1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26#include <linux/init.h>
27#include <linux/kd.h>
28#include <linux/kernel.h>
29#include <linux/tracehook.h>
30#include <linux/errno.h>
31#include <linux/sched.h>
32#include <linux/security.h>
33#include <linux/xattr.h>
34#include <linux/capability.h>
35#include <linux/unistd.h>
36#include <linux/mm.h>
37#include <linux/mman.h>
38#include <linux/slab.h>
39#include <linux/pagemap.h>
40#include <linux/proc_fs.h>
41#include <linux/swap.h>
42#include <linux/spinlock.h>
43#include <linux/syscalls.h>
44#include <linux/dcache.h>
45#include <linux/file.h>
46#include <linux/fdtable.h>
47#include <linux/namei.h>
48#include <linux/mount.h>
49#include <linux/netfilter_ipv4.h>
50#include <linux/netfilter_ipv6.h>
51#include <linux/tty.h>
52#include <net/icmp.h>
53#include <net/ip.h>
54#include <net/sock.h>
55#include <net/tcp.h>
56#include <net/inet_connection_sock.h>
57#include <net/net_namespace.h>
58#include <net/netlabel.h>
59#include <linux/uaccess.h>
60#include <asm/ioctls.h>
61#include <linux/atomic.h>
62#include <linux/bitops.h>
63#include <linux/interrupt.h>
64#include <linux/netdevice.h>
65#include <net/netlink.h>
66#include <linux/tcp.h>
67#include <linux/udp.h>
68#include <linux/dccp.h>
69#include <linux/quota.h>
70#include <linux/un.h>
71#include <net/af_unix.h>
72#include <linux/parser.h>
73#include <linux/nfs_mount.h>
74#include <net/ipv6.h>
75#include <linux/hugetlb.h>
76#include <linux/personality.h>
77#include <linux/audit.h>
78#include <linux/string.h>
79#include <linux/selinux.h>
80#include <linux/mutex.h>
81#include <linux/posix-timers.h>
82#include <linux/syslog.h>
83#include <linux/user_namespace.h>
84#include <linux/export.h>
85#include <linux/msg.h>
86#include <linux/shm.h>
87
88#include "avc.h"
89#include "objsec.h"
90#include "netif.h"
91#include "netnode.h"
92#include "netport.h"
93#include "xfrm.h"
94#include "netlabel.h"
95#include "audit.h"
96#include "avc_ss.h"
97
98extern struct security_operations *security_ops;
99
100
101static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
102
103#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
104int selinux_enforcing;
105
106static int __init enforcing_setup(char *str)
107{
108 unsigned long enforcing;
109 if (!kstrtoul(str, 0, &enforcing))
110 selinux_enforcing = enforcing ? 1 : 0;
111 return 1;
112}
113__setup("enforcing=", enforcing_setup);
114#endif
115
116#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
117int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
118
119static int __init selinux_enabled_setup(char *str)
120{
121 unsigned long enabled;
122 if (!kstrtoul(str, 0, &enabled))
123 selinux_enabled = enabled ? 1 : 0;
124 return 1;
125}
126__setup("selinux=", selinux_enabled_setup);
127#else
128int selinux_enabled = 1;
129#endif
130
131static struct kmem_cache *sel_inode_cache;
132
133
134
135
136
137
138
139
140
141
142
143
144static int selinux_secmark_enabled(void)
145{
146 return (selinux_policycap_alwaysnetwork || atomic_read(&selinux_secmark_refcount));
147}
148
149
150
151
152
153
154
155
156
157
158
159static int selinux_peerlbl_enabled(void)
160{
161 return (selinux_policycap_alwaysnetwork || netlbl_enabled() || selinux_xfrm_enabled());
162}
163
164
165
166
167static void cred_init_security(void)
168{
169 struct cred *cred = (struct cred *) current->real_cred;
170 struct task_security_struct *tsec;
171
172 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
173 if (!tsec)
174 panic("SELinux: Failed to initialize initial task.\n");
175
176 tsec->osid = tsec->sid = SECINITSID_KERNEL;
177 cred->security = tsec;
178}
179
180
181
182
183static inline u32 cred_sid(const struct cred *cred)
184{
185 const struct task_security_struct *tsec;
186
187 tsec = cred->security;
188 return tsec->sid;
189}
190
191
192
193
194static inline u32 task_sid(const struct task_struct *task)
195{
196 u32 sid;
197
198 rcu_read_lock();
199 sid = cred_sid(__task_cred(task));
200 rcu_read_unlock();
201 return sid;
202}
203
204
205
206
207static inline u32 current_sid(void)
208{
209 const struct task_security_struct *tsec = current_security();
210
211 return tsec->sid;
212}
213
214
215
216static int inode_alloc_security(struct inode *inode)
217{
218 struct inode_security_struct *isec;
219 u32 sid = current_sid();
220
221 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
222 if (!isec)
223 return -ENOMEM;
224
225 mutex_init(&isec->lock);
226 INIT_LIST_HEAD(&isec->list);
227 isec->inode = inode;
228 isec->sid = SECINITSID_UNLABELED;
229 isec->sclass = SECCLASS_FILE;
230 isec->task_sid = sid;
231 inode->i_security = isec;
232
233 return 0;
234}
235
236static void inode_free_rcu(struct rcu_head *head)
237{
238 struct inode_security_struct *isec;
239
240 isec = container_of(head, struct inode_security_struct, rcu);
241 kmem_cache_free(sel_inode_cache, isec);
242}
243
244static void inode_free_security(struct inode *inode)
245{
246 struct inode_security_struct *isec = inode->i_security;
247 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
248
249 spin_lock(&sbsec->isec_lock);
250 if (!list_empty(&isec->list))
251 list_del_init(&isec->list);
252 spin_unlock(&sbsec->isec_lock);
253
254
255
256
257
258
259
260
261
262
263 call_rcu(&isec->rcu, inode_free_rcu);
264}
265
266static int file_alloc_security(struct file *file)
267{
268 struct file_security_struct *fsec;
269 u32 sid = current_sid();
270
271 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
272 if (!fsec)
273 return -ENOMEM;
274
275 fsec->sid = sid;
276 fsec->fown_sid = sid;
277 file->f_security = fsec;
278
279 return 0;
280}
281
282static void file_free_security(struct file *file)
283{
284 struct file_security_struct *fsec = file->f_security;
285 file->f_security = NULL;
286 kfree(fsec);
287}
288
289static int superblock_alloc_security(struct super_block *sb)
290{
291 struct superblock_security_struct *sbsec;
292
293 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
294 if (!sbsec)
295 return -ENOMEM;
296
297 mutex_init(&sbsec->lock);
298 INIT_LIST_HEAD(&sbsec->isec_head);
299 spin_lock_init(&sbsec->isec_lock);
300 sbsec->sb = sb;
301 sbsec->sid = SECINITSID_UNLABELED;
302 sbsec->def_sid = SECINITSID_FILE;
303 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
304 sb->s_security = sbsec;
305
306 return 0;
307}
308
309static void superblock_free_security(struct super_block *sb)
310{
311 struct superblock_security_struct *sbsec = sb->s_security;
312 sb->s_security = NULL;
313 kfree(sbsec);
314}
315
316
317
318static const char *labeling_behaviors[7] = {
319 "uses xattr",
320 "uses transition SIDs",
321 "uses task SIDs",
322 "uses genfs_contexts",
323 "not configured for labeling",
324 "uses mountpoint labeling",
325 "uses native labeling",
326};
327
328static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
329
330static inline int inode_doinit(struct inode *inode)
331{
332 return inode_doinit_with_dentry(inode, NULL);
333}
334
335enum {
336 Opt_error = -1,
337 Opt_context = 1,
338 Opt_fscontext = 2,
339 Opt_defcontext = 3,
340 Opt_rootcontext = 4,
341 Opt_labelsupport = 5,
342 Opt_nextmntopt = 6,
343};
344
345#define NUM_SEL_MNT_OPTS (Opt_nextmntopt - 1)
346
347static const match_table_t tokens = {
348 {Opt_context, CONTEXT_STR "%s"},
349 {Opt_fscontext, FSCONTEXT_STR "%s"},
350 {Opt_defcontext, DEFCONTEXT_STR "%s"},
351 {Opt_rootcontext, ROOTCONTEXT_STR "%s"},
352 {Opt_labelsupport, LABELSUPP_STR},
353 {Opt_error, NULL},
354};
355
356#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
357
358static int may_context_mount_sb_relabel(u32 sid,
359 struct superblock_security_struct *sbsec,
360 const struct cred *cred)
361{
362 const struct task_security_struct *tsec = cred->security;
363 int rc;
364
365 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
366 FILESYSTEM__RELABELFROM, NULL);
367 if (rc)
368 return rc;
369
370 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
371 FILESYSTEM__RELABELTO, NULL);
372 return rc;
373}
374
375static int may_context_mount_inode_relabel(u32 sid,
376 struct superblock_security_struct *sbsec,
377 const struct cred *cred)
378{
379 const struct task_security_struct *tsec = cred->security;
380 int rc;
381 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
382 FILESYSTEM__RELABELFROM, NULL);
383 if (rc)
384 return rc;
385
386 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
387 FILESYSTEM__ASSOCIATE, NULL);
388 return rc;
389}
390
391static int selinux_is_sblabel_mnt(struct super_block *sb)
392{
393 struct superblock_security_struct *sbsec = sb->s_security;
394
395 if (sbsec->behavior == SECURITY_FS_USE_XATTR ||
396 sbsec->behavior == SECURITY_FS_USE_TRANS ||
397 sbsec->behavior == SECURITY_FS_USE_TASK)
398 return 1;
399
400
401 if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
402 return 1;
403
404
405
406
407
408 if (strncmp(sb->s_type->name, "rootfs", sizeof("rootfs")) == 0)
409 return 1;
410
411 return 0;
412}
413
414static int sb_finish_set_opts(struct super_block *sb)
415{
416 struct superblock_security_struct *sbsec = sb->s_security;
417 struct dentry *root = sb->s_root;
418 struct inode *root_inode = root->d_inode;
419 int rc = 0;
420
421 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
422
423
424
425
426
427 if (!root_inode->i_op->getxattr) {
428 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
429 "xattr support\n", sb->s_id, sb->s_type->name);
430 rc = -EOPNOTSUPP;
431 goto out;
432 }
433 rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
434 if (rc < 0 && rc != -ENODATA) {
435 if (rc == -EOPNOTSUPP)
436 printk(KERN_WARNING "SELinux: (dev %s, type "
437 "%s) has no security xattr handler\n",
438 sb->s_id, sb->s_type->name);
439 else
440 printk(KERN_WARNING "SELinux: (dev %s, type "
441 "%s) getxattr errno %d\n", sb->s_id,
442 sb->s_type->name, -rc);
443 goto out;
444 }
445 }
446
447 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
448 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
449 sb->s_id, sb->s_type->name);
450 else
451 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
452 sb->s_id, sb->s_type->name,
453 labeling_behaviors[sbsec->behavior-1]);
454
455 sbsec->flags |= SE_SBINITIALIZED;
456 if (selinux_is_sblabel_mnt(sb))
457 sbsec->flags |= SBLABEL_MNT;
458
459
460 rc = inode_doinit_with_dentry(root_inode, root);
461
462
463
464
465
466 spin_lock(&sbsec->isec_lock);
467next_inode:
468 if (!list_empty(&sbsec->isec_head)) {
469 struct inode_security_struct *isec =
470 list_entry(sbsec->isec_head.next,
471 struct inode_security_struct, list);
472 struct inode *inode = isec->inode;
473 spin_unlock(&sbsec->isec_lock);
474 inode = igrab(inode);
475 if (inode) {
476 if (!IS_PRIVATE(inode))
477 inode_doinit(inode);
478 iput(inode);
479 }
480 spin_lock(&sbsec->isec_lock);
481 list_del_init(&isec->list);
482 goto next_inode;
483 }
484 spin_unlock(&sbsec->isec_lock);
485out:
486 return rc;
487}
488
489
490
491
492
493
494static int selinux_get_mnt_opts(const struct super_block *sb,
495 struct security_mnt_opts *opts)
496{
497 int rc = 0, i;
498 struct superblock_security_struct *sbsec = sb->s_security;
499 char *context = NULL;
500 u32 len;
501 char tmp;
502
503 security_init_mnt_opts(opts);
504
505 if (!(sbsec->flags & SE_SBINITIALIZED))
506 return -EINVAL;
507
508 if (!ss_initialized)
509 return -EINVAL;
510
511
512 BUILD_BUG_ON(SE_MNTMASK >= (1 << NUM_SEL_MNT_OPTS));
513
514 tmp = sbsec->flags & SE_MNTMASK;
515
516 for (i = 0; i < NUM_SEL_MNT_OPTS; i++) {
517 if (tmp & 0x01)
518 opts->num_mnt_opts++;
519 tmp >>= 1;
520 }
521
522 if (sbsec->flags & SBLABEL_MNT)
523 opts->num_mnt_opts++;
524
525 opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
526 if (!opts->mnt_opts) {
527 rc = -ENOMEM;
528 goto out_free;
529 }
530
531 opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);
532 if (!opts->mnt_opts_flags) {
533 rc = -ENOMEM;
534 goto out_free;
535 }
536
537 i = 0;
538 if (sbsec->flags & FSCONTEXT_MNT) {
539 rc = security_sid_to_context(sbsec->sid, &context, &len);
540 if (rc)
541 goto out_free;
542 opts->mnt_opts[i] = context;
543 opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
544 }
545 if (sbsec->flags & CONTEXT_MNT) {
546 rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
547 if (rc)
548 goto out_free;
549 opts->mnt_opts[i] = context;
550 opts->mnt_opts_flags[i++] = CONTEXT_MNT;
551 }
552 if (sbsec->flags & DEFCONTEXT_MNT) {
553 rc = security_sid_to_context(sbsec->def_sid, &context, &len);
554 if (rc)
555 goto out_free;
556 opts->mnt_opts[i] = context;
557 opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;
558 }
559 if (sbsec->flags & ROOTCONTEXT_MNT) {
560 struct inode *root = sbsec->sb->s_root->d_inode;
561 struct inode_security_struct *isec = root->i_security;
562
563 rc = security_sid_to_context(isec->sid, &context, &len);
564 if (rc)
565 goto out_free;
566 opts->mnt_opts[i] = context;
567 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
568 }
569 if (sbsec->flags & SBLABEL_MNT) {
570 opts->mnt_opts[i] = NULL;
571 opts->mnt_opts_flags[i++] = SBLABEL_MNT;
572 }
573
574 BUG_ON(i != opts->num_mnt_opts);
575
576 return 0;
577
578out_free:
579 security_free_mnt_opts(opts);
580 return rc;
581}
582
583static int bad_option(struct superblock_security_struct *sbsec, char flag,
584 u32 old_sid, u32 new_sid)
585{
586 char mnt_flags = sbsec->flags & SE_MNTMASK;
587
588
589 if (sbsec->flags & SE_SBINITIALIZED)
590 if (!(sbsec->flags & flag) ||
591 (old_sid != new_sid))
592 return 1;
593
594
595
596
597 if (!(sbsec->flags & SE_SBINITIALIZED))
598 if (mnt_flags & flag)
599 return 1;
600 return 0;
601}
602
603
604
605
606
607static int selinux_set_mnt_opts(struct super_block *sb,
608 struct security_mnt_opts *opts,
609 unsigned long kern_flags,
610 unsigned long *set_kern_flags)
611{
612 const struct cred *cred = current_cred();
613 int rc = 0, i;
614 struct superblock_security_struct *sbsec = sb->s_security;
615 const char *name = sb->s_type->name;
616 struct inode *inode = sbsec->sb->s_root->d_inode;
617 struct inode_security_struct *root_isec = inode->i_security;
618 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
619 u32 defcontext_sid = 0;
620 char **mount_options = opts->mnt_opts;
621 int *flags = opts->mnt_opts_flags;
622 int num_opts = opts->num_mnt_opts;
623
624 mutex_lock(&sbsec->lock);
625
626 if (!ss_initialized) {
627 if (!num_opts) {
628
629
630
631 goto out;
632 }
633 rc = -EINVAL;
634 printk(KERN_WARNING "SELinux: Unable to set superblock options "
635 "before the security server is initialized\n");
636 goto out;
637 }
638 if (kern_flags && !set_kern_flags) {
639
640
641 rc = -EINVAL;
642 goto out;
643 }
644
645
646
647
648
649
650
651
652
653
654
655
656 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
657 && (num_opts == 0))
658 goto out;
659
660
661
662
663
664
665 for (i = 0; i < num_opts; i++) {
666 u32 sid;
667
668 if (flags[i] == SBLABEL_MNT)
669 continue;
670 rc = security_context_to_sid(mount_options[i],
671 strlen(mount_options[i]), &sid, GFP_KERNEL);
672 if (rc) {
673 printk(KERN_WARNING "SELinux: security_context_to_sid"
674 "(%s) failed for (dev %s, type %s) errno=%d\n",
675 mount_options[i], sb->s_id, name, rc);
676 goto out;
677 }
678 switch (flags[i]) {
679 case FSCONTEXT_MNT:
680 fscontext_sid = sid;
681
682 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
683 fscontext_sid))
684 goto out_double_mount;
685
686 sbsec->flags |= FSCONTEXT_MNT;
687 break;
688 case CONTEXT_MNT:
689 context_sid = sid;
690
691 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
692 context_sid))
693 goto out_double_mount;
694
695 sbsec->flags |= CONTEXT_MNT;
696 break;
697 case ROOTCONTEXT_MNT:
698 rootcontext_sid = sid;
699
700 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
701 rootcontext_sid))
702 goto out_double_mount;
703
704 sbsec->flags |= ROOTCONTEXT_MNT;
705
706 break;
707 case DEFCONTEXT_MNT:
708 defcontext_sid = sid;
709
710 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
711 defcontext_sid))
712 goto out_double_mount;
713
714 sbsec->flags |= DEFCONTEXT_MNT;
715
716 break;
717 default:
718 rc = -EINVAL;
719 goto out;
720 }
721 }
722
723 if (sbsec->flags & SE_SBINITIALIZED) {
724
725 if ((sbsec->flags & SE_MNTMASK) && !num_opts)
726 goto out_double_mount;
727 rc = 0;
728 goto out;
729 }
730
731 if (strcmp(sb->s_type->name, "proc") == 0)
732 sbsec->flags |= SE_SBPROC;
733
734 if (!sbsec->behavior) {
735
736
737
738
739 rc = security_fs_use(sb);
740 if (rc) {
741 printk(KERN_WARNING
742 "%s: security_fs_use(%s) returned %d\n",
743 __func__, sb->s_type->name, rc);
744 goto out;
745 }
746 }
747
748 if (fscontext_sid) {
749 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
750 if (rc)
751 goto out;
752
753 sbsec->sid = fscontext_sid;
754 }
755
756
757
758
759
760
761 if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !context_sid) {
762 sbsec->behavior = SECURITY_FS_USE_NATIVE;
763 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
764 }
765
766 if (context_sid) {
767 if (!fscontext_sid) {
768 rc = may_context_mount_sb_relabel(context_sid, sbsec,
769 cred);
770 if (rc)
771 goto out;
772 sbsec->sid = context_sid;
773 } else {
774 rc = may_context_mount_inode_relabel(context_sid, sbsec,
775 cred);
776 if (rc)
777 goto out;
778 }
779 if (!rootcontext_sid)
780 rootcontext_sid = context_sid;
781
782 sbsec->mntpoint_sid = context_sid;
783 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
