1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26#include <linux/init.h>
27#include <linux/kd.h>
28#include <linux/kernel.h>
29#include <linux/tracehook.h>
30#include <linux/errno.h>
31#include <linux/sched.h>
32#include <linux/security.h>
33#include <linux/xattr.h>
34#include <linux/capability.h>
35#include <linux/unistd.h>
36#include <linux/mm.h>
37#include <linux/mman.h>
38#include <linux/slab.h>
39#include <linux/pagemap.h>
40#include <linux/proc_fs.h>
41#include <linux/swap.h>
42#include <linux/spinlock.h>
43#include <linux/syscalls.h>
44#include <linux/dcache.h>
45#include <linux/file.h>
46#include <linux/fdtable.h>
47#include <linux/namei.h>
48#include <linux/mount.h>
49#include <linux/netfilter_ipv4.h>
50#include <linux/netfilter_ipv6.h>
51#include <linux/tty.h>
52#include <net/icmp.h>
53#include <net/ip.h>
54#include <net/sock.h>
55#include <net/tcp.h>
56#include <net/inet_connection_sock.h>
57#include <net/net_namespace.h>
58#include <net/netlabel.h>
59#include <linux/uaccess.h>
60#include <asm/ioctls.h>
61#include <linux/atomic.h>
62#include <linux/bitops.h>
63#include <linux/interrupt.h>
64#include <linux/netdevice.h>
65#include <net/netlink.h>
66#include <linux/tcp.h>
67#include <linux/udp.h>
68#include <linux/dccp.h>
69#include <linux/quota.h>
70#include <linux/un.h>
71#include <net/af_unix.h>
72#include <linux/parser.h>
73#include <linux/nfs_mount.h>
74#include <net/ipv6.h>
75#include <linux/hugetlb.h>
76#include <linux/personality.h>
77#include <linux/audit.h>
78#include <linux/string.h>
79#include <linux/selinux.h>
80#include <linux/mutex.h>
81#include <linux/posix-timers.h>
82#include <linux/syslog.h>
83#include <linux/user_namespace.h>
84#include <linux/export.h>
85#include <linux/msg.h>
86#include <linux/shm.h>
87
88#include "avc.h"
89#include "objsec.h"
90#include "netif.h"
91#include "netnode.h"
92#include "netport.h"
93#include "xfrm.h"
94#include "netlabel.h"
95#include "audit.h"
96#include "avc_ss.h"
97
98extern struct security_operations *security_ops;
99
100
101static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
102
103#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
104int selinux_enforcing;
105
106static int __init enforcing_setup(char *str)
107{
108 unsigned long enforcing;
109 if (!kstrtoul(str, 0, &enforcing))
110 selinux_enforcing = enforcing ? 1 : 0;
111 return 1;
112}
113__setup("enforcing=", enforcing_setup);
114#endif
115
116#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
117int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
118
119static int __init selinux_enabled_setup(char *str)
120{
121 unsigned long enabled;
122 if (!kstrtoul(str, 0, &enabled))
123 selinux_enabled = enabled ? 1 : 0;
124 return 1;
125}
126__setup("selinux=", selinux_enabled_setup);
127#else
128int selinux_enabled = 1;
129#endif
130
131static struct kmem_cache *sel_inode_cache;
132
133
134
135
136
137
138
139
140
141
142
143
144static int selinux_secmark_enabled(void)
145{
146 return (selinux_policycap_alwaysnetwork || atomic_read(&selinux_secmark_refcount));
147}
148
149
150
151
152
153
154
155
156
157
158
159static int selinux_peerlbl_enabled(void)
160{
161 return (selinux_policycap_alwaysnetwork || netlbl_enabled() || selinux_xfrm_enabled());
162}
163
164static int selinux_netcache_avc_callback(u32 event)
165{
166 if (event == AVC_CALLBACK_RESET) {
167 sel_netif_flush();
168 sel_netnode_flush();
169 sel_netport_flush();
170 synchronize_net();
171 }
172 return 0;
173}
174
175
176
177
178static void cred_init_security(void)
179{
180 struct cred *cred = (struct cred *) current->real_cred;
181 struct task_security_struct *tsec;
182
183 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
184 if (!tsec)
185 panic("SELinux: Failed to initialize initial task.\n");
186
187 tsec->osid = tsec->sid = SECINITSID_KERNEL;
188 cred->security = tsec;
189}
190
191
192
193
194static inline u32 cred_sid(const struct cred *cred)
195{
196 const struct task_security_struct *tsec;
197
198 tsec = cred->security;
199 return tsec->sid;
200}
201
202
203
204
205static inline u32 task_sid(const struct task_struct *task)
206{
207 u32 sid;
208
209 rcu_read_lock();
210 sid = cred_sid(__task_cred(task));
211 rcu_read_unlock();
212 return sid;
213}
214
215
216
217
218static inline u32 current_sid(void)
219{
220 const struct task_security_struct *tsec = current_security();
221
222 return tsec->sid;
223}
224
225
226
227static int inode_alloc_security(struct inode *inode)
228{
229 struct inode_security_struct *isec;
230 u32 sid = current_sid();
231
232 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
233 if (!isec)
234 return -ENOMEM;
235
236 mutex_init(&isec->lock);
237 INIT_LIST_HEAD(&isec->list);
238 isec->inode = inode;
239 isec->sid = SECINITSID_UNLABELED;
240 isec->sclass = SECCLASS_FILE;
241 isec->task_sid = sid;
242 inode->i_security = isec;
243
244 return 0;
245}
246
247static void inode_free_rcu(struct rcu_head *head)
248{
249 struct inode_security_struct *isec;
250
251 isec = container_of(head, struct inode_security_struct, rcu);
252 kmem_cache_free(sel_inode_cache, isec);
253}
254
255static void inode_free_security(struct inode *inode)
256{
257 struct inode_security_struct *isec = inode->i_security;
258 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
259
260 spin_lock(&sbsec->isec_lock);
261 if (!list_empty(&isec->list))
262 list_del_init(&isec->list);
263 spin_unlock(&sbsec->isec_lock);
264
265
266
267
268
269
270
271
272
273
274 call_rcu(&isec->rcu, inode_free_rcu);
275}
276
277static int file_alloc_security(struct file *file)
278{
279 struct file_security_struct *fsec;
280 u32 sid = current_sid();
281
282 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
283 if (!fsec)
284 return -ENOMEM;
285
286 fsec->sid = sid;
287 fsec->fown_sid = sid;
288 file->f_security = fsec;
289
290 return 0;
291}
292
293static void file_free_security(struct file *file)
294{
295 struct file_security_struct *fsec = file->f_security;
296 file->f_security = NULL;
297 kfree(fsec);
298}
299
300static int superblock_alloc_security(struct super_block *sb)
301{
302 struct superblock_security_struct *sbsec;
303
304 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
305 if (!sbsec)
306 return -ENOMEM;
307
308 mutex_init(&sbsec->lock);
309 INIT_LIST_HEAD(&sbsec->isec_head);
310 spin_lock_init(&sbsec->isec_lock);
311 sbsec->sb = sb;
312 sbsec->sid = SECINITSID_UNLABELED;
313 sbsec->def_sid = SECINITSID_FILE;
314 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
315 sb->s_security = sbsec;
316
317 return 0;
318}
319
320static void superblock_free_security(struct super_block *sb)
321{
322 struct superblock_security_struct *sbsec = sb->s_security;
323 sb->s_security = NULL;
324 kfree(sbsec);
325}
326
327
328
329static const char *labeling_behaviors[7] = {
330 "uses xattr",
331 "uses transition SIDs",
332 "uses task SIDs",
333 "uses genfs_contexts",
334 "not configured for labeling",
335 "uses mountpoint labeling",
336 "uses native labeling",
337};
338
339static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
340
341static inline int inode_doinit(struct inode *inode)
342{
343 return inode_doinit_with_dentry(inode, NULL);
344}
345
346enum {
347 Opt_error = -1,
348 Opt_context = 1,
349 Opt_fscontext = 2,
350 Opt_defcontext = 3,
351 Opt_rootcontext = 4,
352 Opt_labelsupport = 5,
353 Opt_nextmntopt = 6,
354};
355
356#define NUM_SEL_MNT_OPTS (Opt_nextmntopt - 1)
357
358static const match_table_t tokens = {
359 {Opt_context, CONTEXT_STR "%s"},
360 {Opt_fscontext, FSCONTEXT_STR "%s"},
361 {Opt_defcontext, DEFCONTEXT_STR "%s"},
362 {Opt_rootcontext, ROOTCONTEXT_STR "%s"},
363 {Opt_labelsupport, LABELSUPP_STR},
364 {Opt_error, NULL},
365};
366
367#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
368
369static int may_context_mount_sb_relabel(u32 sid,
370 struct superblock_security_struct *sbsec,
371 const struct cred *cred)
372{
373 const struct task_security_struct *tsec = cred->security;
374 int rc;
375
376 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
377 FILESYSTEM__RELABELFROM, NULL);
378 if (rc)
379 return rc;
380
381 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
382 FILESYSTEM__RELABELTO, NULL);
383 return rc;
384}
385
386static int may_context_mount_inode_relabel(u32 sid,
387 struct superblock_security_struct *sbsec,
388 const struct cred *cred)
389{
390 const struct task_security_struct *tsec = cred->security;
391 int rc;
392 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
393 FILESYSTEM__RELABELFROM, NULL);
394 if (rc)
395 return rc;
396
397 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
398 FILESYSTEM__ASSOCIATE, NULL);
399 return rc;
400}
401
402static int selinux_is_sblabel_mnt(struct super_block *sb)
403{
404 struct superblock_security_struct *sbsec = sb->s_security;
405
406 if (sbsec->behavior == SECURITY_FS_USE_XATTR ||
407 sbsec->behavior == SECURITY_FS_USE_TRANS ||
408 sbsec->behavior == SECURITY_FS_USE_TASK)
409 return 1;
410
411
412 if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
413 return 1;
414
415
416
417
418
419 if (strncmp(sb->s_type->name, "rootfs", sizeof("rootfs")) == 0)
420 return 1;
421
422 return 0;
423}
424
425static int sb_finish_set_opts(struct super_block *sb)
426{
427 struct superblock_security_struct *sbsec = sb->s_security;
428 struct dentry *root = sb->s_root;
429 struct inode *root_inode = root->d_inode;
430 int rc = 0;
431
432 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
433
434
435
436
437
438 if (!root_inode->i_op->getxattr) {
439 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
440 "xattr support\n", sb->s_id, sb->s_type->name);
441 rc = -EOPNOTSUPP;
442 goto out;
443 }
444 rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
445 if (rc < 0 && rc != -ENODATA) {
446 if (rc == -EOPNOTSUPP)
447 printk(KERN_WARNING "SELinux: (dev %s, type "
448 "%s) has no security xattr handler\n",
449 sb->s_id, sb->s_type->name);
450 else
451 printk(KERN_WARNING "SELinux: (dev %s, type "
452 "%s) getxattr errno %d\n", sb->s_id,
453 sb->s_type->name, -rc);
454 goto out;
455 }
456 }
457
458 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
459 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
460 sb->s_id, sb->s_type->name);
461 else
462 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
463 sb->s_id, sb->s_type->name,
464 labeling_behaviors[sbsec->behavior-1]);
465
466 sbsec->flags |= SE_SBINITIALIZED;
467 if (selinux_is_sblabel_mnt(sb))
468 sbsec->flags |= SBLABEL_MNT;
469
470
471 rc = inode_doinit_with_dentry(root_inode, root);
472
473
474
475
476
477 spin_lock(&sbsec->isec_lock);
478next_inode:
479 if (!list_empty(&sbsec->isec_head)) {
480 struct inode_security_struct *isec =
481 list_entry(sbsec->isec_head.next,
482 struct inode_security_struct, list);
483 struct inode *inode = isec->inode;
484 list_del_init(&isec->list);
485 spin_unlock(&sbsec->isec_lock);
486 inode = igrab(inode);
487 if (inode) {
488 if (!IS_PRIVATE(inode))
489 inode_doinit(inode);
490 iput(inode);
491 }
492 spin_lock(&sbsec->isec_lock);
493 goto next_inode;
494 }
495 spin_unlock(&sbsec->isec_lock);
496out:
497 return rc;
498}
499
500
501
502
503
504
505static int selinux_get_mnt_opts(const struct super_block *sb,
506 struct security_mnt_opts *opts)
507{
508 int rc = 0, i;
509 struct superblock_security_struct *sbsec = sb->s_security;
510 char *context = NULL;
511 u32 len;
512 char tmp;
513
514 security_init_mnt_opts(opts);
515
516 if (!(sbsec->flags & SE_SBINITIALIZED))
517 return -EINVAL;
518
519 if (!ss_initialized)
520 return -EINVAL;
521
522
523 BUILD_BUG_ON(SE_MNTMASK >= (1 << NUM_SEL_MNT_OPTS));
524
525 tmp = sbsec->flags & SE_MNTMASK;
526
527 for (i = 0; i < NUM_SEL_MNT_OPTS; i++) {
528 if (tmp & 0x01)
529 opts->num_mnt_opts++;
530 tmp >>= 1;
531 }
532
533 if (sbsec->flags & SBLABEL_MNT)
534 opts->num_mnt_opts++;
535
536 opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
537 if (!opts->mnt_opts) {
538 rc = -ENOMEM;
539 goto out_free;
540 }
541
542 opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);
543 if (!opts->mnt_opts_flags) {
544 rc = -ENOMEM;
545 goto out_free;
546 }
547
548 i = 0;
549 if (sbsec->flags & FSCONTEXT_MNT) {
550 rc = security_sid_to_context(sbsec->sid, &context, &len);
551 if (rc)
552 goto out_free;
553 opts->mnt_opts[i] = context;
554 opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
555 }
556 if (sbsec->flags & CONTEXT_MNT) {
557 rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
558 if (rc)
559 goto out_free;
560 opts->mnt_opts[i] = context;
561 opts->mnt_opts_flags[i++] = CONTEXT_MNT;
562 }
563 if (sbsec->flags & DEFCONTEXT_MNT) {
564 rc = security_sid_to_context(sbsec->def_sid, &context, &len);
565 if (rc)
566 goto out_free;
567 opts->mnt_opts[i] = context;
568 opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;
569 }
570 if (sbsec->flags & ROOTCONTEXT_MNT) {
571 struct inode *root = sbsec->sb->s_root->d_inode;
572 struct inode_security_struct *isec = root->i_security;
573
574 rc = security_sid_to_context(isec->sid, &context, &len);
575 if (rc)
576 goto out_free;
577 opts->mnt_opts[i] = context;
578 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
579 }
580 if (sbsec->flags & SBLABEL_MNT) {
581 opts->mnt_opts[i] = NULL;
582 opts->mnt_opts_flags[i++] = SBLABEL_MNT;
583 }
584
585 BUG_ON(i != opts->num_mnt_opts);
586
587 return 0;
588
589out_free:
590 security_free_mnt_opts(opts);
591 return rc;
592}
593
594static int bad_option(struct superblock_security_struct *sbsec, char flag,
595 u32 old_sid, u32 new_sid)
596{
597 char mnt_flags = sbsec->flags & SE_MNTMASK;
598
599
600 if (sbsec->flags & SE_SBINITIALIZED)
601 if (!(sbsec->flags & flag) ||
602 (old_sid != new_sid))
603 return 1;
604
605
606
607
608 if (!(sbsec->flags & SE_SBINITIALIZED))
609 if (mnt_flags & flag)
610 return 1;
611 return 0;
612}
613
614
615
616
617
618static int selinux_set_mnt_opts(struct super_block *sb,
619 struct security_mnt_opts *opts,
620 unsigned long kern_flags,
621 unsigned long *set_kern_flags)
622{
623 const struct cred *cred = current_cred();
624 int rc = 0, i;
625 struct superblock_security_struct *sbsec = sb->s_security;
626 const char *name = sb->s_type->name;
627 struct inode *inode = sbsec->sb->s_root->d_inode;
628 struct inode_security_struct *root_isec = inode->i_security;
629 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
630 u32 defcontext_sid = 0;
631 char **mount_options = opts->mnt_opts;
632 int *flags = opts->mnt_opts_flags;
633 int num_opts = opts->num_mnt_opts;
634
635 mutex_lock(&sbsec->lock);
636
637 if (!ss_initialized) {
638 if (!num_opts) {
639
640
641
642 goto out;
643 }
644 rc = -EINVAL;
645 printk(KERN_WARNING "SELinux: Unable to set superblock options "
646 "before the security server is initialized\n");
647 goto out;
648 }
649 if (kern_flags && !set_kern_flags) {
650
651
652 rc = -EINVAL;
653 goto out;
654 }
655
656
657
658
659
660
661
662
663
664
665
666
667 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
668 && (num_opts == 0))
669 goto out;
670
671
672
673
674
675
676 for (i = 0; i < num_opts; i++) {
677 u32 sid;
678
679 if (flags[i] == SBLABEL_MNT)
680 continue;
681 rc = security_context_to_sid(mount_options[i],
682 strlen(mount_options[i]), &sid, GFP_KERNEL);
683 if (rc) {
684 printk(KERN_WARNING "SELinux: security_context_to_sid"
685 "(%s) failed for (dev %s, type %s) errno=%d\n",
686 mount_options[i], sb->s_id, name, rc);
687 goto out;
688 }
689 switch (flags[i]) {
690 case FSCONTEXT_MNT:
691 fscontext_sid = sid;
692
693 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
694 fscontext_sid))
695 goto out_double_mount;
696
697 sbsec->flags |= FSCONTEXT_MNT;
698 break;
699 case CONTEXT_MNT:
700 context_sid = sid;
701
702 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
703 context_sid))
704 goto out_double_mount;
705
706 sbsec->flags |= CONTEXT_MNT;
707 break;
708 case ROOTCONTEXT_MNT:
709 rootcontext_sid = sid;
710
711 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
712 rootcontext_sid))
713 goto out_double_mount;
714
715 sbsec->flags |= ROOTCONTEXT_MNT;
716
717 break;
718 case DEFCONTEXT_MNT:
719 defcontext_sid = sid;
720
721 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
722 defcontext_sid))
723 goto out_double_mount;
724
725 sbsec->flags |= DEFCONTEXT_MNT;
726
727 break;
728 default:
729 rc = -EINVAL;
730 goto out;
731 }
732 }
733
734 if (sbsec->flags & SE_SBINITIALIZED) {
735
736 if ((sbsec->flags & SE_MNTMASK) && !num_opts)
737 goto out_double_mount;
738 rc = 0;
739 goto out;
740 }
741
742 if (strcmp(sb->s_type->name, "proc") == 0)
743 sbsec->flags |= SE_SBPROC;
744
745 if (!sbsec->behavior) {
746
747
748
749
750 rc = security_fs_use(sb);
751 if (rc) {
752 printk(KERN_WARNING
753 "%s: security_fs_use(%s) returned %d\n",
754 __func__, sb->s_type->name, rc);
755 goto out;
756 }
757 }
758
759 if (fscontext_sid) {
760 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
761 if (rc)
762 goto out;
763
764 sbsec->sid = fscontext_sid;
765 }
766
767
768
769
770
771
772 if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !context_sid) {
773 sbsec->behavior = SECURITY_FS_USE_NATIVE;
774 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
775 }
776
777 if (context_sid) {
778 if (!fscontext_sid) {
779 rc = may_context_mount_sb_relabel(context_sid, sbsec,
780 cred);
781 if (rc)
782 goto out;
783 sbsec->sid = context_sid;
784 } else {
785 rc = may_context_mount_inode_relabel(context_sid, sbsec,
786 cred);
787 if (rc)
788 goto out;
789 }
790 if (!rootcontext_sid)
791 rootcontext_sid = context_sid;
