(struct socket *sock)
4168{
4169 return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
4170}
4171
4172static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
4173{
4174 int err;
4175
4176 err = sock_has_perm(current, sock->sk, SOCKET__SETOPT);
4177 if (err)
4178 return err;
4179
4180 return selinux_netlbl_socket_setsockopt(sock, level, optname);
4181}
4182
4183static int selinux_socket_getsockopt(struct socket *sock, int level,
4184 int optname)
4185{
4186 return sock_has_perm(current, sock->sk, SOCKET__GETOPT);
4187}
4188
4189static int selinux_socket_shutdown(struct socket *sock, int how)
4190{
4191 return sock_has_perm(current, sock->sk, SOCKET__SHUTDOWN);
4192}
4193
4194static int selinux_socket_unix_stream_connect(struct sock *sock,
4195 struct sock *other,
4196 struct sock *newsk)
4197{
4198 struct sk_security_struct *sksec_sock = sock->sk_security;
4199 struct sk_security_struct *sksec_other = other->sk_security;
4200 struct sk_security_struct *sksec_new = newsk->sk_security;
4201 struct common_audit_data ad;
4202 struct lsm_network_audit net = {0,};
4203 int err;
4204
4205 ad.type = LSM_AUDIT_DATA_NET;
4206 ad.u.net = &net;
4207 ad.u.net->sk = other;
4208
4209 err = avc_has_perm(sksec_sock->sid, sksec_other->sid,
4210 sksec_other->sclass,
4211 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
4212 if (err)
4213 return err;
4214
4215
4216 sksec_new->peer_sid = sksec_sock->sid;
4217 err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid,
4218 &sksec_new->sid);
4219 if (err)
4220 return err;
4221
4222
4223 sksec_sock->peer_sid = sksec_new->sid;
4224
4225 return 0;
4226}
4227
4228static int selinux_socket_unix_may_send(struct socket *sock,
4229 struct socket *other)
4230{
4231 struct sk_security_struct *ssec = sock->sk->sk_security;
4232 struct sk_security_struct *osec = other->sk->sk_security;
4233 struct common_audit_data ad;
4234 struct lsm_network_audit net = {0,};
4235
4236 ad.type = LSM_AUDIT_DATA_NET;
4237 ad.u.net = &net;
4238 ad.u.net->sk = other->sk;
4239
4240 return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
4241 &ad);
4242}
4243
4244static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family,
4245 u32 peer_sid,
4246 struct common_audit_data *ad)
4247{
4248 int err;
4249 u32 if_sid;
4250 u32 node_sid;
4251
4252 err = sel_netif_sid(ifindex, &if_sid);
4253 if (err)
4254 return err;
4255 err = avc_has_perm(peer_sid, if_sid,
4256 SECCLASS_NETIF, NETIF__INGRESS, ad);
4257 if (err)
4258 return err;
4259
4260 err = sel_netnode_sid(addrp, family, &node_sid);
4261 if (err)
4262 return err;
4263 return avc_has_perm(peer_sid, node_sid,
4264 SECCLASS_NODE, NODE__RECVFROM, ad);
4265}
4266
4267static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4268 u16 family)
4269{
4270 int err = 0;
4271 struct sk_security_struct *sksec = sk->sk_security;
4272 u32 sk_sid = sksec->sid;
4273 struct common_audit_data ad;
4274 struct lsm_network_audit net = {0,};
4275 char *addrp;
4276
4277 ad.type = LSM_AUDIT_DATA_NET;
4278 ad.u.net = &net;
4279 ad.u.net->netif = skb->skb_iif;
4280 ad.u.net->family = family;
4281 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4282 if (err)
4283 return err;
4284
4285 if (selinux_secmark_enabled()) {
4286 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4287 PACKET__RECV, &ad);
4288 if (err)
4289 return err;
4290 }
4291
4292 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
4293 if (err)
4294 return err;
4295 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
4296
4297 return err;
4298}
4299
4300static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4301{
4302 int err;
4303 struct sk_security_struct *sksec = sk->sk_security;
4304 u16 family = sk->sk_family;
4305 u32 sk_sid = sksec->sid;
4306 struct common_audit_data ad;
4307 struct lsm_network_audit net = {0,};
4308 char *addrp;
4309 u8 secmark_active;
4310 u8 peerlbl_active;
4311
4312 if (family != PF_INET && family != PF_INET6)
4313 return 0;
4314
4315
4316 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4317 family = PF_INET;
4318
4319
4320
4321
4322
4323 if (!selinux_policycap_netpeer)
4324 return selinux_sock_rcv_skb_compat(sk, skb, family);
4325
4326 secmark_active = selinux_secmark_enabled();
4327 peerlbl_active = selinux_peerlbl_enabled();
4328 if (!secmark_active && !peerlbl_active)
4329 return 0;
4330
4331 ad.type = LSM_AUDIT_DATA_NET;
4332 ad.u.net = &net;
4333 ad.u.net->netif = skb->skb_iif;
4334 ad.u.net->family = family;
4335 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4336 if (err)
4337 return err;
4338
4339 if (peerlbl_active) {
4340 u32 peer_sid;
4341
4342 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4343 if (err)
4344 return err;
4345 err = selinux_inet_sys_rcv_skb(skb->skb_iif, addrp, family,
4346 peer_sid, &ad);
4347 if (err) {
4348 selinux_netlbl_err(skb, err, 0);
4349 return err;
4350 }
4351 err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
4352 PEER__RECV, &ad);
4353 if (err) {
4354 selinux_netlbl_err(skb, err, 0);
4355 return err;
4356 }
4357 }
4358
4359 if (secmark_active) {
4360 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4361 PACKET__RECV, &ad);
4362 if (err)
4363 return err;
4364 }
4365
4366 return err;
4367}
4368
4369static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
4370 int __user *optlen, unsigned len)
4371{
4372 int err = 0;
4373 char *scontext;
4374 u32 scontext_len;
4375 struct sk_security_struct *sksec = sock->sk->sk_security;
4376 u32 peer_sid = SECSID_NULL;
4377
4378 if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
4379 sksec->sclass == SECCLASS_TCP_SOCKET)
4380 peer_sid = sksec->peer_sid;
4381 if (peer_sid == SECSID_NULL)
4382 return -ENOPROTOOPT;
4383
4384 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
4385 if (err)
4386 return err;
4387
4388 if (scontext_len > len) {
4389 err = -ERANGE;
4390 goto out_len;
4391 }
4392
4393 if (copy_to_user(optval, scontext, scontext_len))
4394 err = -EFAULT;
4395
4396out_len:
4397 if (put_user(scontext_len, optlen))
4398 err = -EFAULT;
4399 kfree(scontext);
4400 return err;
4401}
4402
4403static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
4404{
4405 u32 peer_secid = SECSID_NULL;
4406 u16 family;
4407
4408 if (skb && skb->protocol == htons(ETH_P_IP))
4409 family = PF_INET;