784 }
785
786 if (rootcontext_sid) {
787 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
788 cred);
789 if (rc)
790 goto out;
791
792 root_isec->sid = rootcontext_sid;
793 root_isec->initialized = 1;
794 }
795
796 if (defcontext_sid) {
797 if (sbsec->behavior != SECURITY_FS_USE_XATTR &&
798 sbsec->behavior != SECURITY_FS_USE_NATIVE) {
799 rc = -EINVAL;
800 printk(KERN_WARNING "SELinux: defcontext option is "
801 "invalid for this filesystem type\n");
802 goto out;
803 }
804
805 if (defcontext_sid != sbsec->def_sid) {
806 rc = may_context_mount_inode_relabel(defcontext_sid,
807 sbsec, cred);
808 if (rc)
809 goto out;
810 }
811
812 sbsec->def_sid = defcontext_sid;
813 }
814
815 rc = sb_finish_set_opts(sb);
816out:
817 mutex_unlock(&sbsec->lock);
818 return rc;
819out_double_mount:
820 rc = -EINVAL;
821 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
822 "security settings for (dev %s, type %s)\n", sb->s_id, name);
823 goto out;
824}
825
826static int selinux_cmp_sb_context(const struct super_block *oldsb,
827 const struct super_block *newsb)
828{
829 struct superblock_security_struct *old = oldsb->s_security;
830 struct superblock_security_struct *new = newsb->s_security;
831 char oldflags = old->flags & SE_MNTMASK;
832 char newflags = new->flags & SE_MNTMASK;
833
834 if (oldflags != newflags)
835 goto mismatch;
836 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid)
837 goto mismatch;
838 if ((oldflags & CONTEXT_MNT) && old->mntpoint_sid != new->mntpoint_sid)
839 goto mismatch;
840 if ((oldflags & DEFCONTEXT_MNT) && old->def_sid != new->def_sid)
841 goto mismatch;
842 if (oldflags & ROOTCONTEXT_MNT) {
843 struct inode_security_struct *oldroot = oldsb->s_root->d_inode->i_security;
844 struct inode_security_struct *newroot = newsb->s_root->d_inode->i_security;
845 if (oldroot->sid != newroot->sid)
846 goto mismatch;
847 }
848 return 0;
849mismatch:
850 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, "
851 "different security settings for (dev %s, "
852 "type %s)\n", newsb->s_id, newsb->s_type->name);
853 return -EBUSY;
854}
855
856static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
857 struct super_block *newsb)
858{
859 const struct superblock_security_struct *oldsbsec = oldsb->s_security;
860 struct superblock_security_struct *newsbsec = newsb->s_security;
861
862 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
863 int set_context = (oldsbsec->flags & CONTEXT_MNT);
864 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
865
866
867
868
869
870 if (!ss_initialized)
871 return 0;
872
873
874 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
875
876
877 if (newsbsec->flags & SE_SBINITIALIZED)
878 return selinux_cmp_sb_context(oldsb, newsb);
879
880 mutex_lock(&newsbsec->lock);
881
882 newsbsec->flags = oldsbsec->flags;
883
884 newsbsec->sid = oldsbsec->sid;
885 newsbsec->def_sid = oldsbsec->def_sid;
886 newsbsec->behavior = oldsbsec->behavior;
887
888 if (set_context) {
889 u32 sid = oldsbsec->mntpoint_sid;
890
891 if (!set_fscontext)
892 newsbsec->sid = sid;
893 if (!set_rootcontext) {
894 struct inode *newinode = newsb->s_root->d_inode;
895 struct inode_security_struct *newisec = newinode->i_security;
896 newisec->sid = sid;
897 }
898 newsbsec->mntpoint_sid = sid;
899 }
900 if (set_rootcontext) {
901 const struct inode *oldinode = oldsb->s_root->d_inode;
902 const struct inode_security_struct *oldisec = oldinode->i_security;
903 struct inode *newinode = newsb->s_root->d_inode;
904 struct inode_security_struct *newisec = newinode->i_security;
905
906 newisec->sid = oldisec->sid;
907 }
908
909 sb_finish_set_opts(newsb);
910 mutex_unlock(&newsbsec->lock);
911 return 0;
912}
913
914static int selinux_parse_opts_str(char *options,
915 struct security_mnt_opts *opts)
916{
917 char *p;
918 char *context = NULL, *defcontext = NULL;
919 char *fscontext = NULL, *rootcontext = NULL;
920 int rc, num_mnt_opts = 0;
921
922 opts->num_mnt_opts = 0;
923
924
925 while ((p = strsep(&options, "|")) != NULL) {
926 int token;
927 substring_t args[MAX_OPT_ARGS];
928
929 if (!*p)
930 continue;
931
932 token = match_token(p, tokens, args);
933
934 switch (token) {
935 case Opt_context:
936 if (context || defcontext) {
937 rc = -EINVAL;
938 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
939 goto out_err;
940 }
941 context = match_strdup(&args[0]);
942 if (!context) {
943 rc = -ENOMEM;
944 goto out_err;
945 }
946 break;
947
948 case Opt_fscontext:
949 if (fscontext) {
950 rc = -EINVAL;
951 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
952 goto out_err;
953 }
954 fscontext = match_strdup(&args[0]);
955 if (!fscontext) {
956 rc = -ENOMEM;
957 goto out_err;
958 }
959 break;
960
961 case Opt_rootcontext:
962 if (rootcontext) {
963 rc = -EINVAL;
964 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
965 goto out_err;
966 }
967 rootcontext = match_strdup(&args[0]);
968 if (!rootcontext) {
969 rc = -ENOMEM;
970 goto out_err;
971 }
972 break;
973
974 case Opt_defcontext:
975 if (context || defcontext) {
976 rc = -EINVAL;
977 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
978 goto out_err;
979 }
980 defcontext = match_strdup(&args[0]);
981 if (!defcontext) {
982 rc = -ENOMEM;
983 goto out_err;
984 }
985 break;
986 case Opt_labelsupport:
987 break;
988 default:
989 rc = -EINVAL;
990 printk(KERN_WARNING "SELinux: unknown mount option\n");
991 goto out_err;
992
993 }
994 }
995
996 rc = -ENOMEM;
997 opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC);
998 if (!opts->mnt_opts)
999 goto out_err;
1000
1001 opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC);
1002 if (!opts->mnt_opts_flags) {
1003 kfree(opts->mnt_opts);
1004 goto out_err;
1005 }
1006
1007 if (fscontext) {
1008 opts->mnt_opts[num_mnt_opts] = fscontext;
1009 opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;
1010 }
1011 if (context) {
1012 opts->mnt_opts[num_mnt_opts] = context;
1013 opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;
1014 }
1015 if (rootcontext) {
1016 opts->mnt_opts[num_mnt_opts] = rootcontext;
1017 opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;
1018 }
1019 if (defcontext) {
1020 opts->mnt_opts[num_mnt_opts] = defcontext;
1021 opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;
1022 }
1023
1024 opts->num_mnt_opts = num_mnt_opts;
1025 return 0;
1026
1027out_err:
1028 kfree(context);
1029 kfree(defcontext);
1030 kfree(fscontext);
1031 kfree(rootcontext);
1032 return rc;
1033}
1034
1035
1036
1037static int superblock_doinit(struct super_block *sb, void *data)
1038{
1039 int rc = 0;
1040 char *options = data;
1041 struct security_mnt_opts opts;
1042
1043 security_init_mnt_opts(&opts);
1044
1045 if (!data)
1046 goto out;
1047
1048 BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
1049
1050 rc = selinux_parse_opts_str(options, &opts);
1051 if (rc)
1052 goto out_err;
1053
1054out:
1055 rc = selinux_set_mnt_opts(sb, &opts, 0, NULL);
1056
1057out_err:
1058 security_free_mnt_opts(&opts);
1059 return rc;
1060}
1061
1062static void selinux_write_opts(struct seq_file *m,
1063 struct security_mnt_opts *opts)
1064{
1065 int i;
1066 char *prefix;
1067
1068 for (i = 0; i < opts->num_mnt_opts; i++) {
1069 char *has_comma;
1070
1071 if (opts->mnt_opts[i])
1072 has_comma = strchr(opts->mnt_opts[i], ',');
1073 else
1074 has_comma = NULL;
1075
1076 switch (opts->mnt_opts_flags[i]) {
1077 case CONTEXT_MNT:
1078 prefix = CONTEXT_STR;
1079 break;
1080 case FSCONTEXT_MNT:
1081 prefix = FSCONTEXT_STR;
1082 break;
1083 case ROOTCONTEXT_MNT:
1084 prefix = ROOTCONTEXT_STR;
1085 break;
1086 case DEFCONTEXT_MNT:
1087 prefix = DEFCONTEXT_STR;
1088 break;
1089 case SBLABEL_MNT:
1090 seq_putc(m, ',');
1091 seq_puts(m, LABELSUPP_STR);
1092 continue;
1093 default:
1094 BUG();
1095 return;
1096 };
1097
1098 seq_putc(m, ',');
1099 seq_puts(m, prefix);
1100 if (has_comma)
1101 seq_putc(m, '\"');
1102 seq_puts(m, opts->mnt_opts[i]);
1103 if (has_comma)
1104 seq_putc(m, '\"');
1105 }
1106}
1107
1108static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
1109{
1110 struct security_mnt_opts opts;
1111 int rc;
1112
1113 rc = selinux_get_mnt_opts(sb, &opts);
1114 if (rc) {
1115
1116 if (rc == -EINVAL)
1117 rc = 0;
1118 return rc;
1119 }
1120
1121 selinux_write_opts(m, &opts);
1122
1123 security_free_mnt_opts(&opts);
1124
1125 return rc;
1126}
1127
1128static inline u16 inode_mode_to_security_class(umode_t mode)
1129{
1130 switch (mode & S_IFMT) {
1131 case S_IFSOCK:
1132 return SECCLASS_SOCK_FILE;
1133 case S_IFLNK:
1134 return SECCLASS_LNK_FILE;
1135 case S_IFREG:
1136 return SECCLASS_FILE;
1137 case S_IFBLK:
1138 return SECCLASS_BLK_FILE;
1139 case S_IFDIR:
1140 return SECCLASS_DIR;
1141 case S_IFCHR:
1142 return SECCLASS_CHR_FILE;
1143 case S_IFIFO:
1144 return SECCLASS_FIFO_FILE;
1145
1146 }
1147
1148 return SECCLASS_FILE;
1149}
1150
1151static inline int default_protocol_stream(int protocol)
1152{
1153 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
1154}
1155
1156static inline int default_protocol_dgram(int protocol)
1157{
1158 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
1159}
1160
1161static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1162{
1163 switch (family) {
1164 case PF_UNIX:
1165 switch (type) {
1166 case SOCK_STREAM:
1167 case SOCK_SEQPACKET:
1168 return SECCLASS_UNIX_STREAM_SOCKET;
1169 case SOCK_DGRAM:
1170 return SECCLASS_UNIX_DGRAM_SOCKET;
1171 }
1172 break;
1173 case PF_INET:
1174 case PF_INET6:
1175 switch (type) {
1176 case SOCK_STREAM:
1177 if (default_protocol_stream(protocol))
1178 return SECCLASS_TCP_SOCKET;
1179 else
1180 return SECCLASS_RAWIP_SOCKET;
1181 case SOCK_DGRAM:
1182 if (default_protocol_dgram(protocol))
1183 return SECCLASS_UDP_SOCKET;
1184 else
1185 return SECCLASS_RAWIP_SOCKET;
1186 case SOCK_DCCP:
1187 return SECCLASS_DCCP_SOCKET;
1188 default:
1189 return SECCLASS_RAWIP_SOCKET;
1190 }
1191 break;
1192 case PF_NETLINK:
1193 switch (protocol) {
1194 case NETLINK_ROUTE:
1195 return SECCLASS_NETLINK_ROUTE_SOCKET;
1196 case NETLINK_FIREWALL:
1197 return SECCLASS_NETLINK_FIREWALL_SOCKET;
1198 case NETLINK_SOCK_DIAG:
1199 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1200 case NETLINK_NFLOG:
1201 return SECCLASS_NETLINK_NFLOG_SOCKET;
1202 case NETLINK_XFRM:
1203 return SECCLASS_NETLINK_XFRM_SOCKET;
1204 case NETLINK_SELINUX:
1205 return SECCLASS_NETLINK_SELINUX_SOCKET;
1206 case NETLINK_AUDIT:
1207 return SECCLASS_NETLINK_AUDIT_SOCKET;
1208 case NETLINK_IP6_FW:
1209 return SECCLASS_NETLINK_IP6FW_SOCKET;
1210 case NETLINK_DNRTMSG:
1211 return SECCLASS_NETLINK_DNRT_SOCKET;
1212 case NETLINK_KOBJECT_UEVENT:
1213 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1214 default:
1215 return SECCLASS_NETLINK_SOCKET;
1216 }
1217 case PF_PACKET:
1218 return SECCLASS_PACKET_SOCKET;
1219 case PF_KEY:
1220 return SECCLASS_KEY_SOCKET;
1221 case PF_APPLETALK:
1222 return SECCLASS_APPLETALK_SOCKET;
1223 }
1224
1225 return SECCLASS_SOCKET;
1226}
1227
1228#ifdef CONFIG_PROC_FS
1229static int selinux_proc_get_sid(struct dentry *dentry,
1230 u16 tclass,
1231 u32 *sid)
1232{
1233 int rc;
1234 char *buffer, *path;
1235
1236 buffer = (char *)__get_free_page(GFP_KERNEL);
1237 if (!buffer)
1238 return -ENOMEM;
1239
1240 path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
1241 if (IS_ERR(path))
1242 rc = PTR_ERR(path);
1243 else {
1244
1245
1246
1247 while (path[1] >= '0' && path[1] <= '9') {
1248 path[1] = '/';
1249 path++;
1250 }
1251 rc = security_genfs_sid("proc", path, tclass, sid);
1252 }
1253 free_page((unsigned long)buffer);
1254 return rc;
1255}
1256#else
1257static int selinux_proc_get_sid(struct dentry *dentry,
1258 u16 tclass,
1259 u32 *sid)
1260{
1261 return -EINVAL;
1262}
1263#endif
1264
1265
1266static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1267{
1268 struct superblock_security_struct *sbsec = NULL;
1269 struct inode_security_struct *isec = inode->i_security;
1270 u32 sid;
1271 struct dentry *dentry;
1272#define INITCONTEXTLEN 255
1273 char *context = NULL;
1274 unsigned len = 0;
1275 int rc = 0;
1276
1277 if (isec->initialized)
1278 goto out;
1279
1280 mutex_lock(&isec->lock);
1281 if (isec->initialized)
1282 goto out_unlock;
1283
1284 sbsec = inode->i_sb->s_security;
1285 if (!(sbsec->flags & SE_SBINITIALIZED)) {
1286
1287
1288
1289 spin_lock(&sbsec->isec_lock);
1290 if (list_empty(&isec->list))
1291 list_add(&isec->list, &sbsec->isec_head);
1292 spin_unlock(&sbsec->isec_lock);
1293 goto out_unlock;
1294 }
1295
1296 switch (sbsec->behavior) {
1297 case SECURITY_FS_USE_NATIVE:
1298 break;
1299 case SECURITY_FS_USE_XATTR:
1300 if (!inode->i_op->getxattr) {
1301 isec->sid = sbsec->def_sid;
1302 break;
1303 }
1304
1305
1306
1307 if (opt_dentry) {
1308
1309 dentry = dget(opt_dentry);
1310 } else {
1311
1312 dentry = d_find_alias(inode);
1313 }
1314 if (!dentry) {
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324 goto out_unlock;
1325 }
1326
1327 len = INITCONTEXTLEN;
1328 context = kmalloc(len+1, GFP_NOFS);
1329 if (!context) {
1330 rc = -ENOMEM;
1331 dput(dentry);
1332 goto out_unlock;
1333 }
1334 context[len] = '\0';
1335 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1336 context, len);
1337 if (rc == -ERANGE) {
1338 kfree(context);
1339
1340
1341 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1342 NULL, 0);
1343 if (rc < 0) {
1344 dput(dentry);
1345 goto out_unlock;
1346 }
1347 len = rc;
1348 context = kmalloc(len+1, GFP_NOFS);
1349 if (!context) {
1350 rc = -ENOMEM;
1351 dput(dentry);
1352 goto out_unlock;
1353 }
1354 context[len] = '\0';
1355 rc = inode->i_op->getxattr(dentry,
1356 XATTR_NAME_SELINUX,
1357 context, len);
1358 }
1359 dput(dentry);
1360 if (rc < 0) {
1361 if (rc != -ENODATA) {
1362 printk(KERN_WARNING "SELinux: %s: getxattr returned "
1363 "%d for dev=%s ino=%ld\n", __func__,
1364 -rc, inode->i_sb->s_id, inode->i_ino);
1365 kfree(context);
1366 goto out_unlock;
1367 }
1368
1369 sid = sbsec->def_sid;
1370 rc = 0;
1371 } else {
1372 rc = security_context_to_sid_default(context, rc, &sid,
1373 sbsec->def_sid,
1374 GFP_NOFS);
1375 if (rc) {
1376 char *dev = inode->i_sb->s_id;
1377 unsigned long ino = inode->i_ino;
1378
1379 if (rc == -EINVAL) {
1380 if (printk_ratelimit())
1381 printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
1382 "context=%s. This indicates you may need to relabel the inode or the "
1383 "filesystem in question.\n", ino, dev, context);
1384 } else {
1385 printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
1386 "returned %d for dev=%s ino=%ld\n",
1387 __func__, context, -rc, dev, ino);
1388 }
1389 kfree(context);
1390
1391 rc = 0;
1392 break;
1393 }
1394 }
1395 kfree(context);
1396 isec->sid = sid;
1397 break;
1398 case SECURITY_FS_USE_TASK:
1399 isec->sid = isec->task_sid;
1400 break;
1401 case SECURITY_FS_USE_TRANS:
1402
1403 isec->sid = sbsec->sid;
1404
1405
1406 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1407 rc = security_transition_sid(isec->task_sid, sbsec->sid,
1408 isec->sclass, NULL, &sid);
1409 if (rc)
1410 goto out_unlock;
1411 isec->sid = sid;
1412 break;
1413 case SECURITY_FS_USE_MNTPOINT:
1414 isec->sid = sbsec->mntpoint_sid;
1415 break;
1416 default:
1417
1418 isec->sid = sbsec->sid;
1419
1420 if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
1421
1422
1423 if (opt_dentry)
1424
1425
1426 dentry = dget(opt_dentry);
1427 else
1428
1429
1430 dentry = d_find_alias(inode);
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440 if (!dentry)
1441 goto out_unlock;
1442 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1443 rc = selinux_proc_get_sid(dentry, isec->sclass, &sid);
1444 dput(dentry);
1445 if (rc)
1446 goto out_unlock;
1447 isec->sid = sid;
1448 }
1449 break;
1450 }
1451
1452 isec->initialized = 1;
1453
1454out_unlock:
1455 mutex_unlock(&isec->lock);
1456out:
1457 if (isec->sclass == SECCLASS_FILE)
1458 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1459 return rc;
1460}
1461
1462
1463static inline u32 signal_to_av(int sig)
1464{
1465 u32 perm = 0;
1466
1467 switch (sig) {
1468 case SIGCHLD:
1469
1470 perm = PROCESS__SIGCHLD;
1471 break;
1472 case SIGKILL:
1473
1474 perm = PROCESS__SIGKILL;
1475 break;
1476 case SIGSTOP:
1477
1478 perm = PROCESS__SIGSTOP;
1479 break;
1480 default:
1481
1482 perm = PROCESS__SIGNAL;
1483 break;
1484 }
1485
1486 return perm;
1487}
1488
1489
1490
1491
1492
1493static int cred_has_perm(const struct cred *actor,
1494 const struct cred *target,
1495 u32 perms)
1496{
1497 u32 asid = cred_sid(actor), tsid = cred_sid(target);
1498
1499 return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL);
1500}
1501
1502
1503
1504
1505
1506
1507
1508static int task_has_perm(const struct task_struct *tsk1,
1509 const struct task_struct *tsk2,
1510 u32 perms)
1511{
1512 const struct task_security_struct *__tsec1, *__tsec2;
1513 u32 sid1, sid2;
1514
1515 rcu_read_lock();
1516 __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid;
1517 __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid;
1518 rcu_read_unlock();
1519 return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL);
1520}
1521
1522
1523
1524
1525
1526
1527
1528static int current_has_perm(const struct task_struct *tsk,
1529 u32 perms)
1530{
1531 u32 sid, tsid;
1532
1533 sid = current_sid();
1534 tsid = task_sid(tsk);
1535 return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL);
1536}
1537
1538#if CAP_LAST_CAP > 63
1539#error Fix SELinux to handle capabilities > 63.
