1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26#include <linux/init.h>
27#include <linux/kd.h>
28#include <linux/kernel.h>
29#include <linux/tracehook.h>
30#include <linux/errno.h>
31#include <linux/ext2_fs.h>
32#include <linux/sched.h>
33#include <linux/security.h>
34#include <linux/xattr.h>
35#include <linux/capability.h>
36#include <linux/unistd.h>
37#include <linux/mm.h>
38#include <linux/mman.h>
39#include <linux/slab.h>
40#include <linux/pagemap.h>
41#include <linux/proc_fs.h>
42#include <linux/swap.h>
43#include <linux/spinlock.h>
44#include <linux/syscalls.h>
45#include <linux/dcache.h>
46#include <linux/file.h>
47#include <linux/fdtable.h>
48#include <linux/namei.h>
49#include <linux/mount.h>
50#include <linux/netfilter_ipv4.h>
51#include <linux/netfilter_ipv6.h>
52#include <linux/tty.h>
53#include <net/icmp.h>
54#include <net/ip.h>
55#include <net/tcp.h>
56#include <net/net_namespace.h>
57#include <net/netlabel.h>
58#include <linux/uaccess.h>
59#include <asm/ioctls.h>
60#include <linux/atomic.h>
61#include <linux/bitops.h>
62#include <linux/interrupt.h>
63#include <linux/netdevice.h>
64#include <linux/netlink.h>
65#include <linux/tcp.h>
66#include <linux/udp.h>
67#include <linux/dccp.h>
68#include <linux/quota.h>
69#include <linux/un.h>
70#include <net/af_unix.h>
71#include <linux/parser.h>
72#include <linux/nfs_mount.h>
73#include <net/ipv6.h>
74#include <linux/hugetlb.h>
75#include <linux/personality.h>
76#include <linux/audit.h>
77#include <linux/string.h>
78#include <linux/selinux.h>
79#include <linux/mutex.h>
80#include <linux/posix-timers.h>
81#include <linux/syslog.h>
82#include <linux/user_namespace.h>
83#include <linux/export.h>
84
85#include "avc.h"
86#include "objsec.h"
87#include "netif.h"
88#include "netnode.h"
89#include "netport.h"
90#include "xfrm.h"
91#include "netlabel.h"
92#include "audit.h"
93#include "avc_ss.h"
94
95#define NUM_SEL_MNT_OPTS 5
96
97extern struct security_operations *security_ops;
98
99
100static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
101
102#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
103int selinux_enforcing;
104
105static int __init enforcing_setup(char *str)
106{
107 unsigned long enforcing;
108 if (!strict_strtoul(str, 0, &enforcing))
109 selinux_enforcing = enforcing ? 1 : 0;
110 return 1;
111}
112__setup("enforcing=", enforcing_setup);
113#endif
114
115#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
116int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
117
118static int __init selinux_enabled_setup(char *str)
119{
120 unsigned long enabled;
121 if (!strict_strtoul(str, 0, &enabled))
122 selinux_enabled = enabled ? 1 : 0;
123 return 1;
124}
125__setup("selinux=", selinux_enabled_setup);
126#else
127int selinux_enabled = 1;
128#endif
129
130static struct kmem_cache *sel_inode_cache;
131
132
133
134
135
136
137
138
139
140
141
142static int selinux_secmark_enabled(void)
143{
144 return (atomic_read(&selinux_secmark_refcount) > 0);
145}
146
147
148
149
150static void cred_init_security(void)
151{
152 struct cred *cred = (struct cred *) current->real_cred;
153 struct task_security_struct *tsec;
154
155 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
156 if (!tsec)
157 panic("SELinux: Failed to initialize initial task.\n");
158
159 tsec->osid = tsec->sid = SECINITSID_KERNEL;
160 cred->security = tsec;
161}
162
163
164
165
166static inline u32 cred_sid(const struct cred *cred)
167{
168 const struct task_security_struct *tsec;
169
170 tsec = cred->security;
171 return tsec->sid;
172}
173
174
175
176
177static inline u32 task_sid(const struct task_struct *task)
178{
179 u32 sid;
180
181 rcu_read_lock();
182 sid = cred_sid(__task_cred(task));
183 rcu_read_unlock();
184 return sid;
185}
186
187
188
189
190static inline u32 current_sid(void)
191{
192 const struct task_security_struct *tsec = current_security();
193
194 return tsec->sid;
195}
196
197
198
199static int inode_alloc_security(struct inode *inode)
200{
201 struct inode_security_struct *isec;
202 u32 sid = current_sid();
203
204 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
205 if (!isec)
206 return -ENOMEM;
207
208 mutex_init(&isec->lock);
209 INIT_LIST_HEAD(&isec->list);
210 isec->inode = inode;
211 isec->sid = SECINITSID_UNLABELED;
212 isec->sclass = SECCLASS_FILE;
213 isec->task_sid = sid;
214 inode->i_security = isec;
215
216 return 0;
217}
218
219static void inode_free_security(struct inode *inode)
220{
221 struct inode_security_struct *isec = inode->i_security;
222 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
223
224 spin_lock(&sbsec->isec_lock);
225 if (!list_empty(&isec->list))
226 list_del_init(&isec->list);
227 spin_unlock(&sbsec->isec_lock);
228
229 inode->i_security = NULL;
230 kmem_cache_free(sel_inode_cache, isec);
231}
232
233static int file_alloc_security(struct file *file)
234{
235 struct file_security_struct *fsec;
236 u32 sid = current_sid();
237
238 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
239 if (!fsec)
240 return -ENOMEM;
241
242 fsec->sid = sid;
243 fsec->fown_sid = sid;
244 file->f_security = fsec;
245
246 return 0;
247}
248
249static void file_free_security(struct file *file)
250{
251 struct file_security_struct *fsec = file->f_security;
252 file->f_security = NULL;
253 kfree(fsec);
254}
255
256static int superblock_alloc_security(struct super_block *sb)
257{
258 struct superblock_security_struct *sbsec;
259
260 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
261 if (!sbsec)
262 return -ENOMEM;
263
264 mutex_init(&sbsec->lock);
265 INIT_LIST_HEAD(&sbsec->isec_head);
266 spin_lock_init(&sbsec->isec_lock);
267 sbsec->sb = sb;
268 sbsec->sid = SECINITSID_UNLABELED;
269 sbsec->def_sid = SECINITSID_FILE;
270 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
271 sb->s_security = sbsec;
272
273 return 0;
274}
275
276static void superblock_free_security(struct super_block *sb)
277{
278 struct superblock_security_struct *sbsec = sb->s_security;
279 sb->s_security = NULL;
280 kfree(sbsec);
281}
282
283
284
285static const char *labeling_behaviors[6] = {
286 "uses xattr",
287 "uses transition SIDs",
288 "uses task SIDs",
289 "uses genfs_contexts",
290 "not configured for labeling",
291 "uses mountpoint labeling",
292};
293
294static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
295
296static inline int inode_doinit(struct inode *inode)
297{
298 return inode_doinit_with_dentry(inode, NULL);
299}
300
301enum {
302 Opt_error = -1,
303 Opt_context = 1,
304 Opt_fscontext = 2,
305 Opt_defcontext = 3,
306 Opt_rootcontext = 4,
307 Opt_labelsupport = 5,
308};
309
310static const match_table_t tokens = {
311 {Opt_context, CONTEXT_STR "%s"},
312 {Opt_fscontext, FSCONTEXT_STR "%s"},
313 {Opt_defcontext, DEFCONTEXT_STR "%s"},
314 {Opt_rootcontext, ROOTCONTEXT_STR "%s"},
315 {Opt_labelsupport, LABELSUPP_STR},
316 {Opt_error, NULL},
317};
318
319#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
320
321static int may_context_mount_sb_relabel(u32 sid,
322 struct superblock_security_struct *sbsec,
323 const struct cred *cred)
324{
325 const struct task_security_struct *tsec = cred->security;
326 int rc;
327
328 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
329 FILESYSTEM__RELABELFROM, NULL);
330 if (rc)
331 return rc;
332
333 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
334 FILESYSTEM__RELABELTO, NULL);
335 return rc;
336}
337
338static int may_context_mount_inode_relabel(u32 sid,
339 struct superblock_security_struct *sbsec,
340 const struct cred *cred)
341{
342 const struct task_security_struct *tsec = cred->security;
343 int rc;
344 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
345 FILESYSTEM__RELABELFROM, NULL);
346 if (rc)
347 return rc;
348
349 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
350 FILESYSTEM__ASSOCIATE, NULL);
351 return rc;
352}
353
354static int sb_finish_set_opts(struct super_block *sb)
355{
356 struct superblock_security_struct *sbsec = sb->s_security;
357 struct dentry *root = sb->s_root;