4410 else if (skb && skb->protocol == htons(ETH_P_IPV6))
4411 family = PF_INET6;
4412 else if (sock)
4413 family = sock->sk->sk_family;
4414 else
4415 goto out;
4416
4417 if (sock && family == PF_UNIX)
4418 selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
4419 else if (skb)
4420 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
4421
4422out:
4423 *secid = peer_secid;
4424 if (peer_secid == SECSID_NULL)
4425 return -EINVAL;
4426 return 0;
4427}
4428
4429static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
4430{
4431 struct sk_security_struct *sksec;
4432
4433 sksec = kzalloc(sizeof(*sksec), priority);
4434 if (!sksec)
4435 return -ENOMEM;
4436
4437 sksec->peer_sid = SECINITSID_UNLABELED;
4438 sksec->sid = SECINITSID_UNLABELED;
4439 selinux_netlbl_sk_security_reset(sksec);
4440 sk->sk_security = sksec;
4441
4442 return 0;
4443}
4444
4445static void selinux_sk_free_security(struct sock *sk)
4446{
4447 struct sk_security_struct *sksec = sk->sk_security;
4448
4449 sk->sk_security = NULL;
4450 selinux_netlbl_sk_security_free(sksec);
4451 kfree(sksec);
4452}
4453
4454static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
4455{
4456 struct sk_security_struct *sksec = sk->sk_security;
4457 struct sk_security_struct *newsksec = newsk->sk_security;
4458
4459 newsksec->sid = sksec->sid;
4460 newsksec->peer_sid = sksec->peer_sid;
4461 newsksec->sclass = sksec->sclass;
4462
4463 selinux_netlbl_sk_security_reset(newsksec);
4464}
4465
4466static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
4467{
4468 if (!sk)
4469 *secid = SECINITSID_ANY_SOCKET;
4470 else {
4471 struct sk_security_struct *sksec = sk->sk_security;
4472
4473 *secid = sksec->sid;
4474 }
4475}
4476
4477static void selinux_sock_graft(struct sock *sk, struct socket *parent)
4478{
4479 struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
4480 struct sk_security_struct *sksec = sk->sk_security;
4481
4482 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
4483 sk->sk_family == PF_UNIX)
4484 isec->sid = sksec->sid;
4485 sksec->sclass = isec->sclass;
4486}
4487
4488static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4489 struct request_sock *req)
4490{
4491 struct sk_security_struct *sksec = sk->sk_security;
4492 int err;
4493 u16 family = sk->sk_family;
4494 u32 connsid;
4495 u32 peersid;
4496
4497
4498 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4499 family = PF_INET;
4500
4501 err = selinux_skb_peerlbl_sid(skb, family, &peersid);
4502 if (err)
4503 return err;
4504 err = selinux_conn_sid(sksec->sid, peersid, &connsid);
4505 if (err)
4506 return err;
4507 req->secid = connsid;
4508 req->peer_secid = peersid;
4509
4510 return selinux_netlbl_inet_conn_request(req, family);
4511}
4512
4513static void selinux_inet_csk_clone(struct sock *newsk,
4514 const struct request_sock *req)
4515{
4516 struct sk_security_struct *newsksec = newsk->sk_security;
4517
4518 newsksec->sid = req->secid;
4519 newsksec->peer_sid = req->peer_secid;
4520
4521
4522
4523
4524
4525
4526
4527 selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
4528}
4529
4530static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
4531{
4532 u16 family = sk->sk_family;
4533 struct sk_security_struct *sksec = sk->sk_security;
4534
4535
4536 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4537 family = PF_INET;
4538
4539 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
4540}
4541
4542static void selinux_skb_owned_by(struct sk_buff *skb, struct sock *sk)
4543{
4544 skb_set_owner_w(skb, sk);
4545}
4546
4547static int selinux_secmark_relabel_packet(u32 sid)
4548{
4549 const struct task_security_struct *__tsec;
4550 u32 tsid;
4551
4552 __tsec = current_security();
4553 tsid = __tsec->sid;
4554
4555 return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL);
4556}
4557
4558static void selinux_secmark_refcount_inc(void)
4559{
4560 atomic_inc(&selinux_secmark_refcount);
4561}
4562
4563static void selinux_secmark_refcount_dec(void)
4564{
4565 atomic_dec(&selinux_secmark_refcount);
4566}
4567
4568static void selinux_req_classify_flow(const struct request_sock *req,
4569 struct flowi *fl)
4570{
4571 fl->flowi_secid = req->secid;
4572}
4573
4574static int selinux_tun_dev_alloc_security(void **security)
4575{
4576 struct tun_security_struct *tunsec;
4577
4578 tunsec = kzalloc(sizeof(*tunsec), GFP_KERNEL);
4579 if (!tunsec)
4580 return -ENOMEM;
4581 tunsec->sid = current_sid();
4582
4583 *security = tunsec;
4584 return 0;
4585}
4586
4587static void selinux_tun_dev_free_security(void *security)
4588{
4589 kfree(security);
4590}
4591
4592static int selinux_tun_dev_create(void)
4593{
4594 u32 sid = current_sid();
4595
4596
4597
4598
4599
4600
4601
4602
4603 return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
4604 NULL);
4605}
4606
4607static int selinux_tun_dev_attach_queue(void *security)
4608{
4609 struct tun_security_struct *tunsec = security;
4610
4611 return avc_has_perm(current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET,
4612 TUN_SOCKET__ATTACH_QUEUE, NULL);
4613}
4614
4615static int selinux_tun_dev_attach(struct sock *sk, void *security)
4616{
4617 struct tun_security_struct *tunsec = security;
4618 struct sk_security_struct *sksec = sk->sk_security;
4619
4620
4621
4622
4623
4624
4625
4626
4627 sksec->sid = tunsec->sid;
4628 sksec->sclass = SECCLASS_TUN_SOCKET;
4629
4630 return 0;
4631}
4632
4633static int selinux_tun_dev_open(void *security)
4634{
4635 struct tun_security_struct *tunsec = security;
4636 u32 sid = current_sid();
4637 int err;
4638
4639 err = avc_has_perm(sid, tunsec->sid, SECCLASS_TUN_SOCKET,
4640 TUN_SOCKET__RELABELFROM, NULL);
4641 if (err)
4642 return err;
4643 err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET,
4644 TUN_SOCKET__RELABELTO, NULL);
4645 if (err)
4646 return err;
4647 tunsec->sid = sid;
4648
4649 return 0;
4650}
4651
4652static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
4653{
4654 int err = 0;
4655 u32 perm;
4656 struct nlmsghdr *nlh;
4657 struct sk_security_struct *sksec = sk->sk_security;
4658
4659 if (skb->len < NLMSG_HDRLEN) {
4660 err = -EINVAL;
4661 goto out;
4662 }
4663 nlh = nlmsg_hdr(skb);
4664
4665 err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);
4666 if (err) {