1540#endif
1541
1542
1543static int cred_has_capability(const struct cred *cred,
1544 int cap, int audit)
1545{
1546 struct common_audit_data ad;
1547 struct av_decision avd;
1548 u16 sclass;
1549 u32 sid = cred_sid(cred);
1550 u32 av = CAP_TO_MASK(cap);
1551 int rc;
1552
1553 ad.type = LSM_AUDIT_DATA_CAP;
1554 ad.u.cap = cap;
1555
1556 switch (CAP_TO_INDEX(cap)) {
1557 case 0:
1558 sclass = SECCLASS_CAPABILITY;
1559 break;
1560 case 1:
1561 sclass = SECCLASS_CAPABILITY2;
1562 break;
1563 default:
1564 printk(KERN_ERR
1565 "SELinux: out of range capability %d\n", cap);
1566 BUG();
1567 return -EINVAL;
1568 }
1569
1570 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
1571 if (audit == SECURITY_CAP_AUDIT) {
1572 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad);
1573 if (rc2)
1574 return rc2;
1575 }
1576 return rc;
1577}
1578
1579
1580static int task_has_system(struct task_struct *tsk,
1581 u32 perms)
1582{
1583 u32 sid = task_sid(tsk);
1584
1585 return avc_has_perm(sid, SECINITSID_KERNEL,
1586 SECCLASS_SYSTEM, perms, NULL);
1587}
1588
1589
1590
1591
1592static int inode_has_perm(const struct cred *cred,
1593 struct inode *inode,
1594 u32 perms,
1595 struct common_audit_data *adp)
1596{
1597 struct inode_security_struct *isec;
1598 u32 sid;
1599
1600 validate_creds(cred);
1601
1602 if (unlikely(IS_PRIVATE(inode)))
1603 return 0;
1604
1605 sid = cred_sid(cred);
1606 isec = inode->i_security;
1607
1608 return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);
1609}
1610
1611
1612
1613
1614static inline int dentry_has_perm(const struct cred *cred,
1615 struct dentry *dentry,
1616 u32 av)
1617{
1618 struct inode *inode = dentry->d_inode;
1619 struct common_audit_data ad;
1620
1621 ad.type = LSM_AUDIT_DATA_DENTRY;
1622 ad.u.dentry = dentry;
1623 return inode_has_perm(cred, inode, av, &ad);
1624}
1625
1626
1627
1628
1629static inline int path_has_perm(const struct cred *cred,
1630 struct path *path,
1631 u32 av)
1632{
1633 struct inode *inode = path->dentry->d_inode;
1634 struct common_audit_data ad;
1635
1636 ad.type = LSM_AUDIT_DATA_PATH;
1637 ad.u.path = *path;
1638 return inode_has_perm(cred, inode, av, &ad);
1639}
1640
1641
1642static inline int file_path_has_perm(const struct cred *cred,
1643 struct file *file,
1644 u32 av)
1645{
1646 struct common_audit_data ad;
1647
1648 ad.type = LSM_AUDIT_DATA_PATH;
1649 ad.u.path = file->f_path;
1650 return inode_has_perm(cred, file_inode(file), av, &ad);
1651}
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661static int file_has_perm(const struct cred *cred,
1662 struct file *file,
1663 u32 av)
1664{
1665 struct file_security_struct *fsec = file->f_security;
1666 struct inode *inode = file_inode(file);
1667 struct common_audit_data ad;
1668 u32 sid = cred_sid(cred);
1669 int rc;
1670
1671 ad.type = LSM_AUDIT_DATA_PATH;
1672 ad.u.path = file->f_path;
1673
1674 if (sid != fsec->sid) {
1675 rc = avc_has_perm(sid, fsec->sid,
1676 SECCLASS_FD,
1677 FD__USE,
1678 &ad);
1679 if (rc)
1680 goto out;
1681 }
1682
1683
1684 rc = 0;
1685 if (av)
1686 rc = inode_has_perm(cred, inode, av, &ad);
1687
1688out:
1689 return rc;
1690}
1691
1692
1693static int may_create(struct inode *dir,
1694 struct dentry *dentry,
1695 u16 tclass)
1696{
1697 const struct task_security_struct *tsec = current_security();
1698 struct inode_security_struct *dsec;
1699 struct superblock_security_struct *sbsec;
1700 u32 sid, newsid;
1701 struct common_audit_data ad;
1702 int rc;
1703
1704 dsec = dir->i_security;
1705 sbsec = dir->i_sb->s_security;
1706
1707 sid = tsec->sid;
1708 newsid = tsec->create_sid;
1709
1710 ad.type = LSM_AUDIT_DATA_DENTRY;
1711 ad.u.dentry = dentry;
1712
1713 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
1714 DIR__ADD_NAME | DIR__SEARCH,
1715 &ad);
1716 if (rc)
1717 return rc;
1718
1719 if (!newsid || !(sbsec->flags & SBLABEL_MNT)) {
1720 rc = security_transition_sid(sid, dsec->sid, tclass,
1721 &dentry->d_name, &newsid);
1722 if (rc)
1723 return rc;
1724 }
1725
1726 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);
1727 if (rc)
1728 return rc;
1729
1730 return avc_has_perm(newsid, sbsec->sid,
1731 SECCLASS_FILESYSTEM,
1732 FILESYSTEM__ASSOCIATE, &ad);
1733}
1734
1735
1736static int may_create_key(u32 ksid,
1737 struct task_struct *ctx)
1738{
1739 u32 sid = task_sid(ctx);
1740
1741 return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1742}
1743
1744#define MAY_LINK 0
1745#define MAY_UNLINK 1
1746#define MAY_RMDIR 2
1747
1748
1749static int may_link(struct inode *dir,
1750 struct dentry *dentry,
1751 int kind)
1752
1753{
1754 struct inode_security_struct *dsec, *isec;
1755 struct common_audit_data ad;
1756 u32 sid = current_sid();
1757 u32 av;
1758 int rc;
1759
1760 dsec = dir->i_security;
1761 isec = dentry->d_inode->i_security;
1762
1763 ad.type = LSM_AUDIT_DATA_DENTRY;
1764 ad.u.dentry = dentry;
1765
1766 av = DIR__SEARCH;
1767 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1768 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);
1769 if (rc)
1770 return rc;
1771
1772 switch (kind) {
1773 case MAY_LINK:
1774 av = FILE__LINK;
1775 break;
1776 case MAY_UNLINK:
1777 av = FILE__UNLINK;
1778 break;
1779 case MAY_RMDIR:
1780 av = DIR__RMDIR;
1781 break;
1782 default:
1783 printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
1784 __func__, kind);
1785 return 0;
1786 }
1787
1788 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);
1789 return rc;
1790}
1791
1792static inline int may_rename(struct inode *old_dir,
1793 struct dentry *old_dentry,
1794 struct inode *new_dir,
1795 struct dentry *new_dentry)
1796{
1797 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1798 struct common_audit_data ad;
1799 u32 sid = current_sid();
1800 u32 av;
1801 int old_is_dir, new_is_dir;
1802 int rc;
1803
1804 old_dsec = old_dir->i_security;
1805 old_isec = old_dentry->d_inode->i_security;
1806 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
1807 new_dsec = new_dir->i_security;
1808
1809 ad.type = LSM_AUDIT_DATA_DENTRY;
1810
1811 ad.u.dentry = old_dentry;
1812 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
1813 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1814 if (rc)
1815 return rc;
1816 rc = avc_has_perm(sid, old_isec->sid,
1817 old_isec->sclass, FILE__RENAME, &ad);
1818 if (rc)
1819 return rc;
1820 if (old_is_dir && new_dir != old_dir) {
1821 rc = avc_has_perm(sid, old_isec->sid,
1822 old_isec->sclass, DIR__REPARENT, &ad);
1823 if (rc)
1824 return rc;
1825 }
1826
1827 ad.u.dentry = new_dentry;
1828 av = DIR__ADD_NAME | DIR__SEARCH;
1829 if (new_dentry->d_inode)
1830 av |= DIR__REMOVE_NAME;
1831 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1832 if (rc)
1833 return rc;
1834 if (new_dentry->d_inode) {
1835 new_isec = new_dentry->d_inode->i_security;
1836 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
1837 rc = avc_has_perm(sid, new_isec->sid,
1838 new_isec->sclass,
1839 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1840 if (rc)
1841 return rc;
1842 }
1843
1844 return 0;
1845}
1846
1847
1848static int superblock_has_perm(const struct cred *cred,
1849 struct super_block *sb,
1850 u32 perms,
1851 struct common_audit_data *ad)
1852{
1853 struct superblock_security_struct *sbsec;
1854 u32 sid = cred_sid(cred);
1855
1856 sbsec = sb->s_security;
1857 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
1858}
1859
1860
1861static inline u32 file_mask_to_av(int mode, int mask)
1862{
1863 u32 av = 0;
1864
1865 if (!S_ISDIR(mode)) {
1866 if (mask & MAY_EXEC)
1867 av |= FILE__EXECUTE;
1868 if (mask & MAY_READ)
1869 av |= FILE__READ;
1870
1871 if (mask & MAY_APPEND)
1872 av |= FILE__APPEND;
1873 else if (mask & MAY_WRITE)
1874 av |= FILE__WRITE;
1875
1876 } else {
1877 if (mask & MAY_EXEC)
1878 av |= DIR__SEARCH;
1879 if (mask & MAY_WRITE)
1880 av |= DIR__WRITE;
1881 if (mask & MAY_READ)
1882 av |= DIR__READ;
1883 }
1884
1885 return av;
1886}
1887
1888
1889static inline u32 file_to_av(struct file *file)
1890{
1891 u32 av = 0;
1892
1893 if (file->f_mode & FMODE_READ)
1894 av |= FILE__READ;
1895 if (file->f_mode & FMODE_WRITE) {
1896 if (file->f_flags & O_APPEND)
1897 av |= FILE__APPEND;
1898 else
1899 av |= FILE__WRITE;
1900 }
1901 if (!av) {
1902
1903
1904
1905 av = FILE__IOCTL;
1906 }
1907
1908 return av;
1909}
1910
1911
1912
1913
1914
1915static inline u32 open_file_to_av(struct file *file)
1916{
1917 u32 av = file_to_av(file);
1918
1919 if (selinux_policycap_openperm)
1920 av |= FILE__OPEN;
1921
1922 return av;
1923}
1924
1925
1926
1927static int selinux_ptrace_access_check(struct task_struct *child,
1928 unsigned int mode)
1929{
1930 int rc;
1931
1932 rc = cap_ptrace_access_check(child, mode);
1933 if (rc)
1934 return rc;
1935
1936 if (mode & PTRACE_MODE_READ) {
1937 u32 sid = current_sid();
1938 u32 csid = task_sid(child);
1939 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
1940 }
1941
1942 return current_has_perm(child, PROCESS__PTRACE);
1943}
1944
1945static int selinux_ptrace_traceme(struct task_struct *parent)
1946{
1947 int rc;
1948
1949 rc = cap_ptrace_traceme(parent);
1950 if (rc)
1951 return rc;
1952
1953 return task_has_perm(parent, current, PROCESS__PTRACE);
1954}
1955
1956static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
1957 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1958{
1959 int error;
1960
1961 error = current_has_perm(target, PROCESS__GETCAP);
1962 if (error)
1963 return error;
1964
1965 return cap_capget(target, effective, inheritable, permitted);
1966}
1967
1968static int selinux_capset(struct cred *new, const struct cred *old,
1969 const kernel_cap_t *effective,
1970 const kernel_cap_t *inheritable,
1971 const kernel_cap_t *permitted)
1972{
1973 int error;
1974
1975 error = cap_capset(new, old,
1976 effective, inheritable, permitted);
1977 if (error)
1978 return error;
1979
1980 return cred_has_perm(old, new, PROCESS__SETCAP);
1981}
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
1994 int cap, int audit)
1995{
1996 int rc;
1997
1998 rc = cap_capable(cred, ns, cap, audit);
1999 if (rc)
2000 return rc;
2001
2002 return cred_has_capability(cred, cap, audit);
2003}
2004
2005static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
2006{
2007 const struct cred *cred = current_cred();
2008 int rc = 0;
2009
2010 if (!sb)
2011 return 0;
2012
2013 switch (cmds) {
2014 case Q_SYNC:
2015 case Q_QUOTAON:
2016 case Q_QUOTAOFF:
2017 case Q_SETINFO:
2018 case Q_SETQUOTA:
2019 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
2020 break;
2021 case Q_GETFMT:
2022 case Q_GETINFO:
2023 case Q_GETQUOTA:
2024 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
2025 break;
2026 default:
2027 rc = 0;
2028 break;
2029 }
2030 return rc;
2031}
2032
2033static int selinux_quota_on(struct dentry *dentry)
2034{
2035 const struct cred *cred = current_cred();
2036
2037 return dentry_has_perm(cred, dentry, FILE__QUOTAON);
2038}
2039
2040static int selinux_syslog(int type)
2041{
2042 int rc;
2043
2044 switch (type) {
2045 case SYSLOG_ACTION_READ_ALL:
2046 case SYSLOG_ACTION_SIZE_BUFFER:
2047 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
2048 break;
2049 case SYSLOG_ACTION_CONSOLE_OFF:
2050 case SYSLOG_ACTION_CONSOLE_ON:
2051
2052 case SYSLOG_ACTION_CONSOLE_LEVEL:
2053 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
2054 break;
2055 case SYSLOG_ACTION_CLOSE:
2056 case SYSLOG_ACTION_OPEN:
2057 case SYSLOG_ACTION_READ:
2058 case SYSLOG_ACTION_READ_CLEAR:
2059 case SYSLOG_ACTION_CLEAR:
2060 default:
2061 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
2062 break;
2063 }
2064 return rc;
2065}
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
2076{
2077 int rc, cap_sys_admin = 0;
2078
2079 rc = selinux_capable(current_cred(), &init_user_ns, CAP_SYS_ADMIN,
2080 SECURITY_CAP_NOAUDIT);
2081 if (rc == 0)
2082 cap_sys_admin = 1;
2083
2084 return __vm_enough_memory(mm, pages, cap_sys_admin);
2085}
2086
2087
2088
2089static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2090{
2091 const struct task_security_struct *old_tsec;
2092 struct task_security_struct *new_tsec;
2093 struct inode_security_struct *isec;
2094 struct common_audit_data ad;
2095 struct inode *inode = file_inode(bprm->file);
2096 int rc;
2097
2098 rc = cap_bprm_set_creds(bprm);
2099 if (rc)
2100 return rc;
2101
2102
2103
2104 if (bprm->cred_prepared)
2105 return 0;
2106
2107 old_tsec = current_security();
2108 new_tsec = bprm->cred->security;
2109 isec = inode->i_security;
2110
2111
2112 new_tsec->sid = old_tsec->sid;
2113 new_tsec->osid = old_tsec->sid;
2114
2115
2116 new_tsec->create_sid = 0;
2117 new_tsec->keycreate_sid = 0;
2118 new_tsec->sockcreate_sid = 0;
2119
2120 if (old_tsec->exec_sid) {
2121 new_tsec->sid = old_tsec->exec_sid;
2122
2123 new_tsec->exec_sid = 0;
2124
2125
2126
2127
2128
2129 if (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS)
2130 return -EPERM;
2131 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
2132 return -EACCES;
2133 } else {
2134
2135 rc = security_transition_sid(old_tsec->sid, isec->sid,
2136 SECCLASS_PROCESS, NULL,
2137 &new_tsec->sid);
2138 if (rc)
2139 return rc;
2140 }
2141
2142 ad.type = LSM_AUDIT_DATA_PATH;
2143 ad.u.path = bprm->file->f_path;
2144
2145 if ((bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) ||
2146 (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS))
2147 new_tsec->sid = old_tsec->sid;
2148
2149 if (new_tsec->sid == old_tsec->sid) {
2150 rc = avc_has_perm(old_tsec->sid, isec->sid,
2151 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2152 if (rc)
2153 return rc;
2154 } else {
2155
2156 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2157 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2158 if (rc)
2159 return rc;
2160
2161 rc = avc_has_perm(new_tsec->sid, isec->sid,
2162 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2163 if (rc)
2164 return rc;
2165
2166
2167 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2168 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2169 SECCLASS_PROCESS, PROCESS__SHARE,
2170 NULL);
2171 if (rc)
2172 return -EPERM;
2173 }
2174
2175
2176
2177 if (bprm->unsafe &
2178 (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
2179 struct task_struct *tracer;
2180 struct task_security_struct *sec;
2181 u32 ptsid = 0;
2182
2183 rcu_read_lock();
2184 tracer = ptrace_parent(current);
2185 if (likely(tracer != NULL)) {
2186 sec = __task_cred(tracer)->security;
2187 ptsid = sec->sid;
2188 }
2189 rcu_read_unlock();
2190
2191 if (ptsid != 0) {
2192 rc = avc_has_perm(ptsid, new_tsec->sid,
2193 SECCLASS_PROCESS,
2194 PROCESS__PTRACE, NULL);
2195 if (rc)
2196 return -EPERM;
2197 }
2198 }
2199
2200
2201 bprm->per_clear |= PER_CLEAR_ON_SETID;
2202 }
2203
2204 return 0;
2205}
2206
2207static int selinux_bprm_secureexec(struct linux_binprm *bprm)
2208{
2209 const struct task_security_struct *tsec = current_security();
2210 u32 sid, osid;
2211 int atsecure = 0;
2212
2213 sid = tsec->sid;
2214 osid = tsec->osid;
2215
2216 if (osid != sid) {
2217
2218
2219
2220 atsecure = avc_has_perm(osid, sid,
2221 SECCLASS_PROCESS,
2222 PROCESS__NOATSECURE, NULL);
2223 }
2224
2225 return (atsecure || cap_bprm_secureexec(bprm));
2226}
2227
2228static int match_file(const void *p, struct file *file, unsigned fd)
2229{
2230 return file_has_perm(p, file, file_to_av(file)) ? fd + 1 : 0;
2231}
2232
2233
2234static inline void flush_unauthorized_files(const struct cred *cred,
2235 struct files_struct *files)
2236{
2237 struct file *file, *devnull = NULL;
2238 struct tty_struct *tty;
2239 int drop_tty = 0;
2240 unsigned n;
2241
2242 tty = get_current_tty();
2243 if (tty) {
2244 spin_lock(&tty_files_lock);
2245 if (!list_empty(&tty->tty_files)) {
2246 struct tty_file_private *file_priv;
2247
2248
2249
2250
2251
2252
2253 file_priv = list_first_entry(&tty->tty_files,
2254 struct tty_file_private, list);
2255 file = file_priv->file;
2256 if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))
2257 drop_tty = 1;
2258 }
2259 spin_unlock(&tty_files_lock);
2260 tty_kref_put(tty);
2261 }
2262
2263 if (drop_tty)
2264 no_tty();
2265
2266
2267 n = iterate_fd(files, 0, match_file, cred);
2268 if (!n)
2269 return;
2270
2271 devnull = dentry_open(&selinux_null, O_RDWR, cred);
2272 if (IS_ERR(devnull))
2273 devnull = NULL;
2274
2275 do {
2276 replace_fd(n - 1, devnull, 0);
2277 } while ((n = iterate_fd(files, n, match_file, cred)) != 0);
2278 if (devnull)
2279 fput(devnull);
2280}
2281
2282
2283
2284
2285static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2286{
2287 struct task_security_struct *new_tsec;
2288 struct rlimit *rlim, *initrlim;
2289 int rc, i;
2290
2291 new_tsec = bprm->cred->security;
2292 if (new_tsec->sid == new_tsec->osid)
2293 return;
2294
2295
2296 flush_unauthorized_files(bprm->cred, current->files);
2297
2298
2299 current->pdeath_signal = 0;
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2312 PROCESS__RLIMITINH, NULL);
2313 if (rc) {
2314
2315 task_lock(current);
2316 for (i = 0; i < RLIM_NLIMITS; i++) {
2317 rlim = current->signal->rlim + i;
2318 initrlim = init_task.signal->rlim + i;
2319 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2320 }
2321 task_unlock(current);
2322 update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
2323 }
2324}
2325
2326
2327
2328
2329
2330static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2331{
2332 const struct task_security_struct *tsec = current_security();
2333 struct itimerval itimer;
2334 u32 osid, sid;
2335 int rc, i;
2336
2337 osid = tsec->osid;
2338 sid = tsec->sid;
2339
2340 if (sid == osid)
2341 return;
2342
2343
2344
2345
2346
2347
2348
2349
2350 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2351 if (rc) {
2352 memset(&itimer, 0, sizeof itimer);
2353 for (i = 0; i < 3; i++)
2354 do_setitimer(i, &itimer, NULL);
2355 spin_lock_irq(¤t->sighand->siglock);
2356 if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) {
2357 __flush_signals(current);
2358 flush_signal_handlers(current, 1);
2359 sigemptyset(¤t->blocked);
2360 }
2361 spin_unlock_irq(¤t->sighand->siglock);
2362 }
2363
2364
2365
2366 read_lock(&tasklist_lock);
2367 __wake_up_parent(current, current->real_parent);
2368 read_unlock(&tasklist_lock);
2369}
2370
2371
2372
2373static int selinux_sb_alloc_security(struct super_block *sb)
2374{
2375 return superblock_alloc_security(sb);
2376}
2377
2378static void selinux_sb_free_security(struct super_block *sb)
2379{
2380 superblock_free_security(sb);
2381}
2382
2383static inline int match_prefix(char *prefix, int plen, char *option, int olen)
2384{
2385 if (plen > olen)
2386 return 0;
2387
2388 return !memcmp(prefix, option, plen);
2389}
2390
2391static inline int selinux_option(char *option, int len)
2392{
2393 return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) ||
2394 match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) ||
2395 match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) ||
2396 match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) ||
2397 match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len));
2398}
2399
2400static inline void take_option(char **to, char *from, int *first, int len)
2401{
2402 if (!*first) {
2403 **to = ',';
2404 *to += 1;
2405 } else
2406 *first = 0;
2407 memcpy(*to, from, len);
2408 *to += len;
2409}
2410
2411static inline void take_selinux_option(char **to, char *from, int *first,
2412 int len)
2413{
2414 int current_size = 0;
2415
2416 if (!*first) {
2417 **to = '|';
2418 *to += 1;
2419 } else
2420 *first = 0;
2421
2422 while (current_size < len) {
2423 if (*from != '"') {
2424 **to = *from;
2425 *to += 1;
2426 }
2427 from += 1;
2428 current_size += 1;
2429 }
2430}
2431
2432static int selinux_sb_copy_data(char *orig, char *copy)
2433{
2434 int fnosec, fsec, rc = 0;
2435 char *in_save, *in_curr, *in_end;
2436 char *sec_curr, *nosec_save, *nosec;
2437 int open_quote = 0;
2438