792
793 sbsec->mntpoint_sid = context_sid;
794 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
795 }
796
797 if (rootcontext_sid) {
798 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
799 cred);
800 if (rc)
801 goto out;
802
803 root_isec->sid = rootcontext_sid;
804 root_isec->initialized = 1;
805 }
806
807 if (defcontext_sid) {
808 if (sbsec->behavior != SECURITY_FS_USE_XATTR &&
809 sbsec->behavior != SECURITY_FS_USE_NATIVE) {
810 rc = -EINVAL;
811 printk(KERN_WARNING "SELinux: defcontext option is "
812 "invalid for this filesystem type\n");
813 goto out;
814 }
815
816 if (defcontext_sid != sbsec->def_sid) {
817 rc = may_context_mount_inode_relabel(defcontext_sid,
818 sbsec, cred);
819 if (rc)
820 goto out;
821 }
822
823 sbsec->def_sid = defcontext_sid;
824 }
825
826 rc = sb_finish_set_opts(sb);
827out:
828 mutex_unlock(&sbsec->lock);
829 return rc;
830out_double_mount:
831 rc = -EINVAL;
832 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
833 "security settings for (dev %s, type %s)\n", sb->s_id, name);
834 goto out;
835}
836
837static int selinux_cmp_sb_context(const struct super_block *oldsb,
838 const struct super_block *newsb)
839{
840 struct superblock_security_struct *old = oldsb->s_security;
841 struct superblock_security_struct *new = newsb->s_security;
842 char oldflags = old->flags & SE_MNTMASK;
843 char newflags = new->flags & SE_MNTMASK;
844
845 if (oldflags != newflags)
846 goto mismatch;
847 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid)
848 goto mismatch;
849 if ((oldflags & CONTEXT_MNT) && old->mntpoint_sid != new->mntpoint_sid)
850 goto mismatch;
851 if ((oldflags & DEFCONTEXT_MNT) && old->def_sid != new->def_sid)
852 goto mismatch;
853 if (oldflags & ROOTCONTEXT_MNT) {
854 struct inode_security_struct *oldroot = oldsb->s_root->d_inode->i_security;
855 struct inode_security_struct *newroot = newsb->s_root->d_inode->i_security;
856 if (oldroot->sid != newroot->sid)
857 goto mismatch;
858 }
859 return 0;
860mismatch:
861 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, "
862 "different security settings for (dev %s, "
863 "type %s)\n", newsb->s_id, newsb->s_type->name);
864 return -EBUSY;
865}
866
867static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
868 struct super_block *newsb)
869{
870 const struct superblock_security_struct *oldsbsec = oldsb->s_security;
871 struct superblock_security_struct *newsbsec = newsb->s_security;
872
873 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
874 int set_context = (oldsbsec->flags & CONTEXT_MNT);
875 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
876
877
878
879
880
881 if (!ss_initialized)
882 return 0;
883
884
885 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
886
887
888 if (newsbsec->flags & SE_SBINITIALIZED)
889 return selinux_cmp_sb_context(oldsb, newsb);
890
891 mutex_lock(&newsbsec->lock);
892
893 newsbsec->flags = oldsbsec->flags;
894
895 newsbsec->sid = oldsbsec->sid;
896 newsbsec->def_sid = oldsbsec->def_sid;
897 newsbsec->behavior = oldsbsec->behavior;
898
899 if (set_context) {
900 u32 sid = oldsbsec->mntpoint_sid;
901
902 if (!set_fscontext)
903 newsbsec->sid = sid;
904 if (!set_rootcontext) {
905 struct inode *newinode = newsb->s_root->d_inode;
906 struct inode_security_struct *newisec = newinode->i_security;
907 newisec->sid = sid;
908 }
909 newsbsec->mntpoint_sid = sid;
910 }
911 if (set_rootcontext) {
912 const struct inode *oldinode = oldsb->s_root->d_inode;
913 const struct inode_security_struct *oldisec = oldinode->i_security;
914 struct inode *newinode = newsb->s_root->d_inode;
915 struct inode_security_struct *newisec = newinode->i_security;
916
917 newisec->sid = oldisec->sid;
918 }
919
920 sb_finish_set_opts(newsb);
921 mutex_unlock(&newsbsec->lock);
922 return 0;
923}
924
925static int selinux_parse_opts_str(char *options,
926 struct security_mnt_opts *opts)
927{
928 char *p;
929 char *context = NULL, *defcontext = NULL;
930 char *fscontext = NULL, *rootcontext = NULL;
931 int rc, num_mnt_opts = 0;
932
933 opts->num_mnt_opts = 0;
934
935
936 while ((p = strsep(&options, "|")) != NULL) {
937 int token;
938 substring_t args[MAX_OPT_ARGS];
939
940 if (!*p)
941 continue;
942
943 token = match_token(p, tokens, args);
944
945 switch (token) {
946 case Opt_context:
947 if (context || defcontext) {
948 rc = -EINVAL;
949 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
950 goto out_err;
951 }
952 context = match_strdup(&args[0]);
953 if (!context) {
954 rc = -ENOMEM;
955 goto out_err;
956 }
957 break;
958
959 case Opt_fscontext:
960 if (fscontext) {
961 rc = -EINVAL;
962 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
963 goto out_err;
964 }
965 fscontext = match_strdup(&args[0]);
966 if (!fscontext) {
967 rc = -ENOMEM;
968 goto out_err;
969 }
970 break;
971
972 case Opt_rootcontext:
973 if (rootcontext) {
974 rc = -EINVAL;
975 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
976 goto out_err;
977 }
978 rootcontext = match_strdup(&args[0]);
979 if (!rootcontext) {
980 rc = -ENOMEM;
981 goto out_err;
982 }
983 break;
984
985 case Opt_defcontext:
986 if (context || defcontext) {
987 rc = -EINVAL;
988 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
989 goto out_err;
990 }
991 defcontext = match_strdup(&args[0]);
992 if (!defcontext) {
993 rc = -ENOMEM;
994 goto out_err;
995 }
996 break;
997 case Opt_labelsupport:
998 break;
999 default:
1000 rc = -EINVAL;
1001 printk(KERN_WARNING "SELinux: unknown mount option\n");
1002 goto out_err;
1003
1004 }
1005 }
1006
1007 rc = -ENOMEM;
1008 opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC);
1009 if (!opts->mnt_opts)
1010 goto out_err;
1011
1012 opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC);
1013 if (!opts->mnt_opts_flags) {
1014 kfree(opts->mnt_opts);
1015 goto out_err;
1016 }
1017
1018 if (fscontext) {
1019 opts->mnt_opts[num_mnt_opts] = fscontext;
1020 opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;
1021 }
1022 if (context) {
1023 opts->mnt_opts[num_mnt_opts] = context;
1024 opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;
1025 }
1026 if (rootcontext) {
1027 opts->mnt_opts[num_mnt_opts] = rootcontext;
1028 opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;
1029 }
1030 if (defcontext) {
1031 opts->mnt_opts[num_mnt_opts] = defcontext;
1032 opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;
1033 }
1034
1035 opts->num_mnt_opts = num_mnt_opts;
1036 return 0;
1037
1038out_err:
1039 kfree(context);
1040 kfree(defcontext);
1041 kfree(fscontext);
1042 kfree(rootcontext);
1043 return rc;
1044}
1045
1046
1047
1048static int superblock_doinit(struct super_block *sb, void *data)
1049{
1050 int rc = 0;
1051 char *options = data;
1052 struct security_mnt_opts opts;
1053
1054 security_init_mnt_opts(&opts);
1055
1056 if (!data)
1057 goto out;
1058
1059 BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
1060
1061 rc = selinux_parse_opts_str(options, &opts);
1062 if (rc)
1063 goto out_err;
1064
1065out:
1066 rc = selinux_set_mnt_opts(sb, &opts, 0, NULL);
1067
1068out_err:
1069 security_free_mnt_opts(&opts);
1070 return rc;
1071}
1072
1073static void selinux_write_opts(struct seq_file *m,
1074 struct security_mnt_opts *opts)
1075{
1076 int i;
1077 char *prefix;
1078
1079 for (i = 0; i < opts->num_mnt_opts; i++) {
1080 char *has_comma;
1081
1082 if (opts->mnt_opts[i])
1083 has_comma = strchr(opts->mnt_opts[i], ',');
1084 else
1085 has_comma = NULL;
1086
1087 switch (opts->mnt_opts_flags[i]) {
1088 case CONTEXT_MNT:
1089 prefix = CONTEXT_STR;
1090 break;
1091 case FSCONTEXT_MNT:
1092 prefix = FSCONTEXT_STR;
1093 break;
1094 case ROOTCONTEXT_MNT:
1095 prefix = ROOTCONTEXT_STR;
1096 break;
1097 case DEFCONTEXT_MNT:
1098 prefix = DEFCONTEXT_STR;
1099 break;
1100 case SBLABEL_MNT:
1101 seq_putc(m, ',');
1102 seq_puts(m, LABELSUPP_STR);
1103 continue;
1104 default:
1105 BUG();
1106 return;
1107 };
1108
1109 seq_putc(m, ',');
1110 seq_puts(m, prefix);
1111 if (has_comma)
1112 seq_putc(m, '\"');
1113 seq_puts(m, opts->mnt_opts[i]);
1114 if (has_comma)
1115 seq_putc(m, '\"');
1116 }
1117}
1118
1119static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
1120{
1121 struct security_mnt_opts opts;
1122 int rc;
1123
1124 rc = selinux_get_mnt_opts(sb, &opts);
1125 if (rc) {
1126
1127 if (rc == -EINVAL)
1128 rc = 0;
1129 return rc;
1130 }
1131
1132 selinux_write_opts(m, &opts);
1133
1134 security_free_mnt_opts(&opts);
1135
1136 return rc;
1137}
1138
1139static inline u16 inode_mode_to_security_class(umode_t mode)
1140{
1141 switch (mode & S_IFMT) {
1142 case S_IFSOCK:
1143 return SECCLASS_SOCK_FILE;
1144 case S_IFLNK:
1145 return SECCLASS_LNK_FILE;
1146 case S_IFREG:
1147 return SECCLASS_FILE;
1148 case S_IFBLK:
1149 return SECCLASS_BLK_FILE;
1150 case S_IFDIR:
1151 return SECCLASS_DIR;
1152 case S_IFCHR:
1153 return SECCLASS_CHR_FILE;
1154 case S_IFIFO:
1155 return SECCLASS_FIFO_FILE;
1156
1157 }
1158
1159 return SECCLASS_FILE;
1160}
1161
1162static inline int default_protocol_stream(int protocol)
1163{
1164 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
1165}
1166
1167static inline int default_protocol_dgram(int protocol)
1168{
1169 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
1170}
1171
1172static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1173{
1174 switch (family) {
1175 case PF_UNIX:
1176 switch (type) {
1177 case SOCK_STREAM:
1178 case SOCK_SEQPACKET:
1179 return SECCLASS_UNIX_STREAM_SOCKET;
1180 case SOCK_DGRAM:
1181 return SECCLASS_UNIX_DGRAM_SOCKET;
1182 }
1183 break;
1184 case PF_INET:
1185 case PF_INET6:
1186 switch (type) {
1187 case SOCK_STREAM:
1188 if (default_protocol_stream(protocol))
1189 return SECCLASS_TCP_SOCKET;
1190 else
1191 return SECCLASS_RAWIP_SOCKET;
1192 case SOCK_DGRAM:
1193 if (default_protocol_dgram(protocol))
1194 return SECCLASS_UDP_SOCKET;
1195 else
1196 return SECCLASS_RAWIP_SOCKET;
1197 case SOCK_DCCP:
1198 return SECCLASS_DCCP_SOCKET;
1199 default:
1200 return SECCLASS_RAWIP_SOCKET;
1201 }
1202 break;
1203 case PF_NETLINK:
1204 switch (protocol) {
1205 case NETLINK_ROUTE:
1206 return SECCLASS_NETLINK_ROUTE_SOCKET;
1207 case NETLINK_FIREWALL:
1208 return SECCLASS_NETLINK_FIREWALL_SOCKET;
1209 case NETLINK_SOCK_DIAG:
1210 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1211 case NETLINK_NFLOG:
1212 return SECCLASS_NETLINK_NFLOG_SOCKET;
1213 case NETLINK_XFRM:
1214 return SECCLASS_NETLINK_XFRM_SOCKET;
1215 case NETLINK_SELINUX:
1216 return SECCLASS_NETLINK_SELINUX_SOCKET;
1217 case NETLINK_AUDIT:
1218 return SECCLASS_NETLINK_AUDIT_SOCKET;
1219 case NETLINK_IP6_FW:
1220 return SECCLASS_NETLINK_IP6FW_SOCKET;
1221 case NETLINK_DNRTMSG:
1222 return SECCLASS_NETLINK_DNRT_SOCKET;
1223 case NETLINK_KOBJECT_UEVENT:
1224 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1225 default:
1226 return SECCLASS_NETLINK_SOCKET;
1227 }
1228 case PF_PACKET:
1229 return SECCLASS_PACKET_SOCKET;
1230 case PF_KEY:
1231 return SECCLASS_KEY_SOCKET;
1232 case PF_APPLETALK:
1233 return SECCLASS_APPLETALK_SOCKET;
1234 }
1235
1236 return SECCLASS_SOCKET;
1237}
1238
1239#ifdef CONFIG_PROC_FS
1240static int selinux_proc_get_sid(struct dentry *dentry,
1241 u16 tclass,
1242 u32 *sid)
1243{
1244 int rc;
1245 char *buffer, *path;
1246
1247 buffer = (char *)__get_free_page(GFP_KERNEL);
1248 if (!buffer)
1249 return -ENOMEM;
1250
1251 path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
1252 if (IS_ERR(path))
1253 rc = PTR_ERR(path);
1254 else {
1255
1256
1257
1258 while (path[1] >= '0' && path[1] <= '9') {
1259 path[1] = '/';
1260 path++;
1261 }
1262 rc = security_genfs_sid("proc", path, tclass, sid);
1263 }
1264 free_page((unsigned long)buffer);
1265 return rc;
1266}
1267#else
1268static int selinux_proc_get_sid(struct dentry *dentry,
1269 u16 tclass,
1270 u32 *sid)
1271{
1272 return -EINVAL;
1273}
1274#endif
1275
1276
1277static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1278{
1279 struct superblock_security_struct *sbsec = NULL;
1280 struct inode_security_struct *isec = inode->i_security;
1281 u32 sid;
1282 struct dentry *dentry;
1283#define INITCONTEXTLEN 255
1284 char *context = NULL;
1285 unsigned len = 0;
1286 int rc = 0;
1287
1288 if (isec->initialized)
1289 goto out;
1290
1291 mutex_lock(&isec->lock);
1292 if (isec->initialized)
1293 goto out_unlock;
1294
1295 sbsec = inode->i_sb->s_security;
1296 if (!(sbsec->flags & SE_SBINITIALIZED)) {
1297
1298
1299
1300 spin_lock(&sbsec->isec_lock);
1301 if (list_empty(&isec->list))
1302 list_add(&isec->list, &sbsec->isec_head);
1303 spin_unlock(&sbsec->isec_lock);
1304 goto out_unlock;
1305 }
1306
1307 switch (sbsec->behavior) {
1308 case SECURITY_FS_USE_NATIVE:
1309 break;
1310 case SECURITY_FS_USE_XATTR:
1311 if (!inode->i_op->getxattr) {
1312 isec->sid = sbsec->def_sid;
1313 break;
1314 }
1315
1316
1317
1318 if (opt_dentry) {
1319
1320 dentry = dget(opt_dentry);
1321 } else {
1322
1323 dentry = d_find_alias(inode);
1324 }
1325 if (!dentry) {
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335 goto out_unlock;
1336 }
1337
1338 len = INITCONTEXTLEN;
1339 context = kmalloc(len+1, GFP_NOFS);
1340 if (!context) {
1341 rc = -ENOMEM;
1342 dput(dentry);
1343 goto out_unlock;
1344 }
1345 context[len] = '\0';
1346 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1347 context, len);
1348 if (rc == -ERANGE) {
1349 kfree(context);
1350
1351
1352 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1353 NULL, 0);
1354 if (rc < 0) {
1355 dput(dentry);
1356 goto out_unlock;
1357 }
1358 len = rc;
1359 context = kmalloc(len+1, GFP_NOFS);
1360 if (!context) {
1361 rc = -ENOMEM;
1362 dput(dentry);
1363 goto out_unlock;
1364 }
1365 context[len] = '\0';
1366 rc = inode->i_op->getxattr(dentry,
1367 XATTR_NAME_SELINUX,
1368 context, len);
1369 }
1370 dput(dentry);
1371 if (rc < 0) {
1372 if (rc != -ENODATA) {
1373 printk(KERN_WARNING "SELinux: %s: getxattr returned "
1374 "%d for dev=%s ino=%ld\n", __func__,
1375 -rc, inode->i_sb->s_id, inode->i_ino);
1376 kfree(context);
1377 goto out_unlock;
1378 }
1379
1380 sid = sbsec->def_sid;
1381 rc = 0;
1382 } else {
1383 rc = security_context_to_sid_default(context, rc, &sid,
1384 sbsec->def_sid,
1385 GFP_NOFS);
1386 if (rc) {
1387 char *dev = inode->i_sb->s_id;
1388 unsigned long ino = inode->i_ino;
1389
1390 if (rc == -EINVAL) {
1391 if (printk_ratelimit())
1392 printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
1393 "context=%s. This indicates you may need to relabel the inode or the "
1394 "filesystem in question.\n", ino, dev, context);
1395 } else {
1396 printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
1397 "returned %d for dev=%s ino=%ld\n",
1398 __func__, context, -rc, dev, ino);
1399 }
1400 kfree(context);
1401
1402 rc = 0;
1403 break;
1404 }
1405 }
1406 kfree(context);
1407 isec->sid = sid;
1408 break;
1409 case SECURITY_FS_USE_TASK:
1410 isec->sid = isec->task_sid;
1411 break;
1412 case SECURITY_FS_USE_TRANS:
1413
1414 isec->sid = sbsec->sid;
1415
1416
1417 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1418 rc = security_transition_sid(isec->task_sid, sbsec->sid,
1419 isec->sclass, NULL, &sid);
1420 if (rc)
1421 goto out_unlock;
1422 isec->sid = sid;
1423 break;
1424 case SECURITY_FS_USE_MNTPOINT:
1425 isec->sid = sbsec->mntpoint_sid;
1426 break;
1427 default:
1428
1429 isec->sid = sbsec->sid;
1430
1431 if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
1432
1433
1434 if (opt_dentry)
1435
1436
1437 dentry = dget(opt_dentry);
1438 else
1439
1440
1441 dentry = d_find_alias(inode);
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451 if (!dentry)
1452 goto out_unlock;
1453 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1454 rc = selinux_proc_get_sid(dentry, isec->sclass, &sid);
1455 dput(dentry);
1456 if (rc)
1457 goto out_unlock;
1458 isec->sid = sid;
1459 }
1460 break;
1461 }
1462
1463 isec->initialized = 1;
1464
1465out_unlock:
1466 mutex_unlock(&isec->lock);
1467out:
1468 if (isec->sclass == SECCLASS_FILE)
1469 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1470 return rc;
1471}
1472
1473
1474static inline u32 signal_to_av(int sig)
1475{
1476 u32 perm = 0;
1477
1478 switch (sig) {
1479 case SIGCHLD:
1480
1481 perm = PROCESS__SIGCHLD;
1482 break;
1483 case SIGKILL:
1484
1485 perm = PROCESS__SIGKILL;
1486 break;
1487 case SIGSTOP:
1488
1489 perm = PROCESS__SIGSTOP;
1490 break;
1491 default:
1492
1493 perm = PROCESS__SIGNAL;
1494 break;
1495 }
1496
1497 return perm;
1498}
1499
1500
1501
1502
1503
1504static int cred_has_perm(const struct cred *actor,
1505 const struct cred *target,
1506 u32 perms)
1507{
1508 u32 asid = cred_sid(actor), tsid = cred_sid(target);
1509
1510 return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL);
1511}
1512
1513
1514
1515
1516
1517
1518
1519static int task_has_perm(const struct task_struct *tsk1,
1520 const struct task_struct *tsk2,
1521 u32 perms)
1522{
1523 const struct task_security_struct *__tsec1, *__tsec2;
1524 u32 sid1, sid2;
1525
1526 rcu_read_lock();
1527 __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid;
1528 __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid;
1529 rcu_read_unlock();
1530 return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL);
1531}
1532
1533
1534
1535
1536
1537
1538
1539static int current_has_perm(const struct task_struct *tsk,
1540 u32 perms)
1541{
1542 u32 sid, tsid;
1543
1544 sid = current_sid();
1545 tsid = task_sid(tsk);
1546 return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL);
1547}
1548
1549#if CAP_LAST_CAP > 63
1550#error Fix SELinux to handle capabilities > 63.
