1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26#include <linux/init.h>
27#include <linux/kd.h>
28#include <linux/kernel.h>
29#include <linux/tracehook.h>
30#include <linux/errno.h>
31#include <linux/sched.h>
32#include <linux/security.h>
33#include <linux/xattr.h>
34#include <linux/capability.h>
35#include <linux/unistd.h>
36#include <linux/mm.h>
37#include <linux/mman.h>
38#include <linux/slab.h>
39#include <linux/pagemap.h>
40#include <linux/proc_fs.h>
41#include <linux/swap.h>
42#include <linux/spinlock.h>
43#include <linux/syscalls.h>
44#include <linux/dcache.h>
45#include <linux/file.h>
46#include <linux/fdtable.h>
47#include <linux/namei.h>
48#include <linux/mount.h>
49#include <linux/netfilter_ipv4.h>
50#include <linux/netfilter_ipv6.h>
51#include <linux/tty.h>
52#include <net/icmp.h>
53#include <net/ip.h>
54#include <net/sock.h>
55#include <net/tcp.h>
56#include <net/inet_connection_sock.h>
57#include <net/net_namespace.h>
58#include <net/netlabel.h>
59#include <linux/uaccess.h>
60#include <asm/ioctls.h>
61#include <linux/atomic.h>
62#include <linux/bitops.h>
63#include <linux/interrupt.h>
64#include <linux/netdevice.h>
65#include <net/netlink.h>
66#include <linux/tcp.h>
67#include <linux/udp.h>
68#include <linux/dccp.h>
69#include <linux/quota.h>
70#include <linux/un.h>
71#include <net/af_unix.h>
72#include <linux/parser.h>
73#include <linux/nfs_mount.h>
74#include <net/ipv6.h>
75#include <linux/hugetlb.h>
76#include <linux/personality.h>
77#include <linux/audit.h>
78#include <linux/string.h>
79#include <linux/selinux.h>
80#include <linux/mutex.h>
81#include <linux/posix-timers.h>
82#include <linux/syslog.h>
83#include <linux/user_namespace.h>
84#include <linux/export.h>
85#include <linux/msg.h>
86#include <linux/shm.h>
87
88#include "avc.h"
89#include "objsec.h"
90#include "netif.h"
91#include "netnode.h"
92#include "netport.h"
93#include "xfrm.h"
94#include "netlabel.h"
95#include "audit.h"
96#include "avc_ss.h"
97
98
99static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
100
101#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
102int selinux_enforcing;
103
104static int __init enforcing_setup(char *str)
105{
106 unsigned long enforcing;
107 if (!kstrtoul(str, 0, &enforcing))
108 selinux_enforcing = enforcing ? 1 : 0;
109 return 1;
110}
111__setup("enforcing=", enforcing_setup);
112#endif
113
114#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
115int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
116
117static int __init selinux_enabled_setup(char *str)
118{
119 unsigned long enabled;
120 if (!kstrtoul(str, 0, &enabled))
121 selinux_enabled = enabled ? 1 : 0;
122 return 1;
123}
124__setup("selinux=", selinux_enabled_setup);
125#else
126int selinux_enabled = 1;
127#endif
128
129static struct kmem_cache *sel_inode_cache;
130
131
132
133
134
135
136
137
138
139
140
141
142static int selinux_secmark_enabled(void)
143{
144 return (selinux_policycap_alwaysnetwork || atomic_read(&selinux_secmark_refcount));
145}
146
147
148
149
150
151
152
153
154
155
156
157static int selinux_peerlbl_enabled(void)
158{
159 return (selinux_policycap_alwaysnetwork || netlbl_enabled() || selinux_xfrm_enabled());
160}
161
162static int selinux_netcache_avc_callback(u32 event)
163{
164 if (event == AVC_CALLBACK_RESET) {
165 sel_netif_flush();
166 sel_netnode_flush();
167 sel_netport_flush();
168 synchronize_net();
169 }
170 return 0;
171}
172
173
174
175
176static void cred_init_security(void)
177{
178 struct cred *cred = (struct cred *) current->real_cred;
179 struct task_security_struct *tsec;
180
181 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
182 if (!tsec)
183 panic("SELinux: Failed to initialize initial task.\n");
184
185 tsec->osid = tsec->sid = SECINITSID_KERNEL;
186 cred->security = tsec;
187}
188
189
190
191
192static inline u32 cred_sid(const struct cred *cred)
193{
194 const struct task_security_struct *tsec;
195
196 tsec = cred->security;
197 return tsec->sid;
198}
199
200
201
202
203static inline u32 task_sid(const struct task_struct *task)
204{
205 u32 sid;
206
207 rcu_read_lock();
208 sid = cred_sid(__task_cred(task));
209 rcu_read_unlock();
210 return sid;
211}
212
213
214
215
216static inline u32 current_sid(void)
217{
218 const struct task_security_struct *tsec = current_security();
219
220 return tsec->sid;
221}
222
223
224
225static int inode_alloc_security(struct inode *inode)
226{
227 struct inode_security_struct *isec;
228 u32 sid = current_sid();
229
230 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
231 if (!isec)
232 return -ENOMEM;
233
234 mutex_init(&isec->lock);
235 INIT_LIST_HEAD(&isec->list);
236 isec->inode = inode;
237 isec->sid = SECINITSID_UNLABELED;
238 isec->sclass = SECCLASS_FILE;
239 isec->task_sid = sid;
240 inode->i_security = isec;
241
242 return 0;
243}
244
245static void inode_free_rcu(struct rcu_head *head)
246{
247 struct inode_security_struct *isec;
248
249 isec = container_of(head, struct inode_security_struct, rcu);
250 kmem_cache_free(sel_inode_cache, isec);
251}
252
253static void inode_free_security(struct inode *inode)
254{
255 struct inode_security_struct *isec = inode->i_security;
256 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
257
258 spin_lock(&sbsec->isec_lock);
259 if (!list_empty(&isec->list))
260 list_del_init(&isec->list);
261 spin_unlock(&sbsec->isec_lock);
262
263
264
265
266
267
268
269
270
271
272 call_rcu(&isec->rcu, inode_free_rcu);
273}
274
275static int file_alloc_security(struct file *file)
276{
277 struct file_security_struct *fsec;
278 u32 sid = current_sid();
279
280 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
281 if (!fsec)
282 return -ENOMEM;
283
284 fsec->sid = sid;
285 fsec->fown_sid = sid;
286 file->f_security = fsec;
287
288 return 0;
289}
290
291static void file_free_security(struct file *file)
292{
293 struct file_security_struct *fsec = file->f_security;
294 file->f_security = NULL;
295 kfree(fsec);
296}
297
298static int superblock_alloc_security(struct super_block *sb)
299{
300 struct superblock_security_struct *sbsec;
301
302 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
303 if (!sbsec)
304 return -ENOMEM;
305
306 mutex_init(&sbsec->lock);
307 INIT_LIST_HEAD(&sbsec->isec_head);
308 spin_lock_init(&sbsec->isec_lock);
309 sbsec->sb = sb;
310 sbsec->sid = SECINITSID_UNLABELED;
311 sbsec->def_sid = SECINITSID_FILE;
312 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
313 sb->s_security = sbsec;
314
315 return 0;
316}
317
318static void superblock_free_security(struct super_block *sb)
319{
320 struct superblock_security_struct *sbsec = sb->s_security;
321 sb->s_security = NULL;
322 kfree(sbsec);
323}
324
325
326
327static const char *labeling_behaviors[7] = {
328 "uses xattr",
329 "uses transition SIDs",
330 "uses task SIDs",
331 "uses genfs_contexts",
332 "not configured for labeling",
333 "uses mountpoint labeling",
334 "uses native labeling",
335};
336
337static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
338
339static inline int inode_doinit(struct inode *inode)
340{
341 return inode_doinit_with_dentry(inode, NULL);
342}
343
344enum {
345 Opt_error = -1,
346 Opt_context = 1,
347 Opt_fscontext = 2,
348 Opt_defcontext = 3,
349 Opt_rootcontext = 4,
350 Opt_labelsupport = 5,
351 Opt_nextmntopt = 6,
352};
353
354#define NUM_SEL_MNT_OPTS (Opt_nextmntopt - 1)
355
356static const match_table_t tokens = {
357 {Opt_context, CONTEXT_STR "%s"},
358 {Opt_fscontext, FSCONTEXT_STR "%s"},
359 {Opt_defcontext, DEFCONTEXT_STR "%s"},
360 {Opt_rootcontext, ROOTCONTEXT_STR "%s"},
361 {Opt_labelsupport, LABELSUPP_STR},
362 {Opt_error, NULL},
363};
364
365#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
366
367static int may_context_mount_sb_relabel(u32 sid,
368 struct superblock_security_struct *sbsec,
369 const struct cred *cred)
370{
371 const struct task_security_struct *tsec = cred->security;
372 int rc;
373
374 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
375 FILESYSTEM__RELABELFROM, NULL);
376 if (rc)
377 return rc;
378
379 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
380 FILESYSTEM__RELABELTO, NULL);
381 return rc;
382}
383
384static int may_context_mount_inode_relabel(u32 sid,
385 struct superblock_security_struct *sbsec,
386 const struct cred *cred)
387{
388 const struct task_security_struct *tsec = cred->security;
389 int rc;
390 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
391 FILESYSTEM__RELABELFROM, NULL);
392 if (rc)
393 return rc;
394
395 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
396 FILESYSTEM__ASSOCIATE, NULL);
397 return rc;
398}
399
400static int selinux_is_sblabel_mnt(struct super_block *sb)
401{
402 struct superblock_security_struct *sbsec = sb->s_security;
403
404 if (sbsec->behavior == SECURITY_FS_USE_XATTR ||
405 sbsec->behavior == SECURITY_FS_USE_TRANS ||
406 sbsec->behavior == SECURITY_FS_USE_TASK)
407 return 1;
408
409
410 if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
411 return 1;
412
413
414
415
416
417 if (strncmp(sb->s_type->name, "rootfs", sizeof("rootfs")) == 0)
418 return 1;
419
420 return 0;
421}
422
423static int sb_finish_set_opts(struct super_block *sb)
424{
425 struct superblock_security_struct *sbsec = sb->s_security;
426 struct dentry *root = sb->s_root;
427 struct inode *root_inode = root->d_inode;
428 int rc = 0;
429
430 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
431
432
433
434
435
436 if (!root_inode->i_op->getxattr) {
437 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
438 "xattr support\n", sb->s_id, sb->s_type->name);
439 rc = -EOPNOTSUPP;
440 goto out;
441 }
442 rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
443 if (rc < 0 && rc != -ENODATA) {
444 if (rc == -EOPNOTSUPP)
445 printk(KERN_WARNING "SELinux: (dev %s, type "
446 "%s) has no security xattr handler\n",
447 sb->s_id, sb->s_type->name);
448 else
449 printk(KERN_WARNING "SELinux: (dev %s, type "
450 "%s) getxattr errno %d\n", sb->s_id,
451 sb->s_type->name, -rc);
452 goto out;
453 }
454 }
455
456 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
457 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
458 sb->s_id, sb->s_type->name);
459 else
460 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
461 sb->s_id, sb->s_type->name,
462 labeling_behaviors[sbsec->behavior-1]);
463
464 sbsec->flags |= SE_SBINITIALIZED;
465 if (selinux_is_sblabel_mnt(sb))
466 sbsec->flags |= SBLABEL_MNT;
467
468
469 rc = inode_doinit_with_dentry(root_inode, root);
470
471
472
473
474
475 spin_lock(&sbsec->isec_lock);
476next_inode:
477 if (!list_empty(&sbsec->isec_head)) {
478 struct inode_security_struct *isec =
479 list_entry(sbsec->isec_head.next,
480 struct inode_security_struct, list);
481 struct inode *inode = isec->inode;
482 list_del_init(&isec->list);
483 spin_unlock(&sbsec->isec_lock);
484 inode = igrab(inode);
485 if (inode) {
486 if (!IS_PRIVATE(inode))
487 inode_doinit(inode);
488 iput(inode);
489 }
490 spin_lock(&sbsec->isec_lock);
491 goto next_inode;
492 }
493 spin_unlock(&sbsec->isec_lock);
494out:
495 return rc;
496}
497
498
499
500
501
502
503static int selinux_get_mnt_opts(const struct super_block *sb,
504 struct security_mnt_opts *opts)
505{
506 int rc = 0, i;
507 struct superblock_security_struct *sbsec = sb->s_security;
508 char *context = NULL;
509 u32 len;
510 char tmp;
511
512 security_init_mnt_opts(opts);
513
514 if (!(sbsec->flags & SE_SBINITIALIZED))
515 return -EINVAL;
516
517 if (!ss_initialized)
518 return -EINVAL;
519
520
521 BUILD_BUG_ON(SE_MNTMASK >= (1 << NUM_SEL_MNT_OPTS));
522
523 tmp = sbsec->flags & SE_MNTMASK;
524
525 for (i = 0; i < NUM_SEL_MNT_OPTS; i++) {
526 if (tmp & 0x01)
527 opts->num_mnt_opts++;
528 tmp >>= 1;
529 }
530
531 if (sbsec->flags & SBLABEL_MNT)
532 opts->num_mnt_opts++;
533
534 opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
535 if (!opts->mnt_opts) {
536 rc = -ENOMEM;
537 goto out_free;
538 }
539
540 opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);
541 if (!opts->mnt_opts_flags) {
542 rc = -ENOMEM;
543 goto out_free;
544 }
545
546 i = 0;
547 if (sbsec->flags & FSCONTEXT_MNT) {
548 rc = security_sid_to_context(sbsec->sid, &context, &len);
549 if (rc)
550 goto out_free;
551 opts->mnt_opts[i] = context;
552 opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
553 }
554 if (sbsec->flags & CONTEXT_MNT) {
555 rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
556 if (rc)
557 goto out_free;
558 opts->mnt_opts[i] = context;
559 opts->mnt_opts_flags[i++] = CONTEXT_MNT;
560 }
561 if (sbsec->flags & DEFCONTEXT_MNT) {
562 rc = security_sid_to_context(sbsec->def_sid, &context, &len);
563 if (rc)
564 goto out_free;
565 opts->mnt_opts[i] = context;
566 opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;
567 }
568 if (sbsec->flags & ROOTCONTEXT_MNT) {
569 struct inode *root = sbsec->sb->s_root->d_inode;
570 struct inode_security_struct *isec = root->i_security;
571
572 rc = security_sid_to_context(isec->sid, &context, &len);
573 if (rc)
574 goto out_free;
575 opts->mnt_opts[i] = context;
576 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
577 }
578 if (sbsec->flags & SBLABEL_MNT) {
579 opts->mnt_opts[i] = NULL;
580 opts->mnt_opts_flags[i++] = SBLABEL_MNT;
581 }
582
583 BUG_ON(i != opts->num_mnt_opts);
584
585 return 0;
586
587out_free:
588 security_free_mnt_opts(opts);
589 return rc;
590}
591
592static int bad_option(struct superblock_security_struct *sbsec, char flag,
593 u32 old_sid, u32 new_sid)
594{
595 char mnt_flags = sbsec->flags & SE_MNTMASK;
596
597
598 if (sbsec->flags & SE_SBINITIALIZED)
599 if (!(sbsec->flags & flag) ||
600 (old_sid != new_sid))
601 return 1;
602
603
604
605
606 if (!(sbsec->flags & SE_SBINITIALIZED))
607 if (mnt_flags & flag)
608 return 1;
609 return 0;
610}
611
612
613
614
615
616static int selinux_set_mnt_opts(struct super_block *sb,
617 struct security_mnt_opts *opts,
618 unsigned long kern_flags,
619 unsigned long *set_kern_flags)
620{
621 const struct cred *cred = current_cred();
622 int rc = 0, i;
623 struct superblock_security_struct *sbsec = sb->s_security;
624 const char *name = sb->s_type->name;
625 struct inode *inode = sbsec->sb->s_root->d_inode;
626 struct inode_security_struct *root_isec = inode->i_security;
627 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
628 u32 defcontext_sid = 0;
629 char **mount_options = opts->mnt_opts;
630 int *flags = opts->mnt_opts_flags;
631 int num_opts = opts->num_mnt_opts;
632
633 mutex_lock(&sbsec->lock);
634
635 if (!ss_initialized) {
636 if (!num_opts) {
637
638
639
640 goto out;
641 }
642 rc = -EINVAL;
643 printk(KERN_WARNING "SELinux: Unable to set superblock options "
644 "before the security server is initialized\n");
645 goto out;
646 }
647 if (kern_flags && !set_kern_flags) {
648
649
650 rc = -EINVAL;
651 goto out;
652 }
653
654
655
656
657
658
659
660
661
662
663
664
665 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
666 && (num_opts == 0))
667 goto out;
668
669
670
671
672
673
674 for (i = 0; i < num_opts; i++) {
675 u32 sid;
676
677 if (flags[i] == SBLABEL_MNT)
678 continue;
679 rc = security_context_to_sid(mount_options[i],
680 strlen(mount_options[i]), &sid, GFP_KERNEL);
681 if (rc) {
682 printk(KERN_WARNING "SELinux: security_context_to_sid"
683 "(%s) failed for (dev %s, type %s) errno=%d\n",
684 mount_options[i], sb->s_id, name, rc);
685 goto out;
686 }
687 switch (flags[i]) {
688 case FSCONTEXT_MNT:
689 fscontext_sid = sid;
690
691 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
692 fscontext_sid))
693 goto out_double_mount;
694
695 sbsec->flags |= FSCONTEXT_MNT;
696 break;
697 case CONTEXT_MNT:
698 context_sid = sid;
699
700 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
701 context_sid))
702 goto out_double_mount;
703
704 sbsec->flags |= CONTEXT_MNT;
705 break;
706 case ROOTCONTEXT_MNT:
707 rootcontext_sid = sid;
708
709 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
710 rootcontext_sid))
711 goto out_double_mount;
712
713 sbsec->flags |= ROOTCONTEXT_MNT;
714
715 break;
716 case DEFCONTEXT_MNT:
717 defcontext_sid = sid;
718
719 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
720 defcontext_sid))
721 goto out_double_mount;
722
723 sbsec->flags |= DEFCONTEXT_MNT;
724
725 break;
726 default:
727 rc = -EINVAL;
728 goto out;
729 }
730 }
731
732 if (sbsec->flags & SE_SBINITIALIZED) {
733
734 if ((sbsec->flags & SE_MNTMASK) && !num_opts)
735 goto out_double_mount;
736 rc = 0;
737 goto out;
738 }
739
740 if (strcmp(sb->s_type->name, "proc") == 0)
741 sbsec->flags |= SE_SBPROC;
742
743 if (!sbsec->behavior) {
744
745
746
747
748 rc = security_fs_use(sb);
749 if (rc) {
750 printk(KERN_WARNING
751 "%s: security_fs_use(%s) returned %d\n",
752 __func__, sb->s_type->name, rc);
753 goto out;
754 }
755 }
756
757 if (fscontext_sid) {
758 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
759 if (rc)
760 goto out;
761
762 sbsec->sid = fscontext_sid;
763 }
764
765
766
767
768
769
770 if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !context_sid) {
771 sbsec->behavior = SECURITY_FS_USE_NATIVE;
772 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
773 }
774
775 if (context_sid) {
776 if (!fscontext_sid) {
777 rc = may_context_mount_sb_relabel(context_sid, sbsec,
778 cred);
779 if (rc)
780 goto out;
781 sbsec->sid = context_sid;
782 } else {
783 rc = may_context_mount_inode_relabel(context_sid, sbsec,
784 cred);
785 if (rc)
786 goto out;
787 }
788 if (!rootcontext_sid)
789 rootcontext_sid = context_sid;
790
791 sbsec->mntpoint_sid = context_sid;