2439 in_curr = orig;
2440 sec_curr = copy;
2441
2442 nosec = (char *)get_zeroed_page(GFP_KERNEL);
2443 if (!nosec) {
2444 rc = -ENOMEM;
2445 goto out;
2446 }
2447
2448 nosec_save = nosec;
2449 fnosec = fsec = 1;
2450 in_save = in_end = orig;
2451
2452 do {
2453 if (*in_end == '"')
2454 open_quote = !open_quote;
2455 if ((*in_end == ',' && open_quote == 0) ||
2456 *in_end == '\0') {
2457 int len = in_end - in_curr;
2458
2459 if (selinux_option(in_curr, len))
2460 take_selinux_option(&sec_curr, in_curr, &fsec, len);
2461 else
2462 take_option(&nosec, in_curr, &fnosec, len);
2463
2464 in_curr = in_end + 1;
2465 }
2466 } while (*in_end++);
2467
2468 strcpy(in_save, nosec_save);
2469 free_page((unsigned long)nosec_save);
2470out:
2471 return rc;
2472}
2473
2474static int selinux_sb_remount(struct super_block *sb, void *data)
2475{
2476 int rc, i, *flags;
2477 struct security_mnt_opts opts;
2478 char *secdata, **mount_options;
2479 struct superblock_security_struct *sbsec = sb->s_security;
2480
2481 if (!(sbsec->flags & SE_SBINITIALIZED))
2482 return 0;
2483
2484 if (!data)
2485 return 0;
2486
2487 if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
2488 return 0;
2489
2490 security_init_mnt_opts(&opts);
2491 secdata = alloc_secdata();
2492 if (!secdata)
2493 return -ENOMEM;
2494 rc = selinux_sb_copy_data(data, secdata);
2495 if (rc)
2496 goto out_free_secdata;
2497
2498 rc = selinux_parse_opts_str(secdata, &opts);
2499 if (rc)
2500 goto out_free_secdata;
2501
2502 mount_options = opts.mnt_opts;
2503 flags = opts.mnt_opts_flags;
2504
2505 for (i = 0; i < opts.num_mnt_opts; i++) {
2506 u32 sid;
2507 size_t len;
2508
2509 if (flags[i] == SBLABEL_MNT)
2510 continue;
2511 len = strlen(mount_options[i]);
2512 rc = security_context_to_sid(mount_options[i], len, &sid,
2513 GFP_KERNEL);
2514 if (rc) {
2515 printk(KERN_WARNING "SELinux: security_context_to_sid"
2516 "(%s) failed for (dev %s, type %s) errno=%d\n",
2517 mount_options[i], sb->s_id, sb->s_type->name, rc);
2518 goto out_free_opts;
2519 }
2520 rc = -EINVAL;
2521 switch (flags[i]) {
2522 case FSCONTEXT_MNT:
2523 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
2524 goto out_bad_option;
2525 break;
2526 case CONTEXT_MNT:
2527 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
2528 goto out_bad_option;
2529 break;
2530 case ROOTCONTEXT_MNT: {
2531 struct inode_security_struct *root_isec;
2532 root_isec = sb->s_root->d_inode->i_security;
2533
2534 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
2535 goto out_bad_option;
2536 break;
2537 }
2538 case DEFCONTEXT_MNT:
2539 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
2540 goto out_bad_option;
2541 break;
2542 default:
2543 goto out_free_opts;
2544 }
2545 }
2546
2547 rc = 0;
2548out_free_opts:
2549 security_free_mnt_opts(&opts);
2550out_free_secdata:
2551 free_secdata(secdata);
2552 return rc;
2553out_bad_option:
2554 printk(KERN_WARNING "SELinux: unable to change security options "
2555 "during remount (dev %s, type=%s)\n", sb->s_id,
2556 sb->s_type->name);
2557 goto out_free_opts;
2558}
2559
2560static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2561{
2562 const struct cred *cred = current_cred();
2563 struct common_audit_data ad;
2564 int rc;
2565
2566 rc = superblock_doinit(sb, data);
2567 if (rc)
2568 return rc;
2569
2570
2571 if (flags & MS_KERNMOUNT)
2572 return 0;
2573
2574 ad.type = LSM_AUDIT_DATA_DENTRY;
2575 ad.u.dentry = sb->s_root;
2576 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2577}
2578
2579static int selinux_sb_statfs(struct dentry *dentry)
2580{
2581 const struct cred *cred = current_cred();
2582 struct common_audit_data ad;
2583
2584 ad.type = LSM_AUDIT_DATA_DENTRY;
2585 ad.u.dentry = dentry->d_sb->s_root;
2586 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2587}
2588
2589static int selinux_mount(const char *dev_name,
2590 struct path *path,
2591 const char *type,
2592 unsigned long flags,
2593 void *data)
2594{
2595 const struct cred *cred = current_cred();
2596
2597 if (flags & MS_REMOUNT)
2598 return superblock_has_perm(cred, path->dentry->d_sb,
2599 FILESYSTEM__REMOUNT, NULL);
2600 else
2601 return path_has_perm(cred, path, FILE__MOUNTON);
2602}
2603
2604static int selinux_umount(struct vfsmount *mnt, int flags)
2605{
2606 const struct cred *cred = current_cred();
2607
2608 return superblock_has_perm(cred, mnt->mnt_sb,
2609 FILESYSTEM__UNMOUNT, NULL);
2610}
2611
2612
2613
2614static int selinux_inode_alloc_security(struct inode *inode)
2615{
2616 return inode_alloc_security(inode);
2617}
2618
2619static void selinux_inode_free_security(struct inode *inode)
2620{
2621 inode_free_security(inode);
2622}
2623
2624static int selinux_dentry_init_security(struct dentry *dentry, int mode,
2625 struct qstr *name, void **ctx,
2626 u32 *ctxlen)
2627{
2628 const struct cred *cred = current_cred();
2629 struct task_security_struct *tsec;
2630 struct inode_security_struct *dsec;
2631 struct superblock_security_struct *sbsec;
2632 struct inode *dir = dentry->d_parent->d_inode;
2633 u32 newsid;
2634 int rc;
2635
2636 tsec = cred->security;
2637 dsec = dir->i_security;
2638 sbsec = dir->i_sb->s_security;
2639
2640 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
2641 newsid = tsec->create_sid;
2642 } else {
2643 rc = security_transition_sid(tsec->sid, dsec->sid,
2644 inode_mode_to_security_class(mode),
2645 name,
2646 &newsid);
2647 if (rc) {
2648 printk(KERN_WARNING
2649 "%s: security_transition_sid failed, rc=%d\n",
2650 __func__, -rc);
2651 return rc;
2652 }
2653 }
2654
2655 return security_sid_to_context(newsid, (char **)ctx, ctxlen);
2656}
2657
2658static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2659 const struct qstr *qstr,
2660 const char **name,
2661 void **value, size_t *len)
2662{
2663 const struct task_security_struct *tsec = current_security();
2664 struct inode_security_struct *dsec;
2665 struct superblock_security_struct *sbsec;
2666 u32 sid, newsid, clen;
2667 int rc;
2668 char *context;
2669
2670 dsec = dir->i_security;
2671 sbsec = dir->i_sb->s_security;
2672
2673 sid = tsec->sid;
2674 newsid = tsec->create_sid;
2675
2676 if ((sbsec->flags & SE_SBINITIALIZED) &&
2677 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT))
2678 newsid = sbsec->mntpoint_sid;
2679 else if (!newsid || !(sbsec->flags & SBLABEL_MNT)) {
2680 rc = security_transition_sid(sid, dsec->sid,
2681 inode_mode_to_security_class(inode->i_mode),
2682 qstr, &newsid);
2683 if (rc) {
2684 printk(KERN_WARNING "%s: "
2685 "security_transition_sid failed, rc=%d (dev=%s "
2686 "ino=%ld)\n",
2687 __func__,
2688 -rc, inode->i_sb->s_id, inode->i_ino);
2689 return rc;
2690 }
2691 }
2692
2693
2694 if (sbsec->flags & SE_SBINITIALIZED) {
2695 struct inode_security_struct *isec = inode->i_security;
2696 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2697 isec->sid = newsid;
2698 isec->initialized = 1;
2699 }
2700
2701 if (!ss_initialized || !(sbsec->flags & SBLABEL_MNT))
2702 return -EOPNOTSUPP;
2703
2704 if (name)
2705 *name = XATTR_SELINUX_SUFFIX;
2706
2707 if (value && len) {
2708 rc = security_sid_to_context_force(newsid, &context, &clen);
2709 if (rc)
2710 return rc;
2711 *value = context;
2712 *len = clen;
2713 }
2714
2715 return 0;
2716}
2717
2718static int selinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
2719{
2720 return may_create(dir, dentry, SECCLASS_FILE);
2721}
2722
2723static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2724{
2725 return may_link(dir, old_dentry, MAY_LINK);
2726}
2727
2728static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2729{
2730 return may_link(dir, dentry, MAY_UNLINK);
2731}
2732
2733static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2734{
2735 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2736}
2737
2738static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask)
2739{
2740 return may_create(dir, dentry, SECCLASS_DIR);
2741}
2742
2743static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2744{
2745 return may_link(dir, dentry, MAY_RMDIR);
2746}
2747
2748static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
2749{
2750 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2751}
2752
2753static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2754 struct inode *new_inode, struct dentry *new_dentry)
2755{
2756 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2757}
2758
2759static int selinux_inode_readlink(struct dentry *dentry)
2760{
2761 const struct cred *cred = current_cred();
2762
2763 return dentry_has_perm(cred, dentry, FILE__READ);
2764}
2765
2766static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
2767{
2768 const struct cred *cred = current_cred();
2769
2770 return dentry_has_perm(cred, dentry, FILE__READ);
2771}
2772
2773static noinline int audit_inode_permission(struct inode *inode,
2774 u32 perms, u32 audited, u32 denied,
2775 int result,
2776 unsigned flags)
2777{
2778 struct common_audit_data ad;
2779 struct inode_security_struct *isec = inode->i_security;
2780 int rc;
2781
2782 ad.type = LSM_AUDIT_DATA_INODE;
2783 ad.u.inode = inode;
2784
2785 rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms,
2786 audited, denied, result, &ad, flags);
2787 if (rc)
2788 return rc;
2789 return 0;
2790}
2791
2792static int selinux_inode_permission(struct inode *inode, int mask)
2793{
2794 const struct cred *cred = current_cred();
2795 u32 perms;
2796 bool from_access;
2797 unsigned flags = mask & MAY_NOT_BLOCK;
2798 struct inode_security_struct *isec;
2799 u32 sid;
2800 struct av_decision avd;
2801 int rc, rc2;
2802 u32 audited, denied;
2803
2804 from_access = mask & MAY_ACCESS;
2805 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
2806
2807
2808 if (!mask)
2809 return 0;
2810
2811 validate_creds(cred);
2812
2813 if (unlikely(IS_PRIVATE(inode)))
2814 return 0;
2815
2816 perms = file_mask_to_av(inode->i_mode, mask);
2817
2818 sid = cred_sid(cred);
2819 isec = inode->i_security;
2820
2821 rc = avc_has_perm_noaudit(sid, isec->sid, isec->sclass, perms, 0, &avd);
2822 audited = avc_audit_required(perms, &avd, rc,
2823 from_access ? FILE__AUDIT_ACCESS : 0,
2824 &denied);
2825 if (likely(!audited))
2826 return rc;
2827
2828 rc2 = audit_inode_permission(inode, perms, audited, denied, rc, flags);
2829 if (rc2)
2830 return rc2;
2831 return rc;
2832}
2833
2834static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2835{
2836 const struct cred *cred = current_cred();
2837 unsigned int ia_valid = iattr->ia_valid;
2838 __u32 av = FILE__WRITE;
2839
2840
2841 if (ia_valid & ATTR_FORCE) {
2842 ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE |
2843 ATTR_FORCE);
2844 if (!ia_valid)
2845 return 0;
2846 }
2847
2848 if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
2849 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
2850 return dentry_has_perm(cred, dentry, FILE__SETATTR);
2851
2852 if (selinux_policycap_openperm && (ia_valid & ATTR_SIZE))
2853 av |= FILE__OPEN;
2854
2855 return dentry_has_perm(cred, dentry, av);
2856}
2857
2858static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
2859{
2860 const struct cred *cred = current_cred();
2861 struct path path;
2862
2863 path.dentry = dentry;
2864 path.mnt = mnt;
2865
2866 return path_has_perm(cred, &path, FILE__GETATTR);
2867}
2868
2869static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
2870{
2871 const struct cred *cred = current_cred();
2872
2873 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2874 sizeof XATTR_SECURITY_PREFIX - 1)) {
2875 if (!strcmp(name, XATTR_NAME_CAPS)) {
2876 if (!capable(CAP_SETFCAP))
2877 return -EPERM;
2878 } else if (!capable(CAP_SYS_ADMIN)) {
2879
2880
2881 return -EPERM;
2882 }
2883 }
2884
2885
2886
2887 return dentry_has_perm(cred, dentry, FILE__SETATTR);
2888}
2889
2890static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2891 const void *value, size_t size, int flags)
2892{
2893 struct inode *inode = dentry->d_inode;
2894 struct inode_security_struct *isec = inode->i_security;
2895 struct superblock_security_struct *sbsec;
2896 struct common_audit_data ad;
2897 u32 newsid, sid = current_sid();
2898 int rc = 0;
2899
2900 if (strcmp(name, XATTR_NAME_SELINUX))
2901 return selinux_inode_setotherxattr(dentry, name);
2902
2903 sbsec = inode->i_sb->s_security;
2904 if (!(sbsec->flags & SBLABEL_MNT))
2905 return -EOPNOTSUPP;
2906
2907 if (!inode_owner_or_capable(inode))
2908 return -EPERM;
2909
2910 ad.type = LSM_AUDIT_DATA_DENTRY;
2911 ad.u.dentry = dentry;
2912
2913 rc = avc_has_perm(sid, isec->sid, isec->sclass,
2914 FILE__RELABELFROM, &ad);
2915 if (rc)
2916 return rc;
2917
2918 rc = security_context_to_sid(value, size, &newsid, GFP_KERNEL);
2919 if (rc == -EINVAL) {
2920 if (!capable(CAP_MAC_ADMIN)) {
2921 struct audit_buffer *ab;
2922 size_t audit_size;
2923 const char *str;
2924
2925
2926
2927 if (value) {
2928 str = value;
2929 if (str[size - 1] == '\0')
2930 audit_size = size - 1;
2931 else
2932 audit_size = size;
2933 } else {
2934 str = "";
2935 audit_size = 0;
2936 }
2937 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
2938 audit_log_format(ab, "op=setxattr invalid_context=");
2939 audit_log_n_untrustedstring(ab, value, audit_size);
2940 audit_log_end(ab);
2941
2942 return rc;
2943 }
2944 rc = security_context_to_sid_force(value, size, &newsid);
2945 }
2946 if (rc)
2947 return rc;
2948
2949 rc = avc_has_perm(sid, newsid, isec->sclass,
2950 FILE__RELABELTO, &ad);
2951 if (rc)
2952 return rc;
2953
2954 rc = security_validate_transition(isec->sid, newsid, sid,
2955 isec->sclass);
2956 if (rc)
2957 return rc;
2958
2959 return avc_has_perm(newsid,
2960 sbsec->sid,
2961 SECCLASS_FILESYSTEM,
2962 FILESYSTEM__ASSOCIATE,
2963 &ad);
2964}
2965
2966static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
2967 const void *value, size_t size,
2968 int flags)
2969{
2970 struct inode *inode = dentry->d_inode;
2971 struct inode_security_struct *isec = inode->i_security;
2972 u32 newsid;
2973 int rc;
2974
2975 if (strcmp(name, XATTR_NAME_SELINUX)) {
2976
2977 return;
2978 }
2979
2980 rc = security_context_to_sid_force(value, size, &newsid);
2981 if (rc) {
2982 printk(KERN_ERR "SELinux: unable to map context to SID"
2983 "for (%s, %lu), rc=%d\n",
2984 inode->i_sb->s_id, inode->i_ino, -rc);
2985 return;
2986 }
2987
2988 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2989 isec->sid = newsid;
2990 isec->initialized = 1;
2991
2992 return;
2993}
2994
2995static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
2996{
2997 const struct cred *cred = current_cred();
2998
2999 return dentry_has_perm(cred, dentry, FILE__GETATTR);
3000}
3001
3002static int selinux_inode_listxattr(struct dentry *dentry)
3003{
3004 const struct cred *cred = current_cred();
3005
3006 return dentry_has_perm(cred, dentry, FILE__GETATTR);
3007}
3008
3009static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
3010{
3011 if (strcmp(name, XATTR_NAME_SELINUX))
3012 return selinux_inode_setotherxattr(dentry, name);
3013
3014
3015
3016 return -EACCES;
3017}
3018
3019
3020
3021
3022
3023
3024static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
3025{
3026 u32 size;
3027 int error;
3028 char *context = NULL;
3029 struct inode_security_struct *isec = inode->i_security;
3030
3031 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3032 return -EOPNOTSUPP;
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043 error = selinux_capable(current_cred(), &init_user_ns, CAP_MAC_ADMIN,
3044 SECURITY_CAP_NOAUDIT);
3045 if (!error)
3046 error = security_sid_to_context_force(isec->sid, &context,
3047 &size);
3048 else
3049 error = security_sid_to_context(isec->sid, &context, &size);
3050 if (error)
3051 return error;
3052 error = size;
3053 if (alloc) {
3054 *buffer = context;
3055 goto out_nofree;
3056 }
3057 kfree(context);
3058out_nofree:
3059 return error;
3060}
3061
3062static int selinux_inode_setsecurity(struct inode *inode, const char *name,
3063 const void *value, size_t size, int flags)
3064{
3065 struct inode_security_struct *isec = inode->i_security;
3066 u32 newsid;
3067 int rc;
3068
3069 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3070 return -EOPNOTSUPP;
3071
3072 if (!value || !size)
3073 return -EACCES;
3074
3075 rc = security_context_to_sid((void *)value, size, &newsid, GFP_KERNEL);
3076 if (rc)
3077 return rc;
3078
3079 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3080 isec->sid = newsid;
3081 isec->initialized = 1;
3082 return 0;
3083}
3084
3085static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
3086{
3087 const int len = sizeof(XATTR_NAME_SELINUX);
3088 if (buffer && len <= buffer_size)
3089 memcpy(buffer, XATTR_NAME_SELINUX, len);
3090 return len;
3091}
3092
3093static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
3094{
3095 struct inode_security_struct *isec = inode->i_security;
3096 *secid = isec->sid;
3097}
3098
3099
3100
3101static int selinux_revalidate_file_permission(struct file *file, int mask)
3102{
3103 const struct cred *cred = current_cred();
3104 struct inode *inode = file_inode(file);
3105
3106
3107 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
3108 mask |= MAY_APPEND;
3109
3110 return file_has_perm(cred, file,
3111 file_mask_to_av(inode->i_mode, mask));
3112}
3113
3114static int selinux_file_permission(struct file *file, int mask)
3115{
3116 struct inode *inode = file_inode(file);
3117 struct file_security_struct *fsec = file->f_security;
3118 struct inode_security_struct *isec = inode->i_security;
3119 u32 sid = current_sid();
3120
3121 if (!mask)
3122
3123 return 0;
3124
3125 if (sid == fsec->sid && fsec->isid == isec->sid &&
3126 fsec->pseqno == avc_policy_seqno())
3127
3128 return 0;
3129
3130 return selinux_revalidate_file_permission(file, mask);
3131}
3132
3133static int selinux_file_alloc_security(struct file *file)
3134{
3135 return file_alloc_security(file);
3136}
3137
3138static void selinux_file_free_security(struct file *file)
3139{
3140 file_free_security(file);
3141}
3142
3143static int selinux_file_ioctl(struct file *file, unsigned int cmd,
3144 unsigned long arg)
3145{
3146 const struct cred *cred = current_cred();
3147 int error = 0;
3148
3149 switch (cmd) {
3150 case FIONREAD:
3151
3152 case FIBMAP:
3153
3154 case FIGETBSZ:
3155
3156 case FS_IOC_GETFLAGS:
3157
3158 case FS_IOC_GETVERSION:
3159 error = file_has_perm(cred, file, FILE__GETATTR);
3160 break;
3161
3162 case FS_IOC_SETFLAGS:
3163
3164 case FS_IOC_SETVERSION:
3165 error = file_has_perm(cred, file, FILE__SETATTR);
3166 break;
3167
3168
3169 case FIONBIO:
3170
3171 case FIOASYNC:
3172 error = file_has_perm(cred, file, 0);
3173 break;
3174
3175 case KDSKBENT:
3176 case KDSKBSENT:
3177 error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG,
3178 SECURITY_CAP_AUDIT);
3179 break;
3180
3181
3182
3183
3184 default:
3185 error = file_has_perm(cred, file, FILE__IOCTL);
3186 }
3187 return error;
3188}
3189
3190static int default_noexec;
3191
3192static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
3193{
3194 const struct cred *cred = current_cred();
3195 int rc = 0;
3196
3197 if (default_noexec &&
3198 (prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
3199
3200
3201
3202
3203
3204 rc = cred_has_perm(cred, cred, PROCESS__EXECMEM);
3205 if (rc)
3206 goto error;
3207 }
3208
3209 if (file) {
3210
3211 u32 av = FILE__READ;
3212
3213
3214 if (shared && (prot & PROT_WRITE))
3215 av |= FILE__WRITE;
3216
3217 if (prot & PROT_EXEC)
3218 av |= FILE__EXECUTE;
3219
3220 return file_has_perm(cred, file, av);
3221 }
3222
3223error:
3224 return rc;
3225}
3226
3227static int selinux_mmap_addr(unsigned long addr)
3228{
3229 int rc;
3230
3231
3232 rc = cap_mmap_addr(addr);
3233 if (rc)
3234 return rc;
3235
3236 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
3237 u32 sid = current_sid();
3238 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
3239 MEMPROTECT__MMAP_ZERO, NULL);
3240 }
3241