358 struct inode *root_inode = root->d_inode;
359 int rc = 0;
360
361 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
362
363
364
365
366
367 if (!root_inode->i_op->getxattr) {
368 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
369 "xattr support\n", sb->s_id, sb->s_type->name);
370 rc = -EOPNOTSUPP;
371 goto out;
372 }
373 rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
374 if (rc < 0 && rc != -ENODATA) {
375 if (rc == -EOPNOTSUPP)
376 printk(KERN_WARNING "SELinux: (dev %s, type "
377 "%s) has no security xattr handler\n",
378 sb->s_id, sb->s_type->name);
379 else
380 printk(KERN_WARNING "SELinux: (dev %s, type "
381 "%s) getxattr errno %d\n", sb->s_id,
382 sb->s_type->name, -rc);
383 goto out;
384 }
385 }
386
387 sbsec->flags |= (SE_SBINITIALIZED | SE_SBLABELSUPP);
388
389 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
390 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
391 sb->s_id, sb->s_type->name);
392 else
393 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
394 sb->s_id, sb->s_type->name,
395 labeling_behaviors[sbsec->behavior-1]);
396
397 if (sbsec->behavior == SECURITY_FS_USE_GENFS ||
398 sbsec->behavior == SECURITY_FS_USE_MNTPOINT ||
399 sbsec->behavior == SECURITY_FS_USE_NONE ||
400 sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
401 sbsec->flags &= ~SE_SBLABELSUPP;
402
403
404 if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
405 sbsec->flags |= SE_SBLABELSUPP;
406
407
408 rc = inode_doinit_with_dentry(root_inode, root);
409
410
411
412
413
414 spin_lock(&sbsec->isec_lock);
415next_inode:
416 if (!list_empty(&sbsec->isec_head)) {
417 struct inode_security_struct *isec =
418 list_entry(sbsec->isec_head.next,
419 struct inode_security_struct, list);
420 struct inode *inode = isec->inode;
421 spin_unlock(&sbsec->isec_lock);
422 inode = igrab(inode);
423 if (inode) {
424 if (!IS_PRIVATE(inode))
425 inode_doinit(inode);
426 iput(inode);
427 }
428 spin_lock(&sbsec->isec_lock);
429 list_del_init(&isec->list);
430 goto next_inode;
431 }
432 spin_unlock(&sbsec->isec_lock);
433out:
434 return rc;
435}
436
437
438
439
440
441
442static int selinux_get_mnt_opts(const struct super_block *sb,
443 struct security_mnt_opts *opts)
444{
445 int rc = 0, i;
446 struct superblock_security_struct *sbsec = sb->s_security;
447 char *context = NULL;
448 u32 len;
449 char tmp;
450
451 security_init_mnt_opts(opts);
452
453 if (!(sbsec->flags & SE_SBINITIALIZED))
454 return -EINVAL;
455
456 if (!ss_initialized)
457 return -EINVAL;
458
459 tmp = sbsec->flags & SE_MNTMASK;
460
461 for (i = 0; i < 8; i++) {
462 if (tmp & 0x01)
463 opts->num_mnt_opts++;
464 tmp >>= 1;
465 }
466
467 if (sbsec->flags & SE_SBLABELSUPP)
468 opts->num_mnt_opts++;
469
470 opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
471 if (!opts->mnt_opts) {
472 rc = -ENOMEM;
473 goto out_free;
474 }
475
476 opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);
477 if (!opts->mnt_opts_flags) {
478 rc = -ENOMEM;
479 goto out_free;
480 }
481
482 i = 0;
483 if (sbsec->flags & FSCONTEXT_MNT) {
484 rc = security_sid_to_context(sbsec->sid, &context, &len);
485 if (rc)
486 goto out_free;
487 opts->mnt_opts[i] = context;
488 opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
489 }
490 if (sbsec->flags & CONTEXT_MNT) {
491 rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
492 if (rc)
493 goto out_free;
494 opts->mnt_opts[i] = context;
495 opts->mnt_opts_flags[i++] = CONTEXT_MNT;
496 }
497 if (sbsec->flags & DEFCONTEXT_MNT) {
498 rc = security_sid_to_context(sbsec->def_sid, &context, &len);
499 if (rc)
500 goto out_free;
501 opts->mnt_opts[i] = context;
502 opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;
503 }
504 if (sbsec->flags & ROOTCONTEXT_MNT) {
505 struct inode *root = sbsec->sb->s_root->d_inode;
506 struct inode_security_struct *isec = root->i_security;
507
508 rc = security_sid_to_context(isec->sid, &context, &len);
509 if (rc)
510 goto out_free;
511 opts->mnt_opts[i] = context;
512 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
513 }
514 if (sbsec->flags & SE_SBLABELSUPP) {
515 opts->mnt_opts[i] = NULL;
516 opts->mnt_opts_flags[i++] = SE_SBLABELSUPP;
517 }
518
519 BUG_ON(i != opts->num_mnt_opts);
520
521 return 0;
522
523out_free:
524 security_free_mnt_opts(opts);
525 return rc;
526}
527
528static int bad_option(struct superblock_security_struct *sbsec, char flag,
529 u32 old_sid, u32 new_sid)
530{
531 char mnt_flags = sbsec->flags & SE_MNTMASK;
532
533
534 if (sbsec->flags & SE_SBINITIALIZED)
535 if (!(sbsec->flags & flag) ||
536 (old_sid != new_sid))
537 return 1;
538
539
540
541
542 if (!(sbsec->flags & SE_SBINITIALIZED))
543 if (mnt_flags & flag)
544 return 1;
545 return 0;
546}
547
548
549
550
551
552static int selinux_set_mnt_opts(struct super_block *sb,
553 struct security_mnt_opts *opts)
554{
555 const struct cred *cred = current_cred();
556 int rc = 0, i;
557 struct superblock_security_struct *sbsec = sb->s_security;
558 const char *name = sb->s_type->name;
559 struct inode *inode = sbsec->sb->s_root->d_inode;
560 struct inode_security_struct *root_isec = inode->i_security;
561 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
562 u32 defcontext_sid = 0;
563 char **mount_options = opts->mnt_opts;
564 int *flags = opts->mnt_opts_flags;
565 int num_opts = opts->num_mnt_opts;
566
567 mutex_lock(&sbsec->lock);
568
569 if (!ss_initialized) {
570 if (!num_opts) {
571
572
573
574 goto out;
575 }
576 rc = -EINVAL;
577 printk(KERN_WARNING "SELinux: Unable to set superblock options "
578 "before the security server is initialized\n");
579 goto out;
580 }
581
582
583
584
585
586
587
588
589
590
591
592
593 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
594 && (num_opts == 0))
595 goto out;
596
597
598
599
600
601
602 for (i = 0; i < num_opts; i++) {
603 u32 sid;
604
605 if (flags[i] == SE_SBLABELSUPP)
606 continue;
607 rc = security_context_to_sid(mount_options[i],
608 strlen(mount_options[i]), &sid);
609 if (rc) {
610 printk(KERN_WARNING "SELinux: security_context_to_sid"
611 "(%s) failed for (dev %s, type %s) errno=%d\n",
612 mount_options[i], sb->s_id, name, rc);
613 goto out;
614 }
615 switch (flags[i]) {
616 case FSCONTEXT_MNT:
617 fscontext_sid = sid;
618
619 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
620 fscontext_sid))
621 goto out_double_mount;
622
623 sbsec->flags |= FSCONTEXT_MNT;
624 break;
625 case CONTEXT_MNT:
626 context_sid = sid;
627
628 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
629 context_sid))
630 goto out_double_mount;
631
632 sbsec->flags |= CONTEXT_MNT;
633 break;
634 case ROOTCONTEXT_MNT:
635 rootcontext_sid = sid;
636
637 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
638 rootcontext_sid))
639 goto out_double_mount;
640
641 sbsec->flags |= ROOTCONTEXT_MNT;
642
643 break;
644 case DEFCONTEXT_MNT:
645 defcontext_sid = sid;
646
647 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
648 defcontext_sid))
649 goto out_double_mount;
650
651 sbsec->flags |= DEFCONTEXT_MNT;
652
653 break;
654 default:
655 rc = -EINVAL;
656 goto out;
657 }
658 }
659
660 if (sbsec->flags & SE_SBINITIALIZED) {
661
662 if ((sbsec->flags & SE_MNTMASK) && !num_opts)
663 goto out_double_mount;
664 rc = 0;
665 goto out;
666 }
667
668 if (strcmp(sb->s_type->name, "proc") == 0)
669 sbsec->flags |= SE_SBPROC;
670
671
672 rc = security_fs_use((sbsec->flags & SE_SBPROC) ? "proc" : sb->s_type->name, &sbsec->behavior, &sbsec->sid);
673 if (rc) {
674 printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
675 __func__, sb->s_type->name, rc);
676 goto out;
677 }
678
679
680 if (fscontext_sid) {
681 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
682 if (rc)
683 goto out;
684
685 sbsec->sid = fscontext_sid;
686 }
687
688
689
690
691
692
693 if (context_sid) {
694 if (!fscontext_sid) {
695 rc = may_context_mount_sb_relabel(context_sid, sbsec,
696 cred);
697 if (rc)
698 goto out;
699 sbsec->sid = context_sid;
700 } else {
701 rc = may_context_mount_inode_relabel(context_sid, sbsec,
702 cred);