792 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
793 }
794
795 if (rootcontext_sid) {
796 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
797 cred);
798 if (rc)
799 goto out;
800
801 root_isec->sid = rootcontext_sid;
802 root_isec->initialized = 1;
803 }
804
805 if (defcontext_sid) {
806 if (sbsec->behavior != SECURITY_FS_USE_XATTR &&
807 sbsec->behavior != SECURITY_FS_USE_NATIVE) {
808 rc = -EINVAL;
809 printk(KERN_WARNING "SELinux: defcontext option is "
810 "invalid for this filesystem type\n");
811 goto out;
812 }
813
814 if (defcontext_sid != sbsec->def_sid) {
815 rc = may_context_mount_inode_relabel(defcontext_sid,
816 sbsec, cred);
817 if (rc)
818 goto out;
819 }
820
821 sbsec->def_sid = defcontext_sid;
822 }
823
824 rc = sb_finish_set_opts(sb);
825out:
826 mutex_unlock(&sbsec->lock);
827 return rc;
828out_double_mount:
829 rc = -EINVAL;
830 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
831 "security settings for (dev %s, type %s)\n", sb->s_id, name);
832 goto out;
833}
834
835static int selinux_cmp_sb_context(const struct super_block *oldsb,
836 const struct super_block *newsb)
837{
838 struct superblock_security_struct *old = oldsb->s_security;
839 struct superblock_security_struct *new = newsb->s_security;
840 char oldflags = old->flags & SE_MNTMASK;
841 char newflags = new->flags & SE_MNTMASK;
842
843 if (oldflags != newflags)
844 goto mismatch;
845 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid)
846 goto mismatch;
847 if ((oldflags & CONTEXT_MNT) && old->mntpoint_sid != new->mntpoint_sid)
848 goto mismatch;
849 if ((oldflags & DEFCONTEXT_MNT) && old->def_sid != new->def_sid)
850 goto mismatch;
851 if (oldflags & ROOTCONTEXT_MNT) {
852 struct inode_security_struct *oldroot = oldsb->s_root->d_inode->i_security;
853 struct inode_security_struct *newroot = newsb->s_root->d_inode->i_security;
854 if (oldroot->sid != newroot->sid)
855 goto mismatch;
856 }
857 return 0;
858mismatch:
859 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, "
860 "different security settings for (dev %s, "
861 "type %s)\n", newsb->s_id, newsb->s_type->name);
862 return -EBUSY;
863}
864
865static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
866 struct super_block *newsb)
867{
868 const struct superblock_security_struct *oldsbsec = oldsb->s_security;
869 struct superblock_security_struct *newsbsec = newsb->s_security;
870
871 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
872 int set_context = (oldsbsec->flags & CONTEXT_MNT);
873 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
874
875
876
877
878
879 if (!ss_initialized)
880 return 0;
881
882
883 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
884
885
886 if (newsbsec->flags & SE_SBINITIALIZED)
887 return selinux_cmp_sb_context(oldsb, newsb);
888
889 mutex_lock(&newsbsec->lock);
890
891 newsbsec->flags = oldsbsec->flags;
892
893 newsbsec->sid = oldsbsec->sid;
894 newsbsec->def_sid = oldsbsec->def_sid;
895 newsbsec->behavior = oldsbsec->behavior;
896
897 if (set_context) {
898 u32 sid = oldsbsec->mntpoint_sid;
899
900 if (!set_fscontext)
901 newsbsec->sid = sid;
902 if (!set_rootcontext) {
903 struct inode *newinode = newsb->s_root->d_inode;
904 struct inode_security_struct *newisec = newinode->i_security;
905 newisec->sid = sid;
906 }
907 newsbsec->mntpoint_sid = sid;
908 }
909 if (set_rootcontext) {
910 const struct inode *oldinode = oldsb->s_root->d_inode;
911 const struct inode_security_struct *oldisec = oldinode->i_security;
912 struct inode *newinode = newsb->s_root->d_inode;
913 struct inode_security_struct *newisec = newinode->i_security;
914
915 newisec->sid = oldisec->sid;
916 }
917
918 sb_finish_set_opts(newsb);
919 mutex_unlock(&newsbsec->lock);
920 return 0;
921}
922
923static int selinux_parse_opts_str(char *options,
924 struct security_mnt_opts *opts)
925{
926 char *p;
927 char *context = NULL, *defcontext = NULL;
928 char *fscontext = NULL, *rootcontext = NULL;
929 int rc, num_mnt_opts = 0;
930
931 opts->num_mnt_opts = 0;
932
933
934 while ((p = strsep(&options, "|")) != NULL) {
935 int token;
936 substring_t args[MAX_OPT_ARGS];
937
938 if (!*p)
939 continue;
940
941 token = match_token(p, tokens, args);
942
943 switch (token) {
944 case Opt_context:
945 if (context || defcontext) {
946 rc = -EINVAL;
947 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
948 goto out_err;
949 }
950 context = match_strdup(&args[0]);
951 if (!context) {
952 rc = -ENOMEM;
953 goto out_err;
954 }
955 break;
956
957 case Opt_fscontext:
958 if (fscontext) {
959 rc = -EINVAL;
960 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
961 goto out_err;
962 }
963 fscontext = match_strdup(&args[0]);
964 if (!fscontext) {
965 rc = -ENOMEM;
966 goto out_err;
967 }
968 break;
969
970 case Opt_rootcontext:
971 if (rootcontext) {
972 rc = -EINVAL;
973 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
974 goto out_err;
975 }
976 rootcontext = match_strdup(&args[0]);
977 if (!rootcontext) {
978 rc = -ENOMEM;
979 goto out_err;
980 }
981 break;
982
983 case Opt_defcontext:
984 if (context || defcontext) {
985 rc = -EINVAL;
986 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
987 goto out_err;
988 }
989 defcontext = match_strdup(&args[0]);
990 if (!defcontext) {
991 rc = -ENOMEM;
992 goto out_err;
993 }
994 break;
995 case Opt_labelsupport:
996 break;
997 default:
998 rc = -EINVAL;
999 printk(KERN_WARNING "SELinux: unknown mount option\n");
1000 goto out_err;
1001
1002 }
1003 }
1004
1005 rc = -ENOMEM;
1006 opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC);
1007 if (!opts->mnt_opts)
1008 goto out_err;
1009
1010 opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC);
1011 if (!opts->mnt_opts_flags) {
1012 kfree(opts->mnt_opts);
1013 goto out_err;
1014 }
1015
1016 if (fscontext) {
1017 opts->mnt_opts[num_mnt_opts] = fscontext;
1018 opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;
1019 }
1020 if (context) {
1021 opts->mnt_opts[num_mnt_opts] = context;
1022 opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;
1023 }
1024 if (rootcontext) {
1025 opts->mnt_opts[num_mnt_opts] = rootcontext;
1026 opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;
1027 }
1028 if (defcontext) {
1029 opts->mnt_opts[num_mnt_opts] = defcontext;
1030 opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;
1031 }
1032
1033 opts->num_mnt_opts = num_mnt_opts;
1034 return 0;
1035
1036out_err:
1037 kfree(context);
1038 kfree(defcontext);
1039 kfree(fscontext);
1040 kfree(rootcontext);
1041 return rc;
1042}
1043
1044
1045
1046static int superblock_doinit(struct super_block *sb, void *data)
1047{
1048 int rc = 0;
1049 char *options = data;
1050 struct security_mnt_opts opts;
1051
1052 security_init_mnt_opts(&opts);
1053
1054 if (!data)
1055 goto out;
1056
1057 BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
1058
1059 rc = selinux_parse_opts_str(options, &opts);
1060 if (rc)
1061 goto out_err;
1062
1063out:
1064 rc = selinux_set_mnt_opts(sb, &opts, 0, NULL);
1065
1066out_err:
1067 security_free_mnt_opts(&opts);
1068 return rc;
1069}
1070
1071static void selinux_write_opts(struct seq_file *m,
1072 struct security_mnt_opts *opts)
1073{
1074 int i;
1075 char *prefix;
1076
1077 for (i = 0; i < opts->num_mnt_opts; i++) {
1078 char *has_comma;
1079
1080 if (opts->mnt_opts[i])
1081 has_comma = strchr(opts->mnt_opts[i], ',');
1082 else
1083 has_comma = NULL;
1084
1085 switch (opts->mnt_opts_flags[i]) {
1086 case CONTEXT_MNT:
1087 prefix = CONTEXT_STR;
1088 break;
1089 case FSCONTEXT_MNT:
1090 prefix = FSCONTEXT_STR;
1091 break;
1092 case ROOTCONTEXT_MNT:
1093 prefix = ROOTCONTEXT_STR;
1094 break;
1095 case DEFCONTEXT_MNT:
1096 prefix = DEFCONTEXT_STR;
1097 break;
1098 case SBLABEL_MNT:
1099 seq_putc(m, ',');
1100 seq_puts(m, LABELSUPP_STR);
1101 continue;
1102 default:
1103 BUG();
1104 return;
1105 };
1106
1107 seq_putc(m, ',');
1108 seq_puts(m, prefix);
1109 if (has_comma)
1110 seq_putc(m, '\"');
1111 seq_puts(m, opts->mnt_opts[i]);
1112 if (has_comma)
1113 seq_putc(m, '\"');
1114 }
1115}
1116
1117static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
1118{
1119 struct security_mnt_opts opts;
1120 int rc;
1121
1122 rc = selinux_get_mnt_opts(sb, &opts);
1123 if (rc) {
1124
1125 if (rc == -EINVAL)
1126 rc = 0;
1127 return rc;
1128 }
1129
1130 selinux_write_opts(m, &opts);
1131
1132 security_free_mnt_opts(&opts);
1133
1134 return rc;
1135}
1136
1137static inline u16 inode_mode_to_security_class(umode_t mode)
1138{
1139 switch (mode & S_IFMT) {
1140 case S_IFSOCK:
1141 return SECCLASS_SOCK_FILE;
1142 case S_IFLNK:
1143 return SECCLASS_LNK_FILE;
1144 case S_IFREG:
1145 return SECCLASS_FILE;
1146 case S_IFBLK:
1147 return SECCLASS_BLK_FILE;
1148 case S_IFDIR:
1149 return SECCLASS_DIR;
1150 case S_IFCHR:
1151 return SECCLASS_CHR_FILE;
1152 case S_IFIFO:
1153 return SECCLASS_FIFO_FILE;
1154
1155 }
1156
1157 return SECCLASS_FILE;
1158}
1159
1160static inline int default_protocol_stream(int protocol)
1161{
1162 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
1163}
1164
1165static inline int default_protocol_dgram(int protocol)
1166{
1167 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
1168}
1169
1170static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1171{
1172 switch (family) {
1173 case PF_UNIX:
1174 switch (type) {
1175 case SOCK_STREAM:
1176 case SOCK_SEQPACKET:
1177 return SECCLASS_UNIX_STREAM_SOCKET;
1178 case SOCK_DGRAM:
1179 return SECCLASS_UNIX_DGRAM_SOCKET;
1180 }
1181 break;
1182 case PF_INET:
1183 case PF_INET6:
1184 switch (type) {
1185 case SOCK_STREAM:
1186 if (default_protocol_stream(protocol))
1187 return SECCLASS_TCP_SOCKET;
1188 else
1189 return SECCLASS_RAWIP_SOCKET;
1190 case SOCK_DGRAM:
1191 if (default_protocol_dgram(protocol))
1192 return SECCLASS_UDP_SOCKET;
1193 else
1194 return SECCLASS_RAWIP_SOCKET;
1195 case SOCK_DCCP:
1196 return SECCLASS_DCCP_SOCKET;
1197 default:
1198 return SECCLASS_RAWIP_SOCKET;
1199 }
1200 break;
1201 case PF_NETLINK:
1202 switch (protocol) {
1203 case NETLINK_ROUTE:
1204 return SECCLASS_NETLINK_ROUTE_SOCKET;
1205 case NETLINK_FIREWALL:
1206 return SECCLASS_NETLINK_FIREWALL_SOCKET;
1207 case NETLINK_SOCK_DIAG:
1208 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1209 case NETLINK_NFLOG:
1210 return SECCLASS_NETLINK_NFLOG_SOCKET;
1211 case NETLINK_XFRM:
1212 return SECCLASS_NETLINK_XFRM_SOCKET;
1213 case NETLINK_SELINUX:
1214 return SECCLASS_NETLINK_SELINUX_SOCKET;
1215 case NETLINK_AUDIT:
1216 return SECCLASS_NETLINK_AUDIT_SOCKET;
1217 case NETLINK_IP6_FW:
1218 return SECCLASS_NETLINK_IP6FW_SOCKET;
1219 case NETLINK_DNRTMSG:
1220 return SECCLASS_NETLINK_DNRT_SOCKET;
1221 case NETLINK_KOBJECT_UEVENT:
1222 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1223 default:
1224 return SECCLASS_NETLINK_SOCKET;
1225 }
1226 case PF_PACKET:
1227 return SECCLASS_PACKET_SOCKET;
1228 case PF_KEY:
1229 return SECCLASS_KEY_SOCKET;
1230 case PF_APPLETALK:
1231 return SECCLASS_APPLETALK_SOCKET;
1232 }
1233
1234 return SECCLASS_SOCKET;
1235}
1236
1237#ifdef CONFIG_PROC_FS
1238static int selinux_proc_get_sid(struct dentry *dentry,
1239 u16 tclass,
1240 u32 *sid)
1241{
1242 int rc;
1243 char *buffer, *path;
1244
1245 buffer = (char *)__get_free_page(GFP_KERNEL);
1246 if (!buffer)
1247 return -ENOMEM;
1248
1249 path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
1250 if (IS_ERR(path))
1251 rc = PTR_ERR(path);
1252 else {
1253
1254
1255
1256 while (path[1] >= '0' && path[1] <= '9') {
1257 path[1] = '/';
1258 path++;
1259 }
1260 rc = security_genfs_sid("proc", path, tclass, sid);
1261 }
1262 free_page((unsigned long)buffer);
1263 return rc;
1264}
1265#else
1266static int selinux_proc_get_sid(struct dentry *dentry,
1267 u16 tclass,
1268 u32 *sid)
1269{
1270 return -EINVAL;
1271}
1272#endif
1273
1274
1275static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1276{
1277 struct superblock_security_struct *sbsec = NULL;
1278 struct inode_security_struct *isec = inode->i_security;
1279 u32 sid;
1280 struct dentry *dentry;
1281#define INITCONTEXTLEN 255
1282 char *context = NULL;
1283 unsigned len = 0;
1284 int rc = 0;
1285
1286 if (isec->initialized)
1287 goto out;
1288
1289 mutex_lock(&isec->lock);
1290 if (isec->initialized)
1291 goto out_unlock;
1292
1293 sbsec = inode->i_sb->s_security;
1294 if (!(sbsec->flags & SE_SBINITIALIZED)) {
1295
1296
1297
1298 spin_lock(&sbsec->isec_lock);
1299 if (list_empty(&isec->list))
1300 list_add(&isec->list, &sbsec->isec_head);
1301 spin_unlock(&sbsec->isec_lock);
1302 goto out_unlock;
1303 }
1304
1305 switch (sbsec->behavior) {
1306 case SECURITY_FS_USE_NATIVE:
1307 break;
1308 case SECURITY_FS_USE_XATTR:
1309 if (!inode->i_op->getxattr) {
1310 isec->sid = sbsec->def_sid;
1311 break;
1312 }
1313
1314
1315
1316 if (opt_dentry) {
1317
1318 dentry = dget(opt_dentry);
1319 } else {
1320
1321 dentry = d_find_alias(inode);
1322 }
1323 if (!dentry) {
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333 goto out_unlock;
1334 }
1335
1336 len = INITCONTEXTLEN;
1337 context = kmalloc(len+1, GFP_NOFS);
1338 if (!context) {
1339 rc = -ENOMEM;
1340 dput(dentry);
1341 goto out_unlock;
1342 }
1343 context[len] = '\0';
1344 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1345 context, len);
1346 if (rc == -ERANGE) {
1347 kfree(context);
1348
1349
1350 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1351 NULL, 0);
1352 if (rc < 0) {
1353 dput(dentry);
1354 goto out_unlock;
1355 }
1356 len = rc;
1357 context = kmalloc(len+1, GFP_NOFS);
1358 if (!context) {
1359 rc = -ENOMEM;
1360 dput(dentry);
1361 goto out_unlock;
1362 }
1363 context[len] = '\0';
1364 rc = inode->i_op->getxattr(dentry,
1365 XATTR_NAME_SELINUX,
1366 context, len);
1367 }
1368 dput(dentry);
1369 if (rc < 0) {
1370 if (rc != -ENODATA) {
1371 printk(KERN_WARNING "SELinux: %s: getxattr returned "
1372 "%d for dev=%s ino=%ld\n", __func__,
1373 -rc, inode->i_sb->s_id, inode->i_ino);
1374 kfree(context);
1375 goto out_unlock;
1376 }
1377
1378 sid = sbsec->def_sid;
1379 rc = 0;
1380 } else {
1381 rc = security_context_to_sid_default(context, rc, &sid,
1382 sbsec->def_sid,
1383 GFP_NOFS);
1384 if (rc) {
1385 char *dev = inode->i_sb->s_id;
1386 unsigned long ino = inode->i_ino;
1387
1388 if (rc == -EINVAL) {
1389 if (printk_ratelimit())
1390 printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
1391 "context=%s. This indicates you may need to relabel the inode or the "
1392 "filesystem in question.\n", ino, dev, context);
1393 } else {
1394 printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
1395 "returned %d for dev=%s ino=%ld\n",
1396 __func__, context, -rc, dev, ino);
1397 }
1398 kfree(context);
1399
1400 rc = 0;
1401 break;
1402 }
1403 }
1404 kfree(context);
1405 isec->sid = sid;
1406 break;
1407 case SECURITY_FS_USE_TASK:
1408 isec->sid = isec->task_sid;
1409 break;
1410 case SECURITY_FS_USE_TRANS:
1411
1412 isec->sid = sbsec->sid;
1413
1414
1415 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1416 rc = security_transition_sid(isec->task_sid, sbsec->sid,
1417 isec->sclass, NULL, &sid);
1418 if (rc)
1419 goto out_unlock;
1420 isec->sid = sid;
1421 break;
1422 case SECURITY_FS_USE_MNTPOINT:
1423 isec->sid = sbsec->mntpoint_sid;
1424 break;
1425 default:
1426
1427 isec->sid = sbsec->sid;
1428
1429 if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
1430
1431
1432 if (opt_dentry)
1433
1434
1435 dentry = dget(opt_dentry);
1436 else
1437
1438
1439 dentry = d_find_alias(inode);
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449 if (!dentry)
1450 goto out_unlock;
1451 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1452 rc = selinux_proc_get_sid(dentry, isec->sclass, &sid);
1453 dput(dentry);
1454 if (rc)
1455 goto out_unlock;
1456 isec->sid = sid;
1457 }
1458 break;
1459 }
1460
1461 isec->initialized = 1;
1462
1463out_unlock:
1464 mutex_unlock(&isec->lock);
1465out:
1466 if (isec->sclass == SECCLASS_FILE)
1467 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1468 return rc;
1469}
1470
1471
1472static inline u32 signal_to_av(int sig)
1473{
1474 u32 perm = 0;
1475
1476 switch (sig) {
1477 case SIGCHLD:
1478
1479 perm = PROCESS__SIGCHLD;
1480 break;
1481 case SIGKILL:
1482
1483 perm = PROCESS__SIGKILL;
1484 break;
1485 case SIGSTOP:
1486
1487 perm = PROCESS__SIGSTOP;
1488 break;
1489 default:
1490
1491 perm = PROCESS__SIGNAL;
1492 break;
1493 }
1494
1495 return perm;
1496}
1497
1498
1499
1500
1501
1502static int cred_has_perm(const struct cred *actor,
1503 const struct cred *target,
1504 u32 perms)
1505{
1506 u32 asid = cred_sid(actor), tsid = cred_sid(target);
1507
1508 return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL);
1509}
1510
1511
1512
1513
1514
1515
1516
1517static int task_has_perm(const struct task_struct *tsk1,
1518 const struct task_struct *tsk2,
1519 u32 perms)
1520{
1521 const struct task_security_struct *__tsec1, *__tsec2;
1522 u32 sid1, sid2;
1523
1524 rcu_read_lock();
1525 __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid;
1526 __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid;
1527 rcu_read_unlock();
1528 return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL);
1529}
1530
1531
1532
1533
1534
1535
1536
1537static int current_has_perm(const struct task_struct *tsk,
1538 u32 perms)
1539{
1540 u32 sid, tsid;
1541
1542 sid = current_sid();
1543 tsid = task_sid(tsk);
1544 return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL);
1545}
1546
1547#if CAP_LAST_CAP > 63
1548#error Fix SELinux to handle capabilities > 63.