3242 return rc;
3243}
3244
3245static int selinux_mmap_file(struct file *file, unsigned long reqprot,
3246 unsigned long prot, unsigned long flags)
3247{
3248 if (selinux_checkreqprot)
3249 prot = reqprot;
3250
3251 return file_map_prot_check(file, prot,
3252 (flags & MAP_TYPE) == MAP_SHARED);
3253}
3254
3255static int selinux_file_mprotect(struct vm_area_struct *vma,
3256 unsigned long reqprot,
3257 unsigned long prot)
3258{
3259 const struct cred *cred = current_cred();
3260
3261 if (selinux_checkreqprot)
3262 prot = reqprot;
3263
3264 if (default_noexec &&
3265 (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3266 int rc = 0;
3267 if (vma->vm_start >= vma->vm_mm->start_brk &&
3268 vma->vm_end <= vma->vm_mm->brk) {
3269 rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP);
3270 } else if (!vma->vm_file &&
3271 vma->vm_start <= vma->vm_mm->start_stack &&
3272 vma->vm_end >= vma->vm_mm->start_stack) {
3273 rc = current_has_perm(current, PROCESS__EXECSTACK);
3274 } else if (vma->vm_file && vma->anon_vma) {
3275
3276
3277
3278
3279
3280
3281
3282 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3283 }
3284 if (rc)
3285 return rc;
3286 }
3287
3288 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3289}
3290
3291static int selinux_file_lock(struct file *file, unsigned int cmd)
3292{
3293 const struct cred *cred = current_cred();
3294
3295 return file_has_perm(cred, file, FILE__LOCK);
3296}
3297
3298static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3299 unsigned long arg)
3300{
3301 const struct cred *cred = current_cred();
3302 int err = 0;
3303
3304 switch (cmd) {
3305 case F_SETFL:
3306 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3307 err = file_has_perm(cred, file, FILE__WRITE);
3308 break;
3309 }
3310
3311 case F_SETOWN:
3312 case F_SETSIG:
3313 case F_GETFL:
3314 case F_GETOWN:
3315 case F_GETSIG:
3316 case F_GETOWNER_UIDS:
3317
3318 err = file_has_perm(cred, file, 0);
3319 break;
3320 case F_GETLK:
3321 case F_SETLK:
3322 case F_SETLKW:
3323 case F_OFD_GETLK:
3324 case F_OFD_SETLK:
3325 case F_OFD_SETLKW:
3326#if BITS_PER_LONG == 32
3327 case F_GETLK64:
3328 case F_SETLK64:
3329 case F_SETLKW64:
3330#endif
3331 err = file_has_perm(cred, file, FILE__LOCK);
3332 break;
3333 }
3334
3335 return err;
3336}
3337
3338static int selinux_file_set_fowner(struct file *file)
3339{
3340 struct file_security_struct *fsec;
3341
3342 fsec = file->f_security;
3343 fsec->fown_sid = current_sid();
3344
3345 return 0;
3346}
3347
3348static int selinux_file_send_sigiotask(struct task_struct *tsk,
3349 struct fown_struct *fown, int signum)
3350{
3351 struct file *file;
3352 u32 sid = task_sid(tsk);
3353 u32 perm;
3354 struct file_security_struct *fsec;
3355
3356
3357 file = container_of(fown, struct file, f_owner);
3358
3359 fsec = file->f_security;
3360
3361 if (!signum)
3362 perm = signal_to_av(SIGIO);
3363 else
3364 perm = signal_to_av(signum);
3365
3366 return avc_has_perm(fsec->fown_sid, sid,
3367 SECCLASS_PROCESS, perm, NULL);
3368}
3369
3370static int selinux_file_receive(struct file *file)
3371{
3372 const struct cred *cred = current_cred();
3373
3374 return file_has_perm(cred, file, file_to_av(file));
3375}
3376
3377static int selinux_file_open(struct file *file, const struct cred *cred)
3378{
3379 struct file_security_struct *fsec;
3380 struct inode_security_struct *isec;
3381
3382 fsec = file->f_security;
3383 isec = file_inode(file)->i_security;
3384
3385
3386
3387
3388
3389
3390
3391 fsec->isid = isec->sid;
3392 fsec->pseqno = avc_policy_seqno();
3393
3394
3395
3396
3397
3398
3399
3400
3401 return file_path_has_perm(cred, file, open_file_to_av(file));
3402}
3403
3404
3405
3406static int selinux_task_create(unsigned long clone_flags)
3407{
3408 return current_has_perm(current, PROCESS__FORK);
3409}
3410
3411
3412
3413
3414static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp)
3415{
3416 struct task_security_struct *tsec;
3417
3418 tsec = kzalloc(sizeof(struct task_security_struct), gfp);
3419 if (!tsec)
3420 return -ENOMEM;
3421
3422 cred->security = tsec;
3423 return 0;
3424}
3425
3426
3427
3428
3429static void selinux_cred_free(struct cred *cred)
3430{
3431 struct task_security_struct *tsec = cred->security;
3432
3433
3434
3435
3436
3437 BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE);
3438 cred->security = (void *) 0x7UL;
3439 kfree(tsec);
3440}
3441
3442
3443
3444
3445static int selinux_cred_prepare(struct cred *new, const struct cred *old,
3446 gfp_t gfp)
3447{
3448 const struct task_security_struct *old_tsec;
3449 struct task_security_struct *tsec;
3450
3451 old_tsec = old->security;
3452
3453 tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp);
3454 if (!tsec)
3455 return -ENOMEM;
3456
3457 new->security = tsec;
3458 return 0;
3459}
3460
3461
3462
3463
3464static void selinux_cred_transfer(struct cred *new, const struct cred *old)
3465{
3466 const struct task_security_struct *old_tsec = old->security;
3467 struct task_security_struct *tsec = new->security;
3468
3469 *tsec = *old_tsec;
3470}
3471
3472
3473
3474
3475
3476static int selinux_kernel_act_as(struct cred *new, u32 secid)
3477{
3478 struct task_security_struct *tsec = new->security;
3479 u32 sid = current_sid();
3480 int ret;
3481
3482 ret = avc_has_perm(sid, secid,
3483 SECCLASS_KERNEL_SERVICE,
3484 KERNEL_SERVICE__USE_AS_OVERRIDE,
3485 NULL);
3486 if (ret == 0) {
3487 tsec->sid = secid;
3488 tsec->create_sid = 0;
3489 tsec->keycreate_sid = 0;
3490 tsec->sockcreate_sid = 0;
3491 }
3492 return ret;
3493}
3494
3495
3496
3497
3498
3499static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3500{
3501 struct inode_security_struct *isec = inode->i_security;
3502 struct task_security_struct *tsec = new->security;
3503 u32 sid = current_sid();
3504 int ret;
3505
3506 ret = avc_has_perm(sid, isec->sid,
3507 SECCLASS_KERNEL_SERVICE,
3508 KERNEL_SERVICE__CREATE_FILES_AS,
3509 NULL);
3510
3511 if (ret == 0)
3512 tsec->create_sid = isec->sid;
3513 return ret;
3514}
3515
3516static int selinux_kernel_module_request(char *kmod_name)
3517{
3518 u32 sid;
3519 struct common_audit_data ad;
3520
3521 sid = task_sid(current);
3522
3523 ad.type = LSM_AUDIT_DATA_KMOD;
3524 ad.u.kmod_name = kmod_name;
3525
3526 return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM,
3527 SYSTEM__MODULE_REQUEST, &ad);
3528}
3529
3530static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
3531{
3532 return current_has_perm(p, PROCESS__SETPGID);
3533}
3534
3535static int selinux_task_getpgid(struct task_struct *p)
3536{
3537 return current_has_perm(p, PROCESS__GETPGID);
3538}
3539
3540static int selinux_task_getsid(struct task_struct *p)
3541{
3542 return current_has_perm(p, PROCESS__GETSESSION);
3543}
3544
3545static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
3546{
3547 *secid = task_sid(p);
3548}
3549
3550static int selinux_task_setnice(struct task_struct *p, int nice)
3551{
3552 int rc;
3553
3554 rc = cap_task_setnice(p, nice);
3555 if (rc)
3556 return rc;
3557
3558 return current_has_perm(p, PROCESS__SETSCHED);
3559}
3560
3561static int selinux_task_setioprio(struct task_struct *p, int ioprio)
3562{
3563 int rc;
3564
3565 rc = cap_task_setioprio(p, ioprio);
3566 if (rc)
3567 return rc;
3568
3569 return current_has_perm(p, PROCESS__SETSCHED);
3570}
3571
3572static int selinux_task_getioprio(struct task_struct *p)
3573{
3574 return current_has_perm(p, PROCESS__GETSCHED);
3575}
3576
3577static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
3578 struct rlimit *new_rlim)
3579{
3580 struct rlimit *old_rlim = p->signal->rlim + resource;
3581
3582
3583
3584
3585
3586 if (old_rlim->rlim_max != new_rlim->rlim_max)
3587 return current_has_perm(p, PROCESS__SETRLIMIT);
3588
3589 return 0;
3590}
3591
3592static int selinux_task_setscheduler(struct task_struct *p)
3593{
3594 int rc;
3595
3596 rc = cap_task_setscheduler(p);
3597 if (rc)
3598 return rc;
3599
3600 return current_has_perm(p, PROCESS__SETSCHED);
3601}
3602
3603static int selinux_task_getscheduler(struct task_struct *p)
3604{
3605 return current_has_perm(p, PROCESS__GETSCHED);
3606}
3607
3608static int selinux_task_movememory(struct task_struct *p)
3609{
3610 return current_has_perm(p, PROCESS__SETSCHED);
3611}
3612
3613static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
3614 int sig, u32 secid)
3615{
3616 u32 perm;
3617 int rc;
3618
3619 if (!sig)
3620 perm = PROCESS__SIGNULL;
3621 else
3622 perm = signal_to_av(sig);
3623 if (secid)
3624 rc = avc_has_perm(secid, task_sid(p),
3625 SECCLASS_PROCESS, perm, NULL);
3626 else
3627 rc = current_has_perm(p, perm);
3628 return rc;
3629}
3630
3631static int selinux_task_wait(struct task_struct *p)
3632{
3633 return task_has_perm(p, current, PROCESS__SIGCHLD);
3634}
3635
3636static void selinux_task_to_inode(struct task_struct *p,
3637 struct inode *inode)
3638{
3639 struct inode_security_struct *isec = inode->i_security;
3640 u32 sid = task_sid(p);
3641
3642 isec->sid = sid;
3643 isec->initialized = 1;
3644}
3645
3646
3647static int selinux_parse_skb_ipv4(struct sk_buff *skb,
3648 struct common_audit_data *ad, u8 *proto)
3649{
3650 int offset, ihlen, ret = -EINVAL;
3651 struct iphdr _iph, *ih;
3652
3653 offset = skb_network_offset(skb);
3654 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
3655 if (ih == NULL)
3656 goto out;
3657
3658 ihlen = ih->ihl * 4;
3659 if (ihlen < sizeof(_iph))
3660 goto out;
3661
3662 ad->u.net->v4info.saddr = ih->saddr;
3663 ad->u.net->v4info.daddr = ih->daddr;
3664 ret = 0;
3665
3666 if (proto)
3667 *proto = ih->protocol;
3668
3669 switch (ih->protocol) {
3670 case IPPROTO_TCP: {
3671 struct tcphdr _tcph, *th;
3672
3673 if (ntohs(ih->frag_off) & IP_OFFSET)
3674 break;
3675
3676 offset += ihlen;
3677 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3678 if (th == NULL)
3679 break;
3680
3681 ad->u.net->sport = th->source;
3682 ad->u.net->dport = th->dest;
3683 break;
3684 }
3685
3686 case IPPROTO_UDP: {
3687 struct udphdr _udph, *uh;
3688
3689 if (ntohs(ih->frag_off) & IP_OFFSET)
3690 break;
3691
3692 offset += ihlen;
3693 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3694 if (uh == NULL)
3695 break;
3696
3697 ad->u.net->sport = uh->source;
3698 ad->u.net->dport = uh->dest;
3699 break;
3700 }
3701
3702 case IPPROTO_DCCP: {
3703 struct dccp_hdr _dccph, *dh;
3704
3705 if (ntohs(ih->frag_off) & IP_OFFSET)
3706 break;
3707
3708 offset += ihlen;
3709 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3710 if (dh == NULL)
3711 break;
3712
3713 ad->u.net->sport = dh->dccph_sport;
3714 ad->u.net->dport = dh->dccph_dport;
3715 break;
3716 }
3717
3718 default:
3719 break;
3720 }
3721out:
3722 return ret;
3723}
3724
3725#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3726
3727
3728static int selinux_parse_skb_ipv6(struct sk_buff *skb,
3729 struct common_audit_data *ad, u8 *proto)
3730{
3731 u8 nexthdr;
3732 int ret = -EINVAL, offset;
3733 struct ipv6hdr _ipv6h, *ip6;
3734 __be16 frag_off;
3735
3736 offset = skb_network_offset(skb);
3737 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3738 if (ip6 == NULL)
3739 goto out;
3740
3741 ad->u.net->v6info.saddr = ip6->saddr;
3742 ad->u.net->v6info.daddr = ip6->daddr;
3743 ret = 0;
3744
3745 nexthdr = ip6->nexthdr;
3746 offset += sizeof(_ipv6h);
3747 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3748 if (offset < 0)
3749 goto out;
3750
3751 if (proto)
3752 *proto = nexthdr;
3753
3754 switch (nexthdr) {
3755 case IPPROTO_TCP: {
3756 struct tcphdr _tcph, *th;
3757
3758 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3759 if (th == NULL)
3760 break;
3761
3762 ad->u.net->sport = th->source;
3763 ad->u.net->dport = th->dest;
3764 break;
3765 }
3766
3767 case IPPROTO_UDP: {
3768 struct udphdr _udph, *uh;
3769
3770 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3771 if (uh == NULL)
3772 break;
3773
3774 ad->u.net->sport = uh->source;
3775 ad->u.net->dport = uh->dest;
3776 break;
3777 }
3778
3779 case IPPROTO_DCCP: {
3780 struct dccp_hdr _dccph, *dh;
3781
3782 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3783 if (dh == NULL)
3784 break;
3785
3786 ad->u.net->sport = dh->dccph_sport;
3787 ad->u.net->dport = dh->dccph_dport;
3788 break;
3789 }
3790
3791
3792 default:
3793 break;
3794 }
3795out:
3796 return ret;
3797}
3798
3799#endif
3800
3801static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
3802 char **_addrp, int src, u8 *proto)
3803{
3804 char *addrp;
3805 int ret;
3806
3807 switch (ad->u.net->family) {
3808 case PF_INET:
3809 ret = selinux_parse_skb_ipv4(skb, ad, proto);
3810 if (ret)
3811 goto parse_error;
3812 addrp = (char *)(src ? &ad->u.net->v4info.saddr :
3813 &ad->u.net->v4info.daddr);
3814 goto okay;
3815
3816#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3817 case PF_INET6:
3818 ret = selinux_parse_skb_ipv6(skb, ad, proto);
3819 if (ret)
3820 goto parse_error;
3821 addrp = (char *)(src ? &ad->u.net->v6info.saddr :
3822 &ad->u.net->v6info.daddr);
3823 goto okay;
3824#endif
3825 default:
3826 addrp = NULL;
3827 goto okay;
3828 }
3829
3830parse_error:
3831 printk(KERN_WARNING
3832 "SELinux: failure in selinux_parse_skb(),"
3833 " unable to parse packet\n");
3834 return ret;
3835
3836okay:
3837 if (_addrp)
3838 *_addrp = addrp;
3839 return 0;
3840}
3841
3842
3843
3844
3845
3846
3847
3848
3849
3850
3851
3852
3853
3854
3855
3856
3857static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
3858{
3859 int err;
3860 u32 xfrm_sid;
3861 u32 nlbl_sid;
3862 u32 nlbl_type;
3863
3864 err = selinux_xfrm_skb_sid(skb, &xfrm_sid);
3865 if (unlikely(err))
3866 return -EACCES;
3867 err = selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
3868 if (unlikely(err))
3869 return -EACCES;
3870
3871 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
3872 if (unlikely(err)) {
3873 printk(KERN_WARNING
3874 "SELinux: failure in selinux_skb_peerlbl_sid(),"
3875 " unable to determine packet's peer label\n");
3876 return -EACCES;
3877 }
3878
3879 return 0;
3880}
3881
3882
3883
3884
3885
3886
3887
3888
3889
3890
3891
3892
3893
3894static int selinux_conn_sid(u32 sk_sid, u32 skb_sid, u32 *conn_sid)
3895{
3896 int err = 0;
3897
3898 if (skb_sid != SECSID_NULL)
3899 err = security_sid_mls_copy(sk_sid, skb_sid, conn_sid);
3900 else
3901 *conn_sid = sk_sid;
3902
3903 return err;
3904}
3905
3906
3907
3908static int socket_sockcreate_sid(const struct task_security_struct *tsec,
3909 u16 secclass, u32 *socksid)
3910{
3911 if (tsec->sockcreate_sid > SECSID_NULL) {
3912 *socksid = tsec->sockcreate_sid;
3913 return 0;
3914 }
3915
3916 return security_transition_sid(tsec->sid, tsec->sid, secclass, NULL,
3917 socksid);
3918}
3919
3920static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms)
3921{
3922 struct sk_security_struct *sksec = sk->sk_security;
3923 struct common_audit_data ad;
3924 struct lsm_network_audit net = {0,};
3925 u32 tsid = task_sid(task);
3926
3927 if (sksec->sid == SECINITSID_KERNEL)
3928 return 0;
3929
3930 ad.type = LSM_AUDIT_DATA_NET;
3931 ad.u.net = &net;
3932 ad.u.net->sk = sk;
3933
3934 return avc_has_perm(tsid, sksec->sid, sksec->sclass, perms, &ad);
3935}
3936
3937static int selinux_socket_create(int family, int type,
3938 int protocol, int kern)
3939{
3940 const struct task_security_struct *tsec = current_security();
3941 u32 newsid;
3942 u16 secclass;
3943 int rc;
3944
3945 if (kern)
3946 return 0;
3947
3948 secclass = socket_type_to_security_class(family, type, protocol);
3949 rc = socket_sockcreate_sid(tsec, secclass, &newsid);
3950 if (rc)
3951 return rc;
3952
3953 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
3954}
3955
3956static int selinux_socket_post_create(struct socket *sock, int family,
3957 int type, int protocol, int kern)
3958{
3959 const struct task_security_struct *tsec = current_security();
3960 struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;
3961 struct sk_security_struct *sksec;
3962 int err = 0;
3963
3964 isec->sclass = socket_type_to_security_class(family, type, protocol);
3965
3966 if (kern)
3967 isec->sid = SECINITSID_KERNEL;
3968 else {
3969 err = socket_sockcreate_sid(tsec, isec->sclass, &(isec->sid));
3970 if (err)
3971 return err;
3972 }
3973
3974 isec->initialized = 1;
3975
3976 if (sock->sk) {
3977 sksec = sock->sk->sk_security;
3978 sksec->sid = isec->sid;
3979 sksec->sclass = isec->sclass;
3980 err = selinux_netlbl_socket_post_create(sock->sk, family);
3981 }
3982
3983 return err;
3984}
3985
3986
3987
3988
3989
3990static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
3991{
3992 struct sock *sk = sock->sk;
3993 u16 family;
3994 int err;
3995
3996 err = sock_has_perm(current, sk, SOCKET__BIND);
3997 if (err)
3998 goto out;
3999
4000
4001
4002
4003
4004
4005 family = sk->sk_family;
4006 if (family == PF_INET || family == PF_INET6) {
4007 char *addrp;
4008 struct sk_security_struct *sksec = sk->sk_security;
4009 struct common_audit_data ad;
4010 struct lsm_network_audit net = {0,};
4011 struct sockaddr_in *addr4 = NULL;
4012 struct sockaddr_in6 *addr6 = NULL;
4013 unsigned short snum;
4014 u32 sid, node_perm;
4015
4016 if (family == PF_INET) {
4017 addr4 = (struct sockaddr_in *)address;
4018 snum = ntohs(addr4->sin_port);
4019 addrp = (char *)&addr4->sin_addr.s_addr;
4020 } else {
4021 addr6 = (struct sockaddr_in6 *)address;
4022 snum = ntohs(addr6->sin6_port);
4023 addrp = (char *)&addr6->sin6_addr.s6_addr;
4024 }
4025
4026 if (snum) {
4027 int low, high;
4028
4029 inet_get_local_port_range(sock_net(sk), &low, &high);
4030
4031 if (snum < max(PROT_SOCK, low) || snum > high) {
4032 err = sel_netport_sid(sk->sk_protocol,
4033 snum, &sid);
4034 if (err)
4035 goto out;
4036 ad.type = LSM_AUDIT_DATA_NET;
4037 ad.u.net = &net;
4038 ad.u.net->sport = htons(snum);
4039 ad.u.net->family = family;
4040 err = avc_has_perm(sksec->sid, sid,
4041 sksec->sclass,
4042 SOCKET__NAME_BIND, &ad);
4043 if (err)
4044 goto out;
4045 }
4046 }
4047
4048 switch (sksec->sclass) {
4049 case SECCLASS_TCP_SOCKET:
4050 node_perm = TCP_SOCKET__NODE_BIND;
4051 break;
4052
4053 case SECCLASS_UDP_SOCKET:
4054 node_perm = UDP_SOCKET__NODE_BIND;
4055 break;
4056
4057 case SECCLASS_DCCP_SOCKET:
4058 node_perm = DCCP_SOCKET__NODE_BIND;
4059 break;
4060
4061 default:
4062 node_perm = RAWIP_SOCKET__NODE_BIND;
4063 break;
4064 }
4065
4066 err = sel_netnode_sid(addrp, family, &sid);
4067 if (err)
4068 goto out;
4069
4070 ad.type = LSM_AUDIT_DATA_NET;
4071 ad.u.net = &net;
4072 ad.u.net->sport = htons(snum);
4073 ad.u.net->family = family;
4074
4075 if (family == PF_INET)
4076 ad.u.net->v4info.saddr = addr4->sin_addr.s_addr;
4077 else
4078 ad.u.net->v6info.saddr = addr6->sin6_addr;
4079
4080 err = avc_has_perm(sksec->sid, sid,
4081 sksec->sclass, node_perm, &ad);
4082 if (err)
4083 goto out;
4084 }
4085out:
4086 return err;
4087}
4088
4089static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
4090{
4091 struct sock *sk = sock->sk;
4092 struct sk_security_struct *sksec = sk->sk_security;
4093 int err;
4094
4095 err = sock_has_perm(current, sk, SOCKET__CONNECT);
4096 if (err)
4097 return err;
4098
4099
4100
4101
4102 if (sksec->sclass == SECCLASS_TCP_SOCKET ||
4103 sksec->sclass == SECCLASS_DCCP_SOCKET) {
4104 struct common_audit_data ad;
4105 struct lsm_network_audit net = {0,};
4106 struct sockaddr_in *addr4 = NULL;
4107 struct sockaddr_in6 *addr6 = NULL;
4108 unsigned short snum;
4109 u32 sid, perm;
4110
4111 if (sk->sk_family == PF_INET) {
4112 addr4 = (struct sockaddr_in *)address;
4113 if (addrlen < sizeof(struct sockaddr_in))
4114 return -EINVAL;
4115 snum = ntohs(addr4->sin_port);
4116 } else {
4117 addr6 = (struct sockaddr_in6 *)address;
4118 if (addrlen < SIN6_LEN_RFC2133)
4119 return -EINVAL;
4120 snum = ntohs(addr6->sin6_port);
4121 }
4122
4123 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
4124 if (err)
4125 goto out;
4126
4127 perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ?