1551#endif
1552
1553
1554static int cred_has_capability(const struct cred *cred,
1555 int cap, int audit)
1556{
1557 struct common_audit_data ad;
1558 struct av_decision avd;
1559 u16 sclass;
1560 u32 sid = cred_sid(cred);
1561 u32 av = CAP_TO_MASK(cap);
1562 int rc;
1563
1564 ad.type = LSM_AUDIT_DATA_CAP;
1565 ad.u.cap = cap;
1566
1567 switch (CAP_TO_INDEX(cap)) {
1568 case 0:
1569 sclass = SECCLASS_CAPABILITY;
1570 break;
1571 case 1:
1572 sclass = SECCLASS_CAPABILITY2;
1573 break;
1574 default:
1575 printk(KERN_ERR
1576 "SELinux: out of range capability %d\n", cap);
1577 BUG();
1578 return -EINVAL;
1579 }
1580
1581 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
1582 if (audit == SECURITY_CAP_AUDIT) {
1583 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad);
1584 if (rc2)
1585 return rc2;
1586 }
1587 return rc;
1588}
1589
1590
1591static int task_has_system(struct task_struct *tsk,
1592 u32 perms)
1593{
1594 u32 sid = task_sid(tsk);
1595
1596 return avc_has_perm(sid, SECINITSID_KERNEL,
1597 SECCLASS_SYSTEM, perms, NULL);
1598}
1599
1600
1601
1602
1603static int inode_has_perm(const struct cred *cred,
1604 struct inode *inode,
1605 u32 perms,
1606 struct common_audit_data *adp)
1607{
1608 struct inode_security_struct *isec;
1609 u32 sid;
1610
1611 validate_creds(cred);
1612
1613 if (unlikely(IS_PRIVATE(inode)))
1614 return 0;
1615
1616 sid = cred_sid(cred);
1617 isec = inode->i_security;
1618
1619 return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);
1620}
1621
1622
1623
1624
1625static inline int dentry_has_perm(const struct cred *cred,
1626 struct dentry *dentry,
1627 u32 av)
1628{
1629 struct inode *inode = dentry->d_inode;
1630 struct common_audit_data ad;
1631
1632 ad.type = LSM_AUDIT_DATA_DENTRY;
1633 ad.u.dentry = dentry;
1634 return inode_has_perm(cred, inode, av, &ad);
1635}
1636
1637
1638
1639
1640static inline int path_has_perm(const struct cred *cred,
1641 struct path *path,
1642 u32 av)
1643{
1644 struct inode *inode = path->dentry->d_inode;
1645 struct common_audit_data ad;
1646
1647 ad.type = LSM_AUDIT_DATA_PATH;
1648 ad.u.path = *path;
1649 return inode_has_perm(cred, inode, av, &ad);
1650}
1651
1652
1653static inline int file_path_has_perm(const struct cred *cred,
1654 struct file *file,
1655 u32 av)
1656{
1657 struct common_audit_data ad;
1658
1659 ad.type = LSM_AUDIT_DATA_PATH;
1660 ad.u.path = file->f_path;
1661 return inode_has_perm(cred, file_inode(file), av, &ad);
1662}
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672static int file_has_perm(const struct cred *cred,
1673 struct file *file,
1674 u32 av)
1675{
1676 struct file_security_struct *fsec = file->f_security;
1677 struct inode *inode = file_inode(file);
1678 struct common_audit_data ad;
1679 u32 sid = cred_sid(cred);
1680 int rc;
1681
1682 ad.type = LSM_AUDIT_DATA_PATH;
1683 ad.u.path = file->f_path;
1684
1685 if (sid != fsec->sid) {
1686 rc = avc_has_perm(sid, fsec->sid,
1687 SECCLASS_FD,
1688 FD__USE,
1689 &ad);
1690 if (rc)
1691 goto out;
1692 }
1693
1694
1695 rc = 0;
1696 if (av)
1697 rc = inode_has_perm(cred, inode, av, &ad);
1698
1699out:
1700 return rc;
1701}
1702
1703
1704static int may_create(struct inode *dir,
1705 struct dentry *dentry,
1706 u16 tclass)
1707{
1708 const struct task_security_struct *tsec = current_security();
1709 struct inode_security_struct *dsec;
1710 struct superblock_security_struct *sbsec;
1711 u32 sid, newsid;
1712 struct common_audit_data ad;
1713 int rc;
1714
1715 dsec = dir->i_security;
1716 sbsec = dir->i_sb->s_security;
1717
1718 sid = tsec->sid;
1719 newsid = tsec->create_sid;
1720
1721 ad.type = LSM_AUDIT_DATA_DENTRY;
1722 ad.u.dentry = dentry;
1723
1724 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
1725 DIR__ADD_NAME | DIR__SEARCH,
1726 &ad);
1727 if (rc)
1728 return rc;
1729
1730 if (!newsid || !(sbsec->flags & SBLABEL_MNT)) {
1731 rc = security_transition_sid(sid, dsec->sid, tclass,
1732 &dentry->d_name, &newsid);
1733 if (rc)
1734 return rc;
1735 }
1736
1737 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);
1738 if (rc)
1739 return rc;
1740
1741 return avc_has_perm(newsid, sbsec->sid,
1742 SECCLASS_FILESYSTEM,
1743 FILESYSTEM__ASSOCIATE, &ad);
1744}
1745
1746
1747static int may_create_key(u32 ksid,
1748 struct task_struct *ctx)
1749{
1750 u32 sid = task_sid(ctx);
1751
1752 return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1753}
1754
1755#define MAY_LINK 0
1756#define MAY_UNLINK 1
1757#define MAY_RMDIR 2
1758
1759
1760static int may_link(struct inode *dir,
1761 struct dentry *dentry,
1762 int kind)
1763
1764{
1765 struct inode_security_struct *dsec, *isec;
1766 struct common_audit_data ad;
1767 u32 sid = current_sid();
1768 u32 av;
1769 int rc;
1770
1771 dsec = dir->i_security;
1772 isec = dentry->d_inode->i_security;
1773
1774 ad.type = LSM_AUDIT_DATA_DENTRY;
1775 ad.u.dentry = dentry;
1776
1777 av = DIR__SEARCH;
1778 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1779 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);
1780 if (rc)
1781 return rc;
1782
1783 switch (kind) {
1784 case MAY_LINK:
1785 av = FILE__LINK;
1786 break;
1787 case MAY_UNLINK:
1788 av = FILE__UNLINK;
1789 break;
1790 case MAY_RMDIR:
1791 av = DIR__RMDIR;
1792 break;
1793 default:
1794 printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
1795 __func__, kind);
1796 return 0;
1797 }
1798
1799 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);
1800 return rc;
1801}
1802
1803static inline int may_rename(struct inode *old_dir,
1804 struct dentry *old_dentry,
1805 struct inode *new_dir,
1806 struct dentry *new_dentry)
1807{
1808 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1809 struct common_audit_data ad;
1810 u32 sid = current_sid();
1811 u32 av;
1812 int old_is_dir, new_is_dir;
1813 int rc;
1814
1815 old_dsec = old_dir->i_security;
1816 old_isec = old_dentry->d_inode->i_security;
1817 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
1818 new_dsec = new_dir->i_security;
1819
1820 ad.type = LSM_AUDIT_DATA_DENTRY;
1821
1822 ad.u.dentry = old_dentry;
1823 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
1824 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1825 if (rc)
1826 return rc;
1827 rc = avc_has_perm(sid, old_isec->sid,
1828 old_isec->sclass, FILE__RENAME, &ad);
1829 if (rc)
1830 return rc;
1831 if (old_is_dir && new_dir != old_dir) {
1832 rc = avc_has_perm(sid, old_isec->sid,
1833 old_isec->sclass, DIR__REPARENT, &ad);
1834 if (rc)
1835 return rc;
1836 }
1837
1838 ad.u.dentry = new_dentry;
1839 av = DIR__ADD_NAME | DIR__SEARCH;
1840 if (new_dentry->d_inode)
1841 av |= DIR__REMOVE_NAME;
1842 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1843 if (rc)
1844 return rc;
1845 if (new_dentry->d_inode) {
1846 new_isec = new_dentry->d_inode->i_security;
1847 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
1848 rc = avc_has_perm(sid, new_isec->sid,
1849 new_isec->sclass,
1850 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1851 if (rc)
1852 return rc;
1853 }
1854
1855 return 0;
1856}
1857
1858
1859static int superblock_has_perm(const struct cred *cred,
1860 struct super_block *sb,
1861 u32 perms,
1862 struct common_audit_data *ad)
1863{
1864 struct superblock_security_struct *sbsec;
1865 u32 sid = cred_sid(cred);
1866
1867 sbsec = sb->s_security;
1868 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
1869}
1870
1871
1872static inline u32 file_mask_to_av(int mode, int mask)
1873{
1874 u32 av = 0;
1875
1876 if (!S_ISDIR(mode)) {
1877 if (mask & MAY_EXEC)
1878 av |= FILE__EXECUTE;
1879 if (mask & MAY_READ)
1880 av |= FILE__READ;
1881
1882 if (mask & MAY_APPEND)
1883 av |= FILE__APPEND;
1884 else if (mask & MAY_WRITE)
1885 av |= FILE__WRITE;
1886
1887 } else {
1888 if (mask & MAY_EXEC)
1889 av |= DIR__SEARCH;
1890 if (mask & MAY_WRITE)
1891 av |= DIR__WRITE;
1892 if (mask & MAY_READ)
1893 av |= DIR__READ;
1894 }
1895
1896 return av;
1897}
1898
1899
1900static inline u32 file_to_av(struct file *file)
1901{
1902 u32 av = 0;
1903
1904 if (file->f_mode & FMODE_READ)
1905 av |= FILE__READ;
1906 if (file->f_mode & FMODE_WRITE) {
1907 if (file->f_flags & O_APPEND)
1908 av |= FILE__APPEND;
1909 else
1910 av |= FILE__WRITE;
1911 }
1912 if (!av) {
1913
1914
1915
1916 av = FILE__IOCTL;
1917 }
1918
1919 return av;
1920}
1921
1922
1923
1924
1925
1926static inline u32 open_file_to_av(struct file *file)
1927{
1928 u32 av = file_to_av(file);
1929
1930 if (selinux_policycap_openperm)
1931 av |= FILE__OPEN;
1932
1933 return av;
1934}
1935
1936
1937
1938static int selinux_ptrace_access_check(struct task_struct *child,
1939 unsigned int mode)
1940{
1941 int rc;
1942
1943 rc = cap_ptrace_access_check(child, mode);
1944 if (rc)
1945 return rc;
1946
1947 if (mode & PTRACE_MODE_READ) {
1948 u32 sid = current_sid();
1949 u32 csid = task_sid(child);
1950 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
1951 }
1952
1953 return current_has_perm(child, PROCESS__PTRACE);
1954}
1955
1956static int selinux_ptrace_traceme(struct task_struct *parent)
1957{
1958 int rc;
1959
1960 rc = cap_ptrace_traceme(parent);
1961 if (rc)
1962 return rc;
1963
1964 return task_has_perm(parent, current, PROCESS__PTRACE);
1965}
1966
1967static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
1968 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1969{
1970 int error;
1971
1972 error = current_has_perm(target, PROCESS__GETCAP);
1973 if (error)
1974 return error;
1975
1976 return cap_capget(target, effective, inheritable, permitted);
1977}
1978
1979static int selinux_capset(struct cred *new, const struct cred *old,
1980 const kernel_cap_t *effective,
1981 const kernel_cap_t *inheritable,
1982 const kernel_cap_t *permitted)
1983{
1984 int error;
1985
1986 error = cap_capset(new, old,
1987 effective, inheritable, permitted);
1988 if (error)
1989 return error;
1990
1991 return cred_has_perm(old, new, PROCESS__SETCAP);
1992}
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
2005 int cap, int audit)
2006{
2007 int rc;
2008
2009 rc = cap_capable(cred, ns, cap, audit);
2010 if (rc)
2011 return rc;
2012
2013 return cred_has_capability(cred, cap, audit);
2014}
2015
2016static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
2017{
2018 const struct cred *cred = current_cred();
2019 int rc = 0;
2020
2021 if (!sb)
2022 return 0;
2023
2024 switch (cmds) {
2025 case Q_SYNC:
2026 case Q_QUOTAON:
2027 case Q_QUOTAOFF:
2028 case Q_SETINFO:
2029 case Q_SETQUOTA:
2030 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
2031 break;
2032 case Q_GETFMT:
2033 case Q_GETINFO:
2034 case Q_GETQUOTA:
2035 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
2036 break;
2037 default:
2038 rc = 0;
2039 break;
2040 }
2041 return rc;
2042}
2043
2044static int selinux_quota_on(struct dentry *dentry)
2045{
2046 const struct cred *cred = current_cred();
2047
2048 return dentry_has_perm(cred, dentry, FILE__QUOTAON);
2049}
2050
2051static int selinux_syslog(int type)
2052{
2053 int rc;
2054
2055 switch (type) {
2056 case SYSLOG_ACTION_READ_ALL:
2057 case SYSLOG_ACTION_SIZE_BUFFER:
2058 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
2059 break;
2060 case SYSLOG_ACTION_CONSOLE_OFF:
2061 case SYSLOG_ACTION_CONSOLE_ON:
2062
2063 case SYSLOG_ACTION_CONSOLE_LEVEL:
2064 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
2065 break;
2066 case SYSLOG_ACTION_CLOSE:
2067 case SYSLOG_ACTION_OPEN:
2068 case SYSLOG_ACTION_READ:
2069 case SYSLOG_ACTION_READ_CLEAR:
2070 case SYSLOG_ACTION_CLEAR:
2071 default:
2072 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
2073 break;
2074 }
2075 return rc;
2076}
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
2087{
2088 int rc, cap_sys_admin = 0;
2089
2090 rc = selinux_capable(current_cred(), &init_user_ns, CAP_SYS_ADMIN,
2091 SECURITY_CAP_NOAUDIT);
2092 if (rc == 0)
2093 cap_sys_admin = 1;
2094
2095 return __vm_enough_memory(mm, pages, cap_sys_admin);
2096}
2097
2098
2099
2100static int check_nnp_nosuid(const struct linux_binprm *bprm,
2101 const struct task_security_struct *old_tsec,
2102 const struct task_security_struct *new_tsec)
2103{
2104 int nnp = (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS);
2105 int nosuid = (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID);
2106 int rc;
2107
2108 if (!nnp && !nosuid)
2109 return 0;
2110
2111 if (new_tsec->sid == old_tsec->sid)
2112 return 0;
2113
2114
2115
2116
2117
2118
2119
2120 rc = security_bounded_transition(old_tsec->sid, new_tsec->sid);
2121 if (rc) {
2122
2123
2124
2125
2126
2127 if (nnp)
2128 return -EPERM;
2129 else
2130 return -EACCES;
2131 }
2132 return 0;
2133}
2134
2135static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2136{
2137 const struct task_security_struct *old_tsec;
2138 struct task_security_struct *new_tsec;
2139 struct inode_security_struct *isec;
2140 struct common_audit_data ad;
2141 struct inode *inode = file_inode(bprm->file);
2142 int rc;
2143
2144 rc = cap_bprm_set_creds(bprm);
2145 if (rc)
2146 return rc;
2147
2148
2149
2150 if (bprm->cred_prepared)
2151 return 0;
2152
2153 old_tsec = current_security();
2154 new_tsec = bprm->cred->security;
2155 isec = inode->i_security;
2156
2157
2158 new_tsec->sid = old_tsec->sid;
2159 new_tsec->osid = old_tsec->sid;
2160
2161
2162 new_tsec->create_sid = 0;
2163 new_tsec->keycreate_sid = 0;
2164 new_tsec->sockcreate_sid = 0;
2165
2166 if (old_tsec->exec_sid) {
2167 new_tsec->sid = old_tsec->exec_sid;
2168
2169 new_tsec->exec_sid = 0;
2170
2171
2172 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec);
2173 if (rc)
2174 return rc;
2175 } else {
2176
2177 rc = security_transition_sid(old_tsec->sid, isec->sid,
2178 SECCLASS_PROCESS, NULL,
2179 &new_tsec->sid);
2180 if (rc)
2181 return rc;
2182
2183
2184
2185
2186
2187 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec);
2188 if (rc)
2189 new_tsec->sid = old_tsec->sid;
2190 }
2191
2192 ad.type = LSM_AUDIT_DATA_PATH;
2193 ad.u.path = bprm->file->f_path;
2194
2195 if (new_tsec->sid == old_tsec->sid) {
2196 rc = avc_has_perm(old_tsec->sid, isec->sid,
2197 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2198 if (rc)
2199 return rc;
2200 } else {
2201
2202 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2203 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2204 if (rc)
2205 return rc;
2206
2207 rc = avc_has_perm(new_tsec->sid, isec->sid,
2208 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2209 if (rc)
2210 return rc;
2211
2212
2213 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2214 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2215 SECCLASS_PROCESS, PROCESS__SHARE,
2216 NULL);
2217 if (rc)
2218 return -EPERM;
2219 }
2220
2221
2222
2223 if (bprm->unsafe &
2224 (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
2225 struct task_struct *tracer;
2226 struct task_security_struct *sec;
2227 u32 ptsid = 0;
2228
2229 rcu_read_lock();
2230 tracer = ptrace_parent(current);
2231 if (likely(tracer != NULL)) {
2232 sec = __task_cred(tracer)->security;
2233 ptsid = sec->sid;
2234 }
2235 rcu_read_unlock();
2236
2237 if (ptsid != 0) {
2238 rc = avc_has_perm(ptsid, new_tsec->sid,
2239 SECCLASS_PROCESS,
2240 PROCESS__PTRACE, NULL);
2241 if (rc)
2242 return -EPERM;
2243 }
2244 }
2245
2246
2247 bprm->per_clear |= PER_CLEAR_ON_SETID;
2248 }
2249
2250 return 0;
2251}
2252
2253static int selinux_bprm_secureexec(struct linux_binprm *bprm)
2254{
2255 const struct task_security_struct *tsec = current_security();
2256 u32 sid, osid;
2257 int atsecure = 0;
2258
2259 sid = tsec->sid;
2260 osid = tsec->osid;
2261
2262 if (osid != sid) {
2263
2264
2265
2266 atsecure = avc_has_perm(osid, sid,
2267 SECCLASS_PROCESS,
2268 PROCESS__NOATSECURE, NULL);
2269 }
2270
2271 return (atsecure || cap_bprm_secureexec(bprm));
2272}
2273
2274static int match_file(const void *p, struct file *file, unsigned fd)
2275{
2276 return file_has_perm(p, file, file_to_av(file)) ? fd + 1 : 0;
2277}
2278
2279
2280static inline void flush_unauthorized_files(const struct cred *cred,
2281 struct files_struct *files)
2282{
2283 struct file *file, *devnull = NULL;
2284 struct tty_struct *tty;
2285 int drop_tty = 0;
2286 unsigned n;
2287
2288 tty = get_current_tty();
2289 if (tty) {
2290 spin_lock(&tty_files_lock);
2291 if (!list_empty(&tty->tty_files)) {
2292 struct tty_file_private *file_priv;
2293
2294
2295
2296
2297
2298
2299 file_priv = list_first_entry(&tty->tty_files,
2300 struct tty_file_private, list);
2301 file = file_priv->file;
2302 if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))
2303 drop_tty = 1;
2304 }
2305 spin_unlock(&tty_files_lock);
2306 tty_kref_put(tty);
2307 }
2308
2309 if (drop_tty)
2310 no_tty();
2311
2312
2313 n = iterate_fd(files, 0, match_file, cred);
2314 if (!n)
2315 return;
2316
2317 devnull = dentry_open(&selinux_null, O_RDWR, cred);
2318 if (IS_ERR(devnull))
2319 devnull = NULL;
2320
2321 do {
2322 replace_fd(n - 1, devnull, 0);
2323 } while ((n = iterate_fd(files, n, match_file, cred)) != 0);
2324 if (devnull)
2325 fput(devnull);
2326}
2327
2328
2329
2330
2331static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2332{
2333 struct task_security_struct *new_tsec;
2334 struct rlimit *rlim, *initrlim;
2335 int rc, i;
2336
2337 new_tsec = bprm->cred->security;
2338 if (new_tsec->sid == new_tsec->osid)
2339 return;
2340
2341
2342 flush_unauthorized_files(bprm->cred, current->files);
2343
2344
2345 current->pdeath_signal = 0;
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2358 PROCESS__RLIMITINH, NULL);
2359 if (rc) {
2360
2361 task_lock(current);
2362 for (i = 0; i < RLIM_NLIMITS; i++) {
2363 rlim = current->signal->rlim + i;
2364 initrlim = init_task.signal->rlim + i;
2365 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2366 }
2367 task_unlock(current);
2368 update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
2369 }
2370}
2371
2372
2373
2374
2375
2376static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2377{
2378 const struct task_security_struct *tsec = current_security();
2379 struct itimerval itimer;
2380 u32 osid, sid;
2381 int rc, i;
2382
2383 osid = tsec->osid;
2384 sid = tsec->sid;
2385
2386 if (sid == osid)
2387 return;
2388
2389
2390
2391
2392
2393
2394
2395
2396 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2397 if (rc) {
2398 memset(&itimer, 0, sizeof itimer);
2399 for (i = 0; i < 3; i++)
2400 do_setitimer(i, &itimer, NULL);
2401 spin_lock_irq(¤t->sighand->siglock);
2402 if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) {
2403 __flush_signals(current);
2404 flush_signal_handlers(current, 1);
2405 sigemptyset(¤t->blocked);
2406 }
2407 spin_unlock_irq(¤t->sighand->siglock);
2408 }
2409
2410
2411
2412 read_lock(&tasklist_lock);
2413 __wake_up_parent(current, current->real_parent);
2414 read_unlock(&tasklist_lock);
2415}
2416
2417
2418
2419static int selinux_sb_alloc_security(struct super_block *sb)
2420{
2421 return superblock_alloc_security(sb);
2422}
2423
2424static void selinux_sb_free_security(struct super_block *sb)
2425{
2426 superblock_free_security(sb);
2427}
2428
2429static inline int match_prefix(char *prefix, int plen, char *option, int olen)
2430{
2431 if (plen > olen)
2432 return 0;
2433
2434 return !memcmp(prefix, option, plen);
2435}
2436
2437static inline int selinux_option(char *option, int len)
2438{
2439 return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) ||
2440 match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) ||
2441 match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) ||
2442 match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) ||
2443 match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len));
2444}
2445
2446static inline void take_option(char **to, char *from, int *first, int len)
2447{
2448 if (!*first) {
2449 **to = ',';
2450 *to += 1;
2451 } else
2452 *first = 0;
2453 memcpy(*to, from, len);
2454 *to += len;
2455}
2456
2457static inline void take_selinux_option(char **to, char *from, int *first,
2458 int len)
2459{
2460 int current_size = 0;
2461
2462 if (!*first) {
2463 **to = '|';
2464 *to += 1;
2465 } else
2466 *first = 0;