703 if (rc)
704 goto out;
705 }
706 if (!rootcontext_sid)
707 rootcontext_sid = context_sid;
708
709 sbsec->mntpoint_sid = context_sid;
710 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
711 }
712
713 if (rootcontext_sid) {
714 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
715 cred);
716 if (rc)
717 goto out;
718
719 root_isec->sid = rootcontext_sid;
720 root_isec->initialized = 1;
721 }
722
723 if (defcontext_sid) {
724 if (sbsec->behavior != SECURITY_FS_USE_XATTR) {
725 rc = -EINVAL;
726 printk(KERN_WARNING "SELinux: defcontext option is "
727 "invalid for this filesystem type\n");
728 goto out;
729 }
730
731 if (defcontext_sid != sbsec->def_sid) {
732 rc = may_context_mount_inode_relabel(defcontext_sid,
733 sbsec, cred);
734 if (rc)
735 goto out;
736 }
737
738 sbsec->def_sid = defcontext_sid;
739 }
740
741 rc = sb_finish_set_opts(sb);
742out:
743 mutex_unlock(&sbsec->lock);
744 return rc;
745out_double_mount:
746 rc = -EINVAL;
747 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
748 "security settings for (dev %s, type %s)\n", sb->s_id, name);
749 goto out;
750}
751
752static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
753 struct super_block *newsb)
754{
755 const struct superblock_security_struct *oldsbsec = oldsb->s_security;
756 struct superblock_security_struct *newsbsec = newsb->s_security;
757
758 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
759 int set_context = (oldsbsec->flags & CONTEXT_MNT);
760 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
761
762
763
764
765
766 if (!ss_initialized)
767 return;
768
769
770 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
771
772
773 if (newsbsec->flags & SE_SBINITIALIZED)
774 return;
775
776 mutex_lock(&newsbsec->lock);
777
778 newsbsec->flags = oldsbsec->flags;
779
780 newsbsec->sid = oldsbsec->sid;
781 newsbsec->def_sid = oldsbsec->def_sid;
782 newsbsec->behavior = oldsbsec->behavior;
783
784 if (set_context) {
785 u32 sid = oldsbsec->mntpoint_sid;
786
787 if (!set_fscontext)
788 newsbsec->sid = sid;
789 if (!set_rootcontext) {
790 struct inode *newinode = newsb->s_root->d_inode;
791 struct inode_security_struct *newisec = newinode->i_security;
792 newisec->sid = sid;
793 }
794 newsbsec->mntpoint_sid = sid;
795 }
796 if (set_rootcontext) {
797 const struct inode *oldinode = oldsb->s_root->d_inode;
798 const struct inode_security_struct *oldisec = oldinode->i_security;
799 struct inode *newinode = newsb->s_root->d_inode;
800 struct inode_security_struct *newisec = newinode->i_security;
801
802 newisec->sid = oldisec->sid;
803 }
804
805 sb_finish_set_opts(newsb);
806 mutex_unlock(&newsbsec->lock);
807}
808
809static int selinux_parse_opts_str(char *options,
810 struct security_mnt_opts *opts)
811{
812 char *p;
813 char *context = NULL, *defcontext = NULL;
814 char *fscontext = NULL, *rootcontext = NULL;
815 int rc, num_mnt_opts = 0;
816
817 opts->num_mnt_opts = 0;
818
819
820 while ((p = strsep(&options, "|")) != NULL) {
821 int token;
822 substring_t args[MAX_OPT_ARGS];
823
824 if (!*p)
825 continue;
826
827 token = match_token(p, tokens, args);
828
829 switch (token) {
830 case Opt_context:
831 if (context || defcontext) {
832 rc = -EINVAL;
833 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
834 goto out_err;
835 }
836 context = match_strdup(&args[0]);
837 if (!context) {
838 rc = -ENOMEM;
839 goto out_err;
840 }
841 break;
842
843 case Opt_fscontext:
844 if (fscontext) {
845 rc = -EINVAL;
846 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
847 goto out_err;
848 }
849 fscontext = match_strdup(&args[0]);
850 if (!fscontext) {
851 rc = -ENOMEM;
852 goto out_err;
853 }
854 break;
855
856 case Opt_rootcontext:
857 if (rootcontext) {
858 rc = -EINVAL;
859 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
860 goto out_err;
861 }
862 rootcontext = match_strdup(&args[0]);
863 if (!rootcontext) {
864 rc = -ENOMEM;
865 goto out_err;
866 }
867 break;
868
869 case Opt_defcontext:
870 if (context || defcontext) {
871 rc = -EINVAL;
872 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
873 goto out_err;
874 }
875 defcontext = match_strdup(&args[0]);
876 if (!defcontext) {
877 rc = -ENOMEM;
878 goto out_err;
879 }
880 break;
881 case Opt_labelsupport:
882 break;
883 default:
884 rc = -EINVAL;
885 printk(KERN_WARNING "SELinux: unknown mount option\n");
886 goto out_err;
887
888 }
889 }
890
891 rc = -ENOMEM;
892 opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC);
893 if (!opts->mnt_opts)
894 goto out_err;
895
896 opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC);
897 if (!opts->mnt_opts_flags) {
898 kfree(opts->mnt_opts);
899 goto out_err;
900 }
901
902 if (fscontext) {
903 opts->mnt_opts[num_mnt_opts] = fscontext;
904 opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;
905 }
906 if (context) {
907 opts->mnt_opts[num_mnt_opts] = context;
908 opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;
909 }
910 if (rootcontext) {
911 opts->mnt_opts[num_mnt_opts] = rootcontext;
912 opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;
913 }
914 if (defcontext) {
915 opts->mnt_opts[num_mnt_opts] = defcontext;
916 opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;
917 }
918
919 opts->num_mnt_opts = num_mnt_opts;
920 return 0;
921
922out_err:
923 kfree(context);
924 kfree(defcontext);
925 kfree(fscontext);
926 kfree(rootcontext);
927 return rc;
928}
929
930
931
932static int superblock_doinit(struct super_block *sb, void *data)
933{
934 int rc = 0;
935 char *options = data;
936 struct security_mnt_opts opts;
937
938 security_init_mnt_opts(&opts);
939
940 if (!data)
941 goto out;
942
943 BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
944
945 rc = selinux_parse_opts_str(options, &opts);
946 if (rc)
947 goto out_err;
948
949out:
950 rc = selinux_set_mnt_opts(sb, &opts);
951
952out_err:
953 security_free_mnt_opts(&opts);
954 return rc;
955}
956
957static void selinux_write_opts(struct seq_file *m,
958 struct security_mnt_opts *opts)
959{
960 int i;
961 char *prefix;
962
963 for (i = 0; i < opts->num_mnt_opts; i++) {
964 char *has_comma;
965
966 if (opts->mnt_opts[i])
967 has_comma = strchr(opts->mnt_opts[i], ',');
968 else
969 has_comma = NULL;
970
971 switch (opts->mnt_opts_flags[i]) {
972 case CONTEXT_MNT:
973 prefix = CONTEXT_STR;
974 break;
975 case FSCONTEXT_MNT:
976 prefix = FSCONTEXT_STR;
977 break;
978 case ROOTCONTEXT_MNT:
979 prefix = ROOTCONTEXT_STR;
980 break;
981 case DEFCONTEXT_MNT:
982 prefix = DEFCONTEXT_STR;
983 break;
984 case SE_SBLABELSUPP:
985 seq_putc(m, ',');
986 seq_puts(m, LABELSUPP_STR);
987 continue;
988 default:
989 BUG();
990 return;
991 };
992
993 seq_putc(m, ',');
994 seq_puts(m, prefix);
995 if (has_comma)
996 seq_putc(m, '\"');
997 seq_puts(m, opts->mnt_opts[i]);
998 if (has_comma)
999 seq_putc(m, '\"');
1000 }
1001}
1002
1003static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
1004{
1005 struct security_mnt_opts opts;
1006 int rc;
1007
1008 rc = selinux_get_mnt_opts(sb, &opts);
1009 if (rc) {
1010
1011 if (rc == -EINVAL)
1012 rc = 0;
1013 return rc;
1014 }
1015
1016 selinux_write_opts(m, &opts);
1017
1018 security_free_mnt_opts(&opts);
1019
1020 return rc;
1021}
1022
1023static inline u16 inode_mode_to_security_class(umode_t mode)
1024{
1025 switch (mode & S_IFMT) {
1026 case S_IFSOCK:
1027 return SECCLASS_SOCK_FILE;
1028 case S_IFLNK:
1029 return SECCLASS_LNK_FILE;
1030 case S_IFREG:
1031 return SECCLASS_FILE;
1032 case S_IFBLK:
1033 return SECCLASS_BLK_FILE;
1034 case S_IFDIR:
1035 return SECCLASS_DIR;
1036 case S_IFCHR:
1037 return SECCLASS_CHR_FILE;
1038 case S_IFIFO:
1039 return SECCLASS_FIFO_FILE;
1040
1041 }
1042
1043 return SECCLASS_FILE;
1044}
1045
1046static inline int default_protocol_stream(int protocol)
1047{
1048 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
1049}
1050
1051static inline int default_protocol_dgram(int protocol)
1052{
1053 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
1054}
1055
1056static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1057{