4667 if (err == -EINVAL) {
4668 audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR,
4669 "SELinux: unrecognized netlink message"
4670 " type=%hu for sclass=%hu\n",
4671 nlh->nlmsg_type, sksec->sclass);
4672 if (!selinux_enforcing || security_get_allow_unknown())
4673 err = 0;
4674 }
4675
4676
4677 if (err == -ENOENT)
4678 err = 0;
4679 goto out;
4680 }
4681
4682 err = sock_has_perm(current, sk, perm);
4683out:
4684 return err;
4685}
4686
4687#ifdef CONFIG_NETFILTER
4688
4689static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
4690 u16 family)
4691{
4692 int err;
4693 char *addrp;
4694 u32 peer_sid;
4695 struct common_audit_data ad;
4696 struct lsm_network_audit net = {0,};
4697 u8 secmark_active;
4698 u8 netlbl_active;
4699 u8 peerlbl_active;
4700
4701 if (!selinux_policycap_netpeer)
4702 return NF_ACCEPT;
4703
4704 secmark_active = selinux_secmark_enabled();
4705 netlbl_active = netlbl_enabled();
4706 peerlbl_active = selinux_peerlbl_enabled();
4707 if (!secmark_active && !peerlbl_active)
4708 return NF_ACCEPT;
4709
4710 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
4711 return NF_DROP;
4712
4713 ad.type = LSM_AUDIT_DATA_NET;
4714 ad.u.net = &net;
4715 ad.u.net->netif = ifindex;
4716 ad.u.net->family = family;
4717 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
4718 return NF_DROP;
4719
4720 if (peerlbl_active) {
4721 err = selinux_inet_sys_rcv_skb(ifindex, addrp, family,
4722 peer_sid, &ad);
4723 if (err) {
4724 selinux_netlbl_err(skb, err, 1);
4725 return NF_DROP;
4726 }
4727 }
4728
4729 if (secmark_active)
4730 if (avc_has_perm(peer_sid, skb->secmark,
4731 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
4732 return NF_DROP;
4733
4734 if (netlbl_active)
4735
4736
4737
4738
4739 if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
4740 return NF_DROP;
4741
4742 return NF_ACCEPT;
4743}
4744
4745static unsigned int selinux_ipv4_forward(const struct nf_hook_ops *ops,
4746 struct sk_buff *skb,
4747 const struct net_device *in,
4748 const struct net_device *out,
4749 int (*okfn)(struct sk_buff *))
4750{
4751 return selinux_ip_forward(skb, in->ifindex, PF_INET);
4752}
4753
4754#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4755static unsigned int selinux_ipv6_forward(const struct nf_hook_ops *ops,
4756 struct sk_buff *skb,
4757 const struct net_device *in,
4758 const struct net_device *out,
4759 int (*okfn)(struct sk_buff *))
4760{
4761 return selinux_ip_forward(skb, in->ifindex, PF_INET6);
4762}
4763#endif
4764
4765static unsigned int selinux_ip_output(struct sk_buff *skb,
4766 u16 family)
4767{
4768 struct sock *sk;
4769 u32 sid;
4770
4771 if (!netlbl_enabled())
4772 return NF_ACCEPT;
4773
4774
4775
4776
4777 sk = skb->sk;
4778 if (sk) {
4779 struct sk_security_struct *sksec;
4780
4781 if (sk->sk_state == TCP_LISTEN)
4782
4783
4784
4785
4786
4787
4788
4789
4790
4791
4792
4793
4794 return NF_ACCEPT;
4795
4796
4797 sksec = sk->sk_security;
4798 sid = sksec->sid;
4799 } else
4800 sid = SECINITSID_KERNEL;
4801 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
4802 return NF_DROP;
4803
4804 return NF_ACCEPT;
4805}
4806
4807static unsigned int selinux_ipv4_output(const struct nf_hook_ops *ops,
4808 struct sk_buff *skb,
4809 const struct net_device *in,
4810 const struct net_device *out,
4811 int (*okfn)(struct sk_buff *))
4812{
4813 return selinux_ip_output(skb, PF_INET);
4814}
4815
4816static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4817 int ifindex,
4818 u16 family)
4819{
4820 struct sock *sk = skb->sk;
4821 struct sk_security_struct *sksec;
4822 struct common_audit_data ad;
4823 struct lsm_network_audit net = {0,};
4824 char *addrp;
4825 u8 proto;
4826
4827 if (sk == NULL)
4828 return NF_ACCEPT;
4829 sksec = sk->sk_security;
4830
4831 ad.type = LSM_AUDIT_DATA_NET;
4832 ad.u.net = &net;
4833 ad.u.net->netif = ifindex;
4834 ad.u.net->family = family;
4835 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
4836 return NF_DROP;
4837
4838 if (selinux_secmark_enabled())
4839 if (avc_has_perm(sksec->sid, skb->secmark,
4840 SECCLASS_PACKET, PACKET__SEND, &ad))
4841 return NF_DROP_ERR(-ECONNREFUSED);
4842
4843 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
4844 return NF_DROP_ERR(-ECONNREFUSED);
4845
4846 return NF_ACCEPT;
4847}
4848
4849static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4850 u16 family)
4851{
4852 u32 secmark_perm;
4853 u32 peer_sid;
4854 struct sock *sk;
4855 struct common_audit_data ad;
4856 struct lsm_network_audit net = {0,};
4857 char *addrp;
4858 u8 secmark_active;
4859 u8 peerlbl_active;
4860
4861
4862
4863
4864
4865 if (!selinux_policycap_netpeer)
4866 return selinux_ip_postroute_compat(skb, ifindex, family);
4867
4868 secmark_active = selinux_secmark_enabled();
4869 peerlbl_active = selinux_peerlbl_enabled();
4870 if (!secmark_active && !peerlbl_active)
4871 return NF_ACCEPT;
4872
4873 sk = skb->sk;
4874
4875#ifdef CONFIG_XFRM
4876
4877
4878
4879
4880
4881
4882
4883
4884
4885
4886
4887 if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL &&
4888 !(sk != NULL && sk->sk_state == TCP_LISTEN))
4889 return NF_ACCEPT;
4890#endif
4891
4892 if (sk == NULL) {
4893
4894
4895
4896
4897 if (skb->skb_iif) {
4898 secmark_perm = PACKET__FORWARD_OUT;
4899 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
4900 return NF_DROP;
4901 } else {
4902 secmark_perm = PACKET__SEND;
4903 peer_sid = SECINITSID_KERNEL;
4904 }
4905 } else if (sk->sk_state == TCP_LISTEN) {
4906
4907
4908
4909
4910
4911
4912
4913
4914
4915 u32 skb_sid;
4916 struct sk_security_struct *sksec = sk->sk_security;
4917 if (selinux_skb_peerlbl_sid(skb, family, &skb_sid))
4918 return NF_DROP;
4919
4920
4921
4922
4923
4924
4925 if (skb_sid == SECSID_NULL) {
4926 switch (family) {
4927 case PF_INET:
4928 if (IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED)
4929 return NF_ACCEPT;
4930 break;
4931 case PF_INET6:
4932 if (IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED)
4933 return NF_ACCEPT;
4934 default:
4935 return NF_DROP_ERR(-ECONNREFUSED);
4936 }
4937 }
4938 if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid))
4939 return NF_DROP;
4940 secmark_perm = PACKET__SEND;
4941 } else {
4942
4943
4944 struct sk_security_struct *sksec = sk->sk_security;
4945 peer_sid = sksec->sid;