2467
2468 while (current_size < len) {
2469 if (*from != '"') {
2470 **to = *from;
2471 *to += 1;
2472 }
2473 from += 1;
2474 current_size += 1;
2475 }
2476}
2477
2478static int selinux_sb_copy_data(char *orig, char *copy)
2479{
2480 int fnosec, fsec, rc = 0;
2481 char *in_save, *in_curr, *in_end;
2482 char *sec_curr, *nosec_save, *nosec;
2483 int open_quote = 0;
2484
2485 in_curr = orig;
2486 sec_curr = copy;
2487
2488 nosec = (char *)get_zeroed_page(GFP_KERNEL);
2489 if (!nosec) {
2490 rc = -ENOMEM;
2491 goto out;
2492 }
2493
2494 nosec_save = nosec;
2495 fnosec = fsec = 1;
2496 in_save = in_end = orig;
2497
2498 do {
2499 if (*in_end == '"')
2500 open_quote = !open_quote;
2501 if ((*in_end == ',' && open_quote == 0) ||
2502 *in_end == '\0') {
2503 int len = in_end - in_curr;
2504
2505 if (selinux_option(in_curr, len))
2506 take_selinux_option(&sec_curr, in_curr, &fsec, len);
2507 else
2508 take_option(&nosec, in_curr, &fnosec, len);
2509
2510 in_curr = in_end + 1;
2511 }
2512 } while (*in_end++);
2513
2514 strcpy(in_save, nosec_save);
2515 free_page((unsigned long)nosec_save);
2516out:
2517 return rc;
2518}
2519
2520static int selinux_sb_remount(struct super_block *sb, void *data)
2521{
2522 int rc, i, *flags;
2523 struct security_mnt_opts opts;
2524 char *secdata, **mount_options;
2525 struct superblock_security_struct *sbsec = sb->s_security;
2526
2527 if (!(sbsec->flags & SE_SBINITIALIZED))
2528 return 0;
2529
2530 if (!data)
2531 return 0;
2532
2533 if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
2534 return 0;
2535
2536 security_init_mnt_opts(&opts);
2537 secdata = alloc_secdata();
2538 if (!secdata)
2539 return -ENOMEM;
2540 rc = selinux_sb_copy_data(data, secdata);
2541 if (rc)
2542 goto out_free_secdata;
2543
2544 rc = selinux_parse_opts_str(secdata, &opts);
2545 if (rc)
2546 goto out_free_secdata;
2547
2548 mount_options = opts.mnt_opts;
2549 flags = opts.mnt_opts_flags;
2550
2551 for (i = 0; i < opts.num_mnt_opts; i++) {
2552 u32 sid;
2553 size_t len;
2554
2555 if (flags[i] == SBLABEL_MNT)
2556 continue;
2557 len = strlen(mount_options[i]);
2558 rc = security_context_to_sid(mount_options[i], len, &sid,
2559 GFP_KERNEL);
2560 if (rc) {
2561 printk(KERN_WARNING "SELinux: security_context_to_sid"
2562 "(%s) failed for (dev %s, type %s) errno=%d\n",
2563 mount_options[i], sb->s_id, sb->s_type->name, rc);
2564 goto out_free_opts;
2565 }
2566 rc = -EINVAL;
2567 switch (flags[i]) {
2568 case FSCONTEXT_MNT:
2569 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
2570 goto out_bad_option;
2571 break;
2572 case CONTEXT_MNT:
2573 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
2574 goto out_bad_option;
2575 break;
2576 case ROOTCONTEXT_MNT: {
2577 struct inode_security_struct *root_isec;
2578 root_isec = sb->s_root->d_inode->i_security;
2579
2580 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
2581 goto out_bad_option;
2582 break;
2583 }
2584 case DEFCONTEXT_MNT:
2585 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
2586 goto out_bad_option;
2587 break;
2588 default:
2589 goto out_free_opts;
2590 }
2591 }
2592
2593 rc = 0;
2594out_free_opts:
2595 security_free_mnt_opts(&opts);
2596out_free_secdata:
2597 free_secdata(secdata);
2598 return rc;
2599out_bad_option:
2600 printk(KERN_WARNING "SELinux: unable to change security options "
2601 "during remount (dev %s, type=%s)\n", sb->s_id,
2602 sb->s_type->name);
2603 goto out_free_opts;
2604}
2605
2606static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2607{
2608 const struct cred *cred = current_cred();
2609 struct common_audit_data ad;
2610 int rc;
2611
2612 rc = superblock_doinit(sb, data);
2613 if (rc)
2614 return rc;
2615
2616
2617 if (flags & MS_KERNMOUNT)
2618 return 0;
2619
2620 ad.type = LSM_AUDIT_DATA_DENTRY;
2621 ad.u.dentry = sb->s_root;
2622 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2623}
2624
2625static int selinux_sb_statfs(struct dentry *dentry)
2626{
2627 const struct cred *cred = current_cred();
2628 struct common_audit_data ad;
2629
2630 ad.type = LSM_AUDIT_DATA_DENTRY;
2631 ad.u.dentry = dentry->d_sb->s_root;
2632 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2633}
2634
2635static int selinux_mount(const char *dev_name,
2636 struct path *path,
2637 const char *type,
2638 unsigned long flags,
2639 void *data)
2640{
2641 const struct cred *cred = current_cred();
2642
2643 if (flags & MS_REMOUNT)
2644 return superblock_has_perm(cred, path->dentry->d_sb,
2645 FILESYSTEM__REMOUNT, NULL);
2646 else
2647 return path_has_perm(cred, path, FILE__MOUNTON);
2648}
2649
2650static int selinux_umount(struct vfsmount *mnt, int flags)
2651{
2652 const struct cred *cred = current_cred();
2653
2654 return superblock_has_perm(cred, mnt->mnt_sb,
2655 FILESYSTEM__UNMOUNT, NULL);
2656}
2657
2658
2659
2660static int selinux_inode_alloc_security(struct inode *inode)
2661{
2662 return inode_alloc_security(inode);
2663}
2664
2665static void selinux_inode_free_security(struct inode *inode)
2666{
2667 inode_free_security(inode);
2668}
2669
2670static int selinux_dentry_init_security(struct dentry *dentry, int mode,
2671 struct qstr *name, void **ctx,
2672 u32 *ctxlen)
2673{
2674 const struct cred *cred = current_cred();
2675 struct task_security_struct *tsec;
2676 struct inode_security_struct *dsec;
2677 struct superblock_security_struct *sbsec;
2678 struct inode *dir = dentry->d_parent->d_inode;
2679 u32 newsid;
2680 int rc;
2681
2682 tsec = cred->security;
2683 dsec = dir->i_security;
2684 sbsec = dir->i_sb->s_security;
2685
2686 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
2687 newsid = tsec->create_sid;
2688 } else {
2689 rc = security_transition_sid(tsec->sid, dsec->sid,
2690 inode_mode_to_security_class(mode),
2691 name,
2692 &newsid);
2693 if (rc) {
2694 printk(KERN_WARNING
2695 "%s: security_transition_sid failed, rc=%d\n",
2696 __func__, -rc);
2697 return rc;
2698 }
2699 }
2700
2701 return security_sid_to_context(newsid, (char **)ctx, ctxlen);
2702}
2703
2704static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2705 const struct qstr *qstr,
2706 const char **name,
2707 void **value, size_t *len)
2708{
2709 const struct task_security_struct *tsec = current_security();
2710 struct inode_security_struct *dsec;
2711 struct superblock_security_struct *sbsec;
2712 u32 sid, newsid, clen;
2713 int rc;
2714 char *context;
2715
2716 dsec = dir->i_security;
2717 sbsec = dir->i_sb->s_security;
2718
2719 sid = tsec->sid;
2720 newsid = tsec->create_sid;
2721
2722 if ((sbsec->flags & SE_SBINITIALIZED) &&
2723 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT))
2724 newsid = sbsec->mntpoint_sid;
2725 else if (!newsid || !(sbsec->flags & SBLABEL_MNT)) {
2726 rc = security_transition_sid(sid, dsec->sid,
2727 inode_mode_to_security_class(inode->i_mode),
2728 qstr, &newsid);
2729 if (rc) {
2730 printk(KERN_WARNING "%s: "
2731 "security_transition_sid failed, rc=%d (dev=%s "
2732 "ino=%ld)\n",
2733 __func__,
2734 -rc, inode->i_sb->s_id, inode->i_ino);
2735 return rc;
2736 }
2737 }
2738
2739
2740 if (sbsec->flags & SE_SBINITIALIZED) {
2741 struct inode_security_struct *isec = inode->i_security;
2742 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2743 isec->sid = newsid;
2744 isec->initialized = 1;
2745 }
2746
2747 if (!ss_initialized || !(sbsec->flags & SBLABEL_MNT))
2748 return -EOPNOTSUPP;
2749
2750 if (name)
2751 *name = XATTR_SELINUX_SUFFIX;
2752
2753 if (value && len) {
2754 rc = security_sid_to_context_force(newsid, &context, &clen);
2755 if (rc)
2756 return rc;
2757 *value = context;
2758 *len = clen;
2759 }
2760
2761 return 0;
2762}
2763
2764static int selinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
2765{
2766 return may_create(dir, dentry, SECCLASS_FILE);
2767}
2768
2769static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2770{
2771 return may_link(dir, old_dentry, MAY_LINK);
2772}
2773
2774static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2775{
2776 return may_link(dir, dentry, MAY_UNLINK);
2777}
2778
2779static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2780{
2781 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2782}
2783
2784static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask)
2785{
2786 return may_create(dir, dentry, SECCLASS_DIR);
2787}
2788
2789static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2790{
2791 return may_link(dir, dentry, MAY_RMDIR);
2792}
2793
2794static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
2795{
2796 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2797}
2798
2799static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2800 struct inode *new_inode, struct dentry *new_dentry)
2801{
2802 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2803}
2804
2805static int selinux_inode_readlink(struct dentry *dentry)
2806{
2807 const struct cred *cred = current_cred();
2808
2809 return dentry_has_perm(cred, dentry, FILE__READ);
2810}
2811
2812static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
2813{
2814 const struct cred *cred = current_cred();
2815
2816 return dentry_has_perm(cred, dentry, FILE__READ);
2817}
2818
2819static noinline int audit_inode_permission(struct inode *inode,
2820 u32 perms, u32 audited, u32 denied,
2821 int result,
2822 unsigned flags)
2823{
2824 struct common_audit_data ad;
2825 struct inode_security_struct *isec = inode->i_security;
2826 int rc;
2827
2828 ad.type = LSM_AUDIT_DATA_INODE;
2829 ad.u.inode = inode;
2830
2831 rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms,
2832 audited, denied, result, &ad, flags);
2833 if (rc)
2834 return rc;
2835 return 0;
2836}
2837
2838static int selinux_inode_permission(struct inode *inode, int mask)
2839{
2840 const struct cred *cred = current_cred();
2841 u32 perms;
2842 bool from_access;
2843 unsigned flags = mask & MAY_NOT_BLOCK;
2844 struct inode_security_struct *isec;
2845 u32 sid;
2846 struct av_decision avd;
2847 int rc, rc2;
2848 u32 audited, denied;
2849
2850 from_access = mask & MAY_ACCESS;
2851 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
2852
2853
2854 if (!mask)
2855 return 0;
2856
2857 validate_creds(cred);
2858
2859 if (unlikely(IS_PRIVATE(inode)))
2860 return 0;
2861
2862 perms = file_mask_to_av(inode->i_mode, mask);
2863
2864 sid = cred_sid(cred);
2865 isec = inode->i_security;
2866
2867 rc = avc_has_perm_noaudit(sid, isec->sid, isec->sclass, perms, 0, &avd);
2868 audited = avc_audit_required(perms, &avd, rc,
2869 from_access ? FILE__AUDIT_ACCESS : 0,
2870 &denied);
2871 if (likely(!audited))
2872 return rc;
2873
2874 rc2 = audit_inode_permission(inode, perms, audited, denied, rc, flags);
2875 if (rc2)
2876 return rc2;
2877 return rc;
2878}
2879
2880static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2881{
2882 const struct cred *cred = current_cred();
2883 unsigned int ia_valid = iattr->ia_valid;
2884 __u32 av = FILE__WRITE;
2885
2886
2887 if (ia_valid & ATTR_FORCE) {
2888 ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE |
2889 ATTR_FORCE);
2890 if (!ia_valid)
2891 return 0;
2892 }
2893
2894 if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
2895 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
2896 return dentry_has_perm(cred, dentry, FILE__SETATTR);
2897
2898 if (selinux_policycap_openperm && (ia_valid & ATTR_SIZE))
2899 av |= FILE__OPEN;
2900
2901 return dentry_has_perm(cred, dentry, av);
2902}
2903
2904static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
2905{
2906 const struct cred *cred = current_cred();
2907 struct path path;
2908
2909 path.dentry = dentry;
2910 path.mnt = mnt;
2911
2912 return path_has_perm(cred, &path, FILE__GETATTR);
2913}
2914
2915static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
2916{
2917 const struct cred *cred = current_cred();
2918
2919 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2920 sizeof XATTR_SECURITY_PREFIX - 1)) {
2921 if (!strcmp(name, XATTR_NAME_CAPS)) {
2922 if (!capable(CAP_SETFCAP))
2923 return -EPERM;
2924 } else if (!capable(CAP_SYS_ADMIN)) {
2925
2926
2927 return -EPERM;
2928 }
2929 }
2930
2931
2932
2933 return dentry_has_perm(cred, dentry, FILE__SETATTR);
2934}
2935
2936static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2937 const void *value, size_t size, int flags)
2938{
2939 struct inode *inode = dentry->d_inode;
2940 struct inode_security_struct *isec = inode->i_security;
2941 struct superblock_security_struct *sbsec;
2942 struct common_audit_data ad;
2943 u32 newsid, sid = current_sid();
2944 int rc = 0;
2945
2946 if (strcmp(name, XATTR_NAME_SELINUX))
2947 return selinux_inode_setotherxattr(dentry, name);
2948
2949 sbsec = inode->i_sb->s_security;
2950 if (!(sbsec->flags & SBLABEL_MNT))
2951 return -EOPNOTSUPP;
2952
2953 if (!inode_owner_or_capable(inode))
2954 return -EPERM;
2955
2956 ad.type = LSM_AUDIT_DATA_DENTRY;
2957 ad.u.dentry = dentry;
2958
2959 rc = avc_has_perm(sid, isec->sid, isec->sclass,
2960 FILE__RELABELFROM, &ad);
2961 if (rc)
2962 return rc;
2963
2964 rc = security_context_to_sid(value, size, &newsid, GFP_KERNEL);
2965 if (rc == -EINVAL) {
2966 if (!capable(CAP_MAC_ADMIN)) {
2967 struct audit_buffer *ab;
2968 size_t audit_size;
2969 const char *str;
2970
2971
2972
2973 if (value) {
2974 str = value;
2975 if (str[size - 1] == '\0')
2976 audit_size = size - 1;
2977 else
2978 audit_size = size;
2979 } else {
2980 str = "";
2981 audit_size = 0;
2982 }
2983 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
2984 audit_log_format(ab, "op=setxattr invalid_context=");
2985 audit_log_n_untrustedstring(ab, value, audit_size);
2986 audit_log_end(ab);
2987
2988 return rc;
2989 }
2990 rc = security_context_to_sid_force(value, size, &newsid);
2991 }
2992 if (rc)
2993 return rc;
2994
2995 rc = avc_has_perm(sid, newsid, isec->sclass,
2996 FILE__RELABELTO, &ad);
2997 if (rc)
2998 return rc;
2999
3000 rc = security_validate_transition(isec->sid, newsid, sid,
3001 isec->sclass);
3002 if (rc)
3003 return rc;
3004
3005 return avc_has_perm(newsid,
3006 sbsec->sid,
3007 SECCLASS_FILESYSTEM,
3008 FILESYSTEM__ASSOCIATE,
3009 &ad);
3010}
3011
3012static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
3013 const void *value, size_t size,
3014 int flags)
3015{
3016 struct inode *inode = dentry->d_inode;
3017 struct inode_security_struct *isec = inode->i_security;
3018 u32 newsid;
3019 int rc;
3020
3021 if (strcmp(name, XATTR_NAME_SELINUX)) {
3022
3023 return;
3024 }
3025
3026 rc = security_context_to_sid_force(value, size, &newsid);
3027 if (rc) {
3028 printk(KERN_ERR "SELinux: unable to map context to SID"
3029 "for (%s, %lu), rc=%d\n",
3030 inode->i_sb->s_id, inode->i_ino, -rc);
3031 return;
3032 }
3033
3034 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3035 isec->sid = newsid;
3036 isec->initialized = 1;
3037
3038 return;
3039}
3040
3041static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
3042{
3043 const struct cred *cred = current_cred();
3044
3045 return dentry_has_perm(cred, dentry, FILE__GETATTR);
3046}
3047
3048static int selinux_inode_listxattr(struct dentry *dentry)
3049{
3050 const struct cred *cred = current_cred();
3051
3052 return dentry_has_perm(cred, dentry, FILE__GETATTR);
3053}
3054
3055static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
3056{
3057 if (strcmp(name, XATTR_NAME_SELINUX))
3058 return selinux_inode_setotherxattr(dentry, name);
3059
3060
3061
3062 return -EACCES;
3063}
3064
3065
3066
3067
3068
3069
3070static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
3071{
3072 u32 size;
3073 int error;
3074 char *context = NULL;
3075 struct inode_security_struct *isec = inode->i_security;
3076
3077 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3078 return -EOPNOTSUPP;
3079
3080
3081
3082
3083
3084
3085
3086
3087
3088
3089 error = selinux_capable(current_cred(), &init_user_ns, CAP_MAC_ADMIN,
3090 SECURITY_CAP_NOAUDIT);
3091 if (!error)
3092 error = security_sid_to_context_force(isec->sid, &context,
3093 &size);
3094 else
3095 error = security_sid_to_context(isec->sid, &context, &size);
3096 if (error)
3097 return error;
3098 error = size;
3099 if (alloc) {
3100 *buffer = context;
3101 goto out_nofree;
3102 }
3103 kfree(context);
3104out_nofree:
3105 return error;
3106}
3107
3108static int selinux_inode_setsecurity(struct inode *inode, const char *name,
3109 const void *value, size_t size, int flags)
3110{
3111 struct inode_security_struct *isec = inode->i_security;
3112 u32 newsid;
3113 int rc;
3114
3115 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3116 return -EOPNOTSUPP;
3117
3118 if (!value || !size)
3119 return -EACCES;
3120
3121 rc = security_context_to_sid((void *)value, size, &newsid, GFP_KERNEL);
3122 if (rc)
3123 return rc;
3124
3125 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3126 isec->sid = newsid;
3127 isec->initialized = 1;
3128 return 0;
3129}
3130
3131static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
3132{
3133 const int len = sizeof(XATTR_NAME_SELINUX);
3134 if (buffer && len <= buffer_size)
3135 memcpy(buffer, XATTR_NAME_SELINUX, len);
3136 return len;
3137}
3138
3139static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
3140{
3141 struct inode_security_struct *isec = inode->i_security;
3142 *secid = isec->sid;
3143}
3144
3145
3146
3147static int selinux_revalidate_file_permission(struct file *file, int mask)
3148{
3149 const struct cred *cred = current_cred();
3150 struct inode *inode = file_inode(file);
3151
3152
3153 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
3154 mask |= MAY_APPEND;
3155
3156 return file_has_perm(cred, file,
3157 file_mask_to_av(inode->i_mode, mask));
3158}
3159
3160static int selinux_file_permission(struct file *file, int mask)
3161{
3162 struct inode *inode = file_inode(file);
3163 struct file_security_struct *fsec = file->f_security;
3164 struct inode_security_struct *isec = inode->i_security;
3165 u32 sid = current_sid();
3166
3167 if (!mask)
3168
3169 return 0;
3170
3171 if (sid == fsec->sid && fsec->isid == isec->sid &&
3172 fsec->pseqno == avc_policy_seqno())
3173
3174 return 0;
3175
3176 return selinux_revalidate_file_permission(file, mask);
3177}
3178
3179static int selinux_file_alloc_security(struct file *file)
3180{
3181 return file_alloc_security(file);
3182}
3183
3184static void selinux_file_free_security(struct file *file)
3185{
3186 file_free_security(file);
3187}
3188
3189static int selinux_file_ioctl(struct file *file, unsigned int cmd,
3190 unsigned long arg)
3191{
3192 const struct cred *cred = current_cred();
3193 int error = 0;
3194
3195 switch (cmd) {
3196 case FIONREAD:
3197
3198 case FIBMAP:
3199
3200 case FIGETBSZ:
3201
3202 case FS_IOC_GETFLAGS:
3203
3204 case FS_IOC_GETVERSION:
3205 error = file_has_perm(cred, file, FILE__GETATTR);
3206 break;
3207
3208 case FS_IOC_SETFLAGS:
3209
3210 case FS_IOC_SETVERSION:
3211 error = file_has_perm(cred, file, FILE__SETATTR);
3212 break;
3213
3214
3215 case FIONBIO:
3216
3217 case FIOASYNC:
3218 error = file_has_perm(cred, file, 0);
3219 break;
3220
3221 case KDSKBENT:
3222 case KDSKBSENT:
3223 error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG,
3224 SECURITY_CAP_AUDIT);
3225 break;
3226
3227
3228
3229
3230 default:
3231 error = file_has_perm(cred, file, FILE__IOCTL);
3232 }
3233 return error;
3234}
3235
3236static int default_noexec;
3237
3238static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
3239{
3240 const struct cred *cred = current_cred();
3241 int rc = 0;
3242
3243 if (default_noexec &&
3244 (prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
3245
3246
3247
3248
3249
3250 rc = cred_has_perm(cred, cred, PROCESS__EXECMEM);
3251 if (rc)
3252 goto error;
3253 }
3254
3255 if (file) {
3256
3257 u32 av = FILE__READ;
3258
3259
3260 if (shared && (prot & PROT_WRITE))
3261 av |= FILE__WRITE;
3262
3263 if (prot & PROT_EXEC)
3264 av |= FILE__EXECUTE;
3265
3266 return file_has_perm(cred, file, av);
3267 }
3268
3269error:
3270 return rc;
3271}
3272
3273static int selinux_mmap_addr(unsigned long addr)
3274{
3275 int rc;
3276
3277
3278 rc = cap_mmap_addr(addr);
3279 if (rc)
3280 return rc;
3281