1058 switch (family) {
1059 case PF_UNIX:
1060 switch (type) {
1061 case SOCK_STREAM:
1062 case SOCK_SEQPACKET:
1063 return SECCLASS_UNIX_STREAM_SOCKET;
1064 case SOCK_DGRAM:
1065 return SECCLASS_UNIX_DGRAM_SOCKET;
1066 }
1067 break;
1068 case PF_INET:
1069 case PF_INET6:
1070 switch (type) {
1071 case SOCK_STREAM:
1072 if (default_protocol_stream(protocol))
1073 return SECCLASS_TCP_SOCKET;
1074 else
1075 return SECCLASS_RAWIP_SOCKET;
1076 case SOCK_DGRAM:
1077 if (default_protocol_dgram(protocol))
1078 return SECCLASS_UDP_SOCKET;
1079 else
1080 return SECCLASS_RAWIP_SOCKET;
1081 case SOCK_DCCP:
1082 return SECCLASS_DCCP_SOCKET;
1083 default:
1084 return SECCLASS_RAWIP_SOCKET;
1085 }
1086 break;
1087 case PF_NETLINK:
1088 switch (protocol) {
1089 case NETLINK_ROUTE:
1090 return SECCLASS_NETLINK_ROUTE_SOCKET;
1091 case NETLINK_FIREWALL:
1092 return SECCLASS_NETLINK_FIREWALL_SOCKET;
1093 case NETLINK_INET_DIAG:
1094 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1095 case NETLINK_NFLOG:
1096 return SECCLASS_NETLINK_NFLOG_SOCKET;
1097 case NETLINK_XFRM:
1098 return SECCLASS_NETLINK_XFRM_SOCKET;
1099 case NETLINK_SELINUX:
1100 return SECCLASS_NETLINK_SELINUX_SOCKET;
1101 case NETLINK_AUDIT:
1102 return SECCLASS_NETLINK_AUDIT_SOCKET;
1103 case NETLINK_IP6_FW:
1104 return SECCLASS_NETLINK_IP6FW_SOCKET;
1105 case NETLINK_DNRTMSG:
1106 return SECCLASS_NETLINK_DNRT_SOCKET;
1107 case NETLINK_KOBJECT_UEVENT:
1108 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1109 default:
1110 return SECCLASS_NETLINK_SOCKET;
1111 }
1112 case PF_PACKET:
1113 return SECCLASS_PACKET_SOCKET;
1114 case PF_KEY:
1115 return SECCLASS_KEY_SOCKET;
1116 case PF_APPLETALK:
1117 return SECCLASS_APPLETALK_SOCKET;
1118 }
1119
1120 return SECCLASS_SOCKET;
1121}
1122
1123#ifdef CONFIG_PROC_FS
1124static int selinux_proc_get_sid(struct dentry *dentry,
1125 u16 tclass,
1126 u32 *sid)
1127{
1128 int rc;
1129 char *buffer, *path;
1130
1131 buffer = (char *)__get_free_page(GFP_KERNEL);
1132 if (!buffer)
1133 return -ENOMEM;
1134
1135 path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
1136 if (IS_ERR(path))
1137 rc = PTR_ERR(path);
1138 else {
1139
1140
1141
1142 while (path[1] >= '0' && path[1] <= '9') {
1143 path[1] = '/';
1144 path++;
1145 }
1146 rc = security_genfs_sid("proc", path, tclass, sid);
1147 }
1148 free_page((unsigned long)buffer);
1149 return rc;
1150}
1151#else
1152static int selinux_proc_get_sid(struct dentry *dentry,
1153 u16 tclass,
1154 u32 *sid)
1155{
1156 return -EINVAL;
1157}
1158#endif
1159
1160
1161static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1162{
1163 struct superblock_security_struct *sbsec = NULL;
1164 struct inode_security_struct *isec = inode->i_security;
1165 u32 sid;
1166 struct dentry *dentry;
1167#define INITCONTEXTLEN 255
1168 char *context = NULL;
1169 unsigned len = 0;
1170 int rc = 0;
1171
1172 if (isec->initialized)
1173 goto out;
1174
1175 mutex_lock(&isec->lock);
1176 if (isec->initialized)
1177 goto out_unlock;
1178
1179 sbsec = inode->i_sb->s_security;
1180 if (!(sbsec->flags & SE_SBINITIALIZED)) {
1181
1182
1183
1184 spin_lock(&sbsec->isec_lock);
1185 if (list_empty(&isec->list))
1186 list_add(&isec->list, &sbsec->isec_head);
1187 spin_unlock(&sbsec->isec_lock);
1188 goto out_unlock;
1189 }
1190
1191 switch (sbsec->behavior) {
1192 case SECURITY_FS_USE_XATTR:
1193 if (!inode->i_op->getxattr) {
1194 isec->sid = sbsec->def_sid;
1195 break;
1196 }
1197
1198
1199
1200 if (opt_dentry) {
1201
1202 dentry = dget(opt_dentry);
1203 } else {
1204
1205 dentry = d_find_alias(inode);
1206 }
1207 if (!dentry) {
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217 goto out_unlock;
1218 }
1219
1220 len = INITCONTEXTLEN;
1221 context = kmalloc(len+1, GFP_NOFS);
1222 if (!context) {
1223 rc = -ENOMEM;
1224 dput(dentry);
1225 goto out_unlock;
1226 }
1227 context[len] = '\0';
1228 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1229 context, len);
1230 if (rc == -ERANGE) {
1231 kfree(context);
1232
1233
1234 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1235 NULL, 0);
1236 if (rc < 0) {
1237 dput(dentry);
1238 goto out_unlock;
1239 }
1240 len = rc;
1241 context = kmalloc(len+1, GFP_NOFS);
1242 if (!context) {
1243 rc = -ENOMEM;
1244 dput(dentry);
1245 goto out_unlock;
1246 }
1247 context[len] = '\0';
1248 rc = inode->i_op->getxattr(dentry,
1249 XATTR_NAME_SELINUX,
1250 context, len);
1251 }
1252 dput(dentry);
1253 if (rc < 0) {
1254 if (rc != -ENODATA) {
1255 printk(KERN_WARNING "SELinux: %s: getxattr returned "
1256 "%d for dev=%s ino=%ld\n", __func__,
1257 -rc, inode->i_sb->s_id, inode->i_ino);
1258 kfree(context);
1259 goto out_unlock;
1260 }
1261
1262 sid = sbsec->def_sid;
1263 rc = 0;
1264 } else {
1265 rc = security_context_to_sid_default(context, rc, &sid,
1266 sbsec->def_sid,
1267 GFP_NOFS);
1268 if (rc) {
1269 char *dev = inode->i_sb->s_id;
1270 unsigned long ino = inode->i_ino;
1271
1272 if (rc == -EINVAL) {
1273 if (printk_ratelimit())
1274 printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
1275 "context=%s. This indicates you may need to relabel the inode or the "
1276 "filesystem in question.\n", ino, dev, context);
1277 } else {
1278 printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
1279 "returned %d for dev=%s ino=%ld\n",
1280 __func__, context, -rc, dev, ino);
1281 }
1282 kfree(context);
1283
1284 rc = 0;
1285 break;
1286 }
1287 }
1288 kfree(context);
1289 isec->sid = sid;
1290 break;
1291 case SECURITY_FS_USE_TASK:
1292 isec->sid = isec->task_sid;
1293 break;
1294 case SECURITY_FS_USE_TRANS:
1295
1296 isec->sid = sbsec->sid;
1297
1298
1299 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1300 rc = security_transition_sid(isec->task_sid, sbsec->sid,
1301 isec->sclass, NULL, &sid);
1302 if (rc)
1303 goto out_unlock;
1304 isec->sid = sid;
1305 break;
1306 case SECURITY_FS_USE_MNTPOINT:
1307 isec->sid = sbsec->mntpoint_sid;
1308 break;
1309 default:
1310
1311 isec->sid = sbsec->sid;
1312
1313 if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
1314 if (opt_dentry) {
1315 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1316 rc = selinux_proc_get_sid(opt_dentry,
1317 isec->sclass,
1318 &sid);
1319 if (rc)
1320 goto out_unlock;
1321 isec->sid = sid;
1322 }
1323 }
1324 break;
1325 }
1326
1327 isec->initialized = 1;
1328
1329out_unlock:
1330 mutex_unlock(&isec->lock);
1331out:
1332 if (isec->sclass == SECCLASS_FILE)
1333 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1334 return rc;
1335}
1336
1337
1338static inline u32 signal_to_av(int sig)
1339{
1340 u32 perm = 0;
1341
1342 switch (sig) {
1343 case SIGCHLD:
1344
1345 perm = PROCESS__SIGCHLD;
1346 break;
1347 case SIGKILL:
1348
1349 perm = PROCESS__SIGKILL;
1350 break;
1351 case SIGSTOP:
1352
1353 perm = PROCESS__SIGSTOP;
1354 break;
1355 default:
1356
1357 perm = PROCESS__SIGNAL;
1358 break;
1359 }
1360
1361 return perm;
1362}
1363
1364
1365
1366
1367
1368static int cred_has_perm(const struct cred *actor,
1369 const struct cred *target,
1370 u32 perms)
1371{
1372 u32 asid = cred_sid(actor), tsid = cred_sid(target);
1373
1374 return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL);
1375}
1376
1377
1378
1379
1380
1381
1382
1383static int task_has_perm(const struct task_struct *tsk1,
1384 const struct task_struct *tsk2,
1385 u32 perms)
1386{
1387 const struct task_security_struct *__tsec1, *__tsec2;
1388 u32 sid1, sid2;
1389
1390 rcu_read_lock();
1391 __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid;
1392 __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid;
1393 rcu_read_unlock();
1394 return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL);
1395}
1396
1397
1398
1399
1400
1401
1402
1403static int current_has_perm(const struct task_struct *tsk,
1404 u32 perms)
1405{
1406 u32 sid, tsid;
1407
1408 sid = current_sid();
1409 tsid = task_sid(tsk);
1410 return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL);
1411}
1412
1413#if CAP_LAST_CAP > 63
1414#error Fix SELinux to handle capabilities > 63.