4128 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
4129
4130 ad.type = LSM_AUDIT_DATA_NET;
4131 ad.u.net = &net;
4132 ad.u.net->dport = htons(snum);
4133 ad.u.net->family = sk->sk_family;
4134 err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad);
4135 if (err)
4136 goto out;
4137 }
4138
4139 err = selinux_netlbl_socket_connect(sk, address);
4140
4141out:
4142 return err;
4143}
4144
4145static int selinux_socket_listen(struct socket *sock, int backlog)
4146{
4147 return sock_has_perm(current, sock->sk, SOCKET__LISTEN);
4148}
4149
4150static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
4151{
4152 int err;
4153 struct inode_security_struct *isec;
4154 struct inode_security_struct *newisec;
4155
4156 err = sock_has_perm(current, sock->sk, SOCKET__ACCEPT);
4157 if (err)
4158 return err;
4159
4160 newisec = SOCK_INODE(newsock)->i_security;
4161
4162 isec = SOCK_INODE(sock)->i_security;
4163 newisec->sclass = isec->sclass;
4164 newisec->sid = isec->sid;
4165 newisec->initialized = 1;
4166
4167 return 0;
4168}
4169
4170static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
4171 int size)
4172{
4173 return sock_has_perm(current, sock->sk, SOCKET__WRITE);
4174}
4175
4176static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
4177 int size, int flags)
4178{
4179 return sock_has_perm(current, sock->sk, SOCKET__READ);
4180}
4181
4182static int selinux_socket_getsockname(struct socket *sock)
4183{
4184 return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
4185}
4186
4187static int selinux_socket_getpeername(struct socket *sock)
4188{
4189 return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
4190}
4191
4192static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
4193{
4194 int err;
4195
4196 err = sock_has_perm(current, sock->sk, SOCKET__SETOPT);
4197 if (err)
4198 return err;
4199
4200 return selinux_netlbl_socket_setsockopt(sock, level, optname);
4201}
4202
4203static int selinux_socket_getsockopt(struct socket *sock, int level,
4204 int optname)
4205{
4206 return sock_has_perm(current, sock->sk, SOCKET__GETOPT);
4207}
4208
4209static int selinux_socket_shutdown(struct socket *sock, int how)
4210{
4211 return sock_has_perm(current, sock->sk, SOCKET__SHUTDOWN);
4212}
4213
4214static int selinux_socket_unix_stream_connect(struct sock *sock,
4215 struct sock *other,
4216 struct sock *newsk)
4217{
4218 struct sk_security_struct *sksec_sock = sock->sk_security;
4219 struct sk_security_struct *sksec_other = other->sk_security;
4220 struct sk_security_struct *sksec_new = newsk->sk_security;
4221 struct common_audit_data ad;
4222 struct lsm_network_audit net = {0,};
4223 int err;
4224
4225 ad.type = LSM_AUDIT_DATA_NET;
4226 ad.u.net = &net;
4227 ad.u.net->sk = other;
4228
4229 err = avc_has_perm(sksec_sock->sid, sksec_other->sid,
4230 sksec_other->sclass,
4231 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
4232 if (err)
4233 return err;
4234
4235
4236 sksec_new->peer_sid = sksec_sock->sid;
4237 err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid,
4238 &sksec_new->sid);
4239 if (err)
4240 return err;
4241
4242
4243 sksec_sock->peer_sid = sksec_new->sid;
4244
4245 return 0;
4246}
4247
4248static int selinux_socket_unix_may_send(struct socket *sock,
4249 struct socket *other)
4250{
4251 struct sk_security_struct *ssec = sock->sk->sk_security;
4252 struct sk_security_struct *osec = other->sk->sk_security;
4253 struct common_audit_data ad;
4254 struct lsm_network_audit net = {0,};
4255
4256 ad.type = LSM_AUDIT_DATA_NET;
4257 ad.u.net = &net;
4258 ad.u.net->sk = other->sk;
4259
4260 return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
4261 &ad);
4262}
4263
4264static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family,
4265 u32 peer_sid,
4266 struct common_audit_data *ad)
4267{
4268 int err;
4269 u32 if_sid;
4270 u32 node_sid;
4271
4272 err = sel_netif_sid(ifindex, &if_sid);
4273 if (err)
4274 return err;
4275 err = avc_has_perm(peer_sid, if_sid,
4276 SECCLASS_NETIF, NETIF__INGRESS, ad);
4277 if (err)
4278 return err;
4279
4280 err = sel_netnode_sid(addrp, family, &node_sid);
4281 if (err)
4282 return err;
4283 return avc_has_perm(peer_sid, node_sid,
4284 SECCLASS_NODE, NODE__RECVFROM, ad);
4285}
4286
4287static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4288 u16 family)
4289{
4290 int err = 0;
4291 struct sk_security_struct *sksec = sk->sk_security;
4292 u32 sk_sid = sksec->sid;
4293 struct common_audit_data ad;
4294 struct lsm_network_audit net = {0,};
4295 char *addrp;
4296
4297 ad.type = LSM_AUDIT_DATA_NET;
4298 ad.u.net = &net;
4299 ad.u.net->netif = skb->skb_iif;
4300 ad.u.net->family = family;
4301 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4302 if (err)
4303 return err;
4304
4305 if (selinux_secmark_enabled()) {
4306 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4307 PACKET__RECV, &ad);
4308 if (err)
4309 return err;
4310 }
4311
4312 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
4313 if (err)
4314 return err;
4315 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
4316
4317 return err;
4318}
4319
4320static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4321{
4322 int err;
4323 struct sk_security_struct *sksec = sk->sk_security;
4324 u16 family = sk->sk_family;
4325 u32 sk_sid = sksec->sid;
4326 struct common_audit_data ad;
4327 struct lsm_network_audit net = {0,};
4328 char *addrp;
4329 u8 secmark_active;
4330 u8 peerlbl_active;
4331
4332 if (family != PF_INET && family != PF_INET6)
4333 return 0;
4334
4335
4336 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4337 family = PF_INET;
4338
4339
4340
4341
4342
4343 if (!selinux_policycap_netpeer)
4344 return selinux_sock_rcv_skb_compat(sk, skb, family);
4345
4346 secmark_active = selinux_secmark_enabled();
4347 peerlbl_active = selinux_peerlbl_enabled();
4348 if (!secmark_active && !peerlbl_active)
4349 return 0;
4350
4351 ad.type = LSM_AUDIT_DATA_NET;
4352 ad.u.net = &net;
4353 ad.u.net->netif = skb->skb_iif;
4354 ad.u.net->family = family;
4355 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4356 if (err)
4357 return err;
4358
4359 if (peerlbl_active) {
4360 u32 peer_sid;
4361
4362 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4363 if (err)
4364 return err;
4365 err = selinux_inet_sys_rcv_skb(skb->skb_iif, addrp, family,
4366 peer_sid, &ad);
4367 if (err) {
4368 selinux_netlbl_err(skb, err, 0);
4369 return err;
4370 }
4371 err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
4372 PEER__RECV, &ad);
4373 if (err) {
4374 selinux_netlbl_err(skb, err, 0);
4375 return err;
4376 }
4377 }
4378
4379 if (secmark_active) {
4380 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4381 PACKET__RECV, &ad);
4382 if (err)
4383 return err;
4384 }
4385
4386 return err;
4387}
4388
4389static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
4390 int __user *optlen, unsigned len)
4391{
4392 int err = 0;
4393 char *scontext;
4394 u32 scontext_len;
4395 struct sk_security_struct *sksec = sock->sk->sk_security;
4396 u32 peer_sid = SECSID_NULL;
4397
4398 if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
4399 sksec->sclass == SECCLASS_TCP_SOCKET)
4400 peer_sid = sksec->peer_sid;
4401 if (peer_sid == SECSID_NULL)
4402 return -ENOPROTOOPT;
4403
4404 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
4405 if (err)
4406 return err;
4407
4408 if (scontext_len > len) {
4409 err = -ERANGE;
4410 goto out_len;
4411 }
4412
4413 if (copy_to_user(optval, scontext, scontext_len))
4414 err = -EFAULT;
4415
4416out_len:
4417 if (put_user(scontext_len, optlen))
4418 err = -EFAULT;
4419 kfree(scontext);
4420 return err;
4421}
4422
4423static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
4424{
4425 u32 peer_secid = SECSID_NULL;
4426 u16 family;
4427
4428 if (skb && skb->protocol == htons(ETH_P_IP))
4429 family = PF_INET;
4430 else if (skb && skb->protocol == htons(ETH_P_IPV6))
4431 family = PF_INET6;
4432 else if (sock)
4433 family = sock->sk->sk_family;
4434 else
4435 goto out;
4436
4437 if (sock && family == PF_UNIX)
4438 selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
4439 else if (skb)
4440 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
4441
4442out:
4443 *secid = peer_secid;
4444 if (peer_secid == SECSID_NULL)
4445 return -EINVAL;
4446 return 0;
4447}
4448
4449static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
4450{
4451 struct sk_security_struct *sksec;
4452
4453 sksec = kzalloc(sizeof(*sksec), priority);
4454 if (!sksec)
4455 return -ENOMEM;
4456
4457 sksec->peer_sid = SECINITSID_UNLABELED;
4458 sksec->sid = SECINITSID_UNLABELED;
4459 selinux_netlbl_sk_security_reset(sksec);
4460 sk->sk_security = sksec;
4461
4462 return 0;
4463}
4464
4465static void selinux_sk_free_security(struct sock *sk)
4466{
4467 struct sk_security_struct *sksec = sk->sk_security;
4468
4469 sk->sk_security = NULL;
4470 selinux_netlbl_sk_security_free(sksec);
4471 kfree(sksec);
4472}
4473
4474static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
4475{
4476 struct sk_security_struct *sksec = sk->sk_security;
4477 struct sk_security_struct *newsksec = newsk->sk_security;
4478
4479 newsksec->sid = sksec->sid;
4480 newsksec->peer_sid = sksec->peer_sid;
4481 newsksec->sclass = sksec->sclass;
4482
4483 selinux_netlbl_sk_security_reset(newsksec);
4484}
4485
4486static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
4487{
4488 if (!sk)
4489 *secid = SECINITSID_ANY_SOCKET;
4490 else {
4491 struct sk_security_struct *sksec = sk->sk_security;
4492
4493 *secid = sksec->sid;
4494 }
4495}
4496
4497static void selinux_sock_graft(struct sock *sk, struct socket *parent)
4498{
4499 struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
4500 struct sk_security_struct *sksec = sk->sk_security;
4501
4502 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
4503 sk->sk_family == PF_UNIX)
4504 isec->sid = sksec->sid;
4505 sksec->sclass = isec->sclass;
4506}
4507
4508static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4509 struct request_sock *req)
4510{
4511 struct sk_security_struct *sksec = sk->sk_security;
4512 int err;
4513 u16 family = req->rsk_ops->family;
4514 u32 connsid;
4515 u32 peersid;
4516
4517 err = selinux_skb_peerlbl_sid(skb, family, &peersid);
4518 if (err)
4519 return err;
4520 err = selinux_conn_sid(sksec->sid, peersid, &connsid);
4521 if (err)
4522 return err;
4523 req->secid = connsid;
4524 req->peer_secid = peersid;
4525
4526 return selinux_netlbl_inet_conn_request(req, family);
4527}
4528
4529static void selinux_inet_csk_clone(struct sock *newsk,
4530 const struct request_sock *req)
4531{
4532 struct sk_security_struct *newsksec = newsk->sk_security;
4533
4534 newsksec->sid = req->secid;
4535 newsksec->peer_sid = req->peer_secid;
4536
4537
4538
4539
4540
4541
4542
4543 selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
4544}
4545
4546static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
4547{
4548 u16 family = sk->sk_family;
4549 struct sk_security_struct *sksec = sk->sk_security;
4550
4551
4552 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4553 family = PF_INET;
4554
4555 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
4556}
4557
4558static void selinux_skb_owned_by(struct sk_buff *skb, struct sock *sk)
4559{
4560 skb_set_owner_w(skb, sk);
4561}
4562
4563static int selinux_secmark_relabel_packet(u32 sid)
4564{
4565 const struct task_security_struct *__tsec;
4566 u32 tsid;
4567
4568 __tsec = current_security();
4569 tsid = __tsec->sid;
4570
4571 return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL);
4572}
4573
4574static void selinux_secmark_refcount_inc(void)
4575{
4576 atomic_inc(&selinux_secmark_refcount);
4577}
4578
4579static void selinux_secmark_refcount_dec(void)
4580{
4581 atomic_dec(&selinux_secmark_refcount);
4582}
4583
4584static void selinux_req_classify_flow(const struct request_sock *req,
4585 struct flowi *fl)
4586{
4587 fl->flowi_secid = req->secid;
4588}
4589
4590static int selinux_tun_dev_alloc_security(void **security)
4591{
4592 struct tun_security_struct *tunsec;
4593
4594 tunsec = kzalloc(sizeof(*tunsec), GFP_KERNEL);
4595 if (!tunsec)
4596 return -ENOMEM;
4597 tunsec->sid = current_sid();
4598
4599 *security = tunsec;
4600 return 0;
4601}
4602
4603static void selinux_tun_dev_free_security(void *security)
4604{
4605 kfree(security);
4606}
4607
4608static int selinux_tun_dev_create(void)
4609{
4610 u32 sid = current_sid();
4611
4612
4613
4614
4615
4616
4617
4618
4619 return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
4620 NULL);
4621}
4622
4623static int selinux_tun_dev_attach_queue(void *security)
4624{
4625 struct tun_security_struct *tunsec = security;
4626
4627 return avc_has_perm(current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET,
4628 TUN_SOCKET__ATTACH_QUEUE, NULL);
4629}
4630
4631static int selinux_tun_dev_attach(struct sock *sk, void *security)
4632{
4633 struct tun_security_struct *tunsec = security;
4634 struct sk_security_struct *sksec = sk->sk_security;
4635
4636
4637
4638
4639
4640
4641
4642
4643 sksec->sid = tunsec->sid;
4644 sksec->sclass = SECCLASS_TUN_SOCKET;
4645
4646 return 0;
4647}
4648
4649static int selinux_tun_dev_open(void *security)
4650{
4651 struct tun_security_struct *tunsec = security;
4652 u32 sid = current_sid();
4653 int err;
4654
4655 err = avc_has_perm(sid, tunsec->sid, SECCLASS_TUN_SOCKET,
4656 TUN_SOCKET__RELABELFROM, NULL);
4657 if (err)
4658 return err;
4659 err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET,
4660 TUN_SOCKET__RELABELTO, NULL);
4661 if (err)
4662 return err;
4663 tunsec->sid = sid;
4664
4665 return 0;
4666}
4667
4668static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
4669{
4670 int err = 0;
4671 u32 perm;
4672 struct nlmsghdr *nlh;
4673 struct sk_security_struct *sksec = sk->sk_security;
4674
4675 if (skb->len < NLMSG_HDRLEN) {
4676 err = -EINVAL;
4677 goto out;
4678 }
4679 nlh = nlmsg_hdr(skb);
4680
4681 err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);
4682 if (err) {
4683 if (err == -EINVAL) {
4684 audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR,
4685 "SELinux: unrecognized netlink message"
4686 " type=%hu for sclass=%hu\n",
4687 nlh->nlmsg_type, sksec->sclass);
4688 if (!selinux_enforcing || security_get_allow_unknown())
4689 err = 0;
4690 }
4691
4692
4693 if (err == -ENOENT)
4694 err = 0;
4695 goto out;
4696 }
4697
4698 err = sock_has_perm(current, sk, perm);
4699out:
4700 return err;
4701}
4702
4703#ifdef CONFIG_NETFILTER
4704
4705static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
4706 u16 family)
4707{
4708 int err;
4709 char *addrp;
4710 u32 peer_sid;
4711 struct common_audit_data ad;
4712 struct lsm_network_audit net = {0,};
4713 u8 secmark_active;
4714 u8 netlbl_active;
4715 u8 peerlbl_active;
4716
4717 if (!selinux_policycap_netpeer)
4718 return NF_ACCEPT;
4719
4720 secmark_active = selinux_secmark_enabled();
4721 netlbl_active = netlbl_enabled();
4722 peerlbl_active = selinux_peerlbl_enabled();
4723 if (!secmark_active && !peerlbl_active)
4724 return NF_ACCEPT;
4725
4726 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
4727 return NF_DROP;
4728
4729 ad.type = LSM_AUDIT_DATA_NET;
4730 ad.u.net = &net;
4731 ad.u.net->netif = ifindex;
4732 ad.u.net->family = family;
4733 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
4734 return NF_DROP;
4735
4736 if (peerlbl_active) {
4737 err = selinux_inet_sys_rcv_skb(ifindex, addrp, family,
4738 peer_sid, &ad);
4739 if (err) {
4740 selinux_netlbl_err(skb, err, 1);
4741 return NF_DROP;
4742 }
4743 }
4744
4745 if (secmark_active)
4746 if (avc_has_perm(peer_sid, skb->secmark,
4747 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
4748 return NF_DROP;
4749
4750 if (netlbl_active)
4751
4752
4753
4754
4755 if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
4756 return NF_DROP;
4757
4758 return NF_ACCEPT;
4759}
4760
4761static unsigned int selinux_ipv4_forward(const struct nf_hook_ops *ops,
4762 struct sk_buff *skb,
4763 const struct net_device *in,
4764 const struct net_device *out,
4765 int (*okfn)(struct sk_buff *))
4766{
4767 return selinux_ip_forward(skb, in->ifindex, PF_INET);
4768}
4769
4770#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4771static unsigned int selinux_ipv6_forward(const struct nf_hook_ops *ops,
4772 struct sk_buff *skb,
4773 const struct net_device *in,
4774 const struct net_device *out,
4775 int (*okfn)(struct sk_buff *))
4776{
4777 return selinux_ip_forward(skb, in->ifindex, PF_INET6);
4778}
4779#endif
4780
4781static unsigned int selinux_ip_output(struct sk_buff *skb,
4782 u16 family)
4783{
4784 struct sock *sk;
4785 u32 sid;
4786
4787 if (!netlbl_enabled())
4788 return NF_ACCEPT;
4789
4790
4791
4792
4793 sk = skb->sk;
4794 if (sk) {
4795 struct sk_security_struct *sksec;
4796
4797 if (sk->sk_state == TCP_LISTEN)
4798
4799
4800
4801
4802
4803
4804
4805
4806
4807
4808
4809
4810 return NF_ACCEPT;
4811
4812
4813 sksec = sk->sk_security;
4814 sid = sksec->sid;
4815 } else
4816 sid = SECINITSID_KERNEL;
4817 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
4818 return NF_DROP;
4819
4820 return NF_ACCEPT;
4821}
4822
4823static unsigned int selinux_ipv4_output(const struct nf_hook_ops *ops,