3282 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
3283 u32 sid = current_sid();
3284 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
3285 MEMPROTECT__MMAP_ZERO, NULL);
3286 }
3287
3288 return rc;
3289}
3290
3291static int selinux_mmap_file(struct file *file, unsigned long reqprot,
3292 unsigned long prot, unsigned long flags)
3293{
3294 if (selinux_checkreqprot)
3295 prot = reqprot;
3296
3297 return file_map_prot_check(file, prot,
3298 (flags & MAP_TYPE) == MAP_SHARED);
3299}
3300
3301static int selinux_file_mprotect(struct vm_area_struct *vma,
3302 unsigned long reqprot,
3303 unsigned long prot)
3304{
3305 const struct cred *cred = current_cred();
3306
3307 if (selinux_checkreqprot)
3308 prot = reqprot;
3309
3310 if (default_noexec &&
3311 (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3312 int rc = 0;
3313 if (vma->vm_start >= vma->vm_mm->start_brk &&
3314 vma->vm_end <= vma->vm_mm->brk) {
3315 rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP);
3316 } else if (!vma->vm_file &&
3317 vma->vm_start <= vma->vm_mm->start_stack &&
3318 vma->vm_end >= vma->vm_mm->start_stack) {
3319 rc = current_has_perm(current, PROCESS__EXECSTACK);
3320 } else if (vma->vm_file && vma->anon_vma) {
3321
3322
3323
3324
3325
3326
3327
3328 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3329 }
3330 if (rc)
3331 return rc;
3332 }
3333
3334 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3335}
3336
3337static int selinux_file_lock(struct file *file, unsigned int cmd)
3338{
3339 const struct cred *cred = current_cred();
3340
3341 return file_has_perm(cred, file, FILE__LOCK);
3342}
3343
3344static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3345 unsigned long arg)
3346{
3347 const struct cred *cred = current_cred();
3348 int err = 0;
3349
3350 switch (cmd) {
3351 case F_SETFL:
3352 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3353 err = file_has_perm(cred, file, FILE__WRITE);
3354 break;
3355 }
3356
3357 case F_SETOWN:
3358 case F_SETSIG:
3359 case F_GETFL:
3360 case F_GETOWN:
3361 case F_GETSIG:
3362 case F_GETOWNER_UIDS:
3363
3364 err = file_has_perm(cred, file, 0);
3365 break;
3366 case F_GETLK:
3367 case F_SETLK:
3368 case F_SETLKW:
3369 case F_OFD_GETLK:
3370 case F_OFD_SETLK:
3371 case F_OFD_SETLKW:
3372#if BITS_PER_LONG == 32
3373 case F_GETLK64:
3374 case F_SETLK64:
3375 case F_SETLKW64:
3376#endif
3377 err = file_has_perm(cred, file, FILE__LOCK);
3378 break;
3379 }
3380
3381 return err;
3382}
3383
3384static void selinux_file_set_fowner(struct file *file)
3385{
3386 struct file_security_struct *fsec;
3387
3388 fsec = file->f_security;
3389 fsec->fown_sid = current_sid();
3390}
3391
3392static int selinux_file_send_sigiotask(struct task_struct *tsk,
3393 struct fown_struct *fown, int signum)
3394{
3395 struct file *file;
3396 u32 sid = task_sid(tsk);
3397 u32 perm;
3398 struct file_security_struct *fsec;
3399
3400
3401 file = container_of(fown, struct file, f_owner);
3402
3403 fsec = file->f_security;
3404
3405 if (!signum)
3406 perm = signal_to_av(SIGIO);
3407 else
3408 perm = signal_to_av(signum);
3409
3410 return avc_has_perm(fsec->fown_sid, sid,
3411 SECCLASS_PROCESS, perm, NULL);
3412}
3413
3414static int selinux_file_receive(struct file *file)
3415{
3416 const struct cred *cred = current_cred();
3417
3418 return file_has_perm(cred, file, file_to_av(file));
3419}
3420
3421static int selinux_file_open(struct file *file, const struct cred *cred)
3422{
3423 struct file_security_struct *fsec;
3424 struct inode_security_struct *isec;
3425
3426 fsec = file->f_security;
3427 isec = file_inode(file)->i_security;
3428
3429
3430
3431
3432
3433
3434
3435 fsec->isid = isec->sid;
3436 fsec->pseqno = avc_policy_seqno();
3437
3438
3439
3440
3441
3442
3443
3444
3445 return file_path_has_perm(cred, file, open_file_to_av(file));
3446}
3447
3448
3449
3450static int selinux_task_create(unsigned long clone_flags)
3451{
3452 return current_has_perm(current, PROCESS__FORK);
3453}
3454
3455
3456
3457
3458static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp)
3459{
3460 struct task_security_struct *tsec;
3461
3462 tsec = kzalloc(sizeof(struct task_security_struct), gfp);
3463 if (!tsec)
3464 return -ENOMEM;
3465
3466 cred->security = tsec;
3467 return 0;
3468}
3469
3470
3471
3472
3473static void selinux_cred_free(struct cred *cred)
3474{
3475 struct task_security_struct *tsec = cred->security;
3476
3477
3478
3479
3480
3481 BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE);
3482 cred->security = (void *) 0x7UL;
3483 kfree(tsec);
3484}
3485
3486
3487
3488
3489static int selinux_cred_prepare(struct cred *new, const struct cred *old,
3490 gfp_t gfp)
3491{
3492 const struct task_security_struct *old_tsec;
3493 struct task_security_struct *tsec;
3494
3495 old_tsec = old->security;
3496
3497 tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp);
3498 if (!tsec)
3499 return -ENOMEM;
3500
3501 new->security = tsec;
3502 return 0;
3503}
3504
3505
3506
3507
3508static void selinux_cred_transfer(struct cred *new, const struct cred *old)
3509{
3510 const struct task_security_struct *old_tsec = old->security;
3511 struct task_security_struct *tsec = new->security;
3512
3513 *tsec = *old_tsec;
3514}
3515
3516
3517
3518
3519
3520static int selinux_kernel_act_as(struct cred *new, u32 secid)
3521{
3522 struct task_security_struct *tsec = new->security;
3523 u32 sid = current_sid();
3524 int ret;
3525
3526 ret = avc_has_perm(sid, secid,
3527 SECCLASS_KERNEL_SERVICE,
3528 KERNEL_SERVICE__USE_AS_OVERRIDE,
3529 NULL);
3530 if (ret == 0) {
3531 tsec->sid = secid;
3532 tsec->create_sid = 0;
3533 tsec->keycreate_sid = 0;
3534 tsec->sockcreate_sid = 0;
3535 }
3536 return ret;
3537}
3538
3539
3540
3541
3542
3543static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3544{
3545 struct inode_security_struct *isec = inode->i_security;
3546 struct task_security_struct *tsec = new->security;
3547 u32 sid = current_sid();
3548 int ret;
3549
3550 ret = avc_has_perm(sid, isec->sid,
3551 SECCLASS_KERNEL_SERVICE,
3552 KERNEL_SERVICE__CREATE_FILES_AS,
3553 NULL);
3554
3555 if (ret == 0)
3556 tsec->create_sid = isec->sid;
3557 return ret;
3558}
3559
3560static int selinux_kernel_module_request(char *kmod_name)
3561{
3562 u32 sid;
3563 struct common_audit_data ad;
3564
3565 sid = task_sid(current);
3566
3567 ad.type = LSM_AUDIT_DATA_KMOD;
3568 ad.u.kmod_name = kmod_name;
3569
3570 return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM,
3571 SYSTEM__MODULE_REQUEST, &ad);
3572}
3573
3574static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
3575{
3576 return current_has_perm(p, PROCESS__SETPGID);
3577}
3578
3579static int selinux_task_getpgid(struct task_struct *p)
3580{
3581 return current_has_perm(p, PROCESS__GETPGID);
3582}
3583
3584static int selinux_task_getsid(struct task_struct *p)
3585{
3586 return current_has_perm(p, PROCESS__GETSESSION);
3587}
3588
3589static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
3590{
3591 *secid = task_sid(p);
3592}
3593
3594static int selinux_task_setnice(struct task_struct *p, int nice)
3595{
3596 int rc;
3597
3598 rc = cap_task_setnice(p, nice);
3599 if (rc)
3600 return rc;
3601
3602 return current_has_perm(p, PROCESS__SETSCHED);
3603}
3604
3605static int selinux_task_setioprio(struct task_struct *p, int ioprio)
3606{
3607 int rc;
3608
3609 rc = cap_task_setioprio(p, ioprio);
3610 if (rc)
3611 return rc;
3612
3613 return current_has_perm(p, PROCESS__SETSCHED);
3614}
3615
3616static int selinux_task_getioprio(struct task_struct *p)
3617{
3618 return current_has_perm(p, PROCESS__GETSCHED);
3619}
3620
3621static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
3622 struct rlimit *new_rlim)
3623{
3624 struct rlimit *old_rlim = p->signal->rlim + resource;
3625
3626
3627
3628
3629
3630 if (old_rlim->rlim_max != new_rlim->rlim_max)
3631 return current_has_perm(p, PROCESS__SETRLIMIT);
3632
3633 return 0;
3634}
3635
3636static int selinux_task_setscheduler(struct task_struct *p)
3637{
3638 int rc;
3639
3640 rc = cap_task_setscheduler(p);
3641 if (rc)
3642 return rc;
3643
3644 return current_has_perm(p, PROCESS__SETSCHED);
3645}
3646
3647static int selinux_task_getscheduler(struct task_struct *p)
3648{
3649 return current_has_perm(p, PROCESS__GETSCHED);
3650}
3651
3652static int selinux_task_movememory(struct task_struct *p)
3653{
3654 return current_has_perm(p, PROCESS__SETSCHED);
3655}
3656
3657static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
3658 int sig, u32 secid)
3659{
3660 u32 perm;
3661 int rc;
3662
3663 if (!sig)
3664 perm = PROCESS__SIGNULL;
3665 else
3666 perm = signal_to_av(sig);
3667 if (secid)
3668 rc = avc_has_perm(secid, task_sid(p),
3669 SECCLASS_PROCESS, perm, NULL);
3670 else
3671 rc = current_has_perm(p, perm);
3672 return rc;
3673}
3674
3675static int selinux_task_wait(struct task_struct *p)
3676{
3677 return task_has_perm(p, current, PROCESS__SIGCHLD);
3678}
3679
3680static void selinux_task_to_inode(struct task_struct *p,
3681 struct inode *inode)
3682{
3683 struct inode_security_struct *isec = inode->i_security;
3684 u32 sid = task_sid(p);
3685
3686 isec->sid = sid;
3687 isec->initialized = 1;
3688}
3689
3690
3691static int selinux_parse_skb_ipv4(struct sk_buff *skb,
3692 struct common_audit_data *ad, u8 *proto)
3693{
3694 int offset, ihlen, ret = -EINVAL;
3695 struct iphdr _iph, *ih;
3696
3697 offset = skb_network_offset(skb);
3698 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
3699 if (ih == NULL)
3700 goto out;
3701
3702 ihlen = ih->ihl * 4;
3703 if (ihlen < sizeof(_iph))
3704 goto out;
3705
3706 ad->u.net->v4info.saddr = ih->saddr;
3707 ad->u.net->v4info.daddr = ih->daddr;
3708 ret = 0;
3709
3710 if (proto)
3711 *proto = ih->protocol;
3712
3713 switch (ih->protocol) {
3714 case IPPROTO_TCP: {
3715 struct tcphdr _tcph, *th;
3716
3717 if (ntohs(ih->frag_off) & IP_OFFSET)
3718 break;
3719
3720 offset += ihlen;
3721 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3722 if (th == NULL)
3723 break;
3724
3725 ad->u.net->sport = th->source;
3726 ad->u.net->dport = th->dest;
3727 break;
3728 }
3729
3730 case IPPROTO_UDP: {
3731 struct udphdr _udph, *uh;
3732
3733 if (ntohs(ih->frag_off) & IP_OFFSET)
3734 break;
3735
3736 offset += ihlen;
3737 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3738 if (uh == NULL)
3739 break;
3740
3741 ad->u.net->sport = uh->source;
3742 ad->u.net->dport = uh->dest;
3743 break;
3744 }
3745
3746 case IPPROTO_DCCP: {
3747 struct dccp_hdr _dccph, *dh;
3748
3749 if (ntohs(ih->frag_off) & IP_OFFSET)
3750 break;
3751
3752 offset += ihlen;
3753 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3754 if (dh == NULL)
3755 break;
3756
3757 ad->u.net->sport = dh->dccph_sport;
3758 ad->u.net->dport = dh->dccph_dport;
3759 break;
3760 }
3761
3762 default:
3763 break;
3764 }
3765out:
3766 return ret;
3767}
3768
3769#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3770
3771
3772static int selinux_parse_skb_ipv6(struct sk_buff *skb,
3773 struct common_audit_data *ad, u8 *proto)
3774{
3775 u8 nexthdr;
3776 int ret = -EINVAL, offset;
3777 struct ipv6hdr _ipv6h, *ip6;
3778 __be16 frag_off;
3779
3780 offset = skb_network_offset(skb);
3781 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3782 if (ip6 == NULL)
3783 goto out;
3784
3785 ad->u.net->v6info.saddr = ip6->saddr;
3786 ad->u.net->v6info.daddr = ip6->daddr;
3787 ret = 0;
3788
3789 nexthdr = ip6->nexthdr;
3790 offset += sizeof(_ipv6h);
3791 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3792 if (offset < 0)
3793 goto out;
3794
3795 if (proto)
3796 *proto = nexthdr;
3797
3798 switch (nexthdr) {
3799 case IPPROTO_TCP: {
3800 struct tcphdr _tcph, *th;
3801
3802 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3803 if (th == NULL)
3804 break;
3805
3806 ad->u.net->sport = th->source;
3807 ad->u.net->dport = th->dest;
3808 break;
3809 }
3810
3811 case IPPROTO_UDP: {
3812 struct udphdr _udph, *uh;
3813
3814 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3815 if (uh == NULL)
3816 break;
3817
3818 ad->u.net->sport = uh->source;
3819 ad->u.net->dport = uh->dest;
3820 break;
3821 }
3822
3823 case IPPROTO_DCCP: {
3824 struct dccp_hdr _dccph, *dh;
3825
3826 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3827 if (dh == NULL)
3828 break;
3829
3830 ad->u.net->sport = dh->dccph_sport;
3831 ad->u.net->dport = dh->dccph_dport;
3832 break;
3833 }
3834
3835
3836 default:
3837 break;
3838 }
3839out:
3840 return ret;
3841}
3842
3843#endif
3844
3845static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
3846 char **_addrp, int src, u8 *proto)
3847{
3848 char *addrp;
3849 int ret;
3850
3851 switch (ad->u.net->family) {
3852 case PF_INET:
3853 ret = selinux_parse_skb_ipv4(skb, ad, proto);
3854 if (ret)
3855 goto parse_error;
3856 addrp = (char *)(src ? &ad->u.net->v4info.saddr :
3857 &ad->u.net->v4info.daddr);
3858 goto okay;
3859
3860#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3861 case PF_INET6:
3862 ret = selinux_parse_skb_ipv6(skb, ad, proto);
3863 if (ret)
3864 goto parse_error;
3865 addrp = (char *)(src ? &ad->u.net->v6info.saddr :
3866 &ad->u.net->v6info.daddr);
3867 goto okay;
3868#endif
3869 default:
3870 addrp = NULL;
3871 goto okay;
3872 }
3873
3874parse_error:
3875 printk(KERN_WARNING
3876 "SELinux: failure in selinux_parse_skb(),"
3877 " unable to parse packet\n");
3878 return ret;
3879
3880okay:
3881 if (_addrp)
3882 *_addrp = addrp;
3883 return 0;
3884}
3885
3886
3887
3888
3889
3890
3891
3892
3893
3894
3895
3896
3897
3898
3899
3900
3901static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
3902{
3903 int err;
3904 u32 xfrm_sid;
3905 u32 nlbl_sid;
3906 u32 nlbl_type;
3907
3908 err = selinux_xfrm_skb_sid(skb, &xfrm_sid);
3909 if (unlikely(err))
3910 return -EACCES;
3911 err = selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
3912 if (unlikely(err))
3913 return -EACCES;
3914
3915 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
3916 if (unlikely(err)) {
3917 printk(KERN_WARNING
3918 "SELinux: failure in selinux_skb_peerlbl_sid(),"
3919 " unable to determine packet's peer label\n");
3920 return -EACCES;
3921 }
3922
3923 return 0;
3924}
3925
3926
3927
3928
3929
3930
3931
3932
3933
3934
3935
3936
3937
3938static int selinux_conn_sid(u32 sk_sid, u32 skb_sid, u32 *conn_sid)
3939{
3940 int err = 0;
3941
3942 if (skb_sid != SECSID_NULL)
3943 err = security_sid_mls_copy(sk_sid, skb_sid, conn_sid);
3944 else
3945 *conn_sid = sk_sid;
3946
3947 return err;
3948}
3949
3950
3951
3952static int socket_sockcreate_sid(const struct task_security_struct *tsec,
3953 u16 secclass, u32 *socksid)
3954{
3955 if (tsec->sockcreate_sid > SECSID_NULL) {
3956 *socksid = tsec->sockcreate_sid;
3957 return 0;
3958 }
3959
3960 return security_transition_sid(tsec->sid, tsec->sid, secclass, NULL,
3961 socksid);
3962}
3963
3964static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms)
3965{
3966 struct sk_security_struct *sksec = sk->sk_security;
3967 struct common_audit_data ad;
3968 struct lsm_network_audit net = {0,};
3969 u32 tsid = task_sid(task);
3970
3971 if (sksec->sid == SECINITSID_KERNEL)
3972 return 0;
3973
3974 ad.type = LSM_AUDIT_DATA_NET;
3975 ad.u.net = &net;
3976 ad.u.net->sk = sk;
3977
3978 return avc_has_perm(tsid, sksec->sid, sksec->sclass, perms, &ad);
3979}
3980
3981static int selinux_socket_create(int family, int type,
3982 int protocol, int kern)
3983{
3984 const struct task_security_struct *tsec = current_security();
3985 u32 newsid;
3986 u16 secclass;
3987 int rc;
3988
3989 if (kern)
3990 return 0;
3991
3992 secclass = socket_type_to_security_class(family, type, protocol);
3993 rc = socket_sockcreate_sid(tsec, secclass, &newsid);
3994 if (rc)
3995 return rc;
3996
3997 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
3998}
3999
4000static int selinux_socket_post_create(struct socket *sock, int family,
4001 int type, int protocol, int kern)
4002{
4003 const struct task_security_struct *tsec = current_security();
4004 struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;
4005 struct sk_security_struct *sksec;
4006 int err = 0;
4007
4008 isec->sclass = socket_type_to_security_class(family, type, protocol);
4009
4010 if (kern)
4011 isec->sid = SECINITSID_KERNEL;
4012 else {
4013 err = socket_sockcreate_sid(tsec, isec->sclass, &(isec->sid));
4014 if (err)
4015 return err;
4016 }
4017
4018 isec->initialized = 1;
4019
4020 if (sock->sk) {
4021 sksec = sock->sk->sk_security;
4022 sksec->sid = isec->sid;
4023 sksec->sclass = isec->sclass;
4024 err = selinux_netlbl_socket_post_create(sock->sk, family);
4025 }
4026
4027 return err;
4028}
4029
4030
4031
4032
4033
4034static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
4035{
4036 struct sock *sk = sock->sk;
4037 u16 family;
4038 int err;
4039
4040 err = sock_has_perm(current, sk, SOCKET__BIND);
4041 if (err)
4042 goto out;
4043
4044
4045
4046
4047
4048
4049 family = sk->sk_family;
4050 if (family == PF_INET || family == PF_INET6) {
4051 char *addrp;
4052 struct sk_security_struct *sksec = sk->sk_security;
4053 struct common_audit_data ad;
4054 struct lsm_network_audit net = {0,};
4055 struct sockaddr_in *addr4 = NULL;
4056 struct sockaddr_in6 *addr6 = NULL;
4057 unsigned short snum;
4058 u32 sid, node_perm;
4059
4060 if (family == PF_INET) {
4061 addr4 = (struct sockaddr_in *)address;
4062 snum = ntohs(addr4->sin_port);
4063 addrp = (char *)&addr4->sin_addr.s_addr;
4064 } else {
4065 addr6 = (struct sockaddr_in6 *)address;
4066 snum = ntohs(addr6->sin6_port);
4067 addrp = (char *)&addr6->sin6_addr.s6_addr;
4068 }
4069
4070 if (snum) {
4071 int low, high;
4072
4073 inet_get_local_port_range(sock_net(sk), &low, &high);
4074
4075 if (snum < max(PROT_SOCK, low) || snum > high) {
4076 err = sel_netport_sid(sk->sk_protocol,
4077 snum, &sid);
4078 if (err)
4079 goto out;
4080 ad.type = LSM_AUDIT_DATA_NET;
4081 ad.u.net = &net;
4082 ad.u.net->sport = htons(snum);
4083 ad.u.net->family = family;
4084 err = avc_has_perm(sksec->sid, sid,
4085 sksec->sclass,
4086 SOCKET__NAME_BIND, &ad);
4087 if (err)
4088 goto out;
4089 }
4090 }
4091
4092 switch (sksec->sclass) {
4093 case SECCLASS_TCP_SOCKET:
4094 node_perm = TCP_SOCKET__NODE_BIND;
4095 break;
4096
4097 case SECCLASS_UDP_SOCKET:
4098 node_perm = UDP_SOCKET__NODE_BIND;
4099 break;
4100
4101 case SECCLASS_DCCP_SOCKET:
4102 node_perm = DCCP_SOCKET__NODE_BIND;
4103 break;
4104
4105 default:
4106 node_perm = RAWIP_SOCKET__NODE_BIND;
4107 break;
4108 }
4109
4110 err = sel_netnode_sid(addrp, family, &sid);
4111 if (err)
4112 goto out;
4113
4114 ad.type = LSM_AUDIT_DATA_NET;
4115 ad.u.net = &net;
4116 ad.u.net->sport = htons(snum);
4117 ad.u.net->family = family;
4118
4119 if (family == PF_INET)
4120 ad.u.net->v4info.saddr = addr4->sin_addr.s_addr;
4121 else
4122 ad.u.net->v6info.saddr = addr6->sin6_addr;
4123
4124 err = avc_has_perm(sksec->sid, sid,
4125 sksec->sclass, node_perm, &ad);
4126 if (err)
4127 goto out;
4128 }
4129out:
4130 return err;
4131}
4132
4133static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
4134{
4135 struct sock *sk = sock->sk;
4136 struct sk_security_struct *sksec = sk->sk_security;
4137 int err;
4138
4139 err = sock_has_perm(current, sk, SOCKET__CONNECT);
4140 if (err)
4141 return err;
4142
4143
4144
4145
4146 if (sksec->sclass == SECCLASS_TCP_SOCKET ||
4147 sksec->sclass == SECCLASS_DCCP_SOCKET) {
4148 struct common_audit_data ad;
4149 struct lsm_network_audit net = {0,};
4150 struct sockaddr_in *addr4 = NULL;
4151 struct sockaddr_in6 *addr6 = NULL;
4152 unsigned short snum;
4153 u32 sid, perm;
4154
4155 if (sk->sk_family == PF_INET) {
4156 addr4 = (struct sockaddr_in *)address;
4157 if (addrlen < sizeof(struct sockaddr_in))
4158 return -EINVAL;
4159 snum = ntohs(addr4->sin_port);
4160 } else {
4161 addr6 = (struct sockaddr_in6 *)address;
4162 if (addrlen < SIN6_LEN_RFC2133)
4163 return -EINVAL;
4164 snum = ntohs(addr6->sin6_port);
4165 }
4166
4167 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
4168 if (err)
4169 goto out;
4170
4171 perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ?