1549#endif
1550
1551
1552static int cred_has_capability(const struct cred *cred,
1553 int cap, int audit)
1554{
1555 struct common_audit_data ad;
1556 struct av_decision avd;
1557 u16 sclass;
1558 u32 sid = cred_sid(cred);
1559 u32 av = CAP_TO_MASK(cap);
1560 int rc;
1561
1562 ad.type = LSM_AUDIT_DATA_CAP;
1563 ad.u.cap = cap;
1564
1565 switch (CAP_TO_INDEX(cap)) {
1566 case 0:
1567 sclass = SECCLASS_CAPABILITY;
1568 break;
1569 case 1:
1570 sclass = SECCLASS_CAPABILITY2;
1571 break;
1572 default:
1573 printk(KERN_ERR
1574 "SELinux: out of range capability %d\n", cap);
1575 BUG();
1576 return -EINVAL;
1577 }
1578
1579 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
1580 if (audit == SECURITY_CAP_AUDIT) {
1581 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad);
1582 if (rc2)
1583 return rc2;
1584 }
1585 return rc;
1586}
1587
1588
1589static int task_has_system(struct task_struct *tsk,
1590 u32 perms)
1591{
1592 u32 sid = task_sid(tsk);
1593
1594 return avc_has_perm(sid, SECINITSID_KERNEL,
1595 SECCLASS_SYSTEM, perms, NULL);
1596}
1597
1598
1599
1600
1601static int inode_has_perm(const struct cred *cred,
1602 struct inode *inode,
1603 u32 perms,
1604 struct common_audit_data *adp)
1605{
1606 struct inode_security_struct *isec;
1607 u32 sid;
1608
1609 validate_creds(cred);
1610
1611 if (unlikely(IS_PRIVATE(inode)))
1612 return 0;
1613
1614 sid = cred_sid(cred);
1615 isec = inode->i_security;
1616
1617 return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);
1618}
1619
1620
1621
1622
1623static inline int dentry_has_perm(const struct cred *cred,
1624 struct dentry *dentry,
1625 u32 av)
1626{
1627 struct inode *inode = dentry->d_inode;
1628 struct common_audit_data ad;
1629
1630 ad.type = LSM_AUDIT_DATA_DENTRY;
1631 ad.u.dentry = dentry;
1632 return inode_has_perm(cred, inode, av, &ad);
1633}
1634
1635
1636
1637
1638static inline int path_has_perm(const struct cred *cred,
1639 struct path *path,
1640 u32 av)
1641{
1642 struct inode *inode = path->dentry->d_inode;
1643 struct common_audit_data ad;
1644
1645 ad.type = LSM_AUDIT_DATA_PATH;
1646 ad.u.path = *path;
1647 return inode_has_perm(cred, inode, av, &ad);
1648}
1649
1650
1651static inline int file_path_has_perm(const struct cred *cred,
1652 struct file *file,
1653 u32 av)
1654{
1655 struct common_audit_data ad;
1656
1657 ad.type = LSM_AUDIT_DATA_PATH;
1658 ad.u.path = file->f_path;
1659 return inode_has_perm(cred, file_inode(file), av, &ad);
1660}
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670static int file_has_perm(const struct cred *cred,
1671 struct file *file,
1672 u32 av)
1673{
1674 struct file_security_struct *fsec = file->f_security;
1675 struct inode *inode = file_inode(file);
1676 struct common_audit_data ad;
1677 u32 sid = cred_sid(cred);
1678 int rc;
1679
1680 ad.type = LSM_AUDIT_DATA_PATH;
1681 ad.u.path = file->f_path;
1682
1683 if (sid != fsec->sid) {
1684 rc = avc_has_perm(sid, fsec->sid,
1685 SECCLASS_FD,
1686 FD__USE,
1687 &ad);
1688 if (rc)
1689 goto out;
1690 }
1691
1692
1693 rc = 0;
1694 if (av)
1695 rc = inode_has_perm(cred, inode, av, &ad);
1696
1697out:
1698 return rc;
1699}
1700
1701
1702static int may_create(struct inode *dir,
1703 struct dentry *dentry,
1704 u16 tclass)
1705{
1706 const struct task_security_struct *tsec = current_security();
1707 struct inode_security_struct *dsec;
1708 struct superblock_security_struct *sbsec;
1709 u32 sid, newsid;
1710 struct common_audit_data ad;
1711 int rc;
1712
1713 dsec = dir->i_security;
1714 sbsec = dir->i_sb->s_security;
1715
1716 sid = tsec->sid;
1717 newsid = tsec->create_sid;
1718
1719 ad.type = LSM_AUDIT_DATA_DENTRY;
1720 ad.u.dentry = dentry;
1721
1722 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
1723 DIR__ADD_NAME | DIR__SEARCH,
1724 &ad);
1725 if (rc)
1726 return rc;
1727
1728 if (!newsid || !(sbsec->flags & SBLABEL_MNT)) {
1729 rc = security_transition_sid(sid, dsec->sid, tclass,
1730 &dentry->d_name, &newsid);
1731 if (rc)
1732 return rc;
1733 }
1734
1735 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);
1736 if (rc)
1737 return rc;
1738
1739 return avc_has_perm(newsid, sbsec->sid,
1740 SECCLASS_FILESYSTEM,
1741 FILESYSTEM__ASSOCIATE, &ad);
1742}
1743
1744
1745static int may_create_key(u32 ksid,
1746 struct task_struct *ctx)
1747{
1748 u32 sid = task_sid(ctx);
1749
1750 return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1751}
1752
1753#define MAY_LINK 0
1754#define MAY_UNLINK 1
1755#define MAY_RMDIR 2
1756
1757
1758static int may_link(struct inode *dir,
1759 struct dentry *dentry,
1760 int kind)
1761
1762{
1763 struct inode_security_struct *dsec, *isec;
1764 struct common_audit_data ad;
1765 u32 sid = current_sid();
1766 u32 av;
1767 int rc;
1768
1769 dsec = dir->i_security;
1770 isec = dentry->d_inode->i_security;
1771
1772 ad.type = LSM_AUDIT_DATA_DENTRY;
1773 ad.u.dentry = dentry;
1774
1775 av = DIR__SEARCH;
1776 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1777 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);
1778 if (rc)
1779 return rc;
1780
1781 switch (kind) {
1782 case MAY_LINK:
1783 av = FILE__LINK;
1784 break;
1785 case MAY_UNLINK:
1786 av = FILE__UNLINK;
1787 break;
1788 case MAY_RMDIR:
1789 av = DIR__RMDIR;
1790 break;
1791 default:
1792 printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
1793 __func__, kind);
1794 return 0;
1795 }
1796
1797 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);
1798 return rc;
1799}
1800
1801static inline int may_rename(struct inode *old_dir,
1802 struct dentry *old_dentry,
1803 struct inode *new_dir,
1804 struct dentry *new_dentry)
1805{
1806 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1807 struct common_audit_data ad;
1808 u32 sid = current_sid();
1809 u32 av;
1810 int old_is_dir, new_is_dir;
1811 int rc;
1812
1813 old_dsec = old_dir->i_security;
1814 old_isec = old_dentry->d_inode->i_security;
1815 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
1816 new_dsec = new_dir->i_security;
1817
1818 ad.type = LSM_AUDIT_DATA_DENTRY;
1819
1820 ad.u.dentry = old_dentry;
1821 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
1822 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1823 if (rc)
1824 return rc;
1825 rc = avc_has_perm(sid, old_isec->sid,
1826 old_isec->sclass, FILE__RENAME, &ad);
1827 if (rc)
1828 return rc;
1829 if (old_is_dir && new_dir != old_dir) {
1830 rc = avc_has_perm(sid, old_isec->sid,
1831 old_isec->sclass, DIR__REPARENT, &ad);
1832 if (rc)
1833 return rc;
1834 }
1835
1836 ad.u.dentry = new_dentry;
1837 av = DIR__ADD_NAME | DIR__SEARCH;
1838 if (new_dentry->d_inode)
1839 av |= DIR__REMOVE_NAME;
1840 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1841 if (rc)
1842 return rc;
1843 if (new_dentry->d_inode) {
1844 new_isec = new_dentry->d_inode->i_security;
1845 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
1846 rc = avc_has_perm(sid, new_isec->sid,
1847 new_isec->sclass,
1848 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1849 if (rc)
1850 return rc;
1851 }
1852
1853 return 0;
1854}
1855
1856
1857static int superblock_has_perm(const struct cred *cred,
1858 struct super_block *sb,
1859 u32 perms,
1860 struct common_audit_data *ad)
1861{
1862 struct superblock_security_struct *sbsec;
1863 u32 sid = cred_sid(cred);
1864
1865 sbsec = sb->s_security;
1866 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
1867}
1868
1869
1870static inline u32 file_mask_to_av(int mode, int mask)
1871{
1872 u32 av = 0;
1873
1874 if (!S_ISDIR(mode)) {
1875 if (mask & MAY_EXEC)
1876 av |= FILE__EXECUTE;
1877 if (mask & MAY_READ)
1878 av |= FILE__READ;
1879
1880 if (mask & MAY_APPEND)
1881 av |= FILE__APPEND;
1882 else if (mask & MAY_WRITE)
1883 av |= FILE__WRITE;
1884
1885 } else {
1886 if (mask & MAY_EXEC)
1887 av |= DIR__SEARCH;
1888 if (mask & MAY_WRITE)
1889 av |= DIR__WRITE;
1890 if (mask & MAY_READ)
1891 av |= DIR__READ;
1892 }
1893
1894 return av;
1895}
1896
1897
1898static inline u32 file_to_av(struct file *file)
1899{
1900 u32 av = 0;
1901
1902 if (file->f_mode & FMODE_READ)
1903 av |= FILE__READ;
1904 if (file->f_mode & FMODE_WRITE) {
1905 if (file->f_flags & O_APPEND)
1906 av |= FILE__APPEND;
1907 else
1908 av |= FILE__WRITE;
1909 }
1910 if (!av) {
1911
1912
1913
1914 av = FILE__IOCTL;
1915 }
1916
1917 return av;
1918}
1919
1920
1921
1922
1923
1924static inline u32 open_file_to_av(struct file *file)
1925{
1926 u32 av = file_to_av(file);
1927
1928 if (selinux_policycap_openperm)
1929 av |= FILE__OPEN;
1930
1931 return av;
1932}
1933
1934
1935
1936static int selinux_ptrace_access_check(struct task_struct *child,
1937 unsigned int mode)
1938{
1939 int rc;
1940
1941 rc = cap_ptrace_access_check(child, mode);
1942 if (rc)
1943 return rc;
1944
1945 if (mode & PTRACE_MODE_READ) {
1946 u32 sid = current_sid();
1947 u32 csid = task_sid(child);
1948 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
1949 }
1950
1951 return current_has_perm(child, PROCESS__PTRACE);
1952}
1953
1954static int selinux_ptrace_traceme(struct task_struct *parent)
1955{
1956 int rc;
1957
1958 rc = cap_ptrace_traceme(parent);
1959 if (rc)
1960 return rc;
1961
1962 return task_has_perm(parent, current, PROCESS__PTRACE);
1963}
1964
1965static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
1966 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1967{
1968 int error;
1969
1970 error = current_has_perm(target, PROCESS__GETCAP);
1971 if (error)
1972 return error;
1973
1974 return cap_capget(target, effective, inheritable, permitted);
1975}
1976
1977static int selinux_capset(struct cred *new, const struct cred *old,
1978 const kernel_cap_t *effective,
1979 const kernel_cap_t *inheritable,
1980 const kernel_cap_t *permitted)
1981{
1982 int error;
1983
1984 error = cap_capset(new, old,
1985 effective, inheritable, permitted);
1986 if (error)
1987 return error;
1988
1989 return cred_has_perm(old, new, PROCESS__SETCAP);
1990}
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
2003 int cap, int audit)
2004{
2005 int rc;
2006
2007 rc = cap_capable(cred, ns, cap, audit);
2008 if (rc)
2009 return rc;
2010
2011 return cred_has_capability(cred, cap, audit);
2012}
2013
2014static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
2015{
2016 const struct cred *cred = current_cred();
2017 int rc = 0;
2018
2019 if (!sb)
2020 return 0;
2021
2022 switch (cmds) {
2023 case Q_SYNC:
2024 case Q_QUOTAON:
2025 case Q_QUOTAOFF:
2026 case Q_SETINFO:
2027 case Q_SETQUOTA:
2028 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
2029 break;
2030 case Q_GETFMT:
2031 case Q_GETINFO:
2032 case Q_GETQUOTA:
2033 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
2034 break;
2035 default:
2036 rc = 0;
2037 break;
2038 }
2039 return rc;
2040}
2041
2042static int selinux_quota_on(struct dentry *dentry)
2043{
2044 const struct cred *cred = current_cred();
2045
2046 return dentry_has_perm(cred, dentry, FILE__QUOTAON);
2047}
2048
2049static int selinux_syslog(int type)
2050{
2051 int rc;
2052
2053 switch (type) {
2054 case SYSLOG_ACTION_READ_ALL:
2055 case SYSLOG_ACTION_SIZE_BUFFER:
2056 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
2057 break;
2058 case SYSLOG_ACTION_CONSOLE_OFF:
2059 case SYSLOG_ACTION_CONSOLE_ON:
2060
2061 case SYSLOG_ACTION_CONSOLE_LEVEL:
2062 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
2063 break;
2064 case SYSLOG_ACTION_CLOSE:
2065 case SYSLOG_ACTION_OPEN:
2066 case SYSLOG_ACTION_READ:
2067 case SYSLOG_ACTION_READ_CLEAR:
2068 case SYSLOG_ACTION_CLEAR:
2069 default:
2070 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
2071 break;
2072 }
2073 return rc;
2074}
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
2085{
2086 int rc, cap_sys_admin = 0;
2087
2088 rc = selinux_capable(current_cred(), &init_user_ns, CAP_SYS_ADMIN,
2089 SECURITY_CAP_NOAUDIT);
2090 if (rc == 0)
2091 cap_sys_admin = 1;
2092
2093 return __vm_enough_memory(mm, pages, cap_sys_admin);
2094}
2095
2096
2097
2098static int check_nnp_nosuid(const struct linux_binprm *bprm,
2099 const struct task_security_struct *old_tsec,
2100 const struct task_security_struct *new_tsec)
2101{
2102 int nnp = (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS);
2103 int nosuid = (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID);
2104 int rc;
2105
2106 if (!nnp && !nosuid)
2107 return 0;
2108
2109 if (new_tsec->sid == old_tsec->sid)
2110 return 0;
2111
2112
2113
2114
2115
2116
2117
2118 rc = security_bounded_transition(old_tsec->sid, new_tsec->sid);
2119 if (rc) {
2120
2121
2122
2123
2124
2125 if (nnp)
2126 return -EPERM;
2127 else
2128 return -EACCES;
2129 }
2130 return 0;
2131}
2132
2133static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2134{
2135 const struct task_security_struct *old_tsec;
2136 struct task_security_struct *new_tsec;
2137 struct inode_security_struct *isec;
2138 struct common_audit_data ad;
2139 struct inode *inode = file_inode(bprm->file);
2140 int rc;
2141
2142 rc = cap_bprm_set_creds(bprm);
2143 if (rc)
2144 return rc;
2145
2146
2147
2148 if (bprm->cred_prepared)
2149 return 0;
2150
2151 old_tsec = current_security();
2152 new_tsec = bprm->cred->security;
2153 isec = inode->i_security;
2154
2155
2156 new_tsec->sid = old_tsec->sid;
2157 new_tsec->osid = old_tsec->sid;
2158
2159
2160 new_tsec->create_sid = 0;
2161 new_tsec->keycreate_sid = 0;
2162 new_tsec->sockcreate_sid = 0;
2163
2164 if (old_tsec->exec_sid) {
2165 new_tsec->sid = old_tsec->exec_sid;
2166
2167 new_tsec->exec_sid = 0;
2168
2169
2170 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec);
2171 if (rc)
2172 return rc;
2173 } else {
2174
2175 rc = security_transition_sid(old_tsec->sid, isec->sid,
2176 SECCLASS_PROCESS, NULL,
2177 &new_tsec->sid);
2178 if (rc)
2179 return rc;
2180
2181
2182
2183
2184
2185 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec);
2186 if (rc)
2187 new_tsec->sid = old_tsec->sid;
2188 }
2189
2190 ad.type = LSM_AUDIT_DATA_PATH;
2191 ad.u.path = bprm->file->f_path;
2192
2193 if (new_tsec->sid == old_tsec->sid) {
2194 rc = avc_has_perm(old_tsec->sid, isec->sid,
2195 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2196 if (rc)
2197 return rc;
2198 } else {
2199
2200 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2201 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2202 if (rc)
2203 return rc;
2204
2205 rc = avc_has_perm(new_tsec->sid, isec->sid,
2206 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2207 if (rc)
2208 return rc;
2209
2210
2211 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2212 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2213 SECCLASS_PROCESS, PROCESS__SHARE,
2214 NULL);
2215 if (rc)
2216 return -EPERM;
2217 }
2218
2219
2220
2221 if (bprm->unsafe &
2222 (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
2223 struct task_struct *tracer;
2224 struct task_security_struct *sec;
2225 u32 ptsid = 0;
2226
2227 rcu_read_lock();
2228 tracer = ptrace_parent(current);
2229 if (likely(tracer != NULL)) {
2230 sec = __task_cred(tracer)->security;
2231 ptsid = sec->sid;
2232 }
2233 rcu_read_unlock();
2234
2235 if (ptsid != 0) {
2236 rc = avc_has_perm(ptsid, new_tsec->sid,
2237 SECCLASS_PROCESS,
2238 PROCESS__PTRACE, NULL);
2239 if (rc)
2240 return -EPERM;
2241 }
2242 }
2243
2244
2245 bprm->per_clear |= PER_CLEAR_ON_SETID;
2246 }
2247
2248 return 0;
2249}
2250
2251static int selinux_bprm_secureexec(struct linux_binprm *bprm)
2252{
2253 const struct task_security_struct *tsec = current_security();
2254 u32 sid, osid;
2255 int atsecure = 0;
2256
2257 sid = tsec->sid;
2258 osid = tsec->osid;
2259
2260 if (osid != sid) {
2261
2262
2263
2264 atsecure = avc_has_perm(osid, sid,
2265 SECCLASS_PROCESS,
2266 PROCESS__NOATSECURE, NULL);
2267 }
2268
2269 return (atsecure || cap_bprm_secureexec(bprm));
2270}
2271
2272static int match_file(const void *p, struct file *file, unsigned fd)
2273{
2274 return file_has_perm(p, file, file_to_av(file)) ? fd + 1 : 0;
2275}
2276
2277
2278static inline void flush_unauthorized_files(const struct cred *cred,
2279 struct files_struct *files)
2280{
2281 struct file *file, *devnull = NULL;
2282 struct tty_struct *tty;
2283 int drop_tty = 0;
2284 unsigned n;
2285
2286 tty = get_current_tty();
2287 if (tty) {
2288 spin_lock(&tty_files_lock);
2289 if (!list_empty(&tty->tty_files)) {
2290 struct tty_file_private *file_priv;
2291
2292
2293
2294
2295
2296
2297 file_priv = list_first_entry(&tty->tty_files,
2298 struct tty_file_private, list);
2299 file = file_priv->file;
2300 if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))
2301 drop_tty = 1;
2302 }
2303 spin_unlock(&tty_files_lock);
2304 tty_kref_put(tty);
2305 }
2306
2307 if (drop_tty)
2308 no_tty();
2309
2310
2311 n = iterate_fd(files, 0, match_file, cred);
2312 if (!n)
2313 return;
2314
2315 devnull = dentry_open(&selinux_null, O_RDWR, cred);
2316 if (IS_ERR(devnull))
2317 devnull = NULL;
2318
2319 do {
2320 replace_fd(n - 1, devnull, 0);
2321 } while ((n = iterate_fd(files, n, match_file, cred)) != 0);
2322 if (devnull)
2323 fput(devnull);
2324}
2325
2326
2327
2328
2329static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2330{
2331 struct task_security_struct *new_tsec;
2332 struct rlimit *rlim, *initrlim;
2333 int rc, i;
2334
2335 new_tsec = bprm->cred->security;
2336 if (new_tsec->sid == new_tsec->osid)
2337 return;
2338
2339
2340 flush_unauthorized_files(bprm->cred, current->files);
2341
2342
2343 current->pdeath_signal = 0;
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2356 PROCESS__RLIMITINH, NULL);
2357 if (rc) {
2358
2359 task_lock(current);
2360 for (i = 0; i < RLIM_NLIMITS; i++) {
2361 rlim = current->signal->rlim + i;
2362 initrlim = init_task.signal->rlim + i;
2363 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2364 }
2365 task_unlock(current);
2366 update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
2367 }
2368}
2369
2370
2371
2372
2373
2374static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2375{
2376 const struct task_security_struct *tsec = current_security();
2377 struct itimerval itimer;
2378 u32 osid, sid;
2379 int rc, i;
2380
2381 osid = tsec->osid;
2382 sid = tsec->sid;
2383
2384 if (sid == osid)
2385 return;
2386
2387
2388
2389
2390
2391
2392
2393
2394 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2395 if (rc) {
2396 memset(&itimer, 0, sizeof itimer);
2397 for (i = 0; i < 3; i++)
2398 do_setitimer(i, &itimer, NULL);
2399 spin_lock_irq(¤t->sighand->siglock);
2400 if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) {
2401 __flush_signals(current);
2402 flush_signal_handlers(current, 1);
2403 sigemptyset(¤t->blocked);
2404 }
2405 spin_unlock_irq(¤t->sighand->siglock);
2406 }
2407
2408
2409
2410 read_lock(&tasklist_lock);
2411 __wake_up_parent(current, current->real_parent);
2412 read_unlock(&tasklist_lock);
2413}
2414
2415
2416
2417static int selinux_sb_alloc_security(struct super_block *sb)
2418{
2419 return superblock_alloc_security(sb);
2420}
2421
2422static void selinux_sb_free_security(struct super_block *sb)
2423{
2424 superblock_free_security(sb);
2425}
2426
2427static inline int match_prefix(char *prefix, int plen, char *option, int olen)
2428{
2429 if (plen > olen)
2430 return 0;
2431
2432 return !memcmp(prefix, option, plen);
2433}
2434
2435static inline int selinux_option(char *option, int len)
2436{
2437 return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) ||
2438 match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) ||
2439 match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) ||
2440 match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) ||
2441 match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len));
2442}
2443
2444static inline void take_option(char **to, char *from, int *first, int len)
2445{
2446 if (!*first) {
2447 **to = ',';
2448 *to += 1;
2449 } else
2450 *first = 0;
2451 memcpy(*to, from, len);
2452 *to += len;
2453}
2454
2455static inline void take_selinux_option(char **to, char *from, int *first,
2456 int len)
2457{
2458 int current_size = 0;
2459
2460 if (!*first) {
2461 **to = '|';
2462 *to += 1;
2463 } else
2464 *first = 0;