1415#endif
1416
1417
1418static int task_has_capability(struct task_struct *tsk,
1419 const struct cred *cred,
1420 int cap, int audit)
1421{
1422 struct common_audit_data ad;
1423 struct av_decision avd;
1424 u16 sclass;
1425 u32 sid = cred_sid(cred);
1426 u32 av = CAP_TO_MASK(cap);
1427 int rc;
1428
1429 COMMON_AUDIT_DATA_INIT(&ad, CAP);
1430 ad.tsk = tsk;
1431 ad.u.cap = cap;
1432
1433 switch (CAP_TO_INDEX(cap)) {
1434 case 0:
1435 sclass = SECCLASS_CAPABILITY;
1436 break;
1437 case 1:
1438 sclass = SECCLASS_CAPABILITY2;
1439 break;
1440 default:
1441 printk(KERN_ERR
1442 "SELinux: out of range capability %d\n", cap);
1443 BUG();
1444 return -EINVAL;
1445 }
1446
1447 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
1448 if (audit == SECURITY_CAP_AUDIT) {
1449 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0);
1450 if (rc2)
1451 return rc2;
1452 }
1453 return rc;
1454}
1455
1456
1457static int task_has_system(struct task_struct *tsk,
1458 u32 perms)
1459{
1460 u32 sid = task_sid(tsk);
1461
1462 return avc_has_perm(sid, SECINITSID_KERNEL,
1463 SECCLASS_SYSTEM, perms, NULL);
1464}
1465
1466
1467
1468
1469static int inode_has_perm(const struct cred *cred,
1470 struct inode *inode,
1471 u32 perms,
1472 struct common_audit_data *adp,
1473 unsigned flags)
1474{
1475 struct inode_security_struct *isec;
1476 u32 sid;
1477
1478 validate_creds(cred);
1479
1480 if (unlikely(IS_PRIVATE(inode)))
1481 return 0;
1482
1483 sid = cred_sid(cred);
1484 isec = inode->i_security;
1485
1486 return avc_has_perm_flags(sid, isec->sid, isec->sclass, perms, adp, flags);
1487}
1488
1489static int inode_has_perm_noadp(const struct cred *cred,
1490 struct inode *inode,
1491 u32 perms,
1492 unsigned flags)
1493{
1494 struct common_audit_data ad;
1495
1496 COMMON_AUDIT_DATA_INIT(&ad, INODE);
1497 ad.u.inode = inode;
1498 return inode_has_perm(cred, inode, perms, &ad, flags);
1499}
1500
1501
1502
1503
1504static inline int dentry_has_perm(const struct cred *cred,
1505 struct dentry *dentry,
1506 u32 av)
1507{
1508 struct inode *inode = dentry->d_inode;
1509 struct common_audit_data ad;
1510
1511 COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
1512 ad.u.dentry = dentry;
1513 return inode_has_perm(cred, inode, av, &ad, 0);
1514}
1515
1516
1517
1518
1519static inline int path_has_perm(const struct cred *cred,
1520 struct path *path,
1521 u32 av)
1522{
1523 struct inode *inode = path->dentry->d_inode;
1524 struct common_audit_data ad;
1525
1526 COMMON_AUDIT_DATA_INIT(&ad, PATH);
1527 ad.u.path = *path;
1528 return inode_has_perm(cred, inode, av, &ad, 0);
1529}
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539static int file_has_perm(const struct cred *cred,
1540 struct file *file,
1541 u32 av)
1542{
1543 struct file_security_struct *fsec = file->f_security;
1544 struct inode *inode = file->f_path.dentry->d_inode;
1545 struct common_audit_data ad;
1546 u32 sid = cred_sid(cred);
1547 int rc;
1548
1549 COMMON_AUDIT_DATA_INIT(&ad, PATH);
1550 ad.u.path = file->f_path;
1551
1552 if (sid != fsec->sid) {
1553 rc = avc_has_perm(sid, fsec->sid,
1554 SECCLASS_FD,
1555 FD__USE,
1556 &ad);
1557 if (rc)
1558 goto out;
1559 }
1560
1561
1562 rc = 0;
1563 if (av)
1564 rc = inode_has_perm(cred, inode, av, &ad, 0);
1565
1566out:
1567 return rc;
1568}
1569
1570
1571static int may_create(struct inode *dir,
1572 struct dentry *dentry,
1573 u16 tclass)
1574{
1575 const struct task_security_struct *tsec = current_security();
1576 struct inode_security_struct *dsec;
1577 struct superblock_security_struct *sbsec;
1578 u32 sid, newsid;
1579 struct common_audit_data ad;
1580 int rc;
1581
1582 dsec = dir->i_security;
1583 sbsec = dir->i_sb->s_security;
1584
1585 sid = tsec->sid;
1586 newsid = tsec->create_sid;
1587
1588 COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
1589 ad.u.dentry = dentry;
1590
1591 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
1592 DIR__ADD_NAME | DIR__SEARCH,
1593 &ad);
1594 if (rc)
1595 return rc;
1596
1597 if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
1598 rc = security_transition_sid(sid, dsec->sid, tclass,
1599 &dentry->d_name, &newsid);
1600 if (rc)
1601 return rc;
1602 }
1603
1604 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);
1605 if (rc)
1606 return rc;
1607
1608 return avc_has_perm(newsid, sbsec->sid,
1609 SECCLASS_FILESYSTEM,
1610 FILESYSTEM__ASSOCIATE, &ad);
1611}
1612
1613
1614static int may_create_key(u32 ksid,
1615 struct task_struct *ctx)
1616{
1617 u32 sid = task_sid(ctx);
1618
1619 return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1620}
1621
1622#define MAY_LINK 0
1623#define MAY_UNLINK 1
1624#define MAY_RMDIR 2
1625
1626
1627static int may_link(struct inode *dir,
1628 struct dentry *dentry,
1629 int kind)
1630
1631{
1632 struct inode_security_struct *dsec, *isec;
1633 struct common_audit_data ad;
1634 u32 sid = current_sid();
1635 u32 av;
1636 int rc;
1637
1638 dsec = dir->i_security;
1639 isec = dentry->d_inode->i_security;
1640
1641 COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
1642 ad.u.dentry = dentry;
1643
1644 av = DIR__SEARCH;
1645 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1646 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);
1647 if (rc)
1648 return rc;
1649
1650 switch (kind) {
1651 case MAY_LINK:
1652 av = FILE__LINK;
1653 break;
1654 case MAY_UNLINK:
1655 av = FILE__UNLINK;
1656 break;
1657 case MAY_RMDIR:
1658 av = DIR__RMDIR;
1659 break;
1660 default:
1661 printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
1662 __func__, kind);
1663 return 0;
1664 }
1665
1666 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);
1667 return rc;
1668}
1669
1670static inline int may_rename(struct inode *old_dir,
1671 struct dentry *old_dentry,
1672 struct inode *new_dir,
1673 struct dentry *new_dentry)
1674{
1675 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1676 struct common_audit_data ad;
1677 u32 sid = current_sid();
1678 u32 av;
1679 int old_is_dir, new_is_dir;
1680 int rc;
1681
1682 old_dsec = old_dir->i_security;
1683 old_isec = old_dentry->d_inode->i_security;
1684 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
1685 new_dsec = new_dir->i_security;
1686
1687 COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
1688
1689 ad.u.dentry = old_dentry;
1690 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
1691 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1692 if (rc)
1693 return rc;
1694 rc = avc_has_perm(sid, old_isec->sid,
1695 old_isec->sclass, FILE__RENAME, &ad);
1696 if (rc)
1697 return rc;
1698 if (old_is_dir && new_dir != old_dir) {
1699 rc = avc_has_perm(sid, old_isec->sid,
1700 old_isec->sclass, DIR__REPARENT, &ad);
1701 if (rc)
1702 return rc;
1703 }
1704
1705 ad.u.dentry = new_dentry;
1706 av = DIR__ADD_NAME | DIR__SEARCH;
1707 if (new_dentry->d_inode)
1708 av |= DIR__REMOVE_NAME;
1709 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1710 if (rc)
1711 return rc;
1712 if (new_dentry->d_inode) {
1713 new_isec = new_dentry->d_inode->i_security;
1714 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
1715 rc = avc_has_perm(sid, new_isec->sid,
1716 new_isec->sclass,
1717 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1718 if (rc)
1719 return rc;
1720 }
1721
1722 return 0;
1723}
1724
1725
1726static int superblock_has_perm(const struct cred *cred,
1727 struct super_block *sb,
1728 u32 perms,
1729 struct common_audit_data *ad)
1730{
1731 struct superblock_security_struct *sbsec;
1732 u32 sid = cred_sid(cred);
1733
1734 sbsec = sb->s_security;
1735 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
1736}
1737
1738
1739static inline u32 file_mask_to_av(int mode, int mask)
1740{
1741 u32 av = 0;
1742
1743 if ((mode & S_IFMT) != S_IFDIR) {
1744 if (mask & MAY_EXEC)
1745 av |= FILE__EXECUTE;
1746 if (mask & MAY_READ)
1747 av |= FILE__READ;
1748
1749 if (mask & MAY_APPEND)
1750 av |= FILE__APPEND;
1751 else if (mask & MAY_WRITE)
1752 av |= FILE__WRITE;
1753
1754 } else {
1755 if (mask & MAY_EXEC)
1756 av |= DIR__SEARCH;