4172 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
4173
4174 ad.type = LSM_AUDIT_DATA_NET;
4175 ad.u.net = &net;
4176 ad.u.net->dport = htons(snum);
4177 ad.u.net->family = sk->sk_family;
4178 err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad);
4179 if (err)
4180 goto out;
4181 }
4182
4183 err = selinux_netlbl_socket_connect(sk, address);
4184
4185out:
4186 return err;
4187}
4188
4189static int selinux_socket_listen(struct socket *sock, int backlog)
4190{
4191 return sock_has_perm(current, sock->sk, SOCKET__LISTEN);
4192}
4193
4194static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
4195{
4196 int err;
4197 struct inode_security_struct *isec;
4198 struct inode_security_struct *newisec;
4199
4200 err = sock_has_perm(current, sock->sk, SOCKET__ACCEPT);
4201 if (err)
4202 return err;
4203
4204 newisec = SOCK_INODE(newsock)->i_security;
4205
4206 isec = SOCK_INODE(sock)->i_security;
4207 newisec->sclass = isec->sclass;
4208 newisec->sid = isec->sid;
4209 newisec->initialized = 1;
4210
4211 return 0;
4212}
4213
4214static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
4215 int size)
4216{
4217 return sock_has_perm(current, sock->sk, SOCKET__WRITE);
4218}
4219
4220static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
4221 int size, int flags)
4222{
4223 return sock_has_perm(current, sock->sk, SOCKET__READ);
4224}
4225
4226static int selinux_socket_getsockname(struct socket *sock)
4227{
4228 return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
4229}
4230
4231static int selinux_socket_getpeername(struct socket *sock)
4232{
4233 return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
4234}
4235
4236static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
4237{
4238 int err;
4239
4240 err = sock_has_perm(current, sock->sk, SOCKET__SETOPT);
4241 if (err)
4242 return err;
4243
4244 return selinux_netlbl_socket_setsockopt(sock, level, optname);
4245}
4246
4247static int selinux_socket_getsockopt(struct socket *sock, int level,
4248 int optname)
4249{
4250 return sock_has_perm(current, sock->sk, SOCKET__GETOPT);
4251}
4252
4253static int selinux_socket_shutdown(struct socket *sock, int how)
4254{
4255 return sock_has_perm(current, sock->sk, SOCKET__SHUTDOWN);
4256}
4257
4258static int selinux_socket_unix_stream_connect(struct sock *sock,
4259 struct sock *other,
4260 struct sock *newsk)
4261{
4262 struct sk_security_struct *sksec_sock = sock->sk_security;
4263 struct sk_security_struct *sksec_other = other->sk_security;
4264 struct sk_security_struct *sksec_new = newsk->sk_security;
4265 struct common_audit_data ad;
4266 struct lsm_network_audit net = {0,};
4267 int err;
4268
4269 ad.type = LSM_AUDIT_DATA_NET;
4270 ad.u.net = &net;
4271 ad.u.net->sk = other;
4272
4273 err = avc_has_perm(sksec_sock->sid, sksec_other->sid,
4274 sksec_other->sclass,
4275 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
4276 if (err)
4277 return err;
4278
4279
4280 sksec_new->peer_sid = sksec_sock->sid;
4281 err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid,
4282 &sksec_new->sid);
4283 if (err)
4284 return err;
4285
4286
4287 sksec_sock->peer_sid = sksec_new->sid;
4288
4289 return 0;
4290}
4291
4292static int selinux_socket_unix_may_send(struct socket *sock,
4293 struct socket *other)
4294{
4295 struct sk_security_struct *ssec = sock->sk->sk_security;
4296 struct sk_security_struct *osec = other->sk->sk_security;
4297 struct common_audit_data ad;
4298 struct lsm_network_audit net = {0,};
4299
4300 ad.type = LSM_AUDIT_DATA_NET;
4301 ad.u.net = &net;
4302 ad.u.net->sk = other->sk;
4303
4304 return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
4305 &ad);
4306}
4307
4308static int selinux_inet_sys_rcv_skb(struct net *ns, int ifindex,
4309 char *addrp, u16 family, u32 peer_sid,
4310 struct common_audit_data *ad)
4311{
4312 int err;
4313 u32 if_sid;
4314 u32 node_sid;
4315
4316 err = sel_netif_sid(ns, ifindex, &if_sid);
4317 if (err)
4318 return err;
4319 err = avc_has_perm(peer_sid, if_sid,
4320 SECCLASS_NETIF, NETIF__INGRESS, ad);
4321 if (err)
4322 return err;
4323
4324 err = sel_netnode_sid(addrp, family, &node_sid);
4325 if (err)
4326 return err;
4327 return avc_has_perm(peer_sid, node_sid,
4328 SECCLASS_NODE, NODE__RECVFROM, ad);
4329}
4330
4331static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4332 u16 family)
4333{
4334 int err = 0;
4335 struct sk_security_struct *sksec = sk->sk_security;
4336 u32 sk_sid = sksec->sid;
4337 struct common_audit_data ad;
4338 struct lsm_network_audit net = {0,};
4339 char *addrp;
4340
4341 ad.type = LSM_AUDIT_DATA_NET;
4342 ad.u.net = &net;
4343 ad.u.net->netif = skb->skb_iif;
4344 ad.u.net->family = family;
4345 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4346 if (err)
4347 return err;
4348
4349 if (selinux_secmark_enabled()) {
4350 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4351 PACKET__RECV, &ad);
4352 if (err)
4353 return err;
4354 }
4355
4356 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
4357 if (err)
4358 return err;
4359 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
4360
4361 return err;
4362}
4363
4364static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4365{
4366 int err;
4367 struct sk_security_struct *sksec = sk->sk_security;
4368 u16 family = sk->sk_family;
4369 u32 sk_sid = sksec->sid;
4370 struct common_audit_data ad;
4371 struct lsm_network_audit net = {0,};
4372 char *addrp;
4373 u8 secmark_active;
4374 u8 peerlbl_active;
4375
4376 if (family != PF_INET && family != PF_INET6)
4377 return 0;
4378
4379
4380 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4381 family = PF_INET;
4382
4383
4384
4385
4386
4387 if (!selinux_policycap_netpeer)
4388 return selinux_sock_rcv_skb_compat(sk, skb, family);
4389
4390 secmark_active = selinux_secmark_enabled();
4391 peerlbl_active = selinux_peerlbl_enabled();
4392 if (!secmark_active && !peerlbl_active)
4393 return 0;
4394
4395 ad.type = LSM_AUDIT_DATA_NET;
4396 ad.u.net = &net;
4397 ad.u.net->netif = skb->skb_iif;
4398 ad.u.net->family = family;
4399 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4400 if (err)
4401 return err;
4402
4403 if (peerlbl_active) {
4404 u32 peer_sid;
4405
4406 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4407 if (err)
4408 return err;
4409 err = selinux_inet_sys_rcv_skb(sock_net(sk), skb->skb_iif,
4410 addrp, family, peer_sid, &ad);
4411 if (err) {
4412 selinux_netlbl_err(skb, err, 0);
4413 return err;
4414 }
4415 err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
4416 PEER__RECV, &ad);
4417 if (err) {
4418 selinux_netlbl_err(skb, err, 0);
4419 return err;
4420 }
4421 }
4422
4423 if (secmark_active) {
4424 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4425 PACKET__RECV, &ad);
4426 if (err)
4427 return err;
4428 }
4429
4430 return err;
4431}
4432
4433static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
4434 int __user *optlen, unsigned len)
4435{
4436 int err = 0;
4437 char *scontext;
4438 u32 scontext_len;
4439 struct sk_security_struct *sksec = sock->sk->sk_security;
4440 u32 peer_sid = SECSID_NULL;
4441
4442 if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
4443 sksec->sclass == SECCLASS_TCP_SOCKET)
4444 peer_sid = sksec->peer_sid;
4445 if (peer_sid == SECSID_NULL)
4446 return -ENOPROTOOPT;
4447
4448 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
4449 if (err)
4450 return err;
4451
4452 if (scontext_len > len) {
4453 err = -ERANGE;
4454 goto out_len;
4455 }
4456
4457 if (copy_to_user(optval, scontext, scontext_len))
4458 err = -EFAULT;
4459
4460out_len:
4461 if (put_user(scontext_len, optlen))
4462 err = -EFAULT;
4463 kfree(scontext);
4464 return err;
4465}
4466
4467static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
4468{
4469 u32 peer_secid = SECSID_NULL;
4470 u16 family;
4471
4472 if (skb && skb->protocol == htons(ETH_P_IP))
4473 family = PF_INET;
4474 else if (skb && skb->protocol == htons(ETH_P_IPV6))
4475 family = PF_INET6;
4476 else if (sock)
4477 family = sock->sk->sk_family;
4478 else
4479 goto out;
4480
4481 if (sock && family == PF_UNIX)
4482 selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
4483 else if (skb)
4484 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
4485
4486out:
4487 *secid = peer_secid;
4488 if (peer_secid == SECSID_NULL)
4489 return -EINVAL;
4490 return 0;
4491}
4492
4493static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
4494{
4495 struct sk_security_struct *sksec;
4496
4497 sksec = kzalloc(sizeof(*sksec), priority);
4498 if (!sksec)
4499 return -ENOMEM;
4500
4501 sksec->peer_sid = SECINITSID_UNLABELED;
4502 sksec->sid = SECINITSID_UNLABELED;
4503 selinux_netlbl_sk_security_reset(sksec);
4504 sk->sk_security = sksec;
4505
4506 return 0;
4507}
4508
4509static void selinux_sk_free_security(struct sock *sk)
4510{
4511 struct sk_security_struct *sksec = sk->sk_security;
4512
4513 sk->sk_security = NULL;
4514 selinux_netlbl_sk_security_free(sksec);
4515 kfree(sksec);
4516}
4517
4518static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
4519{
4520 struct sk_security_struct *sksec = sk->sk_security;
4521 struct sk_security_struct *newsksec = newsk->sk_security;
4522
4523 newsksec->sid = sksec->sid;
4524 newsksec->peer_sid = sksec->peer_sid;
4525 newsksec->sclass = sksec->sclass;
4526
4527 selinux_netlbl_sk_security_reset(newsksec);
4528}
4529
4530static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
4531{
4532 if (!sk)
4533 *secid = SECINITSID_ANY_SOCKET;
4534 else {
4535 struct sk_security_struct *sksec = sk->sk_security;
4536
4537 *secid = sksec->sid;
4538 }
4539}
4540
4541static void selinux_sock_graft(struct sock *sk, struct socket *parent)
4542{
4543 struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
4544 struct sk_security_struct *sksec = sk->sk_security;
4545
4546 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
4547 sk->sk_family == PF_UNIX)
4548 isec->sid = sksec->sid;
4549 sksec->sclass = isec->sclass;
4550}
4551
4552static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4553 struct request_sock *req)
4554{
4555 struct sk_security_struct *sksec = sk->sk_security;
4556 int err;
4557 u16 family = req->rsk_ops->family;
4558 u32 connsid;
4559 u32 peersid;
4560
4561 err = selinux_skb_peerlbl_sid(skb, family, &peersid);
4562 if (err)
4563 return err;
4564 err = selinux_conn_sid(sksec->sid, peersid, &connsid);
4565 if (err)
4566 return err;
4567 req->secid = connsid;
4568 req->peer_secid = peersid;
4569
4570 return selinux_netlbl_inet_conn_request(req, family);
4571}
4572
4573static void selinux_inet_csk_clone(struct sock *newsk,
4574 const struct request_sock *req)
4575{
4576 struct sk_security_struct *newsksec = newsk->sk_security;
4577
4578 newsksec->sid = req->secid;
4579 newsksec->peer_sid = req->peer_secid;
4580
4581
4582
4583
4584
4585
4586
4587 selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
4588}
4589
4590static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
4591{
4592 u16 family = sk->sk_family;
4593 struct sk_security_struct *sksec = sk->sk_security;
4594
4595
4596 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4597 family = PF_INET;
4598
4599 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
4600}
4601
4602static void selinux_skb_owned_by(struct sk_buff *skb, struct sock *sk)
4603{
4604 skb_set_owner_w(skb, sk);
4605}
4606
4607static int selinux_secmark_relabel_packet(u32 sid)
4608{
4609 const struct task_security_struct *__tsec;
4610 u32 tsid;
4611
4612 __tsec = current_security();
4613 tsid = __tsec->sid;
4614
4615 return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL);
4616}
4617
4618static void selinux_secmark_refcount_inc(void)
4619{
4620 atomic_inc(&selinux_secmark_refcount);
4621}
4622
4623static void selinux_secmark_refcount_dec(void)
4624{
4625 atomic_dec(&selinux_secmark_refcount);
4626}
4627
4628static void selinux_req_classify_flow(const struct request_sock *req,
4629 struct flowi *fl)
4630{
4631 fl->flowi_secid = req->secid;
4632}
4633
4634static int selinux_tun_dev_alloc_security(void **security)
4635{
4636 struct tun_security_struct *tunsec;
4637
4638 tunsec = kzalloc(sizeof(*tunsec), GFP_KERNEL);
4639 if (!tunsec)
4640 return -ENOMEM;
4641 tunsec->sid = current_sid();
4642
4643 *security = tunsec;
4644 return 0;
4645}
4646
4647static void selinux_tun_dev_free_security(void *security)
4648{
4649 kfree(security);
4650}
4651
4652static int selinux_tun_dev_create(void)
4653{
4654 u32 sid = current_sid();
4655
4656
4657
4658
4659
4660
4661
4662
4663 return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
4664 NULL);
4665}
4666
4667static int selinux_tun_dev_attach_queue(void *security)
4668{
4669 struct tun_security_struct *tunsec = security;
4670
4671 return avc_has_perm(current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET,
4672 TUN_SOCKET__ATTACH_QUEUE, NULL);
4673}
4674
4675static int selinux_tun_dev_attach(struct sock *sk, void *security)
4676{
4677 struct tun_security_struct *tunsec = security;
4678 struct sk_security_struct *sksec = sk->sk_security;
4679
4680
4681
4682
4683
4684
4685
4686
4687 sksec->sid = tunsec->sid;
4688 sksec->sclass = SECCLASS_TUN_SOCKET;
4689
4690 return 0;
4691}
4692
4693static int selinux_tun_dev_open(void *security)
4694{
4695 struct tun_security_struct *tunsec = security;
4696 u32 sid = current_sid();
4697 int err;
4698
4699 err = avc_has_perm(sid, tunsec->sid, SECCLASS_TUN_SOCKET,
4700 TUN_SOCKET__RELABELFROM, NULL);
4701 if (err)
4702 return err;
4703 err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET,
4704 TUN_SOCKET__RELABELTO, NULL);
4705 if (err)
4706 return err;
4707 tunsec->sid = sid;
4708
4709 return 0;
4710}
4711
4712static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
4713{
4714 int err = 0;
4715 u32 perm;
4716 struct nlmsghdr *nlh;
4717 struct sk_security_struct *sksec = sk->sk_security;
4718
4719 if (skb->len < NLMSG_HDRLEN) {
4720 err = -EINVAL;
4721 goto out;
4722 }
4723 nlh = nlmsg_hdr(skb);
4724
4725 err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);
4726 if (err) {
4727 if (err == -EINVAL) {
4728 printk(KERN_WARNING
4729 "SELinux: unrecognized netlink message:"
4730 " protocol=%hu nlmsg_type=%hu sclass=%hu\n",
4731 sk->sk_protocol, nlh->nlmsg_type, sksec->sclass);
4732 if (!selinux_enforcing || security_get_allow_unknown())
4733 err = 0;
4734 }
4735
4736
4737 if (err == -ENOENT)
4738 err = 0;
4739 goto out;
4740 }
4741
4742 err = sock_has_perm(current, sk, perm);
4743out:
4744 return err;
4745}
4746
4747#ifdef CONFIG_NETFILTER
4748
4749static unsigned int selinux_ip_forward(struct sk_buff *skb,
4750 const struct net_device *indev,
4751 u16 family)
4752{
4753 int err;
4754 char *addrp;
4755 u32 peer_sid;
4756 struct common_audit_data ad;
4757 struct lsm_network_audit net = {0,};
4758 u8 secmark_active;
4759 u8 netlbl_active;
4760 u8 peerlbl_active;
4761
4762 if (!selinux_policycap_netpeer)
4763 return NF_ACCEPT;
4764
4765 secmark_active = selinux_secmark_enabled();
4766 netlbl_active = netlbl_enabled();
4767 peerlbl_active = selinux_peerlbl_enabled();
4768 if (!secmark_active && !peerlbl_active)
4769 return NF_ACCEPT;
4770
4771 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
4772 return NF_DROP;
4773
4774 ad.type = LSM_AUDIT_DATA_NET;
4775 ad.u.net = &net;
4776 ad.u.net->netif = indev->ifindex;
4777 ad.u.net->family = family;
4778 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
4779 return NF_DROP;
4780
4781 if (peerlbl_active) {
4782 err = selinux_inet_sys_rcv_skb(dev_net(indev), indev->ifindex,
4783 addrp, family, peer_sid, &ad);
4784 if (err) {
4785 selinux_netlbl_err(skb, err, 1);
4786 return NF_DROP;
4787 }
4788 }
4789
4790 if (secmark_active)
4791 if (avc_has_perm(peer_sid, skb->secmark,
4792 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
4793 return NF_DROP;
4794
4795 if (netlbl_active)
4796
4797
4798
4799
4800 if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
4801 return NF_DROP;
4802
4803 return NF_ACCEPT;
4804}
4805
4806static unsigned int selinux_ipv4_forward(const struct nf_hook_ops *ops,
4807 struct sk_buff *skb,
4808 const struct net_device *in,
4809 const struct net_device *out,
4810 int (*okfn)(struct sk_buff *))
4811{
4812 return selinux_ip_forward(skb, in, PF_INET);
4813}
4814
4815#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4816static unsigned int selinux_ipv6_forward(const struct nf_hook_ops *ops,
4817 struct sk_buff *skb,
4818 const struct net_device *in,
4819 const struct net_device *out,
4820 int (*okfn)(struct sk_buff *))
4821{
4822 return selinux_ip_forward(skb, in, PF_INET6);
4823}
4824#endif
4825
4826static unsigned int selinux_ip_output(struct sk_buff *skb,
4827 u16 family)
4828{
4829 struct sock *sk;
4830 u32 sid;
4831
4832 if (!netlbl_enabled())
4833 return NF_ACCEPT;
4834
4835
4836
4837
4838 sk = skb->sk;
4839 if (sk) {
4840 struct sk_security_struct *sksec;
4841
4842 if (sk->sk_state == TCP_LISTEN)
4843
4844
4845
4846
4847
4848
4849
4850
4851
4852
4853
4854
4855 return NF_ACCEPT;
4856
4857
4858 sksec = sk->sk_security;
4859 sid = sksec->sid;
4860 } else
4861 sid = SECINITSID_KERNEL;
4862 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
4863 return NF_DROP;