4824 struct sk_buff *skb,
4825 const struct net_device *in,
4826 const struct net_device *out,
4827 int (*okfn)(struct sk_buff *))
4828{
4829 return selinux_ip_output(skb, PF_INET);
4830}
4831
4832static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4833 int ifindex,
4834 u16 family)
4835{
4836 struct sock *sk = skb->sk;
4837 struct sk_security_struct *sksec;
4838 struct common_audit_data ad;
4839 struct lsm_network_audit net = {0,};
4840 char *addrp;
4841 u8 proto;
4842
4843 if (sk == NULL)
4844 return NF_ACCEPT;
4845 sksec = sk->sk_security;
4846
4847 ad.type = LSM_AUDIT_DATA_NET;
4848 ad.u.net = &net;
4849 ad.u.net->netif = ifindex;
4850 ad.u.net->family = family;
4851 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
4852 return NF_DROP;
4853
4854 if (selinux_secmark_enabled())
4855 if (avc_has_perm(sksec->sid, skb->secmark,
4856 SECCLASS_PACKET, PACKET__SEND, &ad))
4857 return NF_DROP_ERR(-ECONNREFUSED);
4858
4859 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
4860 return NF_DROP_ERR(-ECONNREFUSED);
4861
4862 return NF_ACCEPT;
4863}
4864
4865static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4866 u16 family)
4867{
4868 u32 secmark_perm;
4869 u32 peer_sid;
4870 struct sock *sk;
4871 struct common_audit_data ad;
4872 struct lsm_network_audit net = {0,};
4873 char *addrp;
4874 u8 secmark_active;
4875 u8 peerlbl_active;
4876
4877
4878
4879
4880
4881 if (!selinux_policycap_netpeer)
4882 return selinux_ip_postroute_compat(skb, ifindex, family);
4883
4884 secmark_active = selinux_secmark_enabled();
4885 peerlbl_active = selinux_peerlbl_enabled();
4886 if (!secmark_active && !peerlbl_active)
4887 return NF_ACCEPT;
4888
4889 sk = skb->sk;
4890
4891#ifdef CONFIG_XFRM
4892
4893
4894
4895
4896
4897
4898
4899
4900
4901
4902
4903 if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL &&
4904 !(sk != NULL && sk->sk_state == TCP_LISTEN))
4905 return NF_ACCEPT;
4906#endif
4907
4908 if (sk == NULL) {
4909
4910
4911
4912
4913 if (skb->skb_iif) {
4914 secmark_perm = PACKET__FORWARD_OUT;
4915 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
4916 return NF_DROP;
4917 } else {
4918 secmark_perm = PACKET__SEND;
4919 peer_sid = SECINITSID_KERNEL;
4920 }
4921 } else if (sk->sk_state == TCP_LISTEN) {
4922
4923
4924
4925
4926
4927
4928
4929
4930
4931 u32 skb_sid;
4932 struct sk_security_struct *sksec = sk->sk_security;
4933 if (selinux_skb_peerlbl_sid(skb, family, &skb_sid))
4934 return NF_DROP;
4935
4936
4937
4938
4939
4940
4941 if (skb_sid == SECSID_NULL) {
4942 switch (family) {
4943 case PF_INET:
4944 if (IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED)
4945 return NF_ACCEPT;
4946 break;
4947 case PF_INET6:
4948 if (IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED)
4949 return NF_ACCEPT;
4950 default:
4951 return NF_DROP_ERR(-ECONNREFUSED);
4952 }
4953 }
4954 if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid))
4955 return NF_DROP;
4956 secmark_perm = PACKET__SEND;
4957 } else {
4958
4959
4960 struct sk_security_struct *sksec = sk->sk_security;
4961 peer_sid = sksec->sid;
4962 secmark_perm = PACKET__SEND;
4963 }
4964
4965 ad.type = LSM_AUDIT_DATA_NET;
4966 ad.u.net = &net;
4967 ad.u.net->netif = ifindex;
4968 ad.u.net->family = family;
4969 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
4970 return NF_DROP;
4971
4972 if (secmark_active)
4973 if (avc_has_perm(peer_sid, skb->secmark,
4974 SECCLASS_PACKET, secmark_perm, &ad))
4975 return NF_DROP_ERR(-ECONNREFUSED);
4976
4977 if (peerlbl_active) {
4978 u32 if_sid;
4979 u32 node_sid;
4980
4981 if (sel_netif_sid(ifindex, &if_sid))
4982 return NF_DROP;
4983 if (avc_has_perm(peer_sid, if_sid,
4984 SECCLASS_NETIF, NETIF__EGRESS, &ad))
4985 return NF_DROP_ERR(-ECONNREFUSED);
4986
4987 if (sel_netnode_sid(addrp, family, &node_sid))
4988 return NF_DROP;
4989 if (avc_has_perm(peer_sid, node_sid,
4990 SECCLASS_NODE, NODE__SENDTO, &ad))
4991 return NF_DROP_ERR(-ECONNREFUSED);
4992 }
4993
4994 return NF_ACCEPT;
4995}
4996
4997static unsigned int selinux_ipv4_postroute(const struct nf_hook_ops *ops,
4998 struct sk_buff *skb,
4999 const struct net_device *in,
5000 const struct net_device *out,
5001 int (*okfn)(struct sk_buff *))
5002{
5003 return selinux_ip_postroute(skb, out->ifindex, PF_INET);
5004}
5005
5006#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5007static unsigned int selinux_ipv6_postroute(const struct nf_hook_ops *ops,
5008 struct sk_buff *skb,
5009 const struct net_device *in,
5010 const struct net_device *out,
5011 int (*okfn)(struct sk_buff *))
5012{
5013 return selinux_ip_postroute(skb, out->ifindex, PF_INET6);
5014}
5015#endif
5016
5017#endif
5018
5019static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
5020{
5021 int err;
5022
5023 err = cap_netlink_send(sk, skb);
5024 if (err)
5025 return err;
5026
5027 return selinux_nlmsg_perm(sk, skb);
5028}
5029
5030static int ipc_alloc_security(struct task_struct *task,
5031 struct kern_ipc_perm *perm,
5032 u16 sclass)
5033{
5034 struct ipc_security_struct *isec;
5035 u32 sid;
5036
5037 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
5038 if (!isec)
5039 return -ENOMEM;
5040
5041 sid = task_sid(task);
5042 isec->sclass = sclass;
5043 isec->sid = sid;
5044 perm->security = isec;
5045
5046 return 0;
5047}
5048
5049static void ipc_free_security(struct kern_ipc_perm *perm)
5050{
5051 struct ipc_security_struct *isec = perm->security;
5052 perm->security = NULL;
5053 kfree(isec);
5054}
5055
5056static int msg_msg_alloc_security(struct msg_msg *msg)
5057{
5058 struct msg_security_struct *msec;
5059
5060 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
5061 if (!msec)
5062 return -ENOMEM;
5063
5064 msec->sid = SECINITSID_UNLABELED;
5065 msg->security = msec;
5066
5067 return 0;
5068}
5069
5070static void msg_msg_free_security(struct msg_msg *msg)
5071{
5072 struct msg_security_struct *msec = msg->security;
5073
5074 msg->security = NULL;
5075 kfree(msec);
5076}
5077
5078static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
5079 u32 perms)
5080{
5081 struct ipc_security_struct *isec;
5082 struct common_audit_data ad;
5083 u32 sid = current_sid();
5084
5085 isec = ipc_perms->security;
5086
5087 ad.type = LSM_AUDIT_DATA_IPC;
5088 ad.u.ipc_id = ipc_perms->key;
5089
5090 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
5091}
5092
5093static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
5094{
5095 return msg_msg_alloc_security(msg);
5096}
5097
5098static void selinux_msg_msg_free_security(struct msg_msg *msg)
5099{
5100 msg_msg_free_security(msg);
5101}
5102
5103
5104static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
5105{
5106 struct ipc_security_struct *isec;
5107 struct common_audit_data ad;
5108 u32 sid = current_sid();
5109 int rc;
5110
5111 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
5112 if (rc)
5113 return rc;
5114
5115 isec = msq->q_perm.security;
5116
5117 ad.type = LSM_AUDIT_DATA_IPC;
5118 ad.u.ipc_id = msq->q_perm.key;
5119
5120 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5121 MSGQ__CREATE, &ad);
5122 if (rc) {
5123 ipc_free_security(&msq->q_perm);
5124 return rc;
5125 }
5126 return 0;
5127}
5128
5129static void selinux_msg_queue_free_security(struct msg_queue *msq)
5130{
5131 ipc_free_security(&msq->q_perm);
5132}
5133
5134static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
5135{
5136 struct ipc_security_struct *isec;
5137 struct common_audit_data ad;
5138 u32 sid = current_sid();
5139
5140 isec = msq->q_perm.security;
5141
5142 ad.type = LSM_AUDIT_DATA_IPC;
5143 ad.u.ipc_id = msq->q_perm.key;
5144
5145 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5146 MSGQ__ASSOCIATE, &ad);
5147}
5148
5149static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
5150{
5151 int err;
5152 int perms;
5153
5154 switch (cmd) {
5155 case IPC_INFO:
5156 case MSG_INFO:
5157
5158 return task_has_system(current, SYSTEM__IPC_INFO);
5159 case IPC_STAT:
5160 case MSG_STAT:
5161 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
5162 break;
5163 case IPC_SET:
5164 perms = MSGQ__SETATTR;
5165 break;
5166 case IPC_RMID:
5167 perms = MSGQ__DESTROY;
5168 break;
5169 default:
5170 return 0;
5171 }
5172
5173 err = ipc_has_perm(&msq->q_perm, perms);
5174 return err;
5175}
5176
5177static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
5178{
5179 struct ipc_security_struct *isec;
5180 struct msg_security_struct *msec;
5181 struct common_audit_data ad;
5182 u32 sid = current_sid();
5183 int rc;
5184
5185 isec = msq->q_perm.security;
5186 msec = msg->security;
5187
5188
5189
5190
5191 if (msec->sid == SECINITSID_UNLABELED) {
5192
5193
5194
5195
5196 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG,
5197 NULL, &msec->sid);
5198 if (rc)
5199 return rc;
5200 }
5201
5202 ad.type = LSM_AUDIT_DATA_IPC;
5203 ad.u.ipc_id = msq->q_perm.key;
5204
5205
5206 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5207 MSGQ__WRITE, &ad);
5208 if (!rc)
5209
5210 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG,
5211 MSG__SEND, &ad);
5212 if (!rc)
5213
5214 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ,
5215 MSGQ__ENQUEUE, &ad);
5216
5217 return rc;
5218}
5219
5220static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
5221 struct task_struct *target,
5222 long type, int mode)
5223{
5224 struct ipc_security_struct *isec;
5225 struct msg_security_struct *msec;
5226 struct common_audit_data ad;
5227 u32 sid = task_sid(target);
5228 int rc;
5229
5230 isec = msq->q_perm.security;
5231 msec = msg->security;
5232
5233 ad.type = LSM_AUDIT_DATA_IPC;
5234 ad.u.ipc_id = msq->q_perm.key;
5235
5236 rc = avc_has_perm(sid, isec->sid,
5237 SECCLASS_MSGQ, MSGQ__READ, &ad);
5238 if (!rc)
5239 rc = avc_has_perm(sid, msec->sid,
5240 SECCLASS_MSG, MSG__RECEIVE, &ad);
5241 return rc;
5242}
5243
5244
5245static int selinux_shm_alloc_security(struct shmid_kernel *shp)
5246{
5247 struct ipc_security_struct *isec;
5248 struct common_audit_data ad;
5249 u32 sid = current_sid();
5250 int rc;
5251
5252 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
5253 if (rc)
5254 return rc;
5255
5256 isec = shp->shm_perm.security;
5257
5258 ad.type = LSM_AUDIT_DATA_IPC;
5259 ad.u.ipc_id = shp->shm_perm.key;
5260
5261 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5262 SHM__CREATE, &ad);
5263 if (rc) {
5264 ipc_free_security(&shp->shm_perm);
5265 return rc;
5266 }
5267 return 0;
5268}
5269
5270static void selinux_shm_free_security(struct shmid_kernel *shp)
5271{
5272 ipc_free_security(&shp->shm_perm);
5273}
5274
5275static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
5276{
5277 struct ipc_security_struct *isec;
5278 struct common_audit_data ad;
5279 u32 sid = current_sid();
5280
5281 isec = shp->shm_perm.security;
5282
5283 ad.type = LSM_AUDIT_DATA_IPC;
5284 ad.u.ipc_id = shp->shm_perm.key;
5285
5286 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5287 SHM__ASSOCIATE, &ad);
5288}
5289
5290
5291static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
5292{
5293 int perms;
5294 int err;
5295
5296 switch (cmd) {
5297 case IPC_INFO:
5298 case SHM_INFO:
5299
5300 return task_has_system(current, SYSTEM__IPC_INFO);
5301 case IPC_STAT:
5302 case SHM_STAT:
5303 perms = SHM__GETATTR | SHM__ASSOCIATE;
5304 break;
5305 case IPC_SET:
5306 perms = SHM__SETATTR;
5307 break;
5308 case SHM_LOCK:
5309 case SHM_UNLOCK:
5310 perms = SHM__LOCK;
5311 break;
5312 case IPC_RMID:
5313 perms = SHM__DESTROY;
5314 break;
5315 default:
5316 return 0;
5317 }
5318
5319 err = ipc_has_perm(&shp->shm_perm, perms);
5320 return err;
5321}
5322
5323static int selinux_shm_shmat(struct shmid_kernel *shp,
5324 char __user *shmaddr, int shmflg)
5325{
5326 u32 perms;
5327
5328 if (shmflg & SHM_RDONLY)
5329 perms = SHM__READ;
5330 else
5331 perms = SHM__READ | SHM__WRITE;
5332
5333 return ipc_has_perm(&shp->shm_perm, perms);
5334}
5335
5336
5337static int selinux_sem_alloc_security(struct sem_array *sma)
5338{
5339 struct ipc_security_struct *isec;
5340 struct common_audit_data ad;
5341 u32 sid = current_sid();
5342 int rc;
5343
5344 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
5345 if (rc)
5346 return rc;
5347
5348 isec = sma->sem_perm.security;
5349
5350 ad.type = LSM_AUDIT_DATA_IPC;
5351 ad.u.ipc_id = sma->sem_perm.key;
5352
5353 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5354 SEM__CREATE, &ad);
5355 if (rc) {
5356 ipc_free_security(&sma->sem_perm);
5357 return rc;
5358 }
5359 return 0;
5360}
5361
5362static void selinux_sem_free_security(struct sem_array *sma)
5363{
5364 ipc_free_security(&sma->sem_perm);
5365}
5366
5367static int selinux_sem_associate(struct sem_array *sma, int semflg)
5368{
5369 struct ipc_security_struct *isec;
5370 struct common_audit_data ad;
5371 u32 sid = current_sid();
5372
5373 isec = sma->sem_perm.security;
5374
5375 ad.type = LSM_AUDIT_DATA_IPC;
5376 ad.u.ipc_id = sma->sem_perm.key;
5377
5378 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5379 SEM__ASSOCIATE, &ad);
5380}
5381
5382
5383static int selinux_sem_semctl(struct sem_array *sma, int cmd)
5384{
5385 int err;
5386 u32 perms;
5387
5388 switch (cmd) {
5389 case IPC_INFO:
5390 case SEM_INFO:
5391
5392 return task_has_system(current, SYSTEM__IPC_INFO);
5393 case GETPID:
5394 case GETNCNT:
5395 case GETZCNT:
5396 perms = SEM__GETATTR;
5397 break;
5398 case GETVAL:
5399 case GETALL:
5400 perms = SEM__READ;
5401 break;
5402 case SETVAL:
5403 case SETALL:
5404 perms = SEM__WRITE;
5405 break;
5406 case IPC_RMID:
5407 perms = SEM__DESTROY;
5408 break;
5409 case IPC_SET:
5410 perms = SEM__SETATTR;
5411 break;
5412 case IPC_STAT:
5413 case SEM_STAT:
5414 perms = SEM__GETATTR | SEM__ASSOCIATE;
5415 break;
5416 default:
5417 return 0;
5418 }
5419
5420 err = ipc_has_perm(&sma->sem_perm, perms);
5421 return err;
5422}
5423
5424static int selinux_sem_semop(struct sem_array *sma,
5425 struct sembuf *sops, unsigned nsops, int alter)
5426{
5427 u32 perms;
5428
5429 if (alter)
5430 perms = SEM__READ | SEM__WRITE;
5431 else
5432 perms = SEM__READ;
5433
5434 return ipc_has_perm(&sma->sem_perm, perms);
5435}
5436
5437static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
5438{
5439 u32 av = 0;
5440
5441 av = 0;
5442 if (flag & S_IRUGO)
5443 av |= IPC__UNIX_READ;
5444 if (flag & S_IWUGO)
5445 av |= IPC__UNIX_WRITE;
5446
5447 if (av == 0)
5448 return 0;
5449
5450 return ipc_has_perm(ipcp, av);
5451}
5452
5453static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
5454{
5455 struct ipc_security_struct *isec = ipcp->security;
5456 *secid = isec->sid;
5457}
5458
5459static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
5460{
5461 if (inode)
5462 inode_doinit_with_dentry(inode, dentry);
5463}
5464
5465static int selinux_getprocattr(struct task_struct *p,
5466 char *name, char **value)
5467{
5468 const struct task_security_struct *__tsec;
5469 u32 sid;
5470 int error;
5471 unsigned len;
5472
5473 if (current != p) {
5474 error = current_has_perm(p, PROCESS__GETATTR);
5475 if (error)
5476 return error;
5477 }
5478
5479 rcu_read_lock();
5480 __tsec = __task_cred(p)->security;
5481
5482 if (!strcmp(name, "current"))
5483 sid = __tsec->sid;
5484 else if (!strcmp(name, "prev"))
5485 sid = __tsec->osid;
5486 else if (!strcmp(name, "exec"))
5487 sid = __tsec->exec_sid;
5488 else if (!strcmp(name, "fscreate"))
5489 sid = __tsec->create_sid;
5490 else if (!strcmp(name, "keycreate"))
5491 sid = __tsec->keycreate_sid;
5492 else if (!strcmp(name, "sockcreate"))
5493 sid = __tsec->sockcreate_sid;
5494 else
5495 goto invalid;
5496 rcu_read_unlock();
5497
5498 if (!sid)
5499 return 0;
5500
5501 error = security_sid_to_context(sid, value, &len);
5502 if (error)
5503 return error;
5504 return len;
5505
5506invalid:
5507 rcu_read_unlock();
5508 return -EINVAL;
5509}
5510
5511static int selinux_setprocattr(struct task_struct *p,
5512 char *name, void *value, size_t size)
5513{
5514 struct task_security_struct *tsec;
5515 struct task_struct *tracer;
5516 struct cred *new;
5517 u32 sid = 0, ptsid;
5518 int error;
5519 char *str = value;
5520
5521 if (current != p) {
5522
5523
5524 return -EACCES;
5525 }
5526
5527
5528
5529
5530
5531
5532 if (!strcmp(name, "exec"))
5533 error = current_has_perm(p, PROCESS__SETEXEC);
5534 else if (!strcmp(name, "fscreate"))
5535 error = current_has_perm(p, PROCESS__SETFSCREATE);
5536 else if (!strcmp(name, "keycreate"))
5537 error = current_has_perm(p, PROCESS__SETKEYCREATE);
5538 else if (!strcmp(name, "sockcreate"))
5539 error = current_has_perm(p, PROCESS__SETSOCKCREATE);
5540 else if (!strcmp(name, "current"))
5541 error = current_has_perm(p, PROCESS__SETCURRENT);
5542 else
5543 error = -EINVAL;
5544 if (error)
5545 return error;
5546
5547
5548 if (size && str[1] && str[1] != '\n') {
5549 if (str[size-1] == '\n') {
5550 str[size-1] = 0;
5551 size--;
5552 }
5553 error = security_context_to_sid(value, size, &sid, GFP_KERNEL);
5554 if (error == -EINVAL && !strcmp(name, "fscreate")) {
5555 if (!capable(CAP_MAC_ADMIN)) {
5556 struct audit_buffer *ab;
5557 size_t audit_size;
5558
5559
5560
5561 if (str[size - 1] == '\0')
5562 audit_size = size - 1;
5563 else
5564 audit_size = size;
5565 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
5566 audit_log_format(ab, "op=fscreate invalid_context=");