2465
2466 while (current_size < len) {
2467 if (*from != '"') {
2468 **to = *from;
2469 *to += 1;
2470 }
2471 from += 1;
2472 current_size += 1;
2473 }
2474}
2475
2476static int selinux_sb_copy_data(char *orig, char *copy)
2477{
2478 int fnosec, fsec, rc = 0;
2479 char *in_save, *in_curr, *in_end;
2480 char *sec_curr, *nosec_save, *nosec;
2481 int open_quote = 0;
2482
2483 in_curr = orig;
2484 sec_curr = copy;
2485
2486 nosec = (char *)get_zeroed_page(GFP_KERNEL);
2487 if (!nosec) {
2488 rc = -ENOMEM;
2489 goto out;
2490 }
2491
2492 nosec_save = nosec;
2493 fnosec = fsec = 1;
2494 in_save = in_end = orig;
2495
2496 do {
2497 if (*in_end == '"')
2498 open_quote = !open_quote;
2499 if ((*in_end == ',' && open_quote == 0) ||
2500 *in_end == '\0') {
2501 int len = in_end - in_curr;
2502
2503 if (selinux_option(in_curr, len))
2504 take_selinux_option(&sec_curr, in_curr, &fsec, len);
2505 else
2506 take_option(&nosec, in_curr, &fnosec, len);
2507
2508 in_curr = in_end + 1;
2509 }
2510 } while (*in_end++);
2511
2512 strcpy(in_save, nosec_save);
2513 free_page((unsigned long)nosec_save);
2514out:
2515 return rc;
2516}
2517
2518static int selinux_sb_remount(struct super_block *sb, void *data)
2519{
2520 int rc, i, *flags;
2521 struct security_mnt_opts opts;
2522 char *secdata, **mount_options;
2523 struct superblock_security_struct *sbsec = sb->s_security;
2524
2525 if (!(sbsec->flags & SE_SBINITIALIZED))
2526 return 0;
2527
2528 if (!data)
2529 return 0;
2530
2531 if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
2532 return 0;
2533
2534 security_init_mnt_opts(&opts);
2535 secdata = alloc_secdata();
2536 if (!secdata)
2537 return -ENOMEM;
2538 rc = selinux_sb_copy_data(data, secdata);
2539 if (rc)
2540 goto out_free_secdata;
2541
2542 rc = selinux_parse_opts_str(secdata, &opts);
2543 if (rc)
2544 goto out_free_secdata;
2545
2546 mount_options = opts.mnt_opts;
2547 flags = opts.mnt_opts_flags;
2548
2549 for (i = 0; i < opts.num_mnt_opts; i++) {
2550 u32 sid;
2551 size_t len;
2552
2553 if (flags[i] == SBLABEL_MNT)
2554 continue;
2555 len = strlen(mount_options[i]);
2556 rc = security_context_to_sid(mount_options[i], len, &sid,
2557 GFP_KERNEL);
2558 if (rc) {
2559 printk(KERN_WARNING "SELinux: security_context_to_sid"
2560 "(%s) failed for (dev %s, type %s) errno=%d\n",
2561 mount_options[i], sb->s_id, sb->s_type->name, rc);
2562 goto out_free_opts;
2563 }
2564 rc = -EINVAL;
2565 switch (flags[i]) {
2566 case FSCONTEXT_MNT:
2567 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
2568 goto out_bad_option;
2569 break;
2570 case CONTEXT_MNT:
2571 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
2572 goto out_bad_option;
2573 break;
2574 case ROOTCONTEXT_MNT: {
2575 struct inode_security_struct *root_isec;
2576 root_isec = sb->s_root->d_inode->i_security;
2577
2578 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
2579 goto out_bad_option;
2580 break;
2581 }
2582 case DEFCONTEXT_MNT:
2583 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
2584 goto out_bad_option;
2585 break;
2586 default:
2587 goto out_free_opts;
2588 }
2589 }
2590
2591 rc = 0;
2592out_free_opts:
2593 security_free_mnt_opts(&opts);
2594out_free_secdata:
2595 free_secdata(secdata);
2596 return rc;
2597out_bad_option:
2598 printk(KERN_WARNING "SELinux: unable to change security options "
2599 "during remount (dev %s, type=%s)\n", sb->s_id,
2600 sb->s_type->name);
2601 goto out_free_opts;
2602}
2603
2604static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2605{
2606 const struct cred *cred = current_cred();
2607 struct common_audit_data ad;
2608 int rc;
2609
2610 rc = superblock_doinit(sb, data);
2611 if (rc)
2612 return rc;
2613
2614
2615 if (flags & MS_KERNMOUNT)
2616 return 0;
2617
2618 ad.type = LSM_AUDIT_DATA_DENTRY;
2619 ad.u.dentry = sb->s_root;
2620 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2621}
2622
2623static int selinux_sb_statfs(struct dentry *dentry)
2624{
2625 const struct cred *cred = current_cred();
2626 struct common_audit_data ad;
2627
2628 ad.type = LSM_AUDIT_DATA_DENTRY;
2629 ad.u.dentry = dentry->d_sb->s_root;
2630 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2631}
2632
2633static int selinux_mount(const char *dev_name,
2634 struct path *path,
2635 const char *type,
2636 unsigned long flags,
2637 void *data)
2638{
2639 const struct cred *cred = current_cred();
2640
2641 if (flags & MS_REMOUNT)
2642 return superblock_has_perm(cred, path->dentry->d_sb,
2643 FILESYSTEM__REMOUNT, NULL);
2644 else
2645 return path_has_perm(cred, path, FILE__MOUNTON);
2646}
2647
2648static int selinux_umount(struct vfsmount *mnt, int flags)
2649{
2650 const struct cred *cred = current_cred();
2651
2652 return superblock_has_perm(cred, mnt->mnt_sb,
2653 FILESYSTEM__UNMOUNT, NULL);
2654}
2655
2656
2657
2658static int selinux_inode_alloc_security(struct inode *inode)
2659{
2660 return inode_alloc_security(inode);
2661}
2662
2663static void selinux_inode_free_security(struct inode *inode)
2664{
2665 inode_free_security(inode);
2666}
2667
2668static int selinux_dentry_init_security(struct dentry *dentry, int mode,
2669 struct qstr *name, void **ctx,
2670 u32 *ctxlen)
2671{
2672 const struct cred *cred = current_cred();
2673 struct task_security_struct *tsec;
2674 struct inode_security_struct *dsec;
2675 struct superblock_security_struct *sbsec;
2676 struct inode *dir = dentry->d_parent->d_inode;
2677 u32 newsid;
2678 int rc;
2679
2680 tsec = cred->security;
2681 dsec = dir->i_security;
2682 sbsec = dir->i_sb->s_security;
2683
2684 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
2685 newsid = tsec->create_sid;
2686 } else {
2687 rc = security_transition_sid(tsec->sid, dsec->sid,
2688 inode_mode_to_security_class(mode),
2689 name,
2690 &newsid);
2691 if (rc) {
2692 printk(KERN_WARNING
2693 "%s: security_transition_sid failed, rc=%d\n",
2694 __func__, -rc);
2695 return rc;
2696 }
2697 }
2698
2699 return security_sid_to_context(newsid, (char **)ctx, ctxlen);
2700}
2701
2702static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2703 const struct qstr *qstr,
2704 const char **name,
2705 void **value, size_t *len)
2706{
2707 const struct task_security_struct *tsec = current_security();
2708 struct inode_security_struct *dsec;
2709 struct superblock_security_struct *sbsec;
2710 u32 sid, newsid, clen;
2711 int rc;
2712 char *context;
2713
2714 dsec = dir->i_security;
2715 sbsec = dir->i_sb->s_security;
2716
2717 sid = tsec->sid;
2718 newsid = tsec->create_sid;
2719
2720 if ((sbsec->flags & SE_SBINITIALIZED) &&
2721 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT))
2722 newsid = sbsec->mntpoint_sid;
2723 else if (!newsid || !(sbsec->flags & SBLABEL_MNT)) {
2724 rc = security_transition_sid(sid, dsec->sid,
2725 inode_mode_to_security_class(inode->i_mode),
2726 qstr, &newsid);
2727 if (rc) {
2728 printk(KERN_WARNING "%s: "
2729 "security_transition_sid failed, rc=%d (dev=%s "
2730 "ino=%ld)\n",
2731 __func__,
2732 -rc, inode->i_sb->s_id, inode->i_ino);
2733 return rc;
2734 }
2735 }
2736
2737
2738 if (sbsec->flags & SE_SBINITIALIZED) {
2739 struct inode_security_struct *isec = inode->i_security;
2740 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2741 isec->sid = newsid;
2742 isec->initialized = 1;
2743 }
2744
2745 if (!ss_initialized || !(sbsec->flags & SBLABEL_MNT))
2746 return -EOPNOTSUPP;
2747
2748 if (name)
2749 *name = XATTR_SELINUX_SUFFIX;
2750
2751 if (value && len) {
2752 rc = security_sid_to_context_force(newsid, &context, &clen);
2753 if (rc)
2754 return rc;
2755 *value = context;
2756 *len = clen;
2757 }
2758
2759 return 0;
2760}
2761
2762static int selinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
2763{
2764 return may_create(dir, dentry, SECCLASS_FILE);
2765}
2766
2767static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2768{
2769 return may_link(dir, old_dentry, MAY_LINK);
2770}
2771
2772static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2773{
2774 return may_link(dir, dentry, MAY_UNLINK);
2775}
2776
2777static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2778{
2779 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2780}
2781
2782static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask)
2783{
2784 return may_create(dir, dentry, SECCLASS_DIR);
2785}
2786
2787static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2788{
2789 return may_link(dir, dentry, MAY_RMDIR);
2790}
2791
2792static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
2793{
2794 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2795}
2796
2797static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2798 struct inode *new_inode, struct dentry *new_dentry)
2799{
2800 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2801}
2802
2803static int selinux_inode_readlink(struct dentry *dentry)
2804{
2805 const struct cred *cred = current_cred();
2806
2807 return dentry_has_perm(cred, dentry, FILE__READ);
2808}
2809
2810static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
2811{
2812 const struct cred *cred = current_cred();
2813
2814 return dentry_has_perm(cred, dentry, FILE__READ);
2815}
2816
2817static noinline int audit_inode_permission(struct inode *inode,
2818 u32 perms, u32 audited, u32 denied,
2819 int result,
2820 unsigned flags)
2821{
2822 struct common_audit_data ad;
2823 struct inode_security_struct *isec = inode->i_security;
2824 int rc;
2825
2826 ad.type = LSM_AUDIT_DATA_INODE;
2827 ad.u.inode = inode;
2828
2829 rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms,
2830 audited, denied, result, &ad, flags);
2831 if (rc)
2832 return rc;
2833 return 0;
2834}
2835
2836static int selinux_inode_permission(struct inode *inode, int mask)
2837{
2838 const struct cred *cred = current_cred();
2839 u32 perms;
2840 bool from_access;
2841 unsigned flags = mask & MAY_NOT_BLOCK;
2842 struct inode_security_struct *isec;
2843 u32 sid;
2844 struct av_decision avd;
2845 int rc, rc2;
2846 u32 audited, denied;
2847
2848 from_access = mask & MAY_ACCESS;
2849 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
2850
2851
2852 if (!mask)
2853 return 0;
2854
2855 validate_creds(cred);
2856
2857 if (unlikely(IS_PRIVATE(inode)))
2858 return 0;
2859
2860 perms = file_mask_to_av(inode->i_mode, mask);
2861
2862 sid = cred_sid(cred);
2863 isec = inode->i_security;
2864
2865 rc = avc_has_perm_noaudit(sid, isec->sid, isec->sclass, perms, 0, &avd);
2866 audited = avc_audit_required(perms, &avd, rc,
2867 from_access ? FILE__AUDIT_ACCESS : 0,
2868 &denied);
2869 if (likely(!audited))
2870 return rc;
2871
2872 rc2 = audit_inode_permission(inode, perms, audited, denied, rc, flags);
2873 if (rc2)
2874 return rc2;
2875 return rc;
2876}
2877
2878static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2879{
2880 const struct cred *cred = current_cred();
2881 unsigned int ia_valid = iattr->ia_valid;
2882 __u32 av = FILE__WRITE;
2883
2884
2885 if (ia_valid & ATTR_FORCE) {
2886 ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE |
2887 ATTR_FORCE);
2888 if (!ia_valid)
2889 return 0;
2890 }
2891
2892 if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
2893 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
2894 return dentry_has_perm(cred, dentry, FILE__SETATTR);
2895
2896 if (selinux_policycap_openperm && (ia_valid & ATTR_SIZE))
2897 av |= FILE__OPEN;
2898
2899 return dentry_has_perm(cred, dentry, av);
2900}
2901
2902static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
2903{
2904 const struct cred *cred = current_cred();
2905 struct path path;
2906
2907 path.dentry = dentry;
2908 path.mnt = mnt;
2909
2910 return path_has_perm(cred, &path, FILE__GETATTR);
2911}
2912
2913static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
2914{
2915 const struct cred *cred = current_cred();
2916
2917 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2918 sizeof XATTR_SECURITY_PREFIX - 1)) {
2919 if (!strcmp(name, XATTR_NAME_CAPS)) {
2920 if (!capable(CAP_SETFCAP))
2921 return -EPERM;
2922 } else if (!capable(CAP_SYS_ADMIN)) {
2923
2924
2925 return -EPERM;
2926 }
2927 }
2928
2929
2930
2931 return dentry_has_perm(cred, dentry, FILE__SETATTR);
2932}
2933
2934static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2935 const void *value, size_t size, int flags)
2936{
2937 struct inode *inode = dentry->d_inode;
2938 struct inode_security_struct *isec = inode->i_security;
2939 struct superblock_security_struct *sbsec;
2940 struct common_audit_data ad;
2941 u32 newsid, sid = current_sid();
2942 int rc = 0;
2943
2944 if (strcmp(name, XATTR_NAME_SELINUX))
2945 return selinux_inode_setotherxattr(dentry, name);
2946
2947 sbsec = inode->i_sb->s_security;
2948 if (!(sbsec->flags & SBLABEL_MNT))
2949 return -EOPNOTSUPP;
2950
2951 if (!inode_owner_or_capable(inode))
2952 return -EPERM;
2953
2954 ad.type = LSM_AUDIT_DATA_DENTRY;
2955 ad.u.dentry = dentry;
2956
2957 rc = avc_has_perm(sid, isec->sid, isec->sclass,
2958 FILE__RELABELFROM, &ad);
2959 if (rc)
2960 return rc;
2961
2962 rc = security_context_to_sid(value, size, &newsid, GFP_KERNEL);
2963 if (rc == -EINVAL) {
2964 if (!capable(CAP_MAC_ADMIN)) {
2965 struct audit_buffer *ab;
2966 size_t audit_size;
2967 const char *str;
2968
2969
2970
2971 if (value) {
2972 str = value;
2973 if (str[size - 1] == '\0')
2974 audit_size = size - 1;
2975 else
2976 audit_size = size;
2977 } else {
2978 str = "";
2979 audit_size = 0;
2980 }
2981 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
2982 audit_log_format(ab, "op=setxattr invalid_context=");
2983 audit_log_n_untrustedstring(ab, value, audit_size);
2984 audit_log_end(ab);
2985
2986 return rc;
2987 }
2988 rc = security_context_to_sid_force(value, size, &newsid);
2989 }
2990 if (rc)
2991 return rc;
2992
2993 rc = avc_has_perm(sid, newsid, isec->sclass,
2994 FILE__RELABELTO, &ad);
2995 if (rc)
2996 return rc;
2997
2998 rc = security_validate_transition(isec->sid, newsid, sid,
2999 isec->sclass);
3000 if (rc)
3001 return rc;
3002
3003 return avc_has_perm(newsid,
3004 sbsec->sid,
3005 SECCLASS_FILESYSTEM,
3006 FILESYSTEM__ASSOCIATE,
3007 &ad);
3008}
3009
3010static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
3011 const void *value, size_t size,
3012 int flags)
3013{
3014 struct inode *inode = dentry->d_inode;
3015 struct inode_security_struct *isec = inode->i_security;
3016 u32 newsid;
3017 int rc;
3018
3019 if (strcmp(name, XATTR_NAME_SELINUX)) {
3020
3021 return;
3022 }
3023
3024 rc = security_context_to_sid_force(value, size, &newsid);
3025 if (rc) {
3026 printk(KERN_ERR "SELinux: unable to map context to SID"
3027 "for (%s, %lu), rc=%d\n",
3028 inode->i_sb->s_id, inode->i_ino, -rc);
3029 return;
3030 }
3031
3032 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3033 isec->sid = newsid;
3034 isec->initialized = 1;
3035
3036 return;
3037}
3038
3039static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
3040{
3041 const struct cred *cred = current_cred();
3042
3043 return dentry_has_perm(cred, dentry, FILE__GETATTR);
3044}
3045
3046static int selinux_inode_listxattr(struct dentry *dentry)
3047{
3048 const struct cred *cred = current_cred();
3049
3050 return dentry_has_perm(cred, dentry, FILE__GETATTR);
3051}
3052
3053static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
3054{
3055 if (strcmp(name, XATTR_NAME_SELINUX))
3056 return selinux_inode_setotherxattr(dentry, name);
3057
3058
3059
3060 return -EACCES;
3061}
3062
3063
3064
3065
3066
3067
3068static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
3069{
3070 u32 size;
3071 int error;
3072 char *context = NULL;
3073 struct inode_security_struct *isec = inode->i_security;
3074
3075 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3076 return -EOPNOTSUPP;
3077
3078
3079
3080
3081
3082
3083
3084
3085
3086
3087 error = selinux_capable(current_cred(), &init_user_ns, CAP_MAC_ADMIN,
3088 SECURITY_CAP_NOAUDIT);
3089 if (!error)
3090 error = security_sid_to_context_force(isec->sid, &context,
3091 &size);
3092 else
3093 error = security_sid_to_context(isec->sid, &context, &size);
3094 if (error)
3095 return error;
3096 error = size;
3097 if (alloc) {
3098 *buffer = context;
3099 goto out_nofree;
3100 }
3101 kfree(context);
3102out_nofree:
3103 return error;
3104}
3105
3106static int selinux_inode_setsecurity(struct inode *inode, const char *name,
3107 const void *value, size_t size, int flags)
3108{
3109 struct inode_security_struct *isec = inode->i_security;
3110 u32 newsid;
3111 int rc;
3112
3113 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3114 return -EOPNOTSUPP;
3115
3116 if (!value || !size)
3117 return -EACCES;
3118
3119 rc = security_context_to_sid((void *)value, size, &newsid, GFP_KERNEL);
3120 if (rc)
3121 return rc;
3122
3123 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3124 isec->sid = newsid;
3125 isec->initialized = 1;
3126 return 0;
3127}
3128
3129static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
3130{
3131 const int len = sizeof(XATTR_NAME_SELINUX);
3132 if (buffer && len <= buffer_size)
3133 memcpy(buffer, XATTR_NAME_SELINUX, len);
3134 return len;
3135}
3136
3137static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
3138{
3139 struct inode_security_struct *isec = inode->i_security;
3140 *secid = isec->sid;
3141}
3142
3143
3144
3145static int selinux_revalidate_file_permission(struct file *file, int mask)
3146{
3147 const struct cred *cred = current_cred();
3148 struct inode *inode = file_inode(file);
3149
3150
3151 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
3152 mask |= MAY_APPEND;
3153
3154 return file_has_perm(cred, file,
3155 file_mask_to_av(inode->i_mode, mask));
3156}
3157
3158static int selinux_file_permission(struct file *file, int mask)
3159{
3160 struct inode *inode = file_inode(file);
3161 struct file_security_struct *fsec = file->f_security;
3162 struct inode_security_struct *isec = inode->i_security;
3163 u32 sid = current_sid();
3164
3165 if (!mask)
3166
3167 return 0;
3168
3169 if (sid == fsec->sid && fsec->isid == isec->sid &&
3170 fsec->pseqno == avc_policy_seqno())
3171
3172 return 0;
3173
3174 return selinux_revalidate_file_permission(file, mask);
3175}
3176
3177static int selinux_file_alloc_security(struct file *file)
3178{
3179 return file_alloc_security(file);
3180}
3181
3182static void selinux_file_free_security(struct file *file)
3183{
3184 file_free_security(file);
3185}
3186
3187static int selinux_file_ioctl(struct file *file, unsigned int cmd,
3188 unsigned long arg)
3189{
3190 const struct cred *cred = current_cred();
3191 int error = 0;
3192
3193 switch (cmd) {
3194 case FIONREAD:
3195
3196 case FIBMAP:
3197
3198 case FIGETBSZ:
3199
3200 case FS_IOC_GETFLAGS:
3201
3202 case FS_IOC_GETVERSION:
3203 error = file_has_perm(cred, file, FILE__GETATTR);
3204 break;
3205
3206 case FS_IOC_SETFLAGS:
3207
3208 case FS_IOC_SETVERSION:
3209 error = file_has_perm(cred, file, FILE__SETATTR);
3210 break;
3211
3212
3213 case FIONBIO:
3214
3215 case FIOASYNC:
3216 error = file_has_perm(cred, file, 0);
3217 break;
3218
3219 case KDSKBENT:
3220 case KDSKBSENT:
3221 error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG,
3222 SECURITY_CAP_AUDIT);
3223 break;
3224
3225
3226
3227
3228 default:
3229 error = file_has_perm(cred, file, FILE__IOCTL);
3230 }
3231 return error;
3232}
3233
3234static int default_noexec;
3235
3236static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
3237{
3238 const struct cred *cred = current_cred();
3239 int rc = 0;
3240
3241 if (default_noexec &&
3242 (prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
3243
3244
3245
3246
3247
3248 rc = cred_has_perm(cred, cred, PROCESS__EXECMEM);
3249 if (rc)
3250 goto error;
3251 }
3252
3253 if (file) {
3254
3255 u32 av = FILE__READ;
3256
3257
3258 if (shared && (prot & PROT_WRITE))
3259 av |= FILE__WRITE;
3260
3261 if (prot & PROT_EXEC)
3262 av |= FILE__EXECUTE;
3263
3264 return file_has_perm(cred, file, av);
3265 }
3266
3267error:
3268 return rc;
3269}
3270
3271static int selinux_mmap_addr(unsigned long addr)
3272{
3273 int rc;
3274
3275
3276 rc = cap_mmap_addr(addr);
3277 if (rc)
3278 return rc;
3279