4864
4865 return NF_ACCEPT;
4866}
4867
4868static unsigned int selinux_ipv4_output(const struct nf_hook_ops *ops,
4869 struct sk_buff *skb,
4870 const struct net_device *in,
4871 const struct net_device *out,
4872 int (*okfn)(struct sk_buff *))
4873{
4874 return selinux_ip_output(skb, PF_INET);
4875}
4876
4877static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4878 int ifindex,
4879 u16 family)
4880{
4881 struct sock *sk = skb->sk;
4882 struct sk_security_struct *sksec;
4883 struct common_audit_data ad;
4884 struct lsm_network_audit net = {0,};
4885 char *addrp;
4886 u8 proto;
4887
4888 if (sk == NULL)
4889 return NF_ACCEPT;
4890 sksec = sk->sk_security;
4891
4892 ad.type = LSM_AUDIT_DATA_NET;
4893 ad.u.net = &net;
4894 ad.u.net->netif = ifindex;
4895 ad.u.net->family = family;
4896 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
4897 return NF_DROP;
4898
4899 if (selinux_secmark_enabled())
4900 if (avc_has_perm(sksec->sid, skb->secmark,
4901 SECCLASS_PACKET, PACKET__SEND, &ad))
4902 return NF_DROP_ERR(-ECONNREFUSED);
4903
4904 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
4905 return NF_DROP_ERR(-ECONNREFUSED);
4906
4907 return NF_ACCEPT;
4908}
4909
4910static unsigned int selinux_ip_postroute(struct sk_buff *skb,
4911 const struct net_device *outdev,
4912 u16 family)
4913{
4914 u32 secmark_perm;
4915 u32 peer_sid;
4916 int ifindex = outdev->ifindex;
4917 struct sock *sk;
4918 struct common_audit_data ad;
4919 struct lsm_network_audit net = {0,};
4920 char *addrp;
4921 u8 secmark_active;
4922 u8 peerlbl_active;
4923
4924
4925
4926
4927
4928 if (!selinux_policycap_netpeer)
4929 return selinux_ip_postroute_compat(skb, ifindex, family);
4930
4931 secmark_active = selinux_secmark_enabled();
4932 peerlbl_active = selinux_peerlbl_enabled();
4933 if (!secmark_active && !peerlbl_active)
4934 return NF_ACCEPT;
4935
4936 sk = skb->sk;
4937
4938#ifdef CONFIG_XFRM
4939
4940
4941
4942
4943
4944
4945
4946
4947
4948
4949
4950 if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL &&
4951 !(sk != NULL && sk->sk_state == TCP_LISTEN))
4952 return NF_ACCEPT;
4953#endif
4954
4955 if (sk == NULL) {
4956
4957
4958
4959
4960 if (skb->skb_iif) {
4961 secmark_perm = PACKET__FORWARD_OUT;
4962 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
4963 return NF_DROP;
4964 } else {
4965 secmark_perm = PACKET__SEND;
4966 peer_sid = SECINITSID_KERNEL;
4967 }
4968 } else if (sk->sk_state == TCP_LISTEN) {
4969
4970
4971
4972
4973
4974
4975
4976
4977
4978 u32 skb_sid;
4979 struct sk_security_struct *sksec = sk->sk_security;
4980 if (selinux_skb_peerlbl_sid(skb, family, &skb_sid))
4981 return NF_DROP;
4982
4983
4984
4985
4986
4987
4988 if (skb_sid == SECSID_NULL) {
4989 switch (family) {
4990 case PF_INET:
4991 if (IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED)
4992 return NF_ACCEPT;
4993 break;
4994 case PF_INET6:
4995 if (IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED)
4996 return NF_ACCEPT;
4997 break;
4998 default:
4999 return NF_DROP_ERR(-ECONNREFUSED);
5000 }
5001 }
5002 if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid))
5003 return NF_DROP;
5004 secmark_perm = PACKET__SEND;
5005 } else {
5006
5007
5008 struct sk_security_struct *sksec = sk->sk_security;
5009 peer_sid = sksec->sid;
5010 secmark_perm = PACKET__SEND;
5011 }
5012
5013 ad.type = LSM_AUDIT_DATA_NET;
5014 ad.u.net = &net;
5015 ad.u.net->netif = ifindex;
5016 ad.u.net->family = family;
5017 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
5018 return NF_DROP;
5019
5020 if (secmark_active)
5021 if (avc_has_perm(peer_sid, skb->secmark,
5022 SECCLASS_PACKET, secmark_perm, &ad))
5023 return NF_DROP_ERR(-ECONNREFUSED);
5024
5025 if (peerlbl_active) {
5026 u32 if_sid;
5027 u32 node_sid;
5028
5029 if (sel_netif_sid(dev_net(outdev), ifindex, &if_sid))
5030 return NF_DROP;
5031 if (avc_has_perm(peer_sid, if_sid,
5032 SECCLASS_NETIF, NETIF__EGRESS, &ad))
5033 return NF_DROP_ERR(-ECONNREFUSED);
5034
5035 if (sel_netnode_sid(addrp, family, &node_sid))
5036 return NF_DROP;
5037 if (avc_has_perm(peer_sid, node_sid,
5038 SECCLASS_NODE, NODE__SENDTO, &ad))
5039 return NF_DROP_ERR(-ECONNREFUSED);
5040 }
5041
5042 return NF_ACCEPT;
5043}
5044
5045static unsigned int selinux_ipv4_postroute(const struct nf_hook_ops *ops,
5046 struct sk_buff *skb,
5047 const struct net_device *in,
5048 const struct net_device *out,
5049 int (*okfn)(struct sk_buff *))
5050{
5051 return selinux_ip_postroute(skb, out, PF_INET);
5052}
5053
5054#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5055static unsigned int selinux_ipv6_postroute(const struct nf_hook_ops *ops,
5056 struct sk_buff *skb,
5057 const struct net_device *in,
5058 const struct net_device *out,
5059 int (*okfn)(struct sk_buff *))
5060{
5061 return selinux_ip_postroute(skb, out, PF_INET6);
5062}
5063#endif
5064
5065#endif
5066
5067static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
5068{
5069 int err;
5070
5071 err = cap_netlink_send(sk, skb);
5072 if (err)
5073 return err;
5074
5075 return selinux_nlmsg_perm(sk, skb);
5076}
5077
5078static int ipc_alloc_security(struct task_struct *task,
5079 struct kern_ipc_perm *perm,
5080 u16 sclass)
5081{
5082 struct ipc_security_struct *isec;
5083 u32 sid;
5084
5085 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
5086 if (!isec)
5087 return -ENOMEM;
5088
5089 sid = task_sid(task);
5090 isec->sclass = sclass;
5091 isec->sid = sid;
5092 perm->security = isec;
5093
5094 return 0;
5095}
5096
5097static void ipc_free_security(struct kern_ipc_perm *perm)
5098{
5099 struct ipc_security_struct *isec = perm->security;
5100 perm->security = NULL;
5101 kfree(isec);
5102}
5103
5104static int msg_msg_alloc_security(struct msg_msg *msg)
5105{
5106 struct msg_security_struct *msec;
5107
5108 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
5109 if (!msec)
5110 return -ENOMEM;
5111
5112 msec->sid = SECINITSID_UNLABELED;
5113 msg->security = msec;
5114
5115 return 0;
5116}
5117
5118static void msg_msg_free_security(struct msg_msg *msg)
5119{
5120 struct msg_security_struct *msec = msg->security;
5121
5122 msg->security = NULL;
5123 kfree(msec);
5124}
5125
5126static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
5127 u32 perms)
5128{
5129 struct ipc_security_struct *isec;
5130 struct common_audit_data ad;
5131 u32 sid = current_sid();
5132
5133 isec = ipc_perms->security;
5134
5135 ad.type = LSM_AUDIT_DATA_IPC;
5136 ad.u.ipc_id = ipc_perms->key;
5137
5138 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
5139}
5140
5141static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
5142{
5143 return msg_msg_alloc_security(msg);
5144}
5145
5146static void selinux_msg_msg_free_security(struct msg_msg *msg)
5147{
5148 msg_msg_free_security(msg);
5149}
5150
5151
5152static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
5153{
5154 struct ipc_security_struct *isec;
5155 struct common_audit_data ad;
5156 u32 sid = current_sid();
5157 int rc;
5158
5159 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
5160 if (rc)
5161 return rc;
5162
5163 isec = msq->q_perm.security;
5164
5165 ad.type = LSM_AUDIT_DATA_IPC;
5166 ad.u.ipc_id = msq->q_perm.key;
5167
5168 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5169 MSGQ__CREATE, &ad);
5170 if (rc) {
5171 ipc_free_security(&msq->q_perm);
5172 return rc;
5173 }
5174 return 0;
5175}
5176
5177static void selinux_msg_queue_free_security(struct msg_queue *msq)
5178{
5179 ipc_free_security(&msq->q_perm);
5180}
5181
5182static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
5183{
5184 struct ipc_security_struct *isec;
5185 struct common_audit_data ad;
5186 u32 sid = current_sid();
5187
5188 isec = msq->q_perm.security;
5189
5190 ad.type = LSM_AUDIT_DATA_IPC;
5191 ad.u.ipc_id = msq->q_perm.key;
5192
5193 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5194 MSGQ__ASSOCIATE, &ad);
5195}
5196
5197static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
5198{
5199 int err;
5200 int perms;
5201
5202 switch (cmd) {
5203 case IPC_INFO:
5204 case MSG_INFO:
5205
5206 return task_has_system(current, SYSTEM__IPC_INFO);
5207 case IPC_STAT:
5208 case MSG_STAT:
5209 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
5210 break;
5211 case IPC_SET:
5212 perms = MSGQ__SETATTR;
5213 break;
5214 case IPC_RMID:
5215 perms = MSGQ__DESTROY;
5216 break;
5217 default:
5218 return 0;
5219 }
5220
5221 err = ipc_has_perm(&msq->q_perm, perms);
5222 return err;
5223}
5224
5225static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
5226{
5227 struct ipc_security_struct *isec;
5228 struct msg_security_struct *msec;
5229 struct common_audit_data ad;
5230 u32 sid = current_sid();
5231 int rc;
5232
5233 isec = msq->q_perm.security;
5234 msec = msg->security;
5235
5236
5237
5238
5239 if (msec->sid == SECINITSID_UNLABELED) {
5240
5241
5242
5243
5244 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG,
5245 NULL, &msec->sid);
5246 if (rc)
5247 return rc;
5248 }
5249
5250 ad.type = LSM_AUDIT_DATA_IPC;
5251 ad.u.ipc_id = msq->q_perm.key;
5252
5253
5254 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5255 MSGQ__WRITE, &ad);
5256 if (!rc)
5257
5258 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG,
5259 MSG__SEND, &ad);
5260 if (!rc)
5261
5262 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ,
5263 MSGQ__ENQUEUE, &ad);
5264
5265 return rc;
5266}
5267
5268static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
5269 struct task_struct *target,
5270 long type, int mode)
5271{
5272 struct ipc_security_struct *isec;
5273 struct msg_security_struct *msec;
5274 struct common_audit_data ad;
5275 u32 sid = task_sid(target);
5276 int rc;
5277
5278 isec = msq->q_perm.security;
5279 msec = msg->security;
5280
5281 ad.type = LSM_AUDIT_DATA_IPC;
5282 ad.u.ipc_id = msq->q_perm.key;
5283
5284 rc = avc_has_perm(sid, isec->sid,
5285 SECCLASS_MSGQ, MSGQ__READ, &ad);
5286 if (!rc)
5287 rc = avc_has_perm(sid, msec->sid,
5288 SECCLASS_MSG, MSG__RECEIVE, &ad);
5289 return rc;
5290}
5291
5292
5293static int selinux_shm_alloc_security(struct shmid_kernel *shp)
5294{
5295 struct ipc_security_struct *isec;
5296 struct common_audit_data ad;
5297 u32 sid = current_sid();
5298 int rc;
5299
5300 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
5301 if (rc)
5302 return rc;
5303
5304 isec = shp->shm_perm.security;
5305
5306 ad.type = LSM_AUDIT_DATA_IPC;
5307 ad.u.ipc_id = shp->shm_perm.key;
5308
5309 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5310 SHM__CREATE, &ad);
5311 if (rc) {
5312 ipc_free_security(&shp->shm_perm);
5313 return rc;
5314 }
5315 return 0;
5316}
5317
5318static void selinux_shm_free_security(struct shmid_kernel *shp)
5319{
5320 ipc_free_security(&shp->shm_perm);
5321}
5322
5323static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
5324{
5325 struct ipc_security_struct *isec;
5326 struct common_audit_data ad;
5327 u32 sid = current_sid();
5328
5329 isec = shp->shm_perm.security;
5330
5331 ad.type = LSM_AUDIT_DATA_IPC;
5332 ad.u.ipc_id = shp->shm_perm.key;
5333
5334 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5335 SHM__ASSOCIATE, &ad);
5336}
5337
5338
5339static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
5340{
5341 int perms;
5342 int err;
5343
5344 switch (cmd) {
5345 case IPC_INFO:
5346 case SHM_INFO:
5347
5348 return task_has_system(current, SYSTEM__IPC_INFO);
5349 case IPC_STAT:
5350 case SHM_STAT:
5351 perms = SHM__GETATTR | SHM__ASSOCIATE;
5352 break;
5353 case IPC_SET:
5354 perms = SHM__SETATTR;
5355 break;
5356 case SHM_LOCK:
5357 case SHM_UNLOCK:
5358 perms = SHM__LOCK;
5359 break;
5360 case IPC_RMID:
5361 perms = SHM__DESTROY;
5362 break;
5363 default:
5364 return 0;
5365 }
5366
5367 err = ipc_has_perm(&shp->shm_perm, perms);
5368 return err;
5369}
5370
5371static int selinux_shm_shmat(struct shmid_kernel *shp,
5372 char __user *shmaddr, int shmflg)
5373{
5374 u32 perms;
5375
5376 if (shmflg & SHM_RDONLY)
5377 perms = SHM__READ;
5378 else
5379 perms = SHM__READ | SHM__WRITE;
5380
5381 return ipc_has_perm(&shp->shm_perm, perms);
5382}
5383
5384
5385static int selinux_sem_alloc_security(struct sem_array *sma)
5386{
5387 struct ipc_security_struct *isec;
5388 struct common_audit_data ad;
5389 u32 sid = current_sid();
5390 int rc;
5391
5392 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
5393 if (rc)
5394 return rc;
5395
5396 isec = sma->sem_perm.security;
5397
5398 ad.type = LSM_AUDIT_DATA_IPC;
5399 ad.u.ipc_id = sma->sem_perm.key;
5400
5401 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5402 SEM__CREATE, &ad);
5403 if (rc) {
5404 ipc_free_security(&sma->sem_perm);
5405 return rc;
5406 }
5407 return 0;
5408}
5409
5410static void selinux_sem_free_security(struct sem_array *sma)
5411{
5412 ipc_free_security(&sma->sem_perm);
5413}
5414
5415static int selinux_sem_associate(struct sem_array *sma, int semflg)
5416{
5417 struct ipc_security_struct *isec;
5418 struct common_audit_data ad;
5419 u32 sid = current_sid();
5420
5421 isec = sma->sem_perm.security;
5422
5423 ad.type = LSM_AUDIT_DATA_IPC;
5424 ad.u.ipc_id = sma->sem_perm.key;
5425
5426 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5427 SEM__ASSOCIATE, &ad);
5428}
5429
5430
5431static int selinux_sem_semctl(struct sem_array *sma, int cmd)
5432{
5433 int err;
5434 u32 perms;
5435
5436 switch (cmd) {
5437 case IPC_INFO:
5438 case SEM_INFO:
5439
5440 return task_has_system(current, SYSTEM__IPC_INFO);
5441 case GETPID:
5442 case GETNCNT:
5443 case GETZCNT:
5444 perms = SEM__GETATTR;
5445 break;
5446 case GETVAL:
5447 case GETALL:
5448 perms = SEM__READ;
5449 break;
5450 case SETVAL:
5451 case SETALL:
5452 perms = SEM__WRITE;
5453 break;
5454 case IPC_RMID:
5455 perms = SEM__DESTROY;
5456 break;
5457 case IPC_SET:
5458 perms = SEM__SETATTR;
5459 break;
5460 case IPC_STAT:
5461 case SEM_STAT:
5462 perms = SEM__GETATTR | SEM__ASSOCIATE;
5463 break;
5464 default:
5465 return 0;
5466 }
5467
5468 err = ipc_has_perm(&sma->sem_perm, perms);
5469 return err;
5470}
5471
5472static int selinux_sem_semop(struct sem_array *sma,
5473 struct sembuf *sops, unsigned nsops, int alter)
5474{
5475 u32 perms;
5476
5477 if (alter)
5478 perms = SEM__READ | SEM__WRITE;
5479 else
5480 perms = SEM__READ;
5481
5482 return ipc_has_perm(&sma->sem_perm, perms);
5483}
5484
5485static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
5486{
5487 u32 av = 0;
5488
5489 av = 0;
5490 if (flag & S_IRUGO)
5491 av |= IPC__UNIX_READ;
5492 if (flag & S_IWUGO)
5493 av |= IPC__UNIX_WRITE;
5494
5495 if (av == 0)
5496 return 0;
5497
5498 return ipc_has_perm(ipcp, av);
5499}
5500
5501static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
5502{
5503 struct ipc_security_struct *isec = ipcp->security;
5504 *secid = isec->sid;
5505}
5506
5507static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
5508{
5509 if (inode)
5510 inode_doinit_with_dentry(inode, dentry);
5511}
5512
5513static int selinux_getprocattr(struct task_struct *p,
5514 char *name, char **value)
5515{
5516 const struct task_security_struct *__tsec;
5517 u32 sid;
5518 int error;
5519 unsigned len;
5520
5521 if (current != p) {
5522 error = current_has_perm(p, PROCESS__GETATTR);
5523 if (error)
5524 return error;
5525 }
5526
5527 rcu_read_lock();
5528 __tsec = __task_cred(p)->security;
5529
5530 if (!strcmp(name, "current"))
5531 sid = __tsec->sid;
5532 else if (!strcmp(name, "prev"))
5533 sid = __tsec->osid;
5534 else if (!strcmp(name, "exec"))
5535 sid = __tsec->exec_sid;
5536 else if (!strcmp(name, "fscreate"))
5537 sid = __tsec->create_sid;
5538 else if (!strcmp(name, "keycreate"))
5539 sid = __tsec->keycreate_sid;
5540 else if (!strcmp(name, "sockcreate"))
5541 sid = __tsec->sockcreate_sid;
5542 else
5543 goto invalid;
5544 rcu_read_unlock();
5545
5546 if (!sid)
5547 return 0;
5548
5549 error = security_sid_to_context(sid, value, &len);
5550 if (error)
5551 return error;
5552 return len;
5553
5554invalid:
5555 rcu_read_unlock();
5556 return -EINVAL;
5557}
5558
5559static int selinux_setprocattr(struct task_struct *p,
5560 char *name, void *value, size_t size)
5561{
5562 struct task_security_struct *tsec;
5563 struct task_struct *tracer;
5564 struct cred *new;
5565 u32 sid = 0, ptsid;
5566 int error;
5567 char *str = value;
5568
5569 if (current != p) {
5570
5571
5572 return -EACCES;
5573 }
5574
5575
5576
5577
5578
5579
5580 if (!strcmp(name, "exec"))
5581 error = current_has_perm(p, PROCESS__SETEXEC);
5582 else if (!strcmp(name, "fscreate"))
5583 error = current_has_perm(p, PROCESS__SETFSCREATE);
5584 else if (!strcmp(name, "keycreate"))
5585 error = current_has_perm(p, PROCESS__SETKEYCREATE);
5586 else if (!strcmp(name, "sockcreate"))
5587 error = current_has_perm(p, PROCESS__SETSOCKCREATE);
5588 else if (!strcmp(name, "current"))
5589 error = current_has_perm(p, PROCESS__SETCURRENT);
5590 else
5591 error = -EINVAL;
5592 if (error)
5593 return error;
5594
5595
5596 if (size && str[1] && str[1] != '\n') {
5597 if (str[size-1] == '\n') {
5598 str[size-1] = 0;
5599 size--;
5600 }
5601 error = security_context_to_sid(value, size, &sid, GFP_KERNEL);
5602 if (error == -EINVAL && !strcmp(name, "fscreate")) {
5603 if (!capable(CAP_MAC_ADMIN)) {
5604 struct audit_buffer *ab;