4946 secmark_perm = PACKET__SEND;
4947 }
4948
4949 ad.type = LSM_AUDIT_DATA_NET;
4950 ad.u.net = &net;
4951 ad.u.net->netif = ifindex;
4952 ad.u.net->family = family;
4953 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
4954 return NF_DROP;
4955
4956 if (secmark_active)
4957 if (avc_has_perm(peer_sid, skb->secmark,
4958 SECCLASS_PACKET, secmark_perm, &ad))
4959 return NF_DROP_ERR(-ECONNREFUSED);
4960
4961 if (peerlbl_active) {
4962 u32 if_sid;
4963 u32 node_sid;
4964
4965 if (sel_netif_sid(ifindex, &if_sid))
4966 return NF_DROP;
4967 if (avc_has_perm(peer_sid, if_sid,
4968 SECCLASS_NETIF, NETIF__EGRESS, &ad))
4969 return NF_DROP_ERR(-ECONNREFUSED);
4970
4971 if (sel_netnode_sid(addrp, family, &node_sid))
4972 return NF_DROP;
4973 if (avc_has_perm(peer_sid, node_sid,
4974 SECCLASS_NODE, NODE__SENDTO, &ad))
4975 return NF_DROP_ERR(-ECONNREFUSED);
4976 }
4977
4978 return NF_ACCEPT;
4979}
4980
4981static unsigned int selinux_ipv4_postroute(const struct nf_hook_ops *ops,
4982 struct sk_buff *skb,
4983 const struct net_device *in,
4984 const struct net_device *out,
4985 int (*okfn)(struct sk_buff *))
4986{
4987 return selinux_ip_postroute(skb, out->ifindex, PF_INET);
4988}
4989
4990#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4991static unsigned int selinux_ipv6_postroute(const struct nf_hook_ops *ops,
4992 struct sk_buff *skb,
4993 const struct net_device *in,
4994 const struct net_device *out,
4995 int (*okfn)(struct sk_buff *))
4996{
4997 return selinux_ip_postroute(skb, out->ifindex, PF_INET6);
4998}
4999#endif
5000
5001#endif
5002
5003static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
5004{
5005 int err;
5006
5007 err = cap_netlink_send(sk, skb);
5008 if (err)
5009 return err;
5010
5011 return selinux_nlmsg_perm(sk, skb);
5012}
5013
5014static int ipc_alloc_security(struct task_struct *task,
5015 struct kern_ipc_perm *perm,
5016 u16 sclass)
5017{
5018 struct ipc_security_struct *isec;
5019 u32 sid;
5020
5021 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
5022 if (!isec)
5023 return -ENOMEM;
5024
5025 sid = task_sid(task);
5026 isec->sclass = sclass;
5027 isec->sid = sid;
5028 perm->security = isec;
5029
5030 return 0;
5031}
5032
5033static void ipc_free_security(struct kern_ipc_perm *perm)
5034{
5035 struct ipc_security_struct *isec = perm->security;
5036 perm->security = NULL;
5037 kfree(isec);
5038}
5039
5040static int msg_msg_alloc_security(struct msg_msg *msg)
5041{
5042 struct msg_security_struct *msec;
5043
5044 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
5045 if (!msec)
5046 return -ENOMEM;
5047
5048 msec->sid = SECINITSID_UNLABELED;
5049 msg->security = msec;
5050
5051 return 0;
5052}
5053
5054static void msg_msg_free_security(struct msg_msg *msg)
5055{
5056 struct msg_security_struct *msec = msg->security;
5057
5058 msg->security = NULL;
5059 kfree(msec);
5060}
5061
5062static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
5063 u32 perms)
5064{
5065 struct ipc_security_struct *isec;
5066 struct common_audit_data ad;
5067 u32 sid = current_sid();
5068
5069 isec = ipc_perms->security;
5070
5071 ad.type = LSM_AUDIT_DATA_IPC;
5072 ad.u.ipc_id = ipc_perms->key;
5073
5074 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
5075}
5076
5077static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
5078{
5079 return msg_msg_alloc_security(msg);
5080}
5081
5082static void selinux_msg_msg_free_security(struct msg_msg *msg)
5083{
5084 msg_msg_free_security(msg);
5085}
5086
5087
5088static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
5089{
5090 struct ipc_security_struct *isec;
5091 struct common_audit_data ad;
5092 u32 sid = current_sid();
5093 int rc;
5094
5095 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
5096 if (rc)
5097 return rc;
5098
5099 isec = msq->q_perm.security;
5100
5101 ad.type = LSM_AUDIT_DATA_IPC;
5102 ad.u.ipc_id = msq->q_perm.key;
5103
5104 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5105 MSGQ__CREATE, &ad);
5106 if (rc) {
5107 ipc_free_security(&msq->q_perm);
5108 return rc;
5109 }
5110 return 0;
5111}
5112
5113static void selinux_msg_queue_free_security(struct msg_queue *msq)
5114{
5115 ipc_free_security(&msq->q_perm);
5116}
5117
5118static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
5119{
5120 struct ipc_security_struct *isec;
5121 struct common_audit_data ad;
5122 u32 sid = current_sid();
5123
5124 isec = msq->q_perm.security;
5125
5126 ad.type = LSM_AUDIT_DATA_IPC;
5127 ad.u.ipc_id = msq->q_perm.key;
5128
5129 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5130 MSGQ__ASSOCIATE, &ad);
5131}
5132
5133static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
5134{
5135 int err;
5136 int perms;
5137
5138 switch (cmd) {
5139 case IPC_INFO:
5140 case MSG_INFO:
5141
5142 return task_has_system(current, SYSTEM__IPC_INFO);
5143 case IPC_STAT:
5144 case MSG_STAT:
5145 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
5146 break;
5147 case IPC_SET:
5148 perms = MSGQ__SETATTR;
5149 break;
5150 case IPC_RMID:
5151 perms = MSGQ__DESTROY;
5152 break;
5153 default:
5154 return 0;
5155 }
5156
5157 err = ipc_has_perm(&msq->q_perm, perms);
5158 return err;
5159}
5160
5161static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
5162{
5163 struct ipc_security_struct *isec;
5164 struct msg_security_struct *msec;
5165 struct common_audit_data ad;
5166 u32 sid = current_sid();
5167 int rc;
5168
5169 isec = msq->q_perm.security;
5170 msec = msg->security;
5171
5172
5173
5174
5175 if (msec->sid == SECINITSID_UNLABELED) {
5176
5177
5178
5179
5180 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG,
5181 NULL, &msec->sid);
5182 if (rc)
5183 return rc;
5184 }
5185
5186 ad.type = LSM_AUDIT_DATA_IPC;
5187 ad.u.ipc_id = msq->q_perm.key;
5188
5189
5190 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5191 MSGQ__WRITE, &ad);
5192 if (!rc)
5193
5194 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG,
5195 MSG__SEND, &ad);
5196 if (!rc)
5197
5198 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ,
5199 MSGQ__ENQUEUE, &ad);
5200
5201 return rc;
5202}
5203
5204static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
5205 struct task_struct *target,
5206 long type, int mode)
5207{
5208 struct ipc_security_struct *isec;