3280 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
3281 u32 sid = current_sid();
3282 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
3283 MEMPROTECT__MMAP_ZERO, NULL);
3284 }
3285
3286 return rc;
3287}
3288
3289static int selinux_mmap_file(struct file *file, unsigned long reqprot,
3290 unsigned long prot, unsigned long flags)
3291{
3292 if (selinux_checkreqprot)
3293 prot = reqprot;
3294
3295 return file_map_prot_check(file, prot,
3296 (flags & MAP_TYPE) == MAP_SHARED);
3297}
3298
3299static int selinux_file_mprotect(struct vm_area_struct *vma,
3300 unsigned long reqprot,
3301 unsigned long prot)
3302{
3303 const struct cred *cred = current_cred();
3304
3305 if (selinux_checkreqprot)
3306 prot = reqprot;
3307
3308 if (default_noexec &&
3309 (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3310 int rc = 0;
3311 if (vma->vm_start >= vma->vm_mm->start_brk &&
3312 vma->vm_end <= vma->vm_mm->brk) {
3313 rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP);
3314 } else if (!vma->vm_file &&
3315 vma->vm_start <= vma->vm_mm->start_stack &&
3316 vma->vm_end >= vma->vm_mm->start_stack) {
3317 rc = current_has_perm(current, PROCESS__EXECSTACK);
3318 } else if (vma->vm_file && vma->anon_vma) {
3319
3320
3321
3322
3323
3324
3325
3326 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3327 }
3328 if (rc)
3329 return rc;
3330 }
3331
3332 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3333}
3334
3335static int selinux_file_lock(struct file *file, unsigned int cmd)
3336{
3337 const struct cred *cred = current_cred();
3338
3339 return file_has_perm(cred, file, FILE__LOCK);
3340}
3341
3342static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3343 unsigned long arg)
3344{
3345 const struct cred *cred = current_cred();
3346 int err = 0;
3347
3348 switch (cmd) {
3349 case F_SETFL:
3350 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3351 err = file_has_perm(cred, file, FILE__WRITE);
3352 break;
3353 }
3354
3355 case F_SETOWN:
3356 case F_SETSIG:
3357 case F_GETFL:
3358 case F_GETOWN:
3359 case F_GETSIG:
3360 case F_GETOWNER_UIDS:
3361
3362 err = file_has_perm(cred, file, 0);
3363 break;
3364 case F_GETLK:
3365 case F_SETLK:
3366 case F_SETLKW:
3367 case F_OFD_GETLK:
3368 case F_OFD_SETLK:
3369 case F_OFD_SETLKW:
3370#if BITS_PER_LONG == 32
3371 case F_GETLK64:
3372 case F_SETLK64:
3373 case F_SETLKW64:
3374#endif
3375 err = file_has_perm(cred, file, FILE__LOCK);
3376 break;
3377 }
3378
3379 return err;
3380}
3381
3382static void selinux_file_set_fowner(struct file *file)
3383{
3384 struct file_security_struct *fsec;
3385
3386 fsec = file->f_security;
3387 fsec->fown_sid = current_sid();
3388}
3389
3390static int selinux_file_send_sigiotask(struct task_struct *tsk,
3391 struct fown_struct *fown, int signum)
3392{
3393 struct file *file;
3394 u32 sid = task_sid(tsk);
3395 u32 perm;
3396 struct file_security_struct *fsec;
3397
3398
3399 file = container_of(fown, struct file, f_owner);
3400
3401 fsec = file->f_security;
3402
3403 if (!signum)
3404 perm = signal_to_av(SIGIO);
3405 else
3406 perm = signal_to_av(signum);
3407
3408 return avc_has_perm(fsec->fown_sid, sid,
3409 SECCLASS_PROCESS, perm, NULL);
3410}
3411
3412static int selinux_file_receive(struct file *file)
3413{
3414 const struct cred *cred = current_cred();
3415
3416 return file_has_perm(cred, file, file_to_av(file));
3417}
3418
3419static int selinux_file_open(struct file *file, const struct cred *cred)
3420{
3421 struct file_security_struct *fsec;
3422 struct inode_security_struct *isec;
3423
3424 fsec = file->f_security;
3425 isec = file_inode(file)->i_security;
3426
3427
3428
3429
3430
3431
3432
3433 fsec->isid = isec->sid;
3434 fsec->pseqno = avc_policy_seqno();
3435
3436
3437
3438
3439
3440
3441
3442
3443 return file_path_has_perm(cred, file, open_file_to_av(file));
3444}
3445
3446
3447
3448static int selinux_task_create(unsigned long clone_flags)
3449{
3450 return current_has_perm(current, PROCESS__FORK);
3451}
3452
3453
3454
3455
3456static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp)
3457{
3458 struct task_security_struct *tsec;
3459
3460 tsec = kzalloc(sizeof(struct task_security_struct), gfp);
3461 if (!tsec)
3462 return -ENOMEM;
3463
3464 cred->security = tsec;
3465 return 0;
3466}
3467
3468
3469
3470
3471static void selinux_cred_free(struct cred *cred)
3472{
3473 struct task_security_struct *tsec = cred->security;
3474
3475
3476
3477
3478
3479 BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE);
3480 cred->security = (void *) 0x7UL;
3481 kfree(tsec);
3482}
3483
3484
3485
3486
3487static int selinux_cred_prepare(struct cred *new, const struct cred *old,
3488 gfp_t gfp)
3489{
3490 const struct task_security_struct *old_tsec;
3491 struct task_security_struct *tsec;
3492
3493 old_tsec = old->security;
3494
3495 tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp);
3496 if (!tsec)
3497 return -ENOMEM;
3498
3499 new->security = tsec;
3500 return 0;
3501}
3502
3503
3504
3505
3506static void selinux_cred_transfer(struct cred *new, const struct cred *old)
3507{
3508 const struct task_security_struct *old_tsec = old->security;
3509 struct task_security_struct *tsec = new->security;
3510
3511 *tsec = *old_tsec;
3512}
3513
3514
3515
3516
3517
3518static int selinux_kernel_act_as(struct cred *new, u32 secid)
3519{
3520 struct task_security_struct *tsec = new->security;
3521 u32 sid = current_sid();
3522 int ret;
3523
3524 ret = avc_has_perm(sid, secid,
3525 SECCLASS_KERNEL_SERVICE,
3526 KERNEL_SERVICE__USE_AS_OVERRIDE,
3527 NULL);
3528 if (ret == 0) {
3529 tsec->sid = secid;
3530 tsec->create_sid = 0;
3531 tsec->keycreate_sid = 0;
3532 tsec->sockcreate_sid = 0;
3533 }
3534 return ret;
3535}
3536
3537
3538
3539
3540
3541static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3542{
3543 struct inode_security_struct *isec = inode->i_security;
3544 struct task_security_struct *tsec = new->security;
3545 u32 sid = current_sid();
3546 int ret;
3547
3548 ret = avc_has_perm(sid, isec->sid,
3549 SECCLASS_KERNEL_SERVICE,
3550 KERNEL_SERVICE__CREATE_FILES_AS,
3551 NULL);
3552
3553 if (ret == 0)
3554 tsec->create_sid = isec->sid;
3555 return ret;
3556}
3557
3558static int selinux_kernel_module_request(char *kmod_name)
3559{
3560 u32 sid;
3561 struct common_audit_data ad;
3562
3563 sid = task_sid(current);
3564
3565 ad.type = LSM_AUDIT_DATA_KMOD;
3566 ad.u.kmod_name = kmod_name;
3567
3568 return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM,
3569 SYSTEM__MODULE_REQUEST, &ad);
3570}
3571
3572static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
3573{
3574 return current_has_perm(p, PROCESS__SETPGID);
3575}
3576
3577static int selinux_task_getpgid(struct task_struct *p)
3578{
3579 return current_has_perm(p, PROCESS__GETPGID);
3580}
3581
3582static int selinux_task_getsid(struct task_struct *p)
3583{
3584 return current_has_perm(p, PROCESS__GETSESSION);
3585}
3586
3587static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
3588{
3589 *secid = task_sid(p);
3590}
3591
3592static int selinux_task_setnice(struct task_struct *p, int nice)
3593{
3594 int rc;
3595
3596 rc = cap_task_setnice(p, nice);
3597 if (rc)
3598 return rc;
3599
3600 return current_has_perm(p, PROCESS__SETSCHED);
3601}
3602
3603static int selinux_task_setioprio(struct task_struct *p, int ioprio)
3604{
3605 int rc;
3606
3607 rc = cap_task_setioprio(p, ioprio);
3608 if (rc)
3609 return rc;
3610
3611 return current_has_perm(p, PROCESS__SETSCHED);
3612}
3613
3614static int selinux_task_getioprio(struct task_struct *p)
3615{
3616 return current_has_perm(p, PROCESS__GETSCHED);
3617}
3618
3619static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
3620 struct rlimit *new_rlim)
3621{
3622 struct rlimit *old_rlim = p->signal->rlim + resource;
3623
3624
3625
3626
3627
3628 if (old_rlim->rlim_max != new_rlim->rlim_max)
3629 return current_has_perm(p, PROCESS__SETRLIMIT);
3630
3631 return 0;
3632}
3633
3634static int selinux_task_setscheduler(struct task_struct *p)
3635{
3636 int rc;
3637
3638 rc = cap_task_setscheduler(p);
3639 if (rc)
3640 return rc;
3641
3642 return current_has_perm(p, PROCESS__SETSCHED);
3643}
3644
3645static int selinux_task_getscheduler(struct task_struct *p)
3646{
3647 return current_has_perm(p, PROCESS__GETSCHED);
3648}
3649
3650static int selinux_task_movememory(struct task_struct *p)
3651{
3652 return current_has_perm(p, PROCESS__SETSCHED);
3653}
3654
3655static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
3656 int sig, u32 secid)
3657{
3658 u32 perm;
3659 int rc;
3660
3661 if (!sig)
3662 perm = PROCESS__SIGNULL;
3663 else
3664 perm = signal_to_av(sig);
3665 if (secid)
3666 rc = avc_has_perm(secid, task_sid(p),
3667 SECCLASS_PROCESS, perm, NULL);
3668 else
3669 rc = current_has_perm(p, perm);
3670 return rc;
3671}
3672
3673static int selinux_task_wait(struct task_struct *p)
3674{
3675 return task_has_perm(p, current, PROCESS__SIGCHLD);
3676}
3677
3678static void selinux_task_to_inode(struct task_struct *p,
3679 struct inode *inode)
3680{
3681 struct inode_security_struct *isec = inode->i_security;
3682 u32 sid = task_sid(p);
3683
3684 isec->sid = sid;
3685 isec->initialized = 1;
3686}
3687
3688
3689static int selinux_parse_skb_ipv4(struct sk_buff *skb,
3690 struct common_audit_data *ad, u8 *proto)
3691{
3692 int offset, ihlen, ret = -EINVAL;
3693 struct iphdr _iph, *ih;
3694
3695 offset = skb_network_offset(skb);
3696 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
3697 if (ih == NULL)
3698 goto out;
3699
3700 ihlen = ih->ihl * 4;
3701 if (ihlen < sizeof(_iph))
3702 goto out;
3703
3704 ad->u.net->v4info.saddr = ih->saddr;
3705 ad->u.net->v4info.daddr = ih->daddr;
3706 ret = 0;
3707
3708 if (proto)
3709 *proto = ih->protocol;
3710
3711 switch (ih->protocol) {
3712 case IPPROTO_TCP: {
3713 struct tcphdr _tcph, *th;
3714
3715 if (ntohs(ih->frag_off) & IP_OFFSET)
3716 break;
3717
3718 offset += ihlen;
3719 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3720 if (th == NULL)
3721 break;
3722
3723 ad->u.net->sport = th->source;
3724 ad->u.net->dport = th->dest;
3725 break;
3726 }
3727
3728 case IPPROTO_UDP: {
3729 struct udphdr _udph, *uh;
3730
3731 if (ntohs(ih->frag_off) & IP_OFFSET)
3732 break;
3733
3734 offset += ihlen;
3735 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3736 if (uh == NULL)
3737 break;
3738
3739 ad->u.net->sport = uh->source;
3740 ad->u.net->dport = uh->dest;
3741 break;
3742 }
3743
3744 case IPPROTO_DCCP: {
3745 struct dccp_hdr _dccph, *dh;
3746
3747 if (ntohs(ih->frag_off) & IP_OFFSET)
3748 break;
3749
3750 offset += ihlen;
3751 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3752 if (dh == NULL)
3753 break;
3754
3755 ad->u.net->sport = dh->dccph_sport;
3756 ad->u.net->dport = dh->dccph_dport;
3757 break;
3758 }
3759
3760 default:
3761 break;
3762 }
3763out:
3764 return ret;
3765}
3766
3767#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3768
3769
3770static int selinux_parse_skb_ipv6(struct sk_buff *skb,
3771 struct common_audit_data *ad, u8 *proto)
3772{
3773 u8 nexthdr;
3774 int ret = -EINVAL, offset;
3775 struct ipv6hdr _ipv6h, *ip6;
3776 __be16 frag_off;
3777
3778 offset = skb_network_offset(skb);
3779 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3780 if (ip6 == NULL)
3781 goto out;
3782
3783 ad->u.net->v6info.saddr = ip6->saddr;
3784 ad->u.net->v6info.daddr = ip6->daddr;
3785 ret = 0;
3786
3787 nexthdr = ip6->nexthdr;
3788 offset += sizeof(_ipv6h);
3789 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3790 if (offset < 0)
3791 goto out;
3792
3793 if (proto)
3794 *proto = nexthdr;
3795
3796 switch (nexthdr) {
3797 case IPPROTO_TCP: {
3798 struct tcphdr _tcph, *th;
3799
3800 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3801 if (th == NULL)
3802 break;
3803
3804 ad->u.net->sport = th->source;
3805 ad->u.net->dport = th->dest;
3806 break;
3807 }
3808
3809 case IPPROTO_UDP: {
3810 struct udphdr _udph, *uh;
3811
3812 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3813 if (uh == NULL)
3814 break;
3815
3816 ad->u.net->sport = uh->source;
3817 ad->u.net->dport = uh->dest;
3818 break;
3819 }
3820
3821 case IPPROTO_DCCP: {
3822 struct dccp_hdr _dccph, *dh;
3823
3824 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3825 if (dh == NULL)
3826 break;
3827
3828 ad->u.net->sport = dh->dccph_sport;
3829 ad->u.net->dport = dh->dccph_dport;
3830 break;
3831 }
3832
3833
3834 default:
3835 break;
3836 }
3837out:
3838 return ret;
3839}
3840
3841#endif
3842
3843static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
3844 char **_addrp, int src, u8 *proto)
3845{
3846 char *addrp;
3847 int ret;
3848
3849 switch (ad->u.net->family) {
3850 case PF_INET:
3851 ret = selinux_parse_skb_ipv4(skb, ad, proto);
3852 if (ret)
3853 goto parse_error;
3854 addrp = (char *)(src ? &ad->u.net->v4info.saddr :
3855 &ad->u.net->v4info.daddr);
3856 goto okay;
3857
3858#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3859 case PF_INET6:
3860 ret = selinux_parse_skb_ipv6(skb, ad, proto);
3861 if (ret)
3862 goto parse_error;
3863 addrp = (char *)(src ? &ad->u.net->v6info.saddr :
3864 &ad->u.net->v6info.daddr);
3865 goto okay;
3866#endif
3867 default:
3868 addrp = NULL;
3869 goto okay;
3870 }
3871
3872parse_error:
3873 printk(KERN_WARNING
3874 "SELinux: failure in selinux_parse_skb(),"
3875 " unable to parse packet\n");
3876 return ret;
3877
3878okay:
3879 if (_addrp)
3880 *_addrp = addrp;
3881 return 0;
3882}
3883
3884
3885
3886
3887
3888
3889
3890
3891
3892
3893
3894
3895
3896
3897
3898
3899static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
3900{
3901 int err;
3902 u32 xfrm_sid;
3903 u32 nlbl_sid;
3904 u32 nlbl_type;
3905
3906 err = selinux_xfrm_skb_sid(skb, &xfrm_sid);
3907 if (unlikely(err))
3908 return -EACCES;
3909 err = selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
3910 if (unlikely(err))
3911 return -EACCES;
3912
3913 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
3914 if (unlikely(err)) {
3915 printk(KERN_WARNING
3916 "SELinux: failure in selinux_skb_peerlbl_sid(),"
3917 " unable to determine packet's peer label\n");
3918 return -EACCES;
3919 }
3920
3921 return 0;
3922}
3923
3924
3925
3926
3927
3928
3929
3930
3931
3932
3933
3934
3935
3936static int selinux_conn_sid(u32 sk_sid, u32 skb_sid, u32 *conn_sid)
3937{
3938 int err = 0;
3939
3940 if (skb_sid != SECSID_NULL)
3941 err = security_sid_mls_copy(sk_sid, skb_sid, conn_sid);
3942 else
3943 *conn_sid = sk_sid;
3944
3945 return err;
3946}
3947
3948
3949
3950static int socket_sockcreate_sid(const struct task_security_struct *tsec,
3951 u16 secclass, u32 *socksid)
3952{
3953 if (tsec->sockcreate_sid > SECSID_NULL) {
3954 *socksid = tsec->sockcreate_sid;
3955 return 0;
3956 }
3957
3958 return security_transition_sid(tsec->sid, tsec->sid, secclass, NULL,
3959 socksid);
3960}
3961
3962static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms)
3963{
3964 struct sk_security_struct *sksec = sk->sk_security;
3965 struct common_audit_data ad;
3966 struct lsm_network_audit net = {0,};
3967 u32 tsid = task_sid(task);
3968
3969 if (sksec->sid == SECINITSID_KERNEL)
3970 return 0;
3971
3972 ad.type = LSM_AUDIT_DATA_NET;
3973 ad.u.net = &net;
3974 ad.u.net->sk = sk;
3975
3976 return avc_has_perm(tsid, sksec->sid, sksec->sclass, perms, &ad);
3977}
3978
3979static int selinux_socket_create(int family, int type,
3980 int protocol, int kern)
3981{
3982 const struct task_security_struct *tsec = current_security();
3983 u32 newsid;
3984 u16 secclass;
3985 int rc;
3986
3987 if (kern)
3988 return 0;
3989
3990 secclass = socket_type_to_security_class(family, type, protocol);
3991 rc = socket_sockcreate_sid(tsec, secclass, &newsid);
3992 if (rc)
3993 return rc;
3994
3995 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
3996}
3997
3998static int selinux_socket_post_create(struct socket *sock, int family,
3999 int type, int protocol, int kern)
4000{
4001 const struct task_security_struct *tsec = current_security();
4002 struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;
4003 struct sk_security_struct *sksec;
4004 int err = 0;
4005
4006 isec->sclass = socket_type_to_security_class(family, type, protocol);
4007
4008 if (kern)
4009 isec->sid = SECINITSID_KERNEL;
4010 else {
4011 err = socket_sockcreate_sid(tsec, isec->sclass, &(isec->sid));
4012 if (err)
4013 return err;
4014 }
4015
4016 isec->initialized = 1;
4017
4018 if (sock->sk) {
4019 sksec = sock->sk->sk_security;
4020 sksec->sid = isec->sid;
4021 sksec->sclass = isec->sclass;
4022 err = selinux_netlbl_socket_post_create(sock->sk, family);
4023 }
4024
4025 return err;
4026}
4027
4028
4029
4030
4031
4032static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
4033{
4034 struct sock *sk = sock->sk;
4035 u16 family;
4036 int err;
4037
4038 err = sock_has_perm(current, sk, SOCKET__BIND);
4039 if (err)
4040 goto out;
4041
4042
4043
4044
4045
4046
4047 family = sk->sk_family;
4048 if (family == PF_INET || family == PF_INET6) {
4049 char *addrp;
4050 struct sk_security_struct *sksec = sk->sk_security;
4051 struct common_audit_data ad;
4052 struct lsm_network_audit net = {0,};
4053 struct sockaddr_in *addr4 = NULL;
4054 struct sockaddr_in6 *addr6 = NULL;
4055 unsigned short snum;
4056 u32 sid, node_perm;
4057
4058 if (family == PF_INET) {
4059 addr4 = (struct sockaddr_in *)address;
4060 snum = ntohs(addr4->sin_port);
4061 addrp = (char *)&addr4->sin_addr.s_addr;
4062 } else {
4063 addr6 = (struct sockaddr_in6 *)address;
4064 snum = ntohs(addr6->sin6_port);
4065 addrp = (char *)&addr6->sin6_addr.s6_addr;
4066 }
4067
4068 if (snum) {
4069 int low, high;
4070
4071 inet_get_local_port_range(sock_net(sk), &low, &high);
4072
4073 if (snum < max(PROT_SOCK, low) || snum > high) {
4074 err = sel_netport_sid(sk->sk_protocol,
4075 snum, &sid);
4076 if (err)
4077 goto out;
4078 ad.type = LSM_AUDIT_DATA_NET;
4079 ad.u.net = &net;
4080 ad.u.net->sport = htons(snum);
4081 ad.u.net->family = family;
4082 err = avc_has_perm(sksec->sid, sid,
4083 sksec->sclass,
4084 SOCKET__NAME_BIND, &ad);
4085 if (err)
4086 goto out;
4087 }
4088 }
4089
4090 switch (sksec->sclass) {
4091 case SECCLASS_TCP_SOCKET:
4092 node_perm = TCP_SOCKET__NODE_BIND;
4093 break;
4094
4095 case SECCLASS_UDP_SOCKET:
4096 node_perm = UDP_SOCKET__NODE_BIND;
4097 break;
4098
4099 case SECCLASS_DCCP_SOCKET:
4100 node_perm = DCCP_SOCKET__NODE_BIND;
4101 break;
4102
4103 default:
4104 node_perm = RAWIP_SOCKET__NODE_BIND;
4105 break;
4106 }
4107
4108 err = sel_netnode_sid(addrp, family, &sid);
4109 if (err)
4110 goto out;
4111
4112 ad.type = LSM_AUDIT_DATA_NET;
4113 ad.u.net = &net;
4114 ad.u.net->sport = htons(snum);
4115 ad.u.net->family = family;
4116
4117 if (family == PF_INET)
4118 ad.u.net->v4info.saddr = addr4->sin_addr.s_addr;
4119 else
4120 ad.u.net->v6info.saddr = addr6->sin6_addr;
4121
4122 err = avc_has_perm(sksec->sid, sid,
4123 sksec->sclass, node_perm, &ad);
4124 if (err)
4125 goto out;
4126 }
4127out:
4128 return err;
4129}
4130
4131static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
4132{
4133 struct sock *sk = sock->sk;
4134 struct sk_security_struct *sksec = sk->sk_security;
4135 int err;
4136
4137 err = sock_has_perm(current, sk, SOCKET__CONNECT);
4138 if (err)
4139 return err;
4140
4141
4142
4143
4144 if (sksec->sclass == SECCLASS_TCP_SOCKET ||
4145 sksec->sclass == SECCLASS_DCCP_SOCKET) {
4146 struct common_audit_data ad;
4147 struct lsm_network_audit net = {0,};
4148 struct sockaddr_in *addr4 = NULL;
4149 struct sockaddr_in6 *addr6 = NULL;
4150 unsigned short snum;
4151 u32 sid, perm;
4152
4153 if (sk->sk_family == PF_INET) {
4154 addr4 = (struct sockaddr_in *)address;
4155 if (addrlen < sizeof(struct sockaddr_in))
4156 return -EINVAL;
4157 snum = ntohs(addr4->sin_port);
4158 } else {
4159 addr6 = (struct sockaddr_in6 *)address;
4160 if (addrlen < SIN6_LEN_RFC2133)
4161 return -EINVAL;
4162 snum = ntohs(addr6->sin6_port);
4163 }
4164
4165 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
4166 if (err)
4167 goto out;
4168
4169 perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ?