1757 if (mask & MAY_WRITE)
1758 av |= DIR__WRITE;
1759 if (mask & MAY_READ)
1760 av |= DIR__READ;
1761 }
1762
1763 return av;
1764}
1765
1766
1767static inline u32 file_to_av(struct file *file)
1768{
1769 u32 av = 0;
1770
1771 if (file->f_mode & FMODE_READ)
1772 av |= FILE__READ;
1773 if (file->f_mode & FMODE_WRITE) {
1774 if (file->f_flags & O_APPEND)
1775 av |= FILE__APPEND;
1776 else
1777 av |= FILE__WRITE;
1778 }
1779 if (!av) {
1780
1781
1782
1783 av = FILE__IOCTL;
1784 }
1785
1786 return av;
1787}
1788
1789
1790
1791
1792
1793static inline u32 open_file_to_av(struct file *file)
1794{
1795 u32 av = file_to_av(file);
1796
1797 if (selinux_policycap_openperm)
1798 av |= FILE__OPEN;
1799
1800 return av;
1801}
1802
1803
1804
1805static int selinux_ptrace_access_check(struct task_struct *child,
1806 unsigned int mode)
1807{
1808 int rc;
1809
1810 rc = cap_ptrace_access_check(child, mode);
1811 if (rc)
1812 return rc;
1813
1814 if (mode == PTRACE_MODE_READ) {
1815 u32 sid = current_sid();
1816 u32 csid = task_sid(child);
1817 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
1818 }
1819
1820 return current_has_perm(child, PROCESS__PTRACE);
1821}
1822
1823static int selinux_ptrace_traceme(struct task_struct *parent)
1824{
1825 int rc;
1826
1827 rc = cap_ptrace_traceme(parent);
1828 if (rc)
1829 return rc;
1830
1831 return task_has_perm(parent, current, PROCESS__PTRACE);
1832}
1833
1834static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
1835 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1836{
1837 int error;
1838
1839 error = current_has_perm(target, PROCESS__GETCAP);
1840 if (error)
1841 return error;
1842
1843 return cap_capget(target, effective, inheritable, permitted);
1844}
1845
1846static int selinux_capset(struct cred *new, const struct cred *old,
1847 const kernel_cap_t *effective,
1848 const kernel_cap_t *inheritable,
1849 const kernel_cap_t *permitted)
1850{
1851 int error;
1852
1853 error = cap_capset(new, old,
1854 effective, inheritable, permitted);
1855 if (error)
1856 return error;
1857
1858 return cred_has_perm(old, new, PROCESS__SETCAP);
1859}
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871static int selinux_capable(struct task_struct *tsk, const struct cred *cred,
1872 struct user_namespace *ns, int cap, int audit)
1873{
1874 int rc;
1875
1876 rc = cap_capable(tsk, cred, ns, cap, audit);
1877 if (rc)
1878 return rc;
1879
1880 return task_has_capability(tsk, cred, cap, audit);
1881}
1882
1883static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1884{
1885 const struct cred *cred = current_cred();
1886 int rc = 0;
1887
1888 if (!sb)
1889 return 0;
1890
1891 switch (cmds) {
1892 case Q_SYNC:
1893 case Q_QUOTAON:
1894 case Q_QUOTAOFF:
1895 case Q_SETINFO:
1896 case Q_SETQUOTA:
1897 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
1898 break;
1899 case Q_GETFMT:
1900 case Q_GETINFO:
1901 case Q_GETQUOTA:
1902 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
1903 break;
1904 default:
1905 rc = 0;
1906 break;
1907 }
1908 return rc;
1909}
1910
1911static int selinux_quota_on(struct dentry *dentry)
1912{
1913 const struct cred *cred = current_cred();
1914
1915 return dentry_has_perm(cred, dentry, FILE__QUOTAON);
1916}
1917
1918static int selinux_syslog(int type)
1919{
1920 int rc;
1921
1922 switch (type) {
1923 case SYSLOG_ACTION_READ_ALL:
1924 case SYSLOG_ACTION_SIZE_BUFFER:
1925 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
1926 break;
1927 case SYSLOG_ACTION_CONSOLE_OFF:
1928 case SYSLOG_ACTION_CONSOLE_ON:
1929
1930 case SYSLOG_ACTION_CONSOLE_LEVEL:
1931 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
1932 break;
1933 case SYSLOG_ACTION_CLOSE:
1934 case SYSLOG_ACTION_OPEN:
1935 case SYSLOG_ACTION_READ:
1936 case SYSLOG_ACTION_READ_CLEAR:
1937 case SYSLOG_ACTION_CLEAR:
1938 default:
1939 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
1940 break;
1941 }
1942 return rc;
1943}
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
1954{
1955 int rc, cap_sys_admin = 0;
1956
1957 rc = selinux_capable(current, current_cred(),
1958 &init_user_ns, CAP_SYS_ADMIN,
1959 SECURITY_CAP_NOAUDIT);
1960 if (rc == 0)
1961 cap_sys_admin = 1;
1962
1963 return __vm_enough_memory(mm, pages, cap_sys_admin);
1964}
1965
1966
1967
1968static int selinux_bprm_set_creds(struct linux_binprm *bprm)
1969{
1970 const struct task_security_struct *old_tsec;
1971 struct task_security_struct *new_tsec;
1972 struct inode_security_struct *isec;
1973 struct common_audit_data ad;
1974 struct inode *inode = bprm->file->f_path.dentry->d_inode;
1975 int rc;
1976
1977 rc = cap_bprm_set_creds(bprm);
1978 if (rc)
1979 return rc;
1980
1981
1982
1983 if (bprm->cred_prepared)
1984 return 0;
1985
1986 old_tsec = current_security();
1987 new_tsec = bprm->cred->security;
1988 isec = inode->i_security;
1989
1990
1991 new_tsec->sid = old_tsec->sid;
1992 new_tsec->osid = old_tsec->sid;
1993
1994
1995 new_tsec->create_sid = 0;
1996 new_tsec->keycreate_sid = 0;
1997 new_tsec->sockcreate_sid = 0;
1998
1999 if (old_tsec->exec_sid) {
2000 new_tsec->sid = old_tsec->exec_sid;
2001
2002 new_tsec->exec_sid = 0;
2003 } else {
2004
2005 rc = security_transition_sid(old_tsec->sid, isec->sid,
2006 SECCLASS_PROCESS, NULL,
2007 &new_tsec->sid);
2008 if (rc)
2009 return rc;
2010 }
2011
2012 COMMON_AUDIT_DATA_INIT(&ad, PATH);
2013 ad.u.path = bprm->file->f_path;
2014
2015 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
2016 new_tsec->sid = old_tsec->sid;
2017
2018 if (new_tsec->sid == old_tsec->sid) {
2019 rc = avc_has_perm(old_tsec->sid, isec->sid,
2020 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2021 if (rc)
2022 return rc;
2023 } else {
2024
2025 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2026 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2027 if (rc)
2028 return rc;
2029
2030 rc = avc_has_perm(new_tsec->sid, isec->sid,
2031 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2032 if (rc)
2033 return rc;
2034
2035
2036 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2037 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2038 SECCLASS_PROCESS, PROCESS__SHARE,
2039 NULL);
2040 if (rc)
2041 return -EPERM;
2042 }
2043
2044
2045
2046 if (bprm->unsafe &
2047 (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
2048 struct task_struct *tracer;
2049 struct task_security_struct *sec;
2050 u32 ptsid = 0;
2051
2052 rcu_read_lock();
2053 tracer = ptrace_parent(current);
2054 if (likely(tracer != NULL)) {
2055 sec = __task_cred(tracer)->security;
2056 ptsid = sec->sid;
2057 }
2058 rcu_read_unlock();
2059
2060 if (ptsid != 0) {
2061 rc = avc_has_perm(ptsid, new_tsec->sid,
2062 SECCLASS_PROCESS,
2063 PROCESS__PTRACE, NULL);
2064 if (rc)
2065 return -EPERM;
2066 }
2067 }
2068
2069
2070 bprm->per_clear |= PER_CLEAR_ON_SETID;
2071 }
2072
2073 return 0;
2074}
2075
2076static int selinux_bprm_secureexec(struct linux_binprm *bprm)
2077{
2078 const struct task_security_struct *tsec = current_security();
2079 u32 sid, osid;
2080 int atsecure = 0;
2081
2082 sid = tsec->sid;
2083 osid = tsec->osid;
2084
2085 if (osid != sid) {
2086
2087
2088
2089 atsecure = avc_has_perm(osid, sid,
2090 SECCLASS_PROCESS,
2091 PROCESS__NOATSECURE, NULL);
2092 }
2093
2094 return (atsecure || cap_bprm_secureexec(bprm));
2095}
2096
2097
2098static inline void flush_unauthorized_files(const struct cred *cred,
2099 struct files_struct *files)
2100{
2101 struct common_audit_data ad;
2102 struct file *file, *devnull = NULL;
2103 struct tty_struct *tty;
2104 struct fdtable *fdt;
2105 long j = -1;
2106 int drop_tty = 0;
2107
2108 tty = get_current_tty();
2109 if (tty) {
2110 spin_lock(&tty_files_lock);
2111 if (!list_empty(&tty->tty_files)) {
2112 struct tty_file_private *file_priv;
2113 struct inode *inode;
2114
2115
2116
2117
2118
2119
2120 file_priv = list_first_entry(&tty->tty_files,
2121 struct tty_file_private, list);
2122 file = file_priv->file;
2123 inode = file->f_path.dentry->d_inode;
2124 if (inode_has_perm_noadp(cred, inode,
2125 FILE__READ | FILE__WRITE, 0)) {