5209 struct msg_security_struct *msec;
5210 struct common_audit_data ad;
5211 u32 sid = task_sid(target);
5212 int rc;
5213
5214 isec = msq->q_perm.security;
5215 msec = msg->security;
5216
5217 ad.type = LSM_AUDIT_DATA_IPC;
5218 ad.u.ipc_id = msq->q_perm.key;
5219
5220 rc = avc_has_perm(sid, isec->sid,
5221 SECCLASS_MSGQ, MSGQ__READ, &ad);
5222 if (!rc)
5223 rc = avc_has_perm(sid, msec->sid,
5224 SECCLASS_MSG, MSG__RECEIVE, &ad);
5225 return rc;
5226}
5227
5228
5229static int selinux_shm_alloc_security(struct shmid_kernel *shp)
5230{
5231 struct ipc_security_struct *isec;
5232 struct common_audit_data ad;
5233 u32 sid = current_sid();
5234 int rc;
5235
5236 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
5237 if (rc)
5238 return rc;
5239
5240 isec = shp->shm_perm.security;
5241
5242 ad.type = LSM_AUDIT_DATA_IPC;
5243 ad.u.ipc_id = shp->shm_perm.key;
5244
5245 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5246 SHM__CREATE, &ad);
5247 if (rc) {
5248 ipc_free_security(&shp->shm_perm);
5249 return rc;
5250 }
5251 return 0;
5252}
5253
5254static void selinux_shm_free_security(struct shmid_kernel *shp)
5255{
5256 ipc_free_security(&shp->shm_perm);
5257}
5258
5259static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
5260{
5261 struct ipc_security_struct *isec;
5262 struct common_audit_data ad;
5263 u32 sid = current_sid();
5264
5265 isec = shp->shm_perm.security;
5266
5267 ad.type = LSM_AUDIT_DATA_IPC;
5268 ad.u.ipc_id = shp->shm_perm.key;
5269
5270 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5271 SHM__ASSOCIATE, &ad);
5272}
5273
5274
5275static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
5276{
5277 int perms;
5278 int err;
5279
5280 switch (cmd) {
5281 case IPC_INFO:
5282 case SHM_INFO:
5283
5284 return task_has_system(current, SYSTEM__IPC_INFO);
5285 case IPC_STAT:
5286 case SHM_STAT:
5287 perms = SHM__GETATTR | SHM__ASSOCIATE;
5288 break;
5289 case IPC_SET:
5290 perms = SHM__SETATTR;
5291 break;
5292 case SHM_LOCK:
5293 case SHM_UNLOCK:
5294 perms = SHM__LOCK;
5295 break;
5296 case IPC_RMID:
5297 perms = SHM__DESTROY;
5298 break;
5299 default:
5300 return 0;
5301 }
5302
5303 err = ipc_has_perm(&shp->shm_perm, perms);
5304 return err;
5305}
5306
5307static int selinux_shm_shmat(struct shmid_kernel *shp,
5308 char __user *shmaddr, int shmflg)
5309{
5310 u32 perms;
5311
5312 if (shmflg & SHM_RDONLY)
5313 perms = SHM__READ;
5314 else
5315 perms = SHM__READ | SHM__WRITE;
5316
5317 return ipc_has_perm(&shp->shm_perm, perms);
5318}
5319
5320
5321static int selinux_sem_alloc_security(struct sem_array *sma)
5322{
5323 struct ipc_security_struct *isec;
5324 struct common_audit_data ad;
5325 u32 sid = current_sid();
5326 int rc;
5327
5328 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
5329 if (rc)
5330 return rc;
5331
5332 isec = sma->sem_perm.security;
5333
5334 ad.type = LSM_AUDIT_DATA_IPC;
5335 ad.u.ipc_id = sma->sem_perm.key;
5336
5337 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5338 SEM__CREATE, &ad);
5339 if (rc) {
5340 ipc_free_security(&sma->sem_perm);
5341 return rc;
5342 }
5343 return 0;
5344}
5345
5346static void selinux_sem_free_security(struct sem_array *sma)
5347{
5348 ipc_free_security(&sma->sem_perm);
5349}
5350
5351static int selinux_sem_associate(struct sem_array *sma, int semflg)
5352{
5353 struct ipc_security_struct *isec;
5354 struct common_audit_data ad;
5355 u32 sid = current_sid();
5356
5357 isec = sma->sem_perm.security;
5358
5359 ad.type = LSM_AUDIT_DATA_IPC;
5360 ad.u.ipc_id = sma->sem_perm.key;
5361
5362 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5363 SEM__ASSOCIATE, &ad);
5364}
5365
5366
5367static int selinux_sem_semctl(struct sem_array *sma, int cmd)
5368{
5369 int err;
5370 u32 perms;
5371
5372 switch (cmd) {
5373 case IPC_INFO:
5374 case SEM_INFO:
5375
5376 return task_has_system(current, SYSTEM__IPC_INFO);
5377 case GETPID:
5378 case GETNCNT:
5379 case GETZCNT:
5380 perms = SEM__GETATTR;
5381 break;
5382 case GETVAL:
5383 case GETALL:
5384 perms = SEM__READ;
5385 break;
5386 case SETVAL:
5387 case SETALL:
5388 perms = SEM__WRITE;
5389 break;
5390 case IPC_RMID:
5391 perms = SEM__DESTROY;
5392 break;
5393 case IPC_SET:
5394 perms = SEM__SETATTR;
5395 break;
5396 case IPC_STAT:
5397 case SEM_STAT:
5398 perms = SEM__GETATTR | SEM__ASSOCIATE;
5399 break;
5400 default:
5401 return 0;
5402 }
5403
5404 err = ipc_has_perm(&sma->sem_perm, perms);
5405 return err;
5406}
5407
5408static int selinux_sem_semop(struct sem_array *sma,
5409 struct sembuf *sops, unsigned nsops, int alter)
5410{
5411 u32 perms;
5412
5413 if (alter)
5414 perms = SEM__READ | SEM__WRITE;
5415 else
5416 perms = SEM__READ;
5417
5418 return ipc_has_perm(&sma->sem_perm, perms);
5419}
5420
5421static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
5422{
5423 u32 av = 0;
5424
5425 av = 0;
5426 if (flag & S_IRUGO)
5427 av |= IPC__UNIX_READ;
5428 if (flag & S_IWUGO)
5429 av |= IPC__UNIX_WRITE;
5430
5431 if (av == 0)
5432 return 0;
5433
5434 return ipc_has_perm(ipcp, av);
5435}
5436
5437static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
5438{
5439 struct ipc_security_struct *isec = ipcp->security;
5440 *secid = isec->sid;
5441}
5442
5443static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
5444{
5445 if (inode)
5446 inode_doinit_with_dentry(inode, dentry);
5447}
5448
5449static int selinux_getprocattr(struct task_struct *p,
5450 char *name, char **value)
5451{
5452 const struct task_security_struct *__tsec;
5453 u32 sid;
5454 int error;
5455 unsigned len;
5456
5457 if (current != p) {
5458 error = current_has_perm(p, PROCESS__GETATTR);
5459 if (error)
5460 return error;
5461 }
5462
5463 rcu_read_lock();
5464 __tsec = __task_cred(p)->security;
5465
5466 if (!strcmp(name, "current"))
5467 sid = __tsec->sid;
5468 else if (!strcmp(name, "prev"))
5469 sid = __tsec->osid;
5470 else if (!strcmp(name, "exec"))
5471 sid = __tsec->exec_sid;
5472 else if (!strcmp(name, "fscreate"))
5473 sid = __tsec->create_sid;
5474 else if (!strcmp(name, "keycreate"))
5475 sid = __tsec->keycreate_sid;
5476 else if (!strcmp(name, "sockcreate"))
5477 sid = __tsec->sockcreate_sid;
5478 else
5479 goto invalid;
5480 rcu_read_unlock();
5481
5482 if (!sid)
5483 return 0;
5484
5485 error = security_sid_to_context(sid, value, &len);