4170 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
4171
4172 ad.type = LSM_AUDIT_DATA_NET;
4173 ad.u.net = &net;
4174 ad.u.net->dport = htons(snum);
4175 ad.u.net->family = sk->sk_family;
4176 err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad);
4177 if (err)
4178 goto out;
4179 }
4180
4181 err = selinux_netlbl_socket_connect(sk, address);
4182
4183out:
4184 return err;
4185}
4186
4187static int selinux_socket_listen(struct socket *sock, int backlog)
4188{
4189 return sock_has_perm(current, sock->sk, SOCKET__LISTEN);
4190}
4191
4192static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
4193{
4194 int err;
4195 struct inode_security_struct *isec;
4196 struct inode_security_struct *newisec;
4197
4198 err = sock_has_perm(current, sock->sk, SOCKET__ACCEPT);
4199 if (err)
4200 return err;
4201
4202 newisec = SOCK_INODE(newsock)->i_security;
4203
4204 isec = SOCK_INODE(sock)->i_security;
4205 newisec->sclass = isec->sclass;
4206 newisec->sid = isec->sid;
4207 newisec->initialized = 1;
4208
4209 return 0;
4210}
4211
4212static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
4213 int size)
4214{
4215 return sock_has_perm(current, sock->sk, SOCKET__WRITE);
4216}
4217
4218static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
4219 int size, int flags)
4220{
4221 return sock_has_perm(current, sock->sk, SOCKET__READ);
4222}
4223
4224static int selinux_socket_getsockname(struct socket *sock)
4225{
4226 return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
4227}
4228
4229static int selinux_socket_getpeername(struct socket *sock)
4230{
4231 return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
4232}
4233
4234static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
4235{
4236 int err;
4237
4238 err = sock_has_perm(current, sock->sk, SOCKET__SETOPT);
4239 if (err)
4240 return err;
4241
4242 return selinux_netlbl_socket_setsockopt(sock, level, optname);
4243}
4244
4245static int selinux_socket_getsockopt(struct socket *sock, int level,
4246 int optname)
4247{
4248 return sock_has_perm(current, sock->sk, SOCKET__GETOPT);
4249}
4250
4251static int selinux_socket_shutdown(struct socket *sock, int how)
4252{
4253 return sock_has_perm(current, sock->sk, SOCKET__SHUTDOWN);
4254}
4255
4256static int selinux_socket_unix_stream_connect(struct sock *sock,
4257 struct sock *other,
4258 struct sock *newsk)
4259{
4260 struct sk_security_struct *sksec_sock = sock->sk_security;
4261 struct sk_security_struct *sksec_other = other->sk_security;
4262 struct sk_security_struct *sksec_new = newsk->sk_security;
4263 struct common_audit_data ad;
4264 struct lsm_network_audit net = {0,};
4265 int err;
4266
4267 ad.type = LSM_AUDIT_DATA_NET;
4268 ad.u.net = &net;
4269 ad.u.net->sk = other;
4270
4271 err = avc_has_perm(sksec_sock->sid, sksec_other->sid,
4272 sksec_other->sclass,
4273 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
4274 if (err)
4275 return err;
4276
4277
4278 sksec_new->peer_sid = sksec_sock->sid;
4279 err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid,
4280 &sksec_new->sid);
4281 if (err)
4282 return err;
4283
4284
4285 sksec_sock->peer_sid = sksec_new->sid;
4286
4287 return 0;
4288}
4289
4290static int selinux_socket_unix_may_send(struct socket *sock,
4291 struct socket *other)
4292{
4293 struct sk_security_struct *ssec = sock->sk->sk_security;
4294 struct sk_security_struct *osec = other->sk->sk_security;
4295 struct common_audit_data ad;
4296 struct lsm_network_audit net = {0,};
4297
4298 ad.type = LSM_AUDIT_DATA_NET;
4299 ad.u.net = &net;
4300 ad.u.net->sk = other->sk;
4301
4302 return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
4303 &ad);
4304}
4305
4306static int selinux_inet_sys_rcv_skb(struct net *ns, int ifindex,
4307 char *addrp, u16 family, u32 peer_sid,
4308 struct common_audit_data *ad)
4309{
4310 int err;
4311 u32 if_sid;
4312 u32 node_sid;
4313
4314 err = sel_netif_sid(ns, ifindex, &if_sid);
4315 if (err)
4316 return err;
4317 err = avc_has_perm(peer_sid, if_sid,
4318 SECCLASS_NETIF, NETIF__INGRESS, ad);
4319 if (err)
4320 return err;
4321
4322 err = sel_netnode_sid(addrp, family, &node_sid);
4323 if (err)
4324 return err;
4325 return avc_has_perm(peer_sid, node_sid,
4326 SECCLASS_NODE, NODE__RECVFROM, ad);
4327}
4328
4329static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4330 u16 family)
4331{
4332 int err = 0;
4333 struct sk_security_struct *sksec = sk->sk_security;
4334 u32 sk_sid = sksec->sid;
4335 struct common_audit_data ad;
4336 struct lsm_network_audit net = {0,};
4337 char *addrp;
4338
4339 ad.type = LSM_AUDIT_DATA_NET;
4340 ad.u.net = &net;
4341 ad.u.net->netif = skb->skb_iif;
4342 ad.u.net->family = family;
4343 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4344 if (err)
4345 return err;
4346
4347 if (selinux_secmark_enabled()) {
4348 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4349 PACKET__RECV, &ad);
4350 if (err)
4351 return err;
4352 }
4353
4354 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
4355 if (err)
4356 return err;
4357 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
4358
4359 return err;
4360}
4361
4362static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4363{
4364 int err;
4365 struct sk_security_struct *sksec = sk->sk_security;
4366 u16 family = sk->sk_family;
4367 u32 sk_sid = sksec->sid;
4368 struct common_audit_data ad;
4369 struct lsm_network_audit net = {0,};
4370 char *addrp;
4371 u8 secmark_active;
4372 u8 peerlbl_active;
4373
4374 if (family != PF_INET && family != PF_INET6)
4375 return 0;
4376
4377
4378 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4379 family = PF_INET;
4380
4381
4382
4383
4384
4385 if (!selinux_policycap_netpeer)
4386 return selinux_sock_rcv_skb_compat(sk, skb, family);
4387
4388 secmark_active = selinux_secmark_enabled();
4389 peerlbl_active = selinux_peerlbl_enabled();
4390 if (!secmark_active && !peerlbl_active)
4391 return 0;
4392
4393 ad.type = LSM_AUDIT_DATA_NET;
4394 ad.u.net = &net;
4395 ad.u.net->netif = skb->skb_iif;
4396 ad.u.net->family = family;
4397 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4398 if (err)
4399 return err;
4400
4401 if (peerlbl_active) {
4402 u32 peer_sid;
4403
4404 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4405 if (err)
4406 return err;
4407 err = selinux_inet_sys_rcv_skb(sock_net(sk), skb->skb_iif,
4408 addrp, family, peer_sid, &ad);
4409 if (err) {
4410 selinux_netlbl_err(skb, err, 0);
4411 return err;
4412 }
4413 err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
4414 PEER__RECV, &ad);
4415 if (err) {
4416 selinux_netlbl_err(skb, err, 0);
4417 return err;
4418 }
4419 }
4420
4421 if (secmark_active) {
4422 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4423 PACKET__RECV, &ad);
4424 if (err)
4425 return err;
4426 }
4427
4428 return err;
4429}
4430
4431static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
4432 int __user *optlen, unsigned len)
4433{
4434 int err = 0;
4435 char *scontext;
4436 u32 scontext_len;
4437 struct sk_security_struct *sksec = sock->sk->sk_security;
4438 u32 peer_sid = SECSID_NULL;
4439
4440 if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
4441 sksec->sclass == SECCLASS_TCP_SOCKET)
4442 peer_sid = sksec->peer_sid;
4443 if (peer_sid == SECSID_NULL)
4444 return -ENOPROTOOPT;
4445
4446 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
4447 if (err)
4448 return err;
4449
4450 if (scontext_len > len) {
4451 err = -ERANGE;
4452 goto out_len;
4453 }
4454
4455 if (copy_to_user(optval, scontext, scontext_len))
4456 err = -EFAULT;
4457
4458out_len:
4459 if (put_user(scontext_len, optlen))
4460 err = -EFAULT;
4461 kfree(scontext);
4462 return err;
4463}
4464
4465static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
4466{
4467 u32 peer_secid = SECSID_NULL;
4468 u16 family;
4469
4470 if (skb && skb->protocol == htons(ETH_P_IP))
4471 family = PF_INET;
4472 else if (skb && skb->protocol == htons(ETH_P_IPV6))
4473 family = PF_INET6;
4474 else if (sock)
4475 family = sock->sk->sk_family;
4476 else
4477 goto out;
4478
4479 if (sock && family == PF_UNIX)
4480 selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
4481 else if (skb)
4482 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
4483
4484out:
4485 *secid = peer_secid;
4486 if (peer_secid == SECSID_NULL)
4487 return -EINVAL;
4488 return 0;
4489}
4490
4491static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
4492{
4493 struct sk_security_struct *sksec;
4494
4495 sksec = kzalloc(sizeof(*sksec), priority);
4496 if (!sksec)
4497 return -ENOMEM;
4498
4499 sksec->peer_sid = SECINITSID_UNLABELED;
4500 sksec->sid = SECINITSID_UNLABELED;
4501 selinux_netlbl_sk_security_reset(sksec);
4502 sk->sk_security = sksec;
4503
4504 return 0;
4505}
4506
4507static void selinux_sk_free_security(struct sock *sk)
4508{
4509 struct sk_security_struct *sksec = sk->sk_security;
4510
4511 sk->sk_security = NULL;
4512 selinux_netlbl_sk_security_free(sksec);
4513 kfree(sksec);
4514}
4515
4516static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
4517{
4518 struct sk_security_struct *sksec = sk->sk_security;
4519 struct sk_security_struct *newsksec = newsk->sk_security;
4520
4521 newsksec->sid = sksec->sid;
4522 newsksec->peer_sid = sksec->peer_sid;
4523 newsksec->sclass = sksec->sclass;
4524
4525 selinux_netlbl_sk_security_reset(newsksec);
4526}
4527
4528static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
4529{
4530 if (!sk)
4531 *secid = SECINITSID_ANY_SOCKET;
4532 else {
4533 struct sk_security_struct *sksec = sk->sk_security;
4534
4535 *secid = sksec->sid;
4536 }
4537}
4538
4539static void selinux_sock_graft(struct sock *sk, struct socket *parent)
4540{
4541 struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
4542 struct sk_security_struct *sksec = sk->sk_security;
4543
4544 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
4545 sk->sk_family == PF_UNIX)
4546 isec->sid = sksec->sid;
4547 sksec->sclass = isec->sclass;
4548}
4549
4550static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4551 struct request_sock *req)
4552{
4553 struct sk_security_struct *sksec = sk->sk_security;
4554 int err;
4555 u16 family = req->rsk_ops->family;
4556 u32 connsid;
4557 u32 peersid;
4558
4559 err = selinux_skb_peerlbl_sid(skb, family, &peersid);
4560 if (err)
4561 return err;
4562 err = selinux_conn_sid(sksec->sid, peersid, &connsid);
4563 if (err)
4564 return err;
4565 req->secid = connsid;
4566 req->peer_secid = peersid;
4567
4568 return selinux_netlbl_inet_conn_request(req, family);
4569}
4570
4571static void selinux_inet_csk_clone(struct sock *newsk,
4572 const struct request_sock *req)
4573{
4574 struct sk_security_struct *newsksec = newsk->sk_security;
4575
4576 newsksec->sid = req->secid;
4577 newsksec->peer_sid = req->peer_secid;
4578
4579
4580
4581
4582
4583
4584
4585 selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
4586}
4587
4588static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
4589{
4590 u16 family = sk->sk_family;
4591 struct sk_security_struct *sksec = sk->sk_security;
4592
4593
4594 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4595 family = PF_INET;
4596
4597 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
4598}
4599
4600static void selinux_skb_owned_by(struct sk_buff *skb, struct sock *sk)
4601{
4602 skb_set_owner_w(skb, sk);
4603}
4604
4605static int selinux_secmark_relabel_packet(u32 sid)
4606{
4607 const struct task_security_struct *__tsec;
4608 u32 tsid;
4609
4610 __tsec = current_security();
4611 tsid = __tsec->sid;
4612
4613 return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL);
4614}
4615
4616static void selinux_secmark_refcount_inc(void)
4617{
4618 atomic_inc(&selinux_secmark_refcount);
4619}
4620
4621static void selinux_secmark_refcount_dec(void)
4622{
4623 atomic_dec(&selinux_secmark_refcount);
4624}
4625
4626static void selinux_req_classify_flow(const struct request_sock *req,
4627 struct flowi *fl)
4628{
4629 fl->flowi_secid = req->secid;
4630}
4631
4632static int selinux_tun_dev_alloc_security(void **security)
4633{
4634 struct tun_security_struct *tunsec;
4635
4636 tunsec = kzalloc(sizeof(*tunsec), GFP_KERNEL);
4637 if (!tunsec)
4638 return -ENOMEM;
4639 tunsec->sid = current_sid();
4640
4641 *security = tunsec;
4642 return 0;
4643}
4644
4645static void selinux_tun_dev_free_security(void *security)
4646{
4647 kfree(security);
4648}
4649
4650static int selinux_tun_dev_create(void)
4651{
4652 u32 sid = current_sid();
4653
4654
4655
4656
4657
4658
4659
4660
4661 return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
4662 NULL);
4663}
4664
4665static int selinux_tun_dev_attach_queue(void *security)
4666{
4667 struct tun_security_struct *tunsec = security;
4668
4669 return avc_has_perm(current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET,
4670 TUN_SOCKET__ATTACH_QUEUE, NULL);
4671}
4672
4673static int selinux_tun_dev_attach(struct sock *sk, void *security)
4674{
4675 struct tun_security_struct *tunsec = security;
4676 struct sk_security_struct *sksec = sk->sk_security;
4677
4678
4679
4680
4681
4682
4683
4684
4685 sksec->sid = tunsec->sid;
4686 sksec->sclass = SECCLASS_TUN_SOCKET;
4687
4688 return 0;
4689}
4690
4691static int selinux_tun_dev_open(void *security)
4692{
4693 struct tun_security_struct *tunsec = security;
4694 u32 sid = current_sid();
4695 int err;
4696
4697 err = avc_has_perm(sid, tunsec->sid, SECCLASS_TUN_SOCKET,
4698 TUN_SOCKET__RELABELFROM, NULL);
4699 if (err)
4700 return err;
4701 err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET,
4702 TUN_SOCKET__RELABELTO, NULL);
4703 if (err)
4704 return err;
4705 tunsec->sid = sid;
4706
4707 return 0;
4708}
4709
4710static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
4711{
4712 int err = 0;
4713 u32 perm;
4714 struct nlmsghdr *nlh;
4715 struct sk_security_struct *sksec = sk->sk_security;
4716
4717 if (skb->len < NLMSG_HDRLEN) {
4718 err = -EINVAL;
4719 goto out;
4720 }
4721 nlh = nlmsg_hdr(skb);
4722
4723 err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);
4724 if (err) {
4725 if (err == -EINVAL) {
4726 printk(KERN_WARNING
4727 "SELinux: unrecognized netlink message:"
4728 " protocol=%hu nlmsg_type=%hu sclass=%hu\n",
4729 sk->sk_protocol, nlh->nlmsg_type, sksec->sclass);
4730 if (!selinux_enforcing || security_get_allow_unknown())
4731 err = 0;
4732 }
4733
4734
4735 if (err == -ENOENT)
4736 err = 0;
4737 goto out;
4738 }
4739
4740 err = sock_has_perm(current, sk, perm);
4741out:
4742 return err;
4743}
4744
4745#ifdef CONFIG_NETFILTER
4746
4747static unsigned int selinux_ip_forward(struct sk_buff *skb,
4748 const struct net_device *indev,
4749 u16 family)
4750{
4751 int err;
4752 char *addrp;
4753 u32 peer_sid;
4754 struct common_audit_data ad;
4755 struct lsm_network_audit net = {0,};
4756 u8 secmark_active;
4757 u8 netlbl_active;
4758 u8 peerlbl_active;
4759
4760 if (!selinux_policycap_netpeer)
4761 return NF_ACCEPT;
4762
4763 secmark_active = selinux_secmark_enabled();
4764 netlbl_active = netlbl_enabled();
4765 peerlbl_active = selinux_peerlbl_enabled();
4766 if (!secmark_active && !peerlbl_active)
4767 return NF_ACCEPT;
4768
4769 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
4770 return NF_DROP;
4771
4772 ad.type = LSM_AUDIT_DATA_NET;
4773 ad.u.net = &net;
4774 ad.u.net->netif = indev->ifindex;
4775 ad.u.net->family = family;
4776 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
4777 return NF_DROP;
4778
4779 if (peerlbl_active) {
4780 err = selinux_inet_sys_rcv_skb(dev_net(indev), indev->ifindex,
4781 addrp, family, peer_sid, &ad);
4782 if (err) {
4783 selinux_netlbl_err(skb, err, 1);
4784 return NF_DROP;
4785 }
4786 }
4787
4788 if (secmark_active)
4789 if (avc_has_perm(peer_sid, skb->secmark,
4790 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
4791 return NF_DROP;
4792
4793 if (netlbl_active)
4794
4795
4796
4797
4798 if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
4799 return NF_DROP;
4800
4801 return NF_ACCEPT;
4802}
4803
4804static unsigned int selinux_ipv4_forward(const struct nf_hook_ops *ops,
4805 struct sk_buff *skb,
4806 const struct net_device *in,
4807 const struct net_device *out,
4808 int (*okfn)(struct sk_buff *))
4809{
4810 return selinux_ip_forward(skb, in, PF_INET);
4811}
4812
4813#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4814static unsigned int selinux_ipv6_forward(const struct nf_hook_ops *ops,
4815 struct sk_buff *skb,
4816 const struct net_device *in,
4817 const struct net_device *out,
4818 int (*okfn)(struct sk_buff *))
4819{
4820 return selinux_ip_forward(skb, in, PF_INET6);
4821}
4822#endif
4823
4824static unsigned int selinux_ip_output(struct sk_buff *skb,
4825 u16 family)
4826{
4827 struct sock *sk;
4828 u32 sid;
4829
4830 if (!netlbl_enabled())
4831 return NF_ACCEPT;
4832
4833
4834
4835
4836 sk = skb->sk;
4837 if (sk) {
4838 struct sk_security_struct *sksec;
4839
4840 if (sk->sk_state == TCP_LISTEN)
4841
4842
4843
4844
4845
4846
4847
4848
4849
4850
4851
4852
4853 return NF_ACCEPT;
4854
4855
4856 sksec = sk->sk_security;
4857 sid = sksec->sid;
4858 } else
4859 sid = SECINITSID_KERNEL;
4860 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
4861 return NF_DROP;