5567 audit_log_n_untrustedstring(ab, value, audit_size);
5568 audit_log_end(ab);
5569
5570 return error;
5571 }
5572 error = security_context_to_sid_force(value, size,
5573 &sid);
5574 }
5575 if (error)
5576 return error;
5577 }
5578
5579 new = prepare_creds();
5580 if (!new)
5581 return -ENOMEM;
5582
5583
5584
5585
5586
5587
5588
5589 tsec = new->security;
5590 if (!strcmp(name, "exec")) {
5591 tsec->exec_sid = sid;
5592 } else if (!strcmp(name, "fscreate")) {
5593 tsec->create_sid = sid;
5594 } else if (!strcmp(name, "keycreate")) {
5595 error = may_create_key(sid, p);
5596 if (error)
5597 goto abort_change;
5598 tsec->keycreate_sid = sid;
5599 } else if (!strcmp(name, "sockcreate")) {
5600 tsec->sockcreate_sid = sid;
5601 } else if (!strcmp(name, "current")) {
5602 error = -EINVAL;
5603 if (sid == 0)
5604 goto abort_change;
5605
5606
5607 error = -EPERM;
5608 if (!current_is_single_threaded()) {
5609 error = security_bounded_transition(tsec->sid, sid);
5610 if (error)
5611 goto abort_change;
5612 }
5613
5614
5615 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
5616 PROCESS__DYNTRANSITION, NULL);
5617 if (error)
5618 goto abort_change;
5619
5620
5621
5622 ptsid = 0;
5623 rcu_read_lock();
5624 tracer = ptrace_parent(p);
5625 if (tracer)
5626 ptsid = task_sid(tracer);
5627 rcu_read_unlock();
5628
5629 if (tracer) {
5630 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
5631 PROCESS__PTRACE, NULL);
5632 if (error)
5633 goto abort_change;
5634 }
5635
5636 tsec->sid = sid;
5637 } else {
5638 error = -EINVAL;
5639 goto abort_change;
5640 }
5641
5642 commit_creds(new);
5643 return size;
5644
5645abort_change:
5646 abort_creds(new);
5647 return error;
5648}
5649
5650static int selinux_ismaclabel(const char *name)
5651{
5652 return (strcmp(name, XATTR_SELINUX_SUFFIX) == 0);
5653}
5654
5655static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
5656{
5657 return security_sid_to_context(secid, secdata, seclen);
5658}
5659
5660static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
5661{
5662 return security_context_to_sid(secdata, seclen, secid, GFP_KERNEL);
5663}
5664
5665static void selinux_release_secctx(char *secdata, u32 seclen)
5666{
5667 kfree(secdata);
5668}
5669
5670
5671
5672
5673static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
5674{
5675 return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0);
5676}
5677
5678
5679
5680
5681static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
5682{
5683 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
5684}
5685
5686static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
5687{
5688 int len = 0;
5689 len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,
5690 ctx, true);
5691 if (len < 0)
5692 return len;
5693 *ctxlen = len;
5694 return 0;
5695}
5696#ifdef CONFIG_KEYS
5697
5698static int selinux_key_alloc(struct key *k, const struct cred *cred,
5699 unsigned long flags)
5700{
5701 const struct task_security_struct *tsec;
5702 struct key_security_struct *ksec;
5703
5704 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
5705 if (!ksec)
5706 return -ENOMEM;
5707
5708 tsec = cred->security;
5709 if (tsec->keycreate_sid)
5710 ksec->sid = tsec->keycreate_sid;
5711 else
5712 ksec->sid = tsec->sid;
5713
5714 k->security = ksec;
5715 return 0;
5716}
5717
5718static void selinux_key_free(struct key *k)
5719{
5720 struct key_security_struct *ksec = k->security;
5721
5722 k->security = NULL;
5723 kfree(ksec);
5724}
5725
5726static int selinux_key_permission(key_ref_t key_ref,
5727 const struct cred *cred,
5728 unsigned perm)
5729{
5730 struct key *key;
5731 struct key_security_struct *ksec;
5732 u32 sid;
5733
5734
5735
5736
5737 if (perm == 0)
5738 return 0;
5739
5740 sid = cred_sid(cred);
5741
5742 key = key_ref_to_ptr(key_ref);
5743 ksec = key->security;
5744
5745 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL);
5746}
5747
5748static int selinux_key_getsecurity(struct key *key, char **_buffer)
5749{
5750 struct key_security_struct *ksec = key->security;
5751 char *context = NULL;
5752 unsigned len;
5753 int rc;
5754
5755 rc = security_sid_to_context(ksec->sid, &context, &len);
5756 if (!rc)
5757 rc = len;
5758 *_buffer = context;
5759 return rc;
5760}
5761
5762#endif
5763
5764static struct security_operations selinux_ops = {
5765 .name = "selinux",
5766
5767 .ptrace_access_check = selinux_ptrace_access_check,
5768 .ptrace_traceme = selinux_ptrace_traceme,
5769 .capget = selinux_capget,
5770 .capset = selinux_capset,
5771 .capable = selinux_capable,
5772 .quotactl = selinux_quotactl,
5773 .quota_on = selinux_quota_on,
5774 .syslog = selinux_syslog,
5775 .vm_enough_memory = selinux_vm_enough_memory,
5776
5777 .netlink_send = selinux_netlink_send,
5778
5779 .bprm_set_creds = selinux_bprm_set_creds,
5780 .bprm_committing_creds = selinux_bprm_committing_creds,
5781 .bprm_committed_creds = selinux_bprm_committed_creds,
5782 .bprm_secureexec = selinux_bprm_secureexec,
5783
5784 .sb_alloc_security = selinux_sb_alloc_security,
5785 .sb_free_security = selinux_sb_free_security,
5786 .sb_copy_data = selinux_sb_copy_data,
5787 .sb_remount = selinux_sb_remount,
5788 .sb_kern_mount = selinux_sb_kern_mount,
5789 .sb_show_options = selinux_sb_show_options,
5790 .sb_statfs = selinux_sb_statfs,
5791 .sb_mount = selinux_mount,
5792 .sb_umount = selinux_umount,
5793 .sb_set_mnt_opts = selinux_set_mnt_opts,
5794 .sb_clone_mnt_opts = selinux_sb_clone_mnt_opts,
5795 .sb_parse_opts_str = selinux_parse_opts_str,
5796
5797 .dentry_init_security = selinux_dentry_init_security,
5798
5799 .inode_alloc_security = selinux_inode_alloc_security,
5800 .inode_free_security = selinux_inode_free_security,
5801 .inode_init_security = selinux_inode_init_security,
5802 .inode_create = selinux_inode_create,
5803 .inode_link = selinux_inode_link,
5804 .inode_unlink = selinux_inode_unlink,
5805 .inode_symlink = selinux_inode_symlink,
5806 .inode_mkdir = selinux_inode_mkdir,
5807 .inode_rmdir = selinux_inode_rmdir,
5808 .inode_mknod = selinux_inode_mknod,
5809 .inode_rename = selinux_inode_rename,
5810 .inode_readlink = selinux_inode_readlink,
5811 .inode_follow_link = selinux_inode_follow_link,
5812 .inode_permission = selinux_inode_permission,
5813 .inode_setattr = selinux_inode_setattr,
5814 .inode_getattr = selinux_inode_getattr,
5815 .inode_setxattr = selinux_inode_setxattr,
5816 .inode_post_setxattr = selinux_inode_post_setxattr,
5817 .inode_getxattr = selinux_inode_getxattr,
5818 .inode_listxattr = selinux_inode_listxattr,
5819 .inode_removexattr = selinux_inode_removexattr,
5820 .inode_getsecurity = selinux_inode_getsecurity,
5821 .inode_setsecurity = selinux_inode_setsecurity,
5822 .inode_listsecurity = selinux_inode_listsecurity,
5823 .inode_getsecid = selinux_inode_getsecid,
5824
5825 .file_permission = selinux_file_permission,
5826 .file_alloc_security = selinux_file_alloc_security,
5827 .file_free_security = selinux_file_free_security,
5828 .file_ioctl = selinux_file_ioctl,
5829 .mmap_file = selinux_mmap_file,
5830 .mmap_addr = selinux_mmap_addr,
5831 .file_mprotect = selinux_file_mprotect,
5832 .file_lock = selinux_file_lock,
5833 .file_fcntl = selinux_file_fcntl,
5834 .file_set_fowner = selinux_file_set_fowner,
5835 .file_send_sigiotask = selinux_file_send_sigiotask,
5836 .file_receive = selinux_file_receive,
5837
5838 .file_open = selinux_file_open,
5839
5840 .task_create = selinux_task_create,
5841 .cred_alloc_blank = selinux_cred_alloc_blank,
5842 .cred_free = selinux_cred_free,
5843 .cred_prepare = selinux_cred_prepare,
5844 .cred_transfer = selinux_cred_transfer,
5845 .kernel_act_as = selinux_kernel_act_as,
5846 .kernel_create_files_as = selinux_kernel_create_files_as,
5847 .kernel_module_request = selinux_kernel_module_request,
5848 .task_setpgid = selinux_task_setpgid,
5849 .task_getpgid = selinux_task_getpgid,
5850 .task_getsid = selinux_task_getsid,
5851 .task_getsecid = selinux_task_getsecid,
5852 .task_setnice = selinux_task_setnice,
5853 .task_setioprio = selinux_task_setioprio,
5854 .task_getioprio = selinux_task_getioprio,
5855 .task_setrlimit = selinux_task_setrlimit,
5856 .task_setscheduler = selinux_task_setscheduler,
5857 .task_getscheduler = selinux_task_getscheduler,
5858 .task_movememory = selinux_task_movememory,
5859 .task_kill = selinux_task_kill,
5860 .task_wait = selinux_task_wait,
5861 .task_to_inode = selinux_task_to_inode,
5862
5863 .ipc_permission = selinux_ipc_permission,
5864 .ipc_getsecid = selinux_ipc_getsecid,
5865
5866 .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
5867 .msg_msg_free_security = selinux_msg_msg_free_security,
5868
5869 .msg_queue_alloc_security = selinux_msg_queue_alloc_security,
5870 .msg_queue_free_security = selinux_msg_queue_free_security,
5871 .msg_queue_associate = selinux_msg_queue_associate,
5872 .msg_queue_msgctl = selinux_msg_queue_msgctl,
5873 .msg_queue_msgsnd = selinux_msg_queue_msgsnd,
5874 .msg_queue_msgrcv = selinux_msg_queue_msgrcv,
5875
5876 .shm_alloc_security = selinux_shm_alloc_security,
5877 .shm_free_security = selinux_shm_free_security,
5878 .shm_associate = selinux_shm_associate,
5879 .shm_shmctl = selinux_shm_shmctl,
5880 .shm_shmat = selinux_shm_shmat,
5881
5882 .sem_alloc_security = selinux_sem_alloc_security,
5883 .sem_free_security = selinux_sem_free_security,
5884 .sem_associate = selinux_sem_associate,
5885 .sem_semctl = selinux_sem_semctl,
5886 .sem_semop = selinux_sem_semop,
5887
5888 .d_instantiate = selinux_d_instantiate,
5889
5890 .getprocattr = selinux_getprocattr,
5891 .setprocattr = selinux_setprocattr,
5892
5893 .ismaclabel = selinux_ismaclabel,
5894 .secid_to_secctx = selinux_secid_to_secctx,
5895 .secctx_to_secid = selinux_secctx_to_secid,
5896 .release_secctx = selinux_release_secctx,
5897 .inode_notifysecctx = selinux_inode_notifysecctx,
5898 .inode_setsecctx = selinux_inode_setsecctx,
5899 .inode_getsecctx = selinux_inode_getsecctx,
5900
5901 .unix_stream_connect = selinux_socket_unix_stream_connect,
5902 .unix_may_send = selinux_socket_unix_may_send,
5903
5904 .socket_create = selinux_socket_create,
5905 .socket_post_create = selinux_socket_post_create,
5906 .socket_bind = selinux_socket_bind,
5907 .socket_connect = selinux_socket_connect,
5908 .socket_listen = selinux_socket_listen,
5909 .socket_accept = selinux_socket_accept,
5910 .socket_sendmsg = selinux_socket_sendmsg,
5911 .socket_recvmsg = selinux_socket_recvmsg,
5912 .socket_getsockname = selinux_socket_getsockname,
5913 .socket_getpeername = selinux_socket_getpeername,
5914 .socket_getsockopt = selinux_socket_getsockopt,
5915 .socket_setsockopt = selinux_socket_setsockopt,
5916 .socket_shutdown = selinux_socket_shutdown,
5917 .socket_sock_rcv_skb = selinux_socket_sock_rcv_skb,
5918 .socket_getpeersec_stream = selinux_socket_getpeersec_stream,
5919 .socket_getpeersec_dgram = selinux_socket_getpeersec_dgram,
5920 .sk_alloc_security = selinux_sk_alloc_security,
5921 .sk_free_security = selinux_sk_free_security,
5922 .sk_clone_security = selinux_sk_clone_security,
5923 .sk_getsecid = selinux_sk_getsecid,
5924 .sock_graft = selinux_sock_graft,
5925 .inet_conn_request = selinux_inet_conn_request,
5926 .inet_csk_clone = selinux_inet_csk_clone,
5927 .inet_conn_established = selinux_inet_conn_established,
5928 .secmark_relabel_packet = selinux_secmark_relabel_packet,
5929 .secmark_refcount_inc = selinux_secmark_refcount_inc,
5930 .secmark_refcount_dec = selinux_secmark_refcount_dec,
5931 .req_classify_flow = selinux_req_classify_flow,
5932 .tun_dev_alloc_security = selinux_tun_dev_alloc_security,
5933 .tun_dev_free_security = selinux_tun_dev_free_security,
5934 .tun_dev_create = selinux_tun_dev_create,
5935 .tun_dev_attach_queue = selinux_tun_dev_attach_queue,
5936 .tun_dev_attach = selinux_tun_dev_attach,
5937 .tun_dev_open = selinux_tun_dev_open,
5938 .skb_owned_by = selinux_skb_owned_by,
5939
5940#ifdef CONFIG_SECURITY_NETWORK_XFRM
5941 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc,
5942 .xfrm_policy_clone_security = selinux_xfrm_policy_clone,
5943 .xfrm_policy_free_security = selinux_xfrm_policy_free,
5944 .xfrm_policy_delete_security = selinux_xfrm_policy_delete,
5945 .xfrm_state_alloc = selinux_xfrm_state_alloc,
5946 .xfrm_state_alloc_acquire = selinux_xfrm_state_alloc_acquire,
5947 .xfrm_state_free_security = selinux_xfrm_state_free,
5948 .xfrm_state_delete_security = selinux_xfrm_state_delete,
5949 .xfrm_policy_lookup = selinux_xfrm_policy_lookup,
5950 .xfrm_state_pol_flow_match = selinux_xfrm_state_pol_flow_match,
5951 .xfrm_decode_session = selinux_xfrm_decode_session,
5952#endif
5953
5954#ifdef CONFIG_KEYS
5955 .key_alloc = selinux_key_alloc,
5956 .key_free = selinux_key_free,
5957 .key_permission = selinux_key_permission,
5958 .key_getsecurity = selinux_key_getsecurity,
5959#endif
5960
5961#ifdef CONFIG_AUDIT
5962 .audit_rule_init = selinux_audit_rule_init,
5963 .audit_rule_known = selinux_audit_rule_known,
5964 .audit_rule_match = selinux_audit_rule_match,
5965 .audit_rule_free = selinux_audit_rule_free,
5966#endif
5967};
5968
5969static __init int selinux_init(void)
5970{
5971 if (!security_module_enable(&selinux_ops)) {
5972 selinux_enabled = 0;
5973 return 0;
5974 }
5975
5976 if (!selinux_enabled) {
5977 printk(KERN_INFO "SELinux: Disabled at boot.\n");
5978 return 0;
5979 }
5980
5981 printk(KERN_INFO "SELinux: Initializing.\n");
5982
5983
5984 cred_init_security();
5985
5986 default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
5987
5988 sel_inode_cache = kmem_cache_create("selinux_inode_security",
5989 sizeof(struct inode_security_struct),
5990 0, SLAB_PANIC, NULL);
5991 avc_init();
5992
5993 if (register_security(&selinux_ops))
5994 panic("SELinux: Unable to register with kernel.\n");
5995
5996 if (selinux_enforcing)
5997 printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
5998 else
5999 printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
6000
6001 return 0;
6002}
6003
6004static void delayed_superblock_init(struct super_block *sb, void *unused)
6005{
6006 superblock_doinit(sb, NULL);
6007}
6008
6009void selinux_complete_init(void)
6010{
6011 printk(KERN_DEBUG "SELinux: Completing initialization.\n");
6012
6013
6014 printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
6015 iterate_supers(delayed_superblock_init, NULL);
6016}
6017
6018
6019
6020security_initcall(selinux_init);
6021
6022#if defined(CONFIG_NETFILTER)
6023
6024static struct nf_hook_ops selinux_ipv4_ops[] = {
6025 {
6026 .hook = selinux_ipv4_postroute,
6027 .owner = THIS_MODULE,
6028 .pf = NFPROTO_IPV4,
6029 .hooknum = NF_INET_POST_ROUTING,
6030 .priority = NF_IP_PRI_SELINUX_LAST,
6031 },
6032 {
6033 .hook = selinux_ipv4_forward,
6034 .owner = THIS_MODULE,
6035 .pf = NFPROTO_IPV4,
6036 .hooknum = NF_INET_FORWARD,
6037 .priority = NF_IP_PRI_SELINUX_FIRST,
6038 },
6039 {
6040 .hook = selinux_ipv4_output,
6041 .owner = THIS_MODULE,
6042 .pf = NFPROTO_IPV4,
6043 .hooknum = NF_INET_LOCAL_OUT,
6044 .priority = NF_IP_PRI_SELINUX_FIRST,
6045 }
6046};
6047
6048#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
6049
6050static struct nf_hook_ops selinux_ipv6_ops[] = {
6051 {
6052 .hook = selinux_ipv6_postroute,
6053 .owner = THIS_MODULE,
6054 .pf = NFPROTO_IPV6,
6055 .hooknum = NF_INET_POST_ROUTING,
6056 .priority = NF_IP6_PRI_SELINUX_LAST,
6057 },
6058 {
6059 .hook = selinux_ipv6_forward,
6060 .owner = THIS_MODULE,
6061 .pf = NFPROTO_IPV6,
6062 .hooknum = NF_INET_FORWARD,
6063 .priority = NF_IP6_PRI_SELINUX_FIRST,
6064 }
6065};
6066
6067#endif
6068
6069static int __init selinux_nf_ip_init(void)
6070{
6071 int err = 0;
6072
6073 if (!selinux_enabled)
6074 goto out;
6075
6076 printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
6077
6078 err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
6079 if (err)
6080 panic("SELinux: nf_register_hooks for IPv4: error %d\n", err);
6081
6082#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
6083 err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
6084 if (err)
6085 panic("SELinux: nf_register_hooks for IPv6: error %d\n", err);
6086#endif
6087
6088out:
6089 return err;
6090}
6091
6092__initcall(selinux_nf_ip_init);
6093
6094#ifdef CONFIG_SECURITY_SELINUX_DISABLE
6095static void selinux_nf_ip_exit(void)
6096{
6097 printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
6098
6099 nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
6100#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
6101 nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
6102#endif
6103}
6104#endif
6105
6106#else
6107
6108#ifdef CONFIG_SECURITY_SELINUX_DISABLE
6109#define selinux_nf_ip_exit()
6110#endif
6111
6112#endif
6113
6114#ifdef CONFIG_SECURITY_SELINUX_DISABLE
6115static int selinux_disabled;
6116
6117int selinux_disable(void)
6118{
6119 if (ss_initialized) {
6120
6121 return -EINVAL;
6122 }
6123
6124 if (selinux_disabled) {
6125
6126 return -EINVAL;
6127 }
6128
6129 printk(KERN_INFO "SELinux: Disabled at runtime.\n");
6130
6131 selinux_disabled = 1;
6132 selinux_enabled = 0;
6133
6134 reset_security_ops();
6135
6136
6137 avc_disable();
6138
6139
6140 selinux_nf_ip_exit();
6141
6142
6143 exit_sel_fs();
6144
6145 return 0;
6146}
6147#endif
6148