5486 if (error)
5487 return error;
5488 return len;
5489
5490invalid:
5491 rcu_read_unlock();
5492 return -EINVAL;
5493}
5494
5495static int selinux_setprocattr(struct task_struct *p,
5496 char *name, void *value, size_t size)
5497{
5498 struct task_security_struct *tsec;
5499 struct task_struct *tracer;
5500 struct cred *new;
5501 u32 sid = 0, ptsid;
5502 int error;
5503 char *str = value;
5504
5505 if (current != p) {
5506
5507
5508 return -EACCES;
5509 }
5510
5511
5512
5513
5514
5515
5516 if (!strcmp(name, "exec"))
5517 error = current_has_perm(p, PROCESS__SETEXEC);
5518 else if (!strcmp(name, "fscreate"))
5519 error = current_has_perm(p, PROCESS__SETFSCREATE);
5520 else if (!strcmp(name, "keycreate"))
5521 error = current_has_perm(p, PROCESS__SETKEYCREATE);
5522 else if (!strcmp(name, "sockcreate"))
5523 error = current_has_perm(p, PROCESS__SETSOCKCREATE);
5524 else if (!strcmp(name, "current"))
5525 error = current_has_perm(p, PROCESS__SETCURRENT);
5526 else
5527 error = -EINVAL;
5528 if (error)
5529 return error;
5530
5531
5532 if (size && str[1] && str[1] != '\n') {
5533 if (str[size-1] == '\n') {
5534 str[size-1] = 0;
5535 size--;
5536 }
5537 error = security_context_to_sid(value, size, &sid);
5538 if (error == -EINVAL && !strcmp(name, "fscreate")) {
5539 if (!capable(CAP_MAC_ADMIN)) {
5540 struct audit_buffer *ab;
5541 size_t audit_size;
5542
5543
5544
5545 if (str[size - 1] == '\0')
5546 audit_size = size - 1;
5547 else
5548 audit_size = size;
5549 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
5550 audit_log_format(ab, "op=fscreate invalid_context=");
5551 audit_log_n_untrustedstring(ab, value, audit_size);
5552 audit_log_end(ab);
5553
5554 return error;
5555 }
5556 error = security_context_to_sid_force(value, size,
5557 &sid);
5558 }
5559 if (error)
5560 return error;
5561 }
5562
5563 new = prepare_creds();
5564 if (!new)
5565 return -ENOMEM;
5566
5567
5568
5569
5570
5571
5572
5573 tsec = new->security;
5574 if (!strcmp(name, "exec")) {
5575 tsec->exec_sid = sid;
5576 } else if (!strcmp(name, "fscreate")) {
5577 tsec->create_sid = sid;
5578 } else if (!strcmp(name, "keycreate")) {
5579 error = may_create_key(sid, p);
5580 if (error)
5581 goto abort_change;
5582 tsec->keycreate_sid = sid;
5583 } else if (!strcmp(name, "sockcreate")) {
5584 tsec->sockcreate_sid = sid;
5585 } else if (!strcmp(name, "current")) {
5586 error = -EINVAL;
5587 if (sid == 0)
5588 goto abort_change;
5589
5590
5591 error = -EPERM;
5592 if (!current_is_single_threaded()) {
5593 error = security_bounded_transition(tsec->sid, sid);
5594 if (error)
5595 goto abort_change;
5596 }
5597
5598
5599 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
5600 PROCESS__DYNTRANSITION, NULL);
5601 if (error)
5602 goto abort_change;
5603
5604
5605
5606 ptsid = 0;
5607 rcu_read_lock();
5608 tracer = ptrace_parent(p);
5609 if (tracer)
5610 ptsid = task_sid(tracer);
5611 rcu_read_unlock();
5612
5613 if (tracer) {
5614 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
5615 PROCESS__PTRACE, NULL);
5616 if (error)
5617 goto abort_change;
5618 }
5619
5620 tsec->sid = sid;
5621 } else {
5622 error = -EINVAL;
5623 goto abort_change;
5624 }
5625
5626 commit_creds(new);
5627 return size;
5628
5629abort_change:
5630 abort_creds(new);
5631 return error;
5632}
5633
5634static int selinux_ismaclabel(const char *name)
5635{
5636 return (strcmp(name, XATTR_SELINUX_SUFFIX) == 0);
5637}
5638
5639static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
5640{
5641 return security_sid_to_context(secid, secdata, seclen);
5642}
5643
5644static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
5645{
5646 return security_context_to_sid(secdata, seclen, secid);
5647}
5648
5649static void selinux_release_secctx(char *secdata, u32 seclen)
5650{
5651 kfree(secdata);
5652}
5653
5654
5655
5656
5657static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
5658{
5659 return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0);
5660}
5661
5662
5663
5664
5665static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
5666{
5667 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
5668}
5669
5670static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
5671{
5672 int len = 0;
5673 len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,
5674 ctx, true);
5675 if (len < 0)
5676 return len;
5677 *ctxlen = len;
5678 return 0;
5679}
5680#ifdef CONFIG_KEYS
5681
5682static int selinux_key_alloc(struct key *k, const struct cred *cred,
5683 unsigned long flags)
5684{
5685 const struct task_security_struct *tsec;
5686 struct key_security_struct *ksec;
5687
5688 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
5689 if (!ksec)
5690 return -ENOMEM;
5691
5692 tsec = cred->security;
5693 if (tsec->keycreate_sid)
5694 ksec->sid = tsec->keycreate_sid;
5695 else
5696 ksec->sid = tsec->sid;
5697
5698 k->security = ksec;
5699 return 0;
5700}
5701
5702static void selinux_key_free(struct key *k)
5703{
5704 struct key_security_struct *ksec = k->security;
5705
5706 k->security = NULL;
5707 kfree(ksec);
5708}
5709
5710static int selinux_key_permission(key_ref_t key_ref,
5711 const struct cred *cred,
5712 key_perm_t perm)
5713{
5714 struct key *key;
5715 struct key_security_struct *ksec;
5716 u32 sid;
5717
5718
5719
5720
5721 if (perm == 0)
5722 return 0;
5723
5724 sid = cred_sid(cred);
5725
5726 key = key_ref_to_ptr(key_ref);
5727 ksec = key->security;
5728
5729 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL);
5730}
5731
5732static int selinux_key_getsecurity(struct key *key, char **_buffer)
5733{
5734 struct key_security_struct *ksec = key->security;
5735 char *context = NULL;
5736 unsigned len;
5737 int rc;
5738
5739 rc = security_sid_to_context(ksec->sid, &context, &len);
5740 if (!rc)
5741 rc = len;
5742 *_buffer = context;
5743 return rc;
5744}
5745
5746#endif
5747
5748static struct security_operations selinux_ops = {
5749 .name = "selinux",
5750
5751 .ptrace_access_check = selinux_ptrace_access_check,
5752 .ptrace_traceme = selinux_ptrace_traceme,
5753 .capget = selinux_capget,
5754 .capset = selinux_capset,
5755 .capable = selinux_capable,
5756 .quotactl = selinux_quotactl,
5757 .quota_on = selinux_quota_on,
5758 .syslog = selinux_syslog,
5759 .vm_enough_memory = selinux_vm_enough_memory,