4862
4863 return NF_ACCEPT;
4864}
4865
4866static unsigned int selinux_ipv4_output(const struct nf_hook_ops *ops,
4867 struct sk_buff *skb,
4868 const struct net_device *in,
4869 const struct net_device *out,
4870 int (*okfn)(struct sk_buff *))
4871{
4872 return selinux_ip_output(skb, PF_INET);
4873}
4874
4875static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4876 int ifindex,
4877 u16 family)
4878{
4879 struct sock *sk = skb->sk;
4880 struct sk_security_struct *sksec;
4881 struct common_audit_data ad;
4882 struct lsm_network_audit net = {0,};
4883 char *addrp;
4884 u8 proto;
4885
4886 if (sk == NULL)
4887 return NF_ACCEPT;
4888 sksec = sk->sk_security;
4889
4890 ad.type = LSM_AUDIT_DATA_NET;
4891 ad.u.net = &net;
4892 ad.u.net->netif = ifindex;
4893 ad.u.net->family = family;
4894 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
4895 return NF_DROP;
4896
4897 if (selinux_secmark_enabled())
4898 if (avc_has_perm(sksec->sid, skb->secmark,
4899 SECCLASS_PACKET, PACKET__SEND, &ad))
4900 return NF_DROP_ERR(-ECONNREFUSED);
4901
4902 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
4903 return NF_DROP_ERR(-ECONNREFUSED);
4904
4905 return NF_ACCEPT;
4906}
4907
4908static unsigned int selinux_ip_postroute(struct sk_buff *skb,
4909 const struct net_device *outdev,
4910 u16 family)
4911{
4912 u32 secmark_perm;
4913 u32 peer_sid;
4914 int ifindex = outdev->ifindex;
4915 struct sock *sk;
4916 struct common_audit_data ad;
4917 struct lsm_network_audit net = {0,};
4918 char *addrp;
4919 u8 secmark_active;
4920 u8 peerlbl_active;
4921
4922
4923
4924
4925
4926 if (!selinux_policycap_netpeer)
4927 return selinux_ip_postroute_compat(skb, ifindex, family);
4928
4929 secmark_active = selinux_secmark_enabled();
4930 peerlbl_active = selinux_peerlbl_enabled();
4931 if (!secmark_active && !peerlbl_active)
4932 return NF_ACCEPT;
4933
4934 sk = skb->sk;
4935
4936#ifdef CONFIG_XFRM
4937
4938
4939
4940
4941
4942
4943
4944
4945
4946
4947
4948 if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL &&
4949 !(sk != NULL && sk->sk_state == TCP_LISTEN))
4950 return NF_ACCEPT;
4951#endif
4952
4953 if (sk == NULL) {
4954
4955
4956
4957
4958 if (skb->skb_iif) {
4959 secmark_perm = PACKET__FORWARD_OUT;
4960 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
4961 return NF_DROP;
4962 } else {
4963 secmark_perm = PACKET__SEND;
4964 peer_sid = SECINITSID_KERNEL;
4965 }
4966 } else if (sk->sk_state == TCP_LISTEN) {
4967
4968
4969
4970
4971
4972
4973
4974
4975
4976 u32 skb_sid;
4977 struct sk_security_struct *sksec = sk->sk_security;
4978 if (selinux_skb_peerlbl_sid(skb, family, &skb_sid))
4979 return NF_DROP;
4980
4981
4982
4983
4984
4985
4986 if (skb_sid == SECSID_NULL) {
4987 switch (family) {
4988 case PF_INET:
4989 if (IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED)
4990 return NF_ACCEPT;
4991 break;
4992 case PF_INET6:
4993 if (IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED)
4994 return NF_ACCEPT;
4995 break;
4996 default:
4997 return NF_DROP_ERR(-ECONNREFUSED);
4998 }
4999 }
5000 if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid))
5001 return NF_DROP;
5002 secmark_perm = PACKET__SEND;
5003 } else {
5004
5005
5006 struct sk_security_struct *sksec = sk->sk_security;
5007 peer_sid = sksec->sid;
5008 secmark_perm = PACKET__SEND;
5009 }
5010
5011 ad.type = LSM_AUDIT_DATA_NET;
5012 ad.u.net = &net;
5013 ad.u.net->netif = ifindex;
5014 ad.u.net->family = family;
5015 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
5016 return NF_DROP;
5017
5018 if (secmark_active)
5019 if (avc_has_perm(peer_sid, skb->secmark,
5020 SECCLASS_PACKET, secmark_perm, &ad))
5021 return NF_DROP_ERR(-ECONNREFUSED);
5022
5023 if (peerlbl_active) {
5024 u32 if_sid;
5025 u32 node_sid;
5026
5027 if (sel_netif_sid(dev_net(outdev), ifindex, &if_sid))
5028 return NF_DROP;
5029 if (avc_has_perm(peer_sid, if_sid,
5030 SECCLASS_NETIF, NETIF__EGRESS, &ad))
5031 return NF_DROP_ERR(-ECONNREFUSED);
5032
5033 if (sel_netnode_sid(addrp, family, &node_sid))
5034 return NF_DROP;
5035 if (avc_has_perm(peer_sid, node_sid,
5036 SECCLASS_NODE, NODE__SENDTO, &ad))
5037 return NF_DROP_ERR(-ECONNREFUSED);
5038 }
5039
5040 return NF_ACCEPT;
5041}
5042
5043static unsigned int selinux_ipv4_postroute(const struct nf_hook_ops *ops,
5044 struct sk_buff *skb,
5045 const struct net_device *in,
5046 const struct net_device *out,
5047 int (*okfn)(struct sk_buff *))
5048{
5049 return selinux_ip_postroute(skb, out, PF_INET);
5050}
5051
5052#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5053static unsigned int selinux_ipv6_postroute(const struct nf_hook_ops *ops,
5054 struct sk_buff *skb,
5055 const struct net_device *in,
5056 const struct net_device *out,
5057 int (*okfn)(struct sk_buff *))
5058{
5059 return selinux_ip_postroute(skb, out, PF_INET6);
5060}
5061#endif
5062
5063#endif
5064
5065static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
5066{
5067 int err;
5068
5069 err = cap_netlink_send(sk, skb);
5070 if (err)
5071 return err;
5072
5073 return selinux_nlmsg_perm(sk, skb);
5074}
5075
5076static int ipc_alloc_security(struct task_struct *task,
5077 struct kern_ipc_perm *perm,
5078 u16 sclass)
5079{
5080 struct ipc_security_struct *isec;
5081 u32 sid;
5082
5083 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
5084 if (!isec)
5085 return -ENOMEM;
5086
5087 sid = task_sid(task);
5088 isec->sclass = sclass;
5089 isec->sid = sid;
5090 perm->security = isec;
5091
5092 return 0;
5093}
5094
5095static void ipc_free_security(struct kern_ipc_perm *perm)
5096{
5097 struct ipc_security_struct *isec = perm->security;
5098 perm->security = NULL;
5099 kfree(isec);
5100}
5101
5102static int msg_msg_alloc_security(struct msg_msg *msg)
5103{
5104 struct msg_security_struct *msec;
5105
5106 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
5107 if (!msec)
5108 return -ENOMEM;
5109
5110 msec->sid = SECINITSID_UNLABELED;
5111 msg->security = msec;
5112
5113 return 0;
5114}
5115
5116static void msg_msg_free_security(struct msg_msg *msg)
5117{
5118 struct msg_security_struct *msec = msg->security;
5119
5120 msg->security = NULL;
5121 kfree(msec);
5122}
5123
5124static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
5125 u32 perms)
5126{
5127 struct ipc_security_struct *isec;
5128 struct common_audit_data ad;
5129 u32 sid = current_sid();
5130
5131 isec = ipc_perms->security;
5132
5133 ad.type = LSM_AUDIT_DATA_IPC;
5134 ad.u.ipc_id = ipc_perms->key;
5135
5136 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
5137}
5138
5139static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
5140{
5141 return msg_msg_alloc_security(msg);
5142}
5143
5144static void selinux_msg_msg_free_security(struct msg_msg *msg)
5145{
5146 msg_msg_free_security(msg);
5147}
5148
5149
5150static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
5151{
5152 struct ipc_security_struct *isec;
5153 struct common_audit_data ad;
5154 u32 sid = current_sid();
5155 int rc;
5156
5157 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
5158 if (rc)
5159 return rc;
5160
5161 isec = msq->q_perm.security;
5162
5163 ad.type = LSM_AUDIT_DATA_IPC;
5164 ad.u.ipc_id = msq->q_perm.key;
5165
5166 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5167 MSGQ__CREATE, &ad);
5168 if (rc) {
5169 ipc_free_security(&msq->q_perm);
5170 return rc;
5171 }
5172 return 0;
5173}
5174
5175static void selinux_msg_queue_free_security(struct msg_queue *msq)
5176{
5177 ipc_free_security(&msq->q_perm);
5178}
5179
5180static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
5181{
5182 struct ipc_security_struct *isec;
5183 struct common_audit_data ad;
5184 u32 sid = current_sid();
5185
5186 isec = msq->q_perm.security;
5187
5188 ad.type = LSM_AUDIT_DATA_IPC;
5189 ad.u.ipc_id = msq->q_perm.key;
5190
5191 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5192 MSGQ__ASSOCIATE, &ad);
5193}
5194
5195static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
5196{
5197 int err;
5198 int perms;
5199
5200 switch (cmd) {
5201 case IPC_INFO:
5202 case MSG_INFO:
5203
5204 return task_has_system(current, SYSTEM__IPC_INFO);
5205 case IPC_STAT:
5206 case MSG_STAT:
5207 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
5208 break;
5209 case IPC_SET:
5210 perms = MSGQ__SETATTR;
5211 break;
5212 case IPC_RMID:
5213 perms = MSGQ__DESTROY;
5214 break;
5215 default:
5216 return 0;
5217 }
5218
5219 err = ipc_has_perm(&msq->q_perm, perms);
5220 return err;
5221}
5222
5223static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
5224{
5225 struct ipc_security_struct *isec;
5226 struct msg_security_struct *msec;
5227 struct common_audit_data ad;
5228 u32 sid = current_sid();
5229 int rc;
5230
5231 isec = msq->q_perm.security;
5232 msec = msg->security;
5233
5234
5235
5236
5237 if (msec->sid == SECINITSID_UNLABELED) {
5238
5239
5240
5241
5242 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG,
5243 NULL, &msec->sid);
5244 if (rc)
5245 return rc;
5246 }
5247
5248 ad.type = LSM_AUDIT_DATA_IPC;
5249 ad.u.ipc_id = msq->q_perm.key;
5250
5251
5252 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5253 MSGQ__WRITE, &ad);
5254 if (!rc)
5255
5256 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG,
5257 MSG__SEND, &ad);
5258 if (!rc)
5259
5260 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ,
5261 MSGQ__ENQUEUE, &ad);
5262
5263 return rc;
5264}
5265
5266static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
5267 struct task_struct *target,
5268 long type, int mode)
5269{
5270 struct ipc_security_struct *isec;
5271 struct msg_security_struct *msec;
5272 struct common_audit_data ad;
5273 u32 sid = task_sid(target);
5274 int rc;
5275
5276 isec = msq->q_perm.security;
5277 msec = msg->security;
5278
5279 ad.type = LSM_AUDIT_DATA_IPC;
5280 ad.u.ipc_id = msq->q_perm.key;
5281
5282 rc = avc_has_perm(sid, isec->sid,
5283 SECCLASS_MSGQ, MSGQ__READ, &ad);
5284 if (!rc)
5285 rc = avc_has_perm(sid, msec->sid,
5286 SECCLASS_MSG, MSG__RECEIVE, &ad);
5287 return rc;
5288}
5289
5290
5291static int selinux_shm_alloc_security(struct shmid_kernel *shp)
5292{
5293 struct ipc_security_struct *isec;
5294 struct common_audit_data ad;
5295 u32 sid = current_sid();
5296 int rc;
5297
5298 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
5299 if (rc)
5300 return rc;
5301
5302 isec = shp->shm_perm.security;
5303
5304 ad.type = LSM_AUDIT_DATA_IPC;
5305 ad.u.ipc_id = shp->shm_perm.key;
5306
5307 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5308 SHM__CREATE, &ad);
5309 if (rc) {
5310 ipc_free_security(&shp->shm_perm);
5311 return rc;
5312 }
5313 return 0;
5314}
5315
5316static void selinux_shm_free_security(struct shmid_kernel *shp)
5317{
5318 ipc_free_security(&shp->shm_perm);
5319}
5320
5321static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
5322{
5323 struct ipc_security_struct *isec;
5324 struct common_audit_data ad;
5325 u32 sid = current_sid();
5326
5327 isec = shp->shm_perm.security;
5328
5329 ad.type = LSM_AUDIT_DATA_IPC;
5330 ad.u.ipc_id = shp->shm_perm.key;
5331
5332 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5333 SHM__ASSOCIATE, &ad);
5334}
5335
5336
5337static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
5338{
5339 int perms;
5340 int err;
5341
5342 switch (cmd) {
5343 case IPC_INFO:
5344 case SHM_INFO:
5345
5346 return task_has_system(current, SYSTEM__IPC_INFO);
5347 case IPC_STAT:
5348 case SHM_STAT:
5349 perms = SHM__GETATTR | SHM__ASSOCIATE;
5350 break;
5351 case IPC_SET:
5352 perms = SHM__SETATTR;
5353 break;
5354 case SHM_LOCK:
5355 case SHM_UNLOCK:
5356 perms = SHM__LOCK;
5357 break;
5358 case IPC_RMID:
5359 perms = SHM__DESTROY;
5360 break;
5361 default:
5362 return 0;
5363 }
5364
5365 err = ipc_has_perm(&shp->shm_perm, perms);
5366 return err;
5367}
5368
5369static int selinux_shm_shmat(struct shmid_kernel *shp,
5370 char __user *shmaddr, int shmflg)
5371{
5372 u32 perms;
5373
5374 if (shmflg & SHM_RDONLY)
5375 perms = SHM__READ;
5376 else
5377 perms = SHM__READ | SHM__WRITE;
5378
5379 return ipc_has_perm(&shp->shm_perm, perms);
5380}
5381
5382
5383static int selinux_sem_alloc_security(struct sem_array *sma)
5384{
5385 struct ipc_security_struct *isec;
5386 struct common_audit_data ad;
5387 u32 sid = current_sid();
5388 int rc;
5389
5390 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
5391 if (rc)
5392 return rc;
5393
5394 isec = sma->sem_perm.security;
5395
5396 ad.type = LSM_AUDIT_DATA_IPC;
5397 ad.u.ipc_id = sma->sem_perm.key;
5398
5399 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5400 SEM__CREATE, &ad);
5401 if (rc) {
5402 ipc_free_security(&sma->sem_perm);
5403 return rc;
5404 }
5405 return 0;
5406}
5407
5408static void selinux_sem_free_security(struct sem_array *sma)
5409{
5410 ipc_free_security(&sma->sem_perm);
5411}
5412
5413static int selinux_sem_associate(struct sem_array *sma, int semflg)
5414{
5415 struct ipc_security_struct *isec;
5416 struct common_audit_data ad;
5417 u32 sid = current_sid();
5418
5419 isec = sma->sem_perm.security;
5420
5421 ad.type = LSM_AUDIT_DATA_IPC;
5422 ad.u.ipc_id = sma->sem_perm.key;
5423
5424 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5425 SEM__ASSOCIATE, &ad);
5426}
5427
5428
5429static int selinux_sem_semctl(struct sem_array *sma, int cmd)
5430{
5431 int err;
5432 u32 perms;
5433
5434 switch (cmd) {
5435 case IPC_INFO:
5436 case SEM_INFO:
5437
5438 return task_has_system(current, SYSTEM__IPC_INFO);
5439 case GETPID:
5440 case GETNCNT:
5441 case GETZCNT:
5442 perms = SEM__GETATTR;
5443 break;
5444 case GETVAL:
5445 case GETALL:
5446 perms = SEM__READ;
5447 break;
5448 case SETVAL:
5449 case SETALL:
5450 perms = SEM__WRITE;
5451 break;
5452 case IPC_RMID:
5453 perms = SEM__DESTROY;
5454 break;
5455 case IPC_SET:
5456 perms = SEM__SETATTR;
5457 break;
5458 case IPC_STAT:
5459 case SEM_STAT:
5460 perms = SEM__GETATTR | SEM__ASSOCIATE;
5461 break;
5462 default:
5463 return 0;
5464 }
5465
5466 err = ipc_has_perm(&sma->sem_perm, perms);
5467 return err;
5468}
5469
5470static int selinux_sem_semop(struct sem_array *sma,
5471 struct sembuf *sops, unsigned nsops, int alter)
5472{
5473 u32 perms;
5474
5475 if (alter)
5476 perms = SEM__READ | SEM__WRITE;
5477 else
5478 perms = SEM__READ;
5479
5480 return ipc_has_perm(&sma->sem_perm, perms);
5481}
5482
5483static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
5484{
5485 u32 av = 0;
5486
5487 av = 0;
5488 if (flag & S_IRUGO)
5489 av |= IPC__UNIX_READ;
5490 if (flag & S_IWUGO)
5491 av |= IPC__UNIX_WRITE;
5492
5493 if (av == 0)
5494 return 0;
5495
5496 return ipc_has_perm(ipcp, av);
5497}
5498
5499static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
5500{
5501 struct ipc_security_struct *isec = ipcp->security;
5502 *secid = isec->sid;
5503}
5504
5505static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
5506{
5507 if (inode)
5508 inode_doinit_with_dentry(inode, dentry);
5509}
5510
5511static int selinux_getprocattr(struct task_struct *p,
5512 char *name, char **value)
5513{
5514 const struct task_security_struct *__tsec;
5515 u32 sid;
5516 int error;
5517 unsigned len;
5518
5519 if (current != p) {
5520 error = current_has_perm(p, PROCESS__GETATTR);
5521 if (error)
5522 return error;
5523 }
5524
5525 rcu_read_lock();
5526 __tsec = __task_cred(p)->security;
5527
5528 if (!strcmp(name, "current"))
5529 sid = __tsec->sid;
5530 else if (!strcmp(name, "prev"))
5531 sid = __tsec->osid;
5532 else if (!strcmp(name, "exec"))
5533 sid = __tsec->exec_sid;
5534 else if (!strcmp(name, "fscreate"))
5535 sid = __tsec->create_sid;
5536 else if (!strcmp(name, "keycreate"))
5537 sid = __tsec->keycreate_sid;
5538 else if (!strcmp(name, "sockcreate"))
5539 sid = __tsec->sockcreate_sid;
5540 else
5541 goto invalid;
5542 rcu_read_unlock();
5543
5544 if (!sid)
5545 return 0;
5546
5547 error = security_sid_to_context(sid, value, &len);
5548 if (error)
5549 return error;
5550 return len;
5551
5552invalid:
5553 rcu_read_unlock();
5554 return -EINVAL;
5555}
5556
5557static int selinux_setprocattr(struct task_struct *p,
5558 char *name, void *value, size_t size)
5559{
5560 struct task_security_struct *tsec;
5561 struct task_struct *tracer;
5562 struct cred *new;
5563 u32 sid = 0, ptsid;
5564 int error;
5565 char *str = value;
5566
5567 if (current != p) {
5568
5569
5570 return -EACCES;
5571 }
5572
5573
5574
5575
5576
5577
5578 if (!strcmp(name, "exec"))
5579 error = current_has_perm(p, PROCESS__SETEXEC);
5580 else if (!strcmp(name, "fscreate"))
5581 error = current_has_perm(p, PROCESS__SETFSCREATE);
5582 else if (!strcmp(name, "keycreate"))
5583 error = current_has_perm(p, PROCESS__SETKEYCREATE);
5584 else if (!strcmp(name, "sockcreate"))
5585 error = current_has_perm(p, PROCESS__SETSOCKCREATE);
5586 else if (!strcmp(name, "current"))
5587 error = current_has_perm(p, PROCESS__SETCURRENT);
5588 else
5589 error = -EINVAL;
5590 if (error)
5591 return error;
5592
5593
5594 if (size && str[1] && str[1] != '\n') {
5595 if (str[size-1] == '\n') {
5596 str[size-1] = 0;
5597 size--;
5598 }
5599 error = security_context_to_sid(value, size, &sid, GFP_KERNEL);
5600 if (error == -EINVAL && !strcmp(name, "fscreate")) {
5601 if (!capable(CAP_MAC_ADMIN)) {
5602 struct audit_buffer *ab;