2126 drop_tty = 1;
2127 }
2128 }
2129 spin_unlock(&tty_files_lock);
2130 tty_kref_put(tty);
2131 }
2132
2133 if (drop_tty)
2134 no_tty();
2135
2136
2137
2138 COMMON_AUDIT_DATA_INIT(&ad, INODE);
2139
2140 spin_lock(&files->file_lock);
2141 for (;;) {
2142 unsigned long set, i;
2143 int fd;
2144
2145 j++;
2146 i = j * __NFDBITS;
2147 fdt = files_fdtable(files);
2148 if (i >= fdt->max_fds)
2149 break;
2150 set = fdt->open_fds->fds_bits[j];
2151 if (!set)
2152 continue;
2153 spin_unlock(&files->file_lock);
2154 for ( ; set ; i++, set >>= 1) {
2155 if (set & 1) {
2156 file = fget(i);
2157 if (!file)
2158 continue;
2159 if (file_has_perm(cred,
2160 file,
2161 file_to_av(file))) {
2162 sys_close(i);
2163 fd = get_unused_fd();
2164 if (fd != i) {
2165 if (fd >= 0)
2166 put_unused_fd(fd);
2167 fput(file);
2168 continue;
2169 }
2170 if (devnull) {
2171 get_file(devnull);
2172 } else {
2173 devnull = dentry_open(
2174 dget(selinux_null),
2175 mntget(selinuxfs_mount),
2176 O_RDWR, cred);
2177 if (IS_ERR(devnull)) {
2178 devnull = NULL;
2179 put_unused_fd(fd);
2180 fput(file);
2181 continue;
2182 }
2183 }
2184 fd_install(fd, devnull);
2185 }
2186 fput(file);
2187 }
2188 }
2189 spin_lock(&files->file_lock);
2190
2191 }
2192 spin_unlock(&files->file_lock);
2193}
2194
2195
2196
2197
2198static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2199{
2200 struct task_security_struct *new_tsec;
2201 struct rlimit *rlim, *initrlim;
2202 int rc, i;
2203
2204 new_tsec = bprm->cred->security;
2205 if (new_tsec->sid == new_tsec->osid)
2206 return;
2207
2208
2209 flush_unauthorized_files(bprm->cred, current->files);
2210
2211
2212 current->pdeath_signal = 0;
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2225 PROCESS__RLIMITINH, NULL);
2226 if (rc) {
2227
2228 task_lock(current);
2229 for (i = 0; i < RLIM_NLIMITS; i++) {
2230 rlim = current->signal->rlim + i;
2231 initrlim = init_task.signal->rlim + i;
2232 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2233 }
2234 task_unlock(current);
2235 update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
2236 }
2237}
2238
2239
2240
2241
2242
2243static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2244{
2245 const struct task_security_struct *tsec = current_security();
2246 struct itimerval itimer;
2247 u32 osid, sid;
2248 int rc, i;
2249
2250 osid = tsec->osid;
2251 sid = tsec->sid;
2252
2253 if (sid == osid)
2254 return;
2255
2256
2257
2258
2259
2260
2261
2262
2263 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2264 if (rc) {
2265 memset(&itimer, 0, sizeof itimer);
2266 for (i = 0; i < 3; i++)
2267 do_setitimer(i, &itimer, NULL);
2268 spin_lock_irq(¤t->sighand->siglock);
2269 if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) {
2270 __flush_signals(current);
2271 flush_signal_handlers(current, 1);
2272 sigemptyset(¤t->blocked);
2273 }
2274 spin_unlock_irq(¤t->sighand->siglock);
2275 }
2276
2277
2278
2279 read_lock(&tasklist_lock);
2280 __wake_up_parent(current, current->real_parent);
2281 read_unlock(&tasklist_lock);
2282}
2283
2284
2285
2286static int selinux_sb_alloc_security(struct super_block *sb)
2287{
2288 return superblock_alloc_security(sb);
2289}
2290
2291static void selinux_sb_free_security(struct super_block *sb)
2292{
2293 superblock_free_security(sb);
2294}
2295
2296static inline int match_prefix(char *prefix, int plen, char *option, int olen)
2297{
2298 if (plen > olen)
2299 return 0;
2300
2301 return !memcmp(prefix, option, plen);
2302}
2303
2304static inline int selinux_option(char *option, int len)
2305{
2306 return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) ||
2307 match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) ||
2308 match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) ||
2309 match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) ||
2310 match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len));
2311}
2312
2313static inline void take_option(char **to, char *from, int *first, int len)
2314{
2315 if (!*first) {
2316 **to = ',';
2317 *to += 1;
2318 } else
2319 *first = 0;
2320 memcpy(*to, from, len);
2321 *to += len;
2322}
2323
2324static inline void take_selinux_option(char **to, char *from, int *first,
2325 int len)
2326{
2327 int current_size = 0;
2328
2329 if (!*first) {
2330 **to = '|';
2331 *to += 1;
2332 } else
2333 *first = 0;
2334
2335 while (current_size < len) {
2336 if (*from != '"') {
2337 **to = *from;
2338 *to += 1;
2339 }
2340 from += 1;
2341 current_size += 1;
2342 }
2343}
2344
2345static int selinux_sb_copy_data(char *orig, char *copy)
2346{
2347 int fnosec, fsec, rc = 0;
2348 char *in_save, *in_curr, *in_end;
2349 char *sec_curr, *nosec_save, *nosec;
2350 int open_quote = 0;
2351
2352 in_curr = orig;
2353 sec_curr = copy;
2354
2355 nosec = (char *)get_zeroed_page(GFP_KERNEL);
2356 if (!nosec) {
2357 rc = -ENOMEM;
2358 goto out;
2359 }
2360
2361 nosec_save = nosec;
2362 fnosec = fsec = 1;
2363 in_save = in_end = orig;
2364
2365 do {
2366 if (*in_end == '"')
2367 open_quote = !open_quote;
2368 if ((*in_end == ',' && open_quote == 0) ||
2369 *in_end == '\0') {
2370 int len = in_end - in_curr;
2371
2372 if (selinux_option(in_curr, len))
2373 take_selinux_option(&sec_curr, in_curr, &fsec, len);
2374 else
2375 take_option(&nosec, in_curr, &fnosec, len);
2376
2377 in_curr = in_end + 1;
2378 }
2379 } while (*in_end++);
2380
2381 strcpy(in_save, nosec_save);
2382 free_page((unsigned long)nosec_save);
2383out:
2384 return rc;
2385}
2386
2387static int selinux_sb_remount(struct super_block *sb, void *data)
2388{
2389 int rc, i, *flags;
2390 struct security_mnt_opts opts;
2391 char *secdata, **mount_options;
2392 struct superblock_security_struct *sbsec = sb->s_security;
2393
2394 if (!(sbsec->flags & SE_SBINITIALIZED))
2395 return 0;
2396
2397 if (!data)
2398 return 0;
2399
2400 if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
2401 return 0;
2402
2403 security_init_mnt_opts(&opts);
2404 secdata = alloc_secdata();
2405 if (!secdata)
2406 return -ENOMEM;
2407 rc = selinux_sb_copy_data(data, secdata);
2408 if (rc)
2409 goto out_free_secdata;
2410
2411 rc = selinux_parse_opts_str(secdata, &opts);
2412 if (rc)
2413 goto out_free_secdata;
2414
2415 mount_options = opts.mnt_opts;
2416 flags = opts.mnt_opts_flags;
2417
2418 for (i = 0; i < opts.num_mnt_opts; i++) {
2419 u32 sid;
2420 size_t len;
2421
2422 if (flags[i] == SE_SBLABELSUPP)
2423 continue;
2424 len = strlen(mount_options[i]);
2425 rc = security_context_to_sid(mount_options[i], len, &sid);
2426 if (rc) {
2427 printk(KERN_WARNING "SELinux: security_context_to_sid"
2428 "(%s) failed for (dev %s, type %s) errno=%d\n",
2429 mount_options[i], sb->s_id, sb->s_type->name, rc);
2430 goto out_free_opts;
2431 }
2432 rc = -EINVAL;
2433 switch (flags[i]) {
2434 case FSCONTEXT_MNT:
2435 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
2436 goto out_bad_option;
2437 break;
2438 case CONTEXT_MNT:
2439 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
2440 goto out_bad_option;
2441 break;
2442 case ROOTCONTEXT_MNT: {
2443 struct inode_security_struct *root_isec;
2444 root_isec = sb->s_root->d_inode->i_security;
2445
2446 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
2447 goto out_bad_option;
2448 break;
2449 }
2450 case DEFCONTEXT_MNT:
2451 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
2452 goto out_bad_option;
2453 break;
2454 default:
2455 goto out_free_opts;
2456 }
2457 }
2458
2459 rc = 0;
2460out_free_opts:
2461 security_free_mnt_opts(&opts);
2462out_free_secdata:
2463 free_secdata(secdata);
2464 return rc;
2465out_bad_option:
2466 printk(KERN_WARNING "SELinux: unable to change security options "
2467 "during remount (dev %s, type=%s)\n", sb->s_id,
2468 sb->s_type->name);
2469 goto out_free_opts;
2470}
2471
2472static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2473{
2474 const struct cred *cred = current_cred();
2475 struct common_audit_data ad;
2476 int rc;
2477
2478 rc = superblock_doinit(sb, data);
2479 if (rc)
2480 return rc;