5760
5761 .netlink_send = selinux_netlink_send,
5762
5763 .bprm_set_creds = selinux_bprm_set_creds,
5764 .bprm_committing_creds = selinux_bprm_committing_creds,
5765 .bprm_committed_creds = selinux_bprm_committed_creds,
5766 .bprm_secureexec = selinux_bprm_secureexec,
5767
5768 .sb_alloc_security = selinux_sb_alloc_security,
5769 .sb_free_security = selinux_sb_free_security,
5770 .sb_copy_data = selinux_sb_copy_data,
5771 .sb_remount = selinux_sb_remount,
5772 .sb_kern_mount = selinux_sb_kern_mount,
5773 .sb_show_options = selinux_sb_show_options,
5774 .sb_statfs = selinux_sb_statfs,
5775 .sb_mount = selinux_mount,
5776 .sb_umount = selinux_umount,
5777 .sb_set_mnt_opts = selinux_set_mnt_opts,
5778 .sb_clone_mnt_opts = selinux_sb_clone_mnt_opts,
5779 .sb_parse_opts_str = selinux_parse_opts_str,
5780
5781 .dentry_init_security = selinux_dentry_init_security,
5782
5783 .inode_alloc_security = selinux_inode_alloc_security,
5784 .inode_free_security = selinux_inode_free_security,
5785 .inode_init_security = selinux_inode_init_security,
5786 .inode_create = selinux_inode_create,
5787 .inode_link = selinux_inode_link,
5788 .inode_unlink = selinux_inode_unlink,
5789 .inode_symlink = selinux_inode_symlink,
5790 .inode_mkdir = selinux_inode_mkdir,
5791 .inode_rmdir = selinux_inode_rmdir,
5792 .inode_mknod = selinux_inode_mknod,
5793 .inode_rename = selinux_inode_rename,
5794 .inode_readlink = selinux_inode_readlink,
5795 .inode_follow_link = selinux_inode_follow_link,
5796 .inode_permission = selinux_inode_permission,
5797 .inode_setattr = selinux_inode_setattr,
5798 .inode_getattr = selinux_inode_getattr,
5799 .inode_setxattr = selinux_inode_setxattr,
5800 .inode_post_setxattr = selinux_inode_post_setxattr,
5801 .inode_getxattr = selinux_inode_getxattr,
5802 .inode_listxattr = selinux_inode_listxattr,
5803 .inode_removexattr = selinux_inode_removexattr,
5804 .inode_getsecurity = selinux_inode_getsecurity,
5805 .inode_setsecurity = selinux_inode_setsecurity,
5806 .inode_listsecurity = selinux_inode_listsecurity,
5807 .inode_getsecid = selinux_inode_getsecid,
5808
5809 .file_permission = selinux_file_permission,
5810 .file_alloc_security = selinux_file_alloc_security,
5811 .file_free_security = selinux_file_free_security,
5812 .file_ioctl = selinux_file_ioctl,
5813 .mmap_file = selinux_mmap_file,
5814 .mmap_addr = selinux_mmap_addr,
5815 .file_mprotect = selinux_file_mprotect,
5816 .file_lock = selinux_file_lock,
5817 .file_fcntl = selinux_file_fcntl,
5818 .file_set_fowner = selinux_file_set_fowner,
5819 .file_send_sigiotask = selinux_file_send_sigiotask,
5820 .file_receive = selinux_file_receive,
5821
5822 .file_open = selinux_file_open,
5823
5824 .task_create = selinux_task_create,
5825 .cred_alloc_blank = selinux_cred_alloc_blank,
5826 .cred_free = selinux_cred_free,
5827 .cred_prepare = selinux_cred_prepare,
5828 .cred_transfer = selinux_cred_transfer,
5829 .kernel_act_as = selinux_kernel_act_as,
5830 .kernel_create_files_as = selinux_kernel_create_files_as,
5831 .kernel_module_request = selinux_kernel_module_request,
5832 .task_setpgid = selinux_task_setpgid,
5833 .task_getpgid = selinux_task_getpgid,
5834 .task_getsid = selinux_task_getsid,
5835 .task_getsecid = selinux_task_getsecid,
5836 .task_setnice = selinux_task_setnice,
5837 .task_setioprio = selinux_task_setioprio,
5838 .task_getioprio = selinux_task_getioprio,
5839 .task_setrlimit = selinux_task_setrlimit,
5840 .task_setscheduler = selinux_task_setscheduler,
5841 .task_getscheduler = selinux_task_getscheduler,
5842 .task_movememory = selinux_task_movememory,
5843 .task_kill = selinux_task_kill,
5844 .task_wait = selinux_task_wait,
5845 .task_to_inode = selinux_task_to_inode,
5846
5847 .ipc_permission = selinux_ipc_permission,
5848 .ipc_getsecid = selinux_ipc_getsecid,
5849
5850 .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
5851 .msg_msg_free_security = selinux_msg_msg_free_security,
5852
5853 .msg_queue_alloc_security = selinux_msg_queue_alloc_security,
5854 .msg_queue_free_security = selinux_msg_queue_free_security,
5855 .msg_queue_associate = selinux_msg_queue_associate,
5856 .msg_queue_msgctl = selinux_msg_queue_msgctl,
5857 .msg_queue_msgsnd = selinux_msg_queue_msgsnd,
5858 .msg_queue_msgrcv = selinux_msg_queue_msgrcv,
5859
5860 .shm_alloc_security = selinux_shm_alloc_security,
5861 .shm_free_security = selinux_shm_free_security,
5862 .shm_associate = selinux_shm_associate,
5863 .shm_shmctl = selinux_shm_shmctl,
5864 .shm_shmat = selinux_shm_shmat,
5865
5866 .sem_alloc_security = selinux_sem_alloc_security,
5867 .sem_free_security = selinux_sem_free_security,
5868 .sem_associate = selinux_sem_associate,
5869 .sem_semctl = selinux_sem_semctl,
5870 .sem_semop = selinux_sem_semop,
5871
5872 .d_instantiate = selinux_d_instantiate,
5873
5874 .getprocattr = selinux_getprocattr,
5875 .setprocattr = selinux_setprocattr,
5876
5877 .ismaclabel = selinux_ismaclabel,
5878 .secid_to_secctx = selinux_secid_to_secctx,
5879 .secctx_to_secid = selinux_secctx_to_secid,
5880 .release_secctx = selinux_release_secctx,
5881 .inode_notifysecctx = selinux_inode_notifysecctx,
5882 .inode_setsecctx = selinux_inode_setsecctx,
5883 .inode_getsecctx = selinux_inode_getsecctx,
5884
5885 .unix_stream_connect = selinux_socket_unix_stream_connect,
5886 .unix_may_send = selinux_socket_unix_may_send,
5887
5888 .socket_create = selinux_socket_create,
5889 .socket_post_create = selinux_socket_post_create,
5890 .socket_bind = selinux_socket_bind,
5891 .socket_connect = selinux_socket_connect,
5892 .socket_listen = selinux_socket_listen,
5893 .socket_accept = selinux_socket_accept,
5894 .socket_sendmsg = selinux_socket_sendmsg,
5895 .socket_recvmsg = selinux_socket_recvmsg,
5896 .socket_getsockname = selinux_socket_getsockname,
5897 .socket_getpeername = selinux_socket_getpeername,
5898 .socket_getsockopt = selinux_socket_getsockopt,
5899 .socket_setsockopt = selinux_socket_setsockopt,
5900 .socket_shutdown = selinux_socket_shutdown,
5901 .socket_sock_rcv_skb = selinux_socket_sock_rcv_skb,
5902 .socket_getpeersec_stream = selinux_socket_getpeersec_stream,
5903 .socket_getpeersec_dgram = selinux_socket_getpeersec_dgram,
5904 .sk_alloc_security = selinux_sk_alloc_security,