5603 size_t audit_size;
5604
5605
5606
5607 if (str[size - 1] == '\0')
5608 audit_size = size - 1;
5609 else
5610 audit_size = size;
5611 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
5612 audit_log_format(ab, "op=fscreate invalid_context=");
5613 audit_log_n_untrustedstring(ab, value, audit_size);
5614 audit_log_end(ab);
5615
5616 return error;
5617 }
5618 error = security_context_to_sid_force(value, size,
5619 &sid);
5620 }
5621 if (error)
5622 return error;
5623 }
5624
5625 new = prepare_creds();
5626 if (!new)
5627 return -ENOMEM;
5628
5629
5630
5631
5632
5633
5634
5635 tsec = new->security;
5636 if (!strcmp(name, "exec")) {
5637 tsec->exec_sid = sid;
5638 } else if (!strcmp(name, "fscreate")) {
5639 tsec->create_sid = sid;
5640 } else if (!strcmp(name, "keycreate")) {
5641 error = may_create_key(sid, p);
5642 if (error)
5643 goto abort_change;
5644 tsec->keycreate_sid = sid;
5645 } else if (!strcmp(name, "sockcreate")) {
5646 tsec->sockcreate_sid = sid;
5647 } else if (!strcmp(name, "current")) {
5648 error = -EINVAL;
5649 if (sid == 0)
5650 goto abort_change;
5651
5652
5653 error = -EPERM;
5654 if (!current_is_single_threaded()) {
5655 error = security_bounded_transition(tsec->sid, sid);
5656 if (error)
5657 goto abort_change;
5658 }
5659
5660
5661 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
5662 PROCESS__DYNTRANSITION, NULL);
5663 if (error)
5664 goto abort_change;
5665
5666
5667
5668 ptsid = 0;
5669 rcu_read_lock();
5670 tracer = ptrace_parent(p);
5671 if (tracer)
5672 ptsid = task_sid(tracer);
5673 rcu_read_unlock();
5674
5675 if (tracer) {
5676 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
5677 PROCESS__PTRACE, NULL);
5678 if (error)
5679 goto abort_change;
5680 }
5681
5682 tsec->sid = sid;
5683 } else {
5684 error = -EINVAL;
5685 goto abort_change;
5686 }
5687
5688 commit_creds(new);
5689 return size;
5690
5691abort_change:
5692 abort_creds(new);
5693 return error;
5694}
5695
5696static int selinux_ismaclabel(const char *name)
5697{
5698 return (strcmp(name, XATTR_SELINUX_SUFFIX) == 0);
5699}
5700
5701static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
5702{
5703 return security_sid_to_context(secid, secdata, seclen);
5704}
5705
5706static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
5707{
5708 return security_context_to_sid(secdata, seclen, secid, GFP_KERNEL);
5709}
5710
5711static void selinux_release_secctx(char *secdata, u32 seclen)
5712{
5713 kfree(secdata);
5714}
5715
5716
5717
5718
5719static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
5720{
5721 return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0);
5722}
5723
5724
5725
5726
5727static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
5728{
5729 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
5730}
5731
5732static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
5733{
5734 int len = 0;
5735 len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,
5736 ctx, true);
5737 if (len < 0)
5738 return len;
5739 *ctxlen = len;
5740 return 0;
5741}
5742#ifdef CONFIG_KEYS
5743
5744static int selinux_key_alloc(struct key *k, const struct cred *cred,
5745 unsigned long flags)
5746{
5747 const struct task_security_struct *tsec;
5748 struct key_security_struct *ksec;
5749
5750 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
5751 if (!ksec)
5752 return -ENOMEM;
5753
5754 tsec = cred->security;
5755 if (tsec->keycreate_sid)
5756 ksec->sid = tsec->keycreate_sid;
5757 else
5758 ksec->sid = tsec->sid;
5759
5760 k->security = ksec;
5761 return 0;
5762}
5763
5764static void selinux_key_free(struct key *k)
5765{
5766 struct key_security_struct *ksec = k->security;
5767
5768 k->security = NULL;
5769 kfree(ksec);
5770}
5771
5772static int selinux_key_permission(key_ref_t key_ref,
5773 const struct cred *cred,
5774 unsigned perm)
5775{
5776 struct key *key;
5777 struct key_security_struct *ksec;
5778 u32 sid;
5779
5780
5781
5782
5783 if (perm == 0)
5784 return 0;
5785
5786 sid = cred_sid(cred);
5787
5788 key = key_ref_to_ptr(key_ref);
5789 ksec = key->security;
5790
5791 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL);
5792}
5793
5794static int selinux_key_getsecurity(struct key *key, char **_buffer)
5795{
5796 struct key_security_struct *ksec = key->security;
5797 char *context = NULL;
5798 unsigned len;
5799 int rc;
5800
5801 rc = security_sid_to_context(ksec->sid, &context, &len);
5802 if (!rc)
5803 rc = len;
5804 *_buffer = context;
5805 return rc;
5806}
5807
5808#endif
5809
5810static struct security_operations selinux_ops = {
5811 .name = "selinux",
5812
5813 .ptrace_access_check = selinux_ptrace_access_check,
5814 .ptrace_traceme = selinux_ptrace_traceme,
5815 .capget = selinux_capget,
5816 .capset = selinux_capset,
5817 .capable = selinux_capable,
5818 .quotactl = selinux_quotactl,
5819 .quota_on = selinux_quota_on,
5820 .syslog = selinux_syslog,
5821 .vm_enough_memory = selinux_vm_enough_memory,
5822
5823 .netlink_send = selinux_netlink_send,
5824
5825 .bprm_set_creds = selinux_bprm_set_creds,
5826 .bprm_committing_creds = selinux_bprm_committing_creds,
5827 .bprm_committed_creds = selinux_bprm_committed_creds,
5828 .bprm_secureexec = selinux_bprm_secureexec,
5829
5830 .sb_alloc_security = selinux_sb_alloc_security,
5831 .sb_free_security = selinux_sb_free_security,
5832 .sb_copy_data = selinux_sb_copy_data,
5833 .sb_remount = selinux_sb_remount,
5834 .sb_kern_mount = selinux_sb_kern_mount,
5835 .sb_show_options = selinux_sb_show_options,
5836 .sb_statfs = selinux_sb_statfs,
5837 .sb_mount = selinux_mount,
5838 .sb_umount = selinux_umount,
5839 .sb_set_mnt_opts = selinux_set_mnt_opts,
5840 .sb_clone_mnt_opts = selinux_sb_clone_mnt_opts,
5841 .sb_parse_opts_str = selinux_parse_opts_str,
5842
5843 .dentry_init_security = selinux_dentry_init_security,
5844
5845 .inode_alloc_security = selinux_inode_alloc_security,
5846 .inode_free_security = selinux_inode_free_security,
5847 .inode_init_security = selinux_inode_init_security,
5848 .inode_create = selinux_inode_create,
5849 .inode_link = selinux_inode_link,
5850 .inode_unlink = selinux_inode_unlink,
5851 .inode_symlink = selinux_inode_symlink,
5852 .inode_mkdir = selinux_inode_mkdir,
5853 .inode_rmdir = selinux_inode_rmdir,
5854 .inode_mknod = selinux_inode_mknod,
5855 .inode_rename = selinux_inode_rename,
5856 .inode_readlink = selinux_inode_readlink,
5857 .inode_follow_link = selinux_inode_follow_link,
5858 .inode_permission = selinux_inode_permission,
5859 .inode_setattr = selinux_inode_setattr,
5860 .inode_getattr = selinux_inode_getattr,
5861 .inode_setxattr = selinux_inode_setxattr,
5862 .inode_post_setxattr = selinux_inode_post_setxattr,
5863 .inode_getxattr = selinux_inode_getxattr,
5864 .inode_listxattr = selinux_inode_listxattr,
5865 .inode_removexattr = selinux_inode_removexattr,
5866 .inode_getsecurity = selinux_inode_getsecurity,
5867 .inode_setsecurity = selinux_inode_setsecurity,
5868 .inode_listsecurity = selinux_inode_listsecurity,
5869 .inode_getsecid = selinux_inode_getsecid,
5870
5871 .file_permission = selinux_file_permission,
5872 .file_alloc_security = selinux_file_alloc_security,
5873 .file_free_security = selinux_file_free_security,
5874 .file_ioctl = selinux_file_ioctl,
5875 .mmap_file = selinux_mmap_file,
5876 .mmap_addr = selinux_mmap_addr,
5877 .file_mprotect = selinux_file_mprotect,
5878 .file_lock = selinux_file_lock,
5879 .file_fcntl = selinux_file_fcntl,
5880 .file_set_fowner = selinux_file_set_fowner,
5881 .file_send_sigiotask = selinux_file_send_sigiotask,
5882 .file_receive = selinux_file_receive,
5883
5884 .file_open = selinux_file_open,
5885
5886 .task_create = selinux_task_create,
5887 .cred_alloc_blank = selinux_cred_alloc_blank,
5888 .cred_free = selinux_cred_free,
5889 .cred_prepare = selinux_cred_prepare,
5890 .cred_transfer = selinux_cred_transfer,
5891 .kernel_act_as = selinux_kernel_act_as,
5892 .kernel_create_files_as = selinux_kernel_create_files_as,
5893 .kernel_module_request = selinux_kernel_module_request,
5894 .task_setpgid = selinux_task_setpgid,
5895 .task_getpgid = selinux_task_getpgid,
5896 .task_getsid = selinux_task_getsid,
5897 .task_getsecid = selinux_task_getsecid,
5898 .task_setnice = selinux_task_setnice,
5899 .task_setioprio = selinux_task_setioprio,
5900 .task_getioprio = selinux_task_getioprio,
5901 .task_setrlimit = selinux_task_setrlimit,
5902 .task_setscheduler = selinux_task_setscheduler,
5903 .task_getscheduler = selinux_task_getscheduler,
5904 .task_movememory = selinux_task_movememory,
5905 .task_kill = selinux_task_kill,
5906 .task_wait = selinux_task_wait,
5907 .task_to_inode = selinux_task_to_inode,
5908
5909 .ipc_permission = selinux_ipc_permission,
5910 .ipc_getsecid = selinux_ipc_getsecid,
5911
5912 .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
5913 .msg_msg_free_security = selinux_msg_msg_free_security,
5914
5915 .msg_queue_alloc_security = selinux_msg_queue_alloc_security,
5916 .msg_queue_free_security = selinux_msg_queue_free_security,
5917 .msg_queue_associate = selinux_msg_queue_associate,
5918 .msg_queue_msgctl = selinux_msg_queue_msgctl,
5919 .msg_queue_msgsnd = selinux_msg_queue_msgsnd,
5920 .msg_queue_msgrcv = selinux_msg_queue_msgrcv,
5921
5922 .shm_alloc_security = selinux_shm_alloc_security,
5923 .shm_free_security = selinux_shm_free_security,
5924 .shm_associate = selinux_shm_associate,
5925 .shm_shmctl = selinux_shm_shmctl,
5926 .shm_shmat = selinux_shm_shmat,
5927
5928 .sem_alloc_security = selinux_sem_alloc_security,
5929 .sem_free_security = selinux_sem_free_security,
5930 .sem_associate = selinux_sem_associate,
5931 .sem_semctl = selinux_sem_semctl,
5932 .sem_semop = selinux_sem_semop,
5933
5934 .d_instantiate = selinux_d_instantiate,
5935
5936 .getprocattr = selinux_getprocattr,
5937 .setprocattr = selinux_setprocattr,
5938
5939 .ismaclabel = selinux_ismaclabel,
5940 .secid_to_secctx = selinux_secid_to_secctx,
5941 .secctx_to_secid = selinux_secctx_to_secid,
5942 .release_secctx = selinux_release_secctx,
5943 .inode_notifysecctx = selinux_inode_notifysecctx,
5944 .inode_setsecctx = selinux_inode_setsecctx,
5945 .inode_getsecctx = selinux_inode_getsecctx,
5946
5947 .unix_stream_connect = selinux_socket_unix_stream_connect,
5948 .unix_may_send = selinux_socket_unix_may_send,
5949
5950 .socket_create = selinux_socket_create,
5951 .socket_post_create = selinux_socket_post_create,
5952 .socket_bind = selinux_socket_bind,
5953 .socket_connect = selinux_socket_connect,
5954 .socket_listen = selinux_socket_listen,
5955 .socket_accept = selinux_socket_accept,
5956 .socket_sendmsg = selinux_socket_sendmsg,
5957 .socket_recvmsg = selinux_socket_recvmsg,
5958 .socket_getsockname = selinux_socket_getsockname,
5959 .socket_getpeername = selinux_socket_getpeername,
5960 .socket_getsockopt = selinux_socket_getsockopt,
5961 .socket_setsockopt = selinux_socket_setsockopt,
5962 .socket_shutdown = selinux_socket_shutdown,
5963 .socket_sock_rcv_skb = selinux_socket_sock_rcv_skb,
5964 .socket_getpeersec_stream = selinux_socket_getpeersec_stream,
5965 .socket_getpeersec_dgram = selinux_socket_getpeersec_dgram,
5966 .sk_alloc_security = selinux_sk_alloc_security,
5967 .sk_free_security = selinux_sk_free_security,
5968 .sk_clone_security = selinux_sk_clone_security,
5969 .sk_getsecid = selinux_sk_getsecid,
5970 .sock_graft = selinux_sock_graft,
5971 .inet_conn_request = selinux_inet_conn_request,
5972 .inet_csk_clone = selinux_inet_csk_clone,
5973 .inet_conn_established = selinux_inet_conn_established,
5974 .secmark_relabel_packet = selinux_secmark_relabel_packet,
5975 .secmark_refcount_inc = selinux_secmark_refcount_inc,
5976 .secmark_refcount_dec = selinux_secmark_refcount_dec,
5977 .req_classify_flow = selinux_req_classify_flow,
5978 .tun_dev_alloc_security = selinux_tun_dev_alloc_security,
5979 .tun_dev_free_security = selinux_tun_dev_free_security,
5980 .tun_dev_create = selinux_tun_dev_create,
5981 .tun_dev_attach_queue = selinux_tun_dev_attach_queue,
5982 .tun_dev_attach = selinux_tun_dev_attach,
5983 .tun_dev_open = selinux_tun_dev_open,
5984 .skb_owned_by = selinux_skb_owned_by,
5985
5986#ifdef CONFIG_SECURITY_NETWORK_XFRM
5987 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc,
5988 .xfrm_policy_clone_security = selinux_xfrm_policy_clone,
5989 .xfrm_policy_free_security = selinux_xfrm_policy_free,
5990 .xfrm_policy_delete_security = selinux_xfrm_policy_delete,
5991 .xfrm_state_alloc = selinux_xfrm_state_alloc,
5992 .xfrm_state_alloc_acquire = selinux_xfrm_state_alloc_acquire,
5993 .xfrm_state_free_security = selinux_xfrm_state_free,
5994 .xfrm_state_delete_security = selinux_xfrm_state_delete,
5995 .xfrm_policy_lookup = selinux_xfrm_policy_lookup,
5996 .xfrm_state_pol_flow_match = selinux_xfrm_state_pol_flow_match,
5997 .xfrm_decode_session = selinux_xfrm_decode_session,
5998#endif
5999
6000#ifdef CONFIG_KEYS
6001 .key_alloc = selinux_key_alloc,
6002 .key_free = selinux_key_free,
6003 .key_permission = selinux_key_permission,
6004 .key_getsecurity = selinux_key_getsecurity,
6005#endif
6006
6007#ifdef CONFIG_AUDIT
6008 .audit_rule_init = selinux_audit_rule_init,
6009 .audit_rule_known = selinux_audit_rule_known,
6010 .audit_rule_match = selinux_audit_rule_match,
6011 .audit_rule_free = selinux_audit_rule_free,
6012#endif
6013};
6014
6015static __init int selinux_init(void)
6016{
6017 if (!security_module_enable(&selinux_ops)) {
6018 selinux_enabled = 0;
6019 return 0;
6020 }
6021
6022 if (!selinux_enabled) {
6023 printk(KERN_INFO "SELinux: Disabled at boot.\n");
6024 return 0;
6025 }
6026
6027 printk(KERN_INFO "SELinux: Initializing.\n");
6028
6029
6030 cred_init_security();
6031
6032 default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
6033
6034 sel_inode_cache = kmem_cache_create("selinux_inode_security",
6035 sizeof(struct inode_security_struct),
6036 0, SLAB_PANIC, NULL);
6037 avc_init();
6038
6039 if (register_security(&selinux_ops))
6040 panic("SELinux: Unable to register with kernel.\n");
6041
6042 if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET))
6043 panic("SELinux: Unable to register AVC netcache callback\n");
6044
6045 if (selinux_enforcing)
6046 printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
6047 else
6048 printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
6049
6050 return 0;
6051}
6052
6053static void delayed_superblock_init(struct super_block *sb, void *unused)
6054{
6055 superblock_doinit(sb, NULL);
6056}
6057
6058void selinux_complete_init(void)
6059{
6060 printk(KERN_DEBUG "SELinux: Completing initialization.\n");
6061
6062
6063 printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
6064 iterate_supers(delayed_superblock_init, NULL);
6065}
6066
6067
6068
6069security_initcall(selinux_init);
6070
6071#if defined(CONFIG_NETFILTER)
6072
6073static struct nf_hook_ops selinux_nf_ops[] = {
6074 {
6075 .hook = selinux_ipv4_postroute,
6076 .owner = THIS_MODULE,
6077 .pf = NFPROTO_IPV4,
6078 .hooknum = NF_INET_POST_ROUTING,
6079 .priority = NF_IP_PRI_SELINUX_LAST,
6080 },
6081 {
6082 .hook = selinux_ipv4_forward,
6083 .owner = THIS_MODULE,
6084 .pf = NFPROTO_IPV4,
6085 .hooknum = NF_INET_FORWARD,
6086 .priority = NF_IP_PRI_SELINUX_FIRST,
6087 },
6088 {
6089 .hook = selinux_ipv4_output,
6090 .owner = THIS_MODULE,
6091 .pf = NFPROTO_IPV4,
6092 .hooknum = NF_INET_LOCAL_OUT,
6093 .priority = NF_IP_PRI_SELINUX_FIRST,
6094 },
6095#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
6096 {
6097 .hook = selinux_ipv6_postroute,
6098 .owner = THIS_MODULE,
6099 .pf = NFPROTO_IPV6,
6100 .hooknum = NF_INET_POST_ROUTING,
6101 .priority = NF_IP6_PRI_SELINUX_LAST,
6102 },
6103 {
6104 .hook = selinux_ipv6_forward,
6105 .owner = THIS_MODULE,
6106 .pf = NFPROTO_IPV6,
6107 .hooknum = NF_INET_FORWARD,
6108 .priority = NF_IP6_PRI_SELINUX_FIRST,
6109 },
6110#endif
6111};
6112
6113static int __init selinux_nf_ip_init(void)
6114{
6115 int err;
6116
6117 if (!selinux_enabled)
6118 return 0;
6119
6120 printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
6121
6122 err = nf_register_hooks(selinux_nf_ops, ARRAY_SIZE(selinux_nf_ops));
6123 if (err)
6124 panic("SELinux: nf_register_hooks: error %d\n", err);
6125
6126 return 0;
6127}
6128
6129__initcall(selinux_nf_ip_init);
6130
6131#ifdef CONFIG_SECURITY_SELINUX_DISABLE
6132static void selinux_nf_ip_exit(void)
6133{
6134 printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
6135
6136 nf_unregister_hooks(selinux_nf_ops, ARRAY_SIZE(selinux_nf_ops));
6137}
6138#endif
6139
6140#else
6141
6142#ifdef CONFIG_SECURITY_SELINUX_DISABLE
6143#define selinux_nf_ip_exit()
6144#endif
6145
6146#endif
6147
6148#ifdef CONFIG_SECURITY_SELINUX_DISABLE
6149static int selinux_disabled;
6150
6151int selinux_disable(void)
6152{
6153 if (ss_initialized) {
6154
6155 return -EINVAL;
6156 }
6157
6158 if (selinux_disabled) {
6159
6160 return -EINVAL;
6161 }
6162
6163 printk(KERN_INFO "SELinux: Disabled at runtime.\n");
6164
6165 selinux_disabled = 1;
6166 selinux_enabled = 0;
6167
6168 reset_security_ops();
6169
6170
6171 avc_disable();
6172
6173
6174 selinux_nf_ip_exit();
6175
6176
6177 exit_sel_fs();
6178
6179 return 0;
6180}
6181#endif
6182