5605 size_t audit_size;
5606
5607
5608
5609 if (str[size - 1] == '\0')
5610 audit_size = size - 1;
5611 else
5612 audit_size = size;
5613 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
5614 audit_log_format(ab, "op=fscreate invalid_context=");
5615 audit_log_n_untrustedstring(ab, value, audit_size);
5616 audit_log_end(ab);
5617
5618 return error;
5619 }
5620 error = security_context_to_sid_force(value, size,
5621 &sid);
5622 }
5623 if (error)
5624 return error;
5625 }
5626
5627 new = prepare_creds();
5628 if (!new)
5629 return -ENOMEM;
5630
5631
5632
5633
5634
5635
5636
5637 tsec = new->security;
5638 if (!strcmp(name, "exec")) {
5639 tsec->exec_sid = sid;
5640 } else if (!strcmp(name, "fscreate")) {
5641 tsec->create_sid = sid;
5642 } else if (!strcmp(name, "keycreate")) {
5643 error = may_create_key(sid, p);
5644 if (error)
5645 goto abort_change;
5646 tsec->keycreate_sid = sid;
5647 } else if (!strcmp(name, "sockcreate")) {
5648 tsec->sockcreate_sid = sid;
5649 } else if (!strcmp(name, "current")) {
5650 error = -EINVAL;
5651 if (sid == 0)
5652 goto abort_change;
5653
5654
5655 error = -EPERM;
5656 if (!current_is_single_threaded()) {
5657 error = security_bounded_transition(tsec->sid, sid);
5658 if (error)
5659 goto abort_change;
5660 }
5661
5662
5663 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
5664 PROCESS__DYNTRANSITION, NULL);
5665 if (error)
5666 goto abort_change;
5667
5668
5669
5670 ptsid = 0;
5671 rcu_read_lock();
5672 tracer = ptrace_parent(p);
5673 if (tracer)
5674 ptsid = task_sid(tracer);
5675 rcu_read_unlock();
5676
5677 if (tracer) {
5678 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
5679 PROCESS__PTRACE, NULL);
5680 if (error)
5681 goto abort_change;
5682 }
5683
5684 tsec->sid = sid;
5685 } else {
5686 error = -EINVAL;
5687 goto abort_change;
5688 }
5689
5690 commit_creds(new);
5691 return size;
5692
5693abort_change:
5694 abort_creds(new);
5695 return error;
5696}
5697
5698static int selinux_ismaclabel(const char *name)
5699{
5700 return (strcmp(name, XATTR_SELINUX_SUFFIX) == 0);
5701}
5702
5703static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
5704{
5705 return security_sid_to_context(secid, secdata, seclen);
5706}
5707
5708static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
5709{
5710 return security_context_to_sid(secdata, seclen, secid, GFP_KERNEL);
5711}
5712
5713static void selinux_release_secctx(char *secdata, u32 seclen)
5714{
5715 kfree(secdata);
5716}
5717
5718
5719
5720
5721static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
5722{
5723 return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0);
5724}
5725
5726
5727
5728
5729static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
5730{
5731 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
5732}
5733
5734static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
5735{
5736 int len = 0;
5737 len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,
5738 ctx, true);
5739 if (len < 0)
5740 return len;
5741 *ctxlen = len;
5742 return 0;
5743}
5744#ifdef CONFIG_KEYS
5745
5746static int selinux_key_alloc(struct key *k, const struct cred *cred,
5747 unsigned long flags)
5748{
5749 const struct task_security_struct *tsec;
5750 struct key_security_struct *ksec;
5751
5752 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
5753 if (!ksec)
5754 return -ENOMEM;
5755
5756 tsec = cred->security;
5757 if (tsec->keycreate_sid)
5758 ksec->sid = tsec->keycreate_sid;
5759 else
5760 ksec->sid = tsec->sid;
5761
5762 k->security = ksec;
5763 return 0;
5764}
5765
5766static void selinux_key_free(struct key *k)
5767{
5768 struct key_security_struct *ksec = k->security;
5769
5770 k->security = NULL;
5771 kfree(ksec);
5772}
5773
5774static int selinux_key_permission(key_ref_t key_ref,
5775 const struct cred *cred,
5776 unsigned perm)
5777{
5778 struct key *key;
5779 struct key_security_struct *ksec;
5780 u32 sid;
5781
5782
5783
5784
5785 if (perm == 0)
5786 return 0;
5787
5788 sid = cred_sid(cred);
5789
5790 key = key_ref_to_ptr(key_ref);
5791 ksec = key->security;
5792
5793 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL);
5794}
5795
5796static int selinux_key_getsecurity(struct key *key, char **_buffer)
5797{
5798 struct key_security_struct *ksec = key->security;
5799 char *context = NULL;
5800 unsigned len;
5801 int rc;
5802
5803 rc = security_sid_to_context(ksec->sid, &context, &len);
5804 if (!rc)
5805 rc = len;
5806 *_buffer = context;
5807 return rc;
5808}
5809
5810#endif
5811
5812static struct security_operations selinux_ops = {
5813 .name = "selinux",
5814
5815 .ptrace_access_check = selinux_ptrace_access_check,
5816 .ptrace_traceme = selinux_ptrace_traceme,
5817 .capget = selinux_capget,
5818 .capset = selinux_capset,
5819 .capable = selinux_capable,
5820 .quotactl = selinux_quotactl,
5821 .quota_on = selinux_quota_on,
5822 .syslog = selinux_syslog,
5823 .vm_enough_memory = selinux_vm_enough_memory,
5824
5825 .netlink_send = selinux_netlink_send,
5826
5827 .bprm_set_creds = selinux_bprm_set_creds,
5828 .bprm_committing_creds = selinux_bprm_committing_creds,
5829 .bprm_committed_creds = selinux_bprm_committed_creds,
5830 .bprm_secureexec = selinux_bprm_secureexec,
5831
5832 .sb_alloc_security = selinux_sb_alloc_security,
5833 .sb_free_security = selinux_sb_free_security,
5834 .sb_copy_data = selinux_sb_copy_data,
5835 .sb_remount = selinux_sb_remount,
5836 .sb_kern_mount = selinux_sb_kern_mount,
5837 .sb_show_options = selinux_sb_show_options,
5838 .sb_statfs = selinux_sb_statfs,
5839 .sb_mount = selinux_mount,
5840 .sb_umount = selinux_umount,
5841 .sb_set_mnt_opts = selinux_set_mnt_opts,
5842 .sb_clone_mnt_opts = selinux_sb_clone_mnt_opts,
5843 .sb_parse_opts_str = selinux_parse_opts_str,
5844
5845 .dentry_init_security = selinux_dentry_init_security,
5846
5847 .inode_alloc_security = selinux_inode_alloc_security,
5848 .inode_free_security = selinux_inode_free_security,
5849 .inode_init_security = selinux_inode_init_security,
5850 .inode_create = selinux_inode_create,
5851 .inode_link = selinux_inode_link,
5852 .inode_unlink = selinux_inode_unlink,
5853 .inode_symlink = selinux_inode_symlink,
5854 .inode_mkdir = selinux_inode_mkdir,
5855 .inode_rmdir = selinux_inode_rmdir,
5856 .inode_mknod = selinux_inode_mknod,
5857 .inode_rename = selinux_inode_rename,
5858 .inode_readlink = selinux_inode_readlink,
5859 .inode_follow_link = selinux_inode_follow_link,
5860 .inode_permission = selinux_inode_permission,
5861 .inode_setattr = selinux_inode_setattr,
5862 .inode_getattr = selinux_inode_getattr,
5863 .inode_setxattr = selinux_inode_setxattr,
5864 .inode_post_setxattr = selinux_inode_post_setxattr,
5865 .inode_getxattr = selinux_inode_getxattr,
5866 .inode_listxattr = selinux_inode_listxattr,
5867 .inode_removexattr = selinux_inode_removexattr,
5868 .inode_getsecurity = selinux_inode_getsecurity,
5869 .inode_setsecurity = selinux_inode_setsecurity,
5870 .inode_listsecurity = selinux_inode_listsecurity,
5871 .inode_getsecid = selinux_inode_getsecid,
5872
5873 .file_permission = selinux_file_permission,
5874 .file_alloc_security = selinux_file_alloc_security,
5875 .file_free_security = selinux_file_free_security,
5876 .file_ioctl = selinux_file_ioctl,
5877 .mmap_file = selinux_mmap_file,
5878 .mmap_addr = selinux_mmap_addr,
5879 .file_mprotect = selinux_file_mprotect,
5880 .file_lock = selinux_file_lock,
5881 .file_fcntl = selinux_file_fcntl,
5882 .file_set_fowner = selinux_file_set_fowner,
5883 .file_send_sigiotask = selinux_file_send_sigiotask,
5884 .file_receive = selinux_file_receive,
5885
5886 .file_open = selinux_file_open,
5887
5888 .task_create = selinux_task_create,
5889 .cred_alloc_blank = selinux_cred_alloc_blank,
5890 .cred_free = selinux_cred_free,
5891 .cred_prepare = selinux_cred_prepare,
5892 .cred_transfer = selinux_cred_transfer,
5893 .kernel_act_as = selinux_kernel_act_as,
5894 .kernel_create_files_as = selinux_kernel_create_files_as,
5895 .kernel_module_request = selinux_kernel_module_request,
5896 .task_setpgid = selinux_task_setpgid,
5897 .task_getpgid = selinux_task_getpgid,
5898 .task_getsid = selinux_task_getsid,
5899 .task_getsecid = selinux_task_getsecid,
5900 .task_setnice = selinux_task_setnice,
5901 .task_setioprio = selinux_task_setioprio,
5902 .task_getioprio = selinux_task_getioprio,
5903 .task_setrlimit = selinux_task_setrlimit,
5904 .task_setscheduler = selinux_task_setscheduler,
5905 .task_getscheduler = selinux_task_getscheduler,
5906 .task_movememory = selinux_task_movememory,
5907 .task_kill = selinux_task_kill,
5908 .task_wait = selinux_task_wait,
5909 .task_to_inode = selinux_task_to_inode,
5910
5911 .ipc_permission = selinux_ipc_permission,
5912 .ipc_getsecid = selinux_ipc_getsecid,
5913
5914 .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
5915 .msg_msg_free_security = selinux_msg_msg_free_security,
5916
5917 .msg_queue_alloc_security = selinux_msg_queue_alloc_security,
5918 .msg_queue_free_security = selinux_msg_queue_free_security,
5919 .msg_queue_associate = selinux_msg_queue_associate,
5920 .msg_queue_msgctl = selinux_msg_queue_msgctl,
5921 .msg_queue_msgsnd = selinux_msg_queue_msgsnd,
5922 .msg_queue_msgrcv = selinux_msg_queue_msgrcv,
5923
5924 .shm_alloc_security = selinux_shm_alloc_security,
5925 .shm_free_security = selinux_shm_free_security,
5926 .shm_associate = selinux_shm_associate,
5927 .shm_shmctl = selinux_shm_shmctl,
5928 .shm_shmat = selinux_shm_shmat,
5929
5930 .sem_alloc_security = selinux_sem_alloc_security,
5931 .sem_free_security = selinux_sem_free_security,
5932 .sem_associate = selinux_sem_associate,
5933 .sem_semctl = selinux_sem_semctl,
5934 .sem_semop = selinux_sem_semop,
5935
5936 .d_instantiate = selinux_d_instantiate,
5937
5938 .getprocattr = selinux_getprocattr,
5939 .setprocattr = selinux_setprocattr,
5940
5941 .ismaclabel = selinux_ismaclabel,
5942 .secid_to_secctx = selinux_secid_to_secctx,
5943 .secctx_to_secid = selinux_secctx_to_secid,
5944 .release_secctx = selinux_release_secctx,
5945 .inode_notifysecctx = selinux_inode_notifysecctx,
5946 .inode_setsecctx = selinux_inode_setsecctx,
5947 .inode_getsecctx = selinux_inode_getsecctx,
5948
5949 .unix_stream_connect = selinux_socket_unix_stream_connect,
5950 .unix_may_send = selinux_socket_unix_may_send,
5951
5952 .socket_create = selinux_socket_create,
5953 .socket_post_create = selinux_socket_post_create,
5954 .socket_bind = selinux_socket_bind,
5955 .socket_connect = selinux_socket_connect,
5956 .socket_listen = selinux_socket_listen,
5957 .socket_accept = selinux_socket_accept,
5958 .socket_sendmsg = selinux_socket_sendmsg,
5959 .socket_recvmsg = selinux_socket_recvmsg,
5960 .socket_getsockname = selinux_socket_getsockname,
5961 .socket_getpeername = selinux_socket_getpeername,
5962 .socket_getsockopt = selinux_socket_getsockopt,
5963 .socket_setsockopt = selinux_socket_setsockopt,
5964 .socket_shutdown = selinux_socket_shutdown,
5965 .socket_sock_rcv_skb = selinux_socket_sock_rcv_skb,
5966 .socket_getpeersec_stream = selinux_socket_getpeersec_stream,
5967 .socket_getpeersec_dgram = selinux_socket_getpeersec_dgram,
5968 .sk_alloc_security = selinux_sk_alloc_security,
5969 .sk_free_security = selinux_sk_free_security,
5970 .sk_clone_security = selinux_sk_clone_security,
5971 .sk_getsecid = selinux_sk_getsecid,
5972 .sock_graft = selinux_sock_graft,
5973 .inet_conn_request = selinux_inet_conn_request,
5974 .inet_csk_clone = selinux_inet_csk_clone,
5975 .inet_conn_established = selinux_inet_conn_established,
5976 .secmark_relabel_packet = selinux_secmark_relabel_packet,
5977 .secmark_refcount_inc = selinux_secmark_refcount_inc,
5978 .secmark_refcount_dec = selinux_secmark_refcount_dec,
5979 .req_classify_flow = selinux_req_classify_flow,
5980 .tun_dev_alloc_security = selinux_tun_dev_alloc_security,
5981 .tun_dev_free_security = selinux_tun_dev_free_security,
5982 .tun_dev_create = selinux_tun_dev_create,
5983 .tun_dev_attach_queue = selinux_tun_dev_attach_queue,
5984 .tun_dev_attach = selinux_tun_dev_attach,
5985 .tun_dev_open = selinux_tun_dev_open,
5986 .skb_owned_by = selinux_skb_owned_by,
5987
5988#ifdef CONFIG_SECURITY_NETWORK_XFRM
5989 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc,
5990 .xfrm_policy_clone_security = selinux_xfrm_policy_clone,
5991 .xfrm_policy_free_security = selinux_xfrm_policy_free,
5992 .xfrm_policy_delete_security = selinux_xfrm_policy_delete,
5993 .xfrm_state_alloc = selinux_xfrm_state_alloc,
5994 .xfrm_state_alloc_acquire = selinux_xfrm_state_alloc_acquire,
5995 .xfrm_state_free_security = selinux_xfrm_state_free,
5996 .xfrm_state_delete_security = selinux_xfrm_state_delete,
5997 .xfrm_policy_lookup = selinux_xfrm_policy_lookup,
5998 .xfrm_state_pol_flow_match = selinux_xfrm_state_pol_flow_match,
5999 .xfrm_decode_session = selinux_xfrm_decode_session,
6000#endif
6001
6002#ifdef CONFIG_KEYS
6003 .key_alloc = selinux_key_alloc,
6004 .key_free = selinux_key_free,
6005 .key_permission = selinux_key_permission,
6006 .key_getsecurity = selinux_key_getsecurity,
6007#endif
6008
6009#ifdef CONFIG_AUDIT
6010 .audit_rule_init = selinux_audit_rule_init,
6011 .audit_rule_known = selinux_audit_rule_known,
6012 .audit_rule_match = selinux_audit_rule_match,
6013 .audit_rule_free = selinux_audit_rule_free,
6014#endif
6015};
6016
6017static __init int selinux_init(void)
6018{
6019 if (!security_module_enable(&selinux_ops)) {
6020 selinux_enabled = 0;
6021 return 0;
6022 }
6023
6024 if (!selinux_enabled) {
6025 printk(KERN_INFO "SELinux: Disabled at boot.\n");
6026 return 0;
6027 }
6028
6029 printk(KERN_INFO "SELinux: Initializing.\n");
6030
6031
6032 cred_init_security();
6033
6034 default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
6035
6036 sel_inode_cache = kmem_cache_create("selinux_inode_security",
6037 sizeof(struct inode_security_struct),
6038 0, SLAB_PANIC, NULL);
6039 avc_init();
6040
6041 if (register_security(&selinux_ops))
6042 panic("SELinux: Unable to register with kernel.\n");
6043
6044 if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET))
6045 panic("SELinux: Unable to register AVC netcache callback\n");
6046
6047 if (selinux_enforcing)
6048 printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
6049 else
6050 printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
6051
6052 return 0;
6053}
6054
6055static void delayed_superblock_init(struct super_block *sb, void *unused)
6056{
6057 superblock_doinit(sb, NULL);
6058}
6059
6060void selinux_complete_init(void)
6061{
6062 printk(KERN_DEBUG "SELinux: Completing initialization.\n");
6063
6064
6065 printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
6066 iterate_supers(delayed_superblock_init, NULL);
6067}
6068
6069
6070
6071security_initcall(selinux_init);
6072
6073#if defined(CONFIG_NETFILTER)
6074
6075static struct nf_hook_ops selinux_nf_ops[] = {
6076 {
6077 .hook = selinux_ipv4_postroute,
6078 .owner = THIS_MODULE,
6079 .pf = NFPROTO_IPV4,
6080 .hooknum = NF_INET_POST_ROUTING,
6081 .priority = NF_IP_PRI_SELINUX_LAST,
6082 },
6083 {
6084 .hook = selinux_ipv4_forward,
6085 .owner = THIS_MODULE,
6086 .pf = NFPROTO_IPV4,
6087 .hooknum = NF_INET_FORWARD,
6088 .priority = NF_IP_PRI_SELINUX_FIRST,
6089 },
6090 {
6091 .hook = selinux_ipv4_output,
6092 .owner = THIS_MODULE,
6093 .pf = NFPROTO_IPV4,
6094 .hooknum = NF_INET_LOCAL_OUT,
6095 .priority = NF_IP_PRI_SELINUX_FIRST,
6096 },
6097#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
6098 {
6099 .hook = selinux_ipv6_postroute,
6100 .owner = THIS_MODULE,
6101 .pf = NFPROTO_IPV6,
6102 .hooknum = NF_INET_POST_ROUTING,
6103 .priority = NF_IP6_PRI_SELINUX_LAST,
6104 },
6105 {
6106 .hook = selinux_ipv6_forward,
6107 .owner = THIS_MODULE,
6108 .pf = NFPROTO_IPV6,
6109 .hooknum = NF_INET_FORWARD,
6110 .priority = NF_IP6_PRI_SELINUX_FIRST,
6111 },
6112#endif
6113};
6114
6115static int __init selinux_nf_ip_init(void)
6116{
6117 int err;
6118
6119 if (!selinux_enabled)
6120 return 0;
6121
6122 printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
6123
6124 err = nf_register_hooks(selinux_nf_ops, ARRAY_SIZE(selinux_nf_ops));
6125 if (err)
6126 panic("SELinux: nf_register_hooks: error %d\n", err);
6127
6128 return 0;
6129}
6130
6131__initcall(selinux_nf_ip_init);
6132
6133#ifdef CONFIG_SECURITY_SELINUX_DISABLE
6134static void selinux_nf_ip_exit(void)
6135{
6136 printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
6137
6138 nf_unregister_hooks(selinux_nf_ops, ARRAY_SIZE(selinux_nf_ops));
6139}
6140#endif
6141
6142#else
6143
6144#ifdef CONFIG_SECURITY_SELINUX_DISABLE
6145#define selinux_nf_ip_exit()
6146#endif
6147
6148#endif
6149
6150#ifdef CONFIG_SECURITY_SELINUX_DISABLE
6151static int selinux_disabled;
6152
6153int selinux_disable(void)
6154{
6155 if (ss_initialized) {
6156
6157 return -EINVAL;
6158 }
6159
6160 if (selinux_disabled) {
6161
6162 return -EINVAL;
6163 }
6164
6165 printk(KERN_INFO "SELinux: Disabled at runtime.\n");
6166
6167 selinux_disabled = 1;
6168 selinux_enabled = 0;
6169
6170 reset_security_ops();
6171
6172
6173 avc_disable();
6174
6175
6176 selinux_nf_ip_exit();
6177
6178
6179 exit_sel_fs();
6180
6181 return 0;
6182}
6183#endif
6184