5905 .sk_free_security = selinux_sk_free_security,
5906 .sk_clone_security = selinux_sk_clone_security,
5907 .sk_getsecid = selinux_sk_getsecid,
5908 .sock_graft = selinux_sock_graft,
5909 .inet_conn_request = selinux_inet_conn_request,
5910 .inet_csk_clone = selinux_inet_csk_clone,
5911 .inet_conn_established = selinux_inet_conn_established,
5912 .secmark_relabel_packet = selinux_secmark_relabel_packet,
5913 .secmark_refcount_inc = selinux_secmark_refcount_inc,
5914 .secmark_refcount_dec = selinux_secmark_refcount_dec,
5915 .req_classify_flow = selinux_req_classify_flow,
5916 .tun_dev_alloc_security = selinux_tun_dev_alloc_security,
5917 .tun_dev_free_security = selinux_tun_dev_free_security,
5918 .tun_dev_create = selinux_tun_dev_create,
5919 .tun_dev_attach_queue = selinux_tun_dev_attach_queue,
5920 .tun_dev_attach = selinux_tun_dev_attach,
5921 .tun_dev_open = selinux_tun_dev_open,
5922 .skb_owned_by = selinux_skb_owned_by,
5923
5924#ifdef CONFIG_SECURITY_NETWORK_XFRM
5925 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc,
5926 .xfrm_policy_clone_security = selinux_xfrm_policy_clone,
5927 .xfrm_policy_free_security = selinux_xfrm_policy_free,
5928 .xfrm_policy_delete_security = selinux_xfrm_policy_delete,
5929 .xfrm_state_alloc = selinux_xfrm_state_alloc,
5930 .xfrm_state_alloc_acquire = selinux_xfrm_state_alloc_acquire,
5931 .xfrm_state_free_security = selinux_xfrm_state_free,
5932 .xfrm_state_delete_security = selinux_xfrm_state_delete,
5933 .xfrm_policy_lookup = selinux_xfrm_policy_lookup,
5934 .xfrm_state_pol_flow_match = selinux_xfrm_state_pol_flow_match,
5935 .xfrm_decode_session = selinux_xfrm_decode_session,
5936#endif
5937
5938#ifdef CONFIG_KEYS
5939 .key_alloc = selinux_key_alloc,
5940 .key_free = selinux_key_free,
5941 .key_permission = selinux_key_permission,
5942 .key_getsecurity = selinux_key_getsecurity,
5943#endif
5944
5945#ifdef CONFIG_AUDIT
5946 .audit_rule_init = selinux_audit_rule_init,
5947 .audit_rule_known = selinux_audit_rule_known,
5948 .audit_rule_match = selinux_audit_rule_match,
5949 .audit_rule_free = selinux_audit_rule_free,
5950#endif
5951};
5952
5953static __init int selinux_init(void)
5954{
5955 if (!security_module_enable(&selinux_ops)) {
5956 selinux_enabled = 0;
5957 return 0;
5958 }
5959
5960 if (!selinux_enabled) {
5961 printk(KERN_INFO "SELinux: Disabled at boot.\n");
5962 return 0;
5963 }
5964
5965 printk(KERN_INFO "SELinux: Initializing.\n");
5966
5967
5968 cred_init_security();
5969
5970 default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
5971
5972 sel_inode_cache = kmem_cache_create("selinux_inode_security",
5973 sizeof(struct inode_security_struct),
5974 0, SLAB_PANIC, NULL);
5975 avc_init();
5976
5977 if (register_security(&selinux_ops))
5978 panic("SELinux: Unable to register with kernel.\n");
5979
5980 if (selinux_enforcing)
5981 printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
5982 else
5983 printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
5984
5985 return 0;
5986}
5987
5988static void delayed_superblock_init(struct super_block *sb, void *unused)
5989{
5990 superblock_doinit(sb, NULL);
5991}
5992
5993void selinux_complete_init(void)
5994{
5995 printk(KERN_DEBUG "SELinux: Completing initialization.\n");
5996
5997
5998 printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
5999 iterate_supers(delayed_superblock_init, NULL);
6000}
6001
6002
6003
6004security_initcall(selinux_init);
6005
6006#if defined(CONFIG_NETFILTER)
6007
6008static struct nf_hook_ops selinux_ipv4_ops[] = {
6009 {
6010 .hook = selinux_ipv4_postroute,
6011 .owner = THIS_MODULE,
6012 .pf = NFPROTO_IPV4,
6013 .hooknum = NF_INET_POST_ROUTING,
6014 .priority = NF_IP_PRI_SELINUX_LAST,
6015 },
6016 {
6017 .hook = selinux_ipv4_forward,
6018 .owner = THIS_MODULE,
6019 .pf = NFPROTO_IPV4,
6020 .hooknum = NF_INET_FORWARD,
6021 .priority = NF_IP_PRI_SELINUX_FIRST,
6022 },
6023 {
6024 .hook = selinux_ipv4_output,
6025 .owner = THIS_MODULE,
6026 .pf = NFPROTO_IPV4,
6027 .hooknum = NF_INET_LOCAL_OUT,
6028 .priority = NF_IP_PRI_SELINUX_FIRST,
6029 }
6030};
6031
6032#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
6033
6034static struct nf_hook_ops selinux_ipv6_ops[] = {
6035 {
6036 .hook = selinux_ipv6_postroute,
6037 .owner = THIS_MODULE,
6038 .pf = NFPROTO_IPV6,
6039 .hooknum = NF_INET_POST_ROUTING,
6040 .priority = NF_IP6_PRI_SELINUX_LAST,
6041 },
6042 {
6043 .hook = selinux_ipv6_forward,
6044 .owner = THIS_MODULE,
6045 .pf = NFPROTO_IPV6,
6046 .hooknum = NF_INET_FORWARD,
6047 .priority = NF_IP6_PRI_SELINUX_FIRST,
6048 }
6049};
6050
6051#endif
6052
6053static int __init selinux_nf_ip_init(void)
6054{
6055 int err = 0;
6056
6057 if (!selinux_enabled)
6058 goto out;
6059
6060 printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
6061
6062 err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
6063 if (err)
6064 panic("SELinux: nf_register_hooks for IPv4: error %d\n", err);
6065
6066#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
6067 err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
6068 if (err)
6069 panic("SELinux: nf_register_hooks for IPv6: error %d\n", err);
6070#endif
6071
6072out:
6073 return err;
6074}
6075
6076__initcall(selinux_nf_ip_init);
6077
6078#ifdef CONFIG_SECURITY_SELINUX_DISABLE
6079static void selinux_nf_ip_exit(void)
6080{
6081 printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
6082
6083 nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
6084#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
6085 nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
6086#endif
6087}
6088#endif
6089
6090#else
6091
6092#ifdef CONFIG_SECURITY_SELINUX_DISABLE
6093#define selinux_nf_ip_exit()
6094#endif
6095
6096#endif
6097
6098#ifdef CONFIG_SECURITY_SELINUX_DISABLE
6099static int selinux_disabled;
6100
6101int selinux_disable(void)
6102{
6103 if (ss_initialized) {
6104
6105 return -EINVAL;
6106 }
6107
6108 if (selinux_disabled) {
6109
6110 return -EINVAL;
6111 }
6112
6113 printk(KERN_INFO "SELinux: Disabled at runtime.\n");
6114
6115 selinux_disabled = 1;
6116 selinux_enabled = 0;
6117
6118 reset_security_ops();
6119
6120
6121 avc_disable();
6122
6123
6124 selinux_nf_ip_exit();
6125
6126
6127 exit_sel_fs();
6128
6129 return 0;
6130}
6131#endif
6132