2481
2482
2483 if (flags & MS_KERNMOUNT)
2484 return 0;
2485
2486 COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
2487 ad.u.dentry = sb->s_root;
2488 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2489}
2490
2491static int selinux_sb_statfs(struct dentry *dentry)
2492{
2493 const struct cred *cred = current_cred();
2494 struct common_audit_data ad;
2495
2496 COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
2497 ad.u.dentry = dentry->d_sb->s_root;
2498 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2499}
2500
2501static int selinux_mount(char *dev_name,
2502 struct path *path,
2503 char *type,
2504 unsigned long flags,
2505 void *data)
2506{
2507 const struct cred *cred = current_cred();
2508
2509 if (flags & MS_REMOUNT)
2510 return superblock_has_perm(cred, path->mnt->mnt_sb,
2511 FILESYSTEM__REMOUNT, NULL);
2512 else
2513 return path_has_perm(cred, path, FILE__MOUNTON);
2514}
2515
2516static int selinux_umount(struct vfsmount *mnt, int flags)
2517{
2518 const struct cred *cred = current_cred();
2519
2520 return superblock_has_perm(cred, mnt->mnt_sb,
2521 FILESYSTEM__UNMOUNT, NULL);
2522}
2523
2524
2525
2526static int selinux_inode_alloc_security(struct inode *inode)
2527{
2528 return inode_alloc_security(inode);
2529}
2530
2531static void selinux_inode_free_security(struct inode *inode)
2532{
2533 inode_free_security(inode);
2534}
2535
2536static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2537 const struct qstr *qstr, char **name,
2538 void **value, size_t *len)
2539{
2540 const struct task_security_struct *tsec = current_security();
2541 struct inode_security_struct *dsec;
2542 struct superblock_security_struct *sbsec;
2543 u32 sid, newsid, clen;
2544 int rc;
2545 char *namep = NULL, *context;
2546
2547 dsec = dir->i_security;
2548 sbsec = dir->i_sb->s_security;
2549
2550 sid = tsec->sid;
2551 newsid = tsec->create_sid;
2552
2553 if ((sbsec->flags & SE_SBINITIALIZED) &&
2554 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT))
2555 newsid = sbsec->mntpoint_sid;
2556 else if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
2557 rc = security_transition_sid(sid, dsec->sid,
2558 inode_mode_to_security_class(inode->i_mode),
2559 qstr, &newsid);
2560 if (rc) {
2561 printk(KERN_WARNING "%s: "
2562 "security_transition_sid failed, rc=%d (dev=%s "
2563 "ino=%ld)\n",
2564 __func__,
2565 -rc, inode->i_sb->s_id, inode->i_ino);
2566 return rc;
2567 }
2568 }
2569
2570
2571 if (sbsec->flags & SE_SBINITIALIZED) {
2572 struct inode_security_struct *isec = inode->i_security;
2573 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2574 isec->sid = newsid;
2575 isec->initialized = 1;
2576 }
2577
2578 if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP))
2579 return -EOPNOTSUPP;
2580
2581 if (name) {
2582 namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS);
2583 if (!namep)
2584 return -ENOMEM;
2585 *name = namep;
2586 }
2587
2588 if (value && len) {
2589 rc = security_sid_to_context_force(newsid, &context, &clen);
2590 if (rc) {
2591 kfree(namep);
2592 return rc;
2593 }
2594 *value = context;
2595 *len = clen;
2596 }
2597
2598 return 0;
2599}
2600
2601static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask)
2602{
2603 return may_create(dir, dentry, SECCLASS_FILE);
2604}
2605
2606static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2607{
2608 return may_link(dir, old_dentry, MAY_LINK);
2609}
2610
2611static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2612{
2613 return may_link(dir, dentry, MAY_UNLINK);
2614}
2615
2616static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2617{
2618 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2619}
2620
2621static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask)
2622{
2623 return may_create(dir, dentry, SECCLASS_DIR);
2624}
2625
2626static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2627{
2628 return may_link(dir, dentry, MAY_RMDIR);
2629}
2630
2631static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
2632{
2633 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2634}
2635
2636static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2637 struct inode *new_inode, struct dentry *new_dentry)
2638{
2639 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2640}
2641
2642static int selinux_inode_readlink(struct dentry *dentry)
2643{
2644 const struct cred *cred = current_cred();
2645
2646 return dentry_has_perm(cred, dentry, FILE__READ);
2647}
2648
2649static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
2650{
2651 const struct cred *cred = current_cred();
2652
2653 return dentry_has_perm(cred, dentry, FILE__READ);
2654}
2655
2656static int selinux_inode_permission(struct inode *inode, int mask)
2657{
2658 const struct cred *cred = current_cred();
2659 struct common_audit_data ad;
2660 u32 perms;
2661 bool from_access;
2662 unsigned flags = mask & MAY_NOT_BLOCK;
2663
2664 from_access = mask & MAY_ACCESS;
2665 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
2666
2667
2668 if (!mask)
2669 return 0;
2670
2671 COMMON_AUDIT_DATA_INIT(&ad, INODE);
2672 ad.u.inode = inode;
2673
2674 if (from_access)
2675 ad.selinux_audit_data.auditdeny |= FILE__AUDIT_ACCESS;
2676
2677 perms = file_mask_to_av(inode->i_mode, mask);
2678
2679 return inode_has_perm(cred, inode, perms, &ad, flags);
2680}
2681
2682static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2683{
2684 const struct cred *cred = current_cred();
2685 unsigned int ia_valid = iattr->ia_valid;
2686
2687
2688 if (ia_valid & ATTR_FORCE) {
2689 ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE |
2690 ATTR_FORCE);
2691 if (!ia_valid)
2692 return 0;
2693 }
2694
2695 if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
2696 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
2697 return dentry_has_perm(cred, dentry, FILE__SETATTR);
2698
2699 return dentry_has_perm(cred, dentry, FILE__WRITE);
2700}
2701
2702static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
2703{
2704 const struct cred *cred = current_cred();
2705 struct path path;
2706
2707 path.dentry = dentry;
2708 path.mnt = mnt;
2709
2710 return path_has_perm(cred, &path, FILE__GETATTR);
2711}
2712
2713static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
2714{
2715 const struct cred *cred = current_cred();
2716
2717 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2718 sizeof XATTR_SECURITY_PREFIX - 1)) {
2719 if (!strcmp(name, XATTR_NAME_CAPS)) {
2720 if (!capable(CAP_SETFCAP))
2721 return -EPERM;
2722 } else if (!capable(CAP_SYS_ADMIN)) {
2723
2724
2725 return -EPERM;
2726 }
2727 }
2728
2729
2730
2731 return dentry_has_perm(cred, dentry, FILE__SETATTR);
2732}
2733
2734static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2735 const void *value, size_t size, int flags)
2736{
2737 struct inode *inode = dentry->d_inode;
2738 struct inode_security_struct *isec = inode->i_security;
2739 struct superblock_security_struct *sbsec;
2740 struct common_audit_data ad;
2741 u32 newsid, sid = current_sid();
2742 int rc = 0;
2743
2744 if (strcmp(name, XATTR_NAME_SELINUX))
2745 return selinux_inode_setotherxattr(dentry, name);
2746
2747 sbsec = inode->i_sb->s_security;
2748 if (!(sbsec->flags & SE_SBLABELSUPP))
2749 return -EOPNOTSUPP;
2750
2751 if (!inode_owner_or_capable(inode))
2752 return -EPERM;
2753
2754 COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
2755 ad.u.dentry = dentry;
2756
2757 rc = avc_has_perm(sid, isec->sid, isec->sclass,
2758 FILE__RELABELFROM, &ad);
2759 if (rc)
2760 return rc;
2761
2762 rc = security_context_to_sid(value, size, &newsid);
2763 if (rc == -EINVAL) {
2764 if (!capable(CAP_MAC_ADMIN))
2765 return rc;
2766 rc = security_context_to_sid_force(value, size, &newsid);
2767 }
2768 if (rc)
2769 return rc;
2770
2771 rc = avc_has_perm(sid, newsid, isec->sclass,
2772 FILE__RELABELTO, &ad);
2773 if (rc)
2774 return rc;
2775
2776 rc = security_validate_transition(isec->sid, newsid, sid,
2777 isec->sclass);
2778 if (rc)
2779 return rc;
2780
2781 return avc_has_perm(newsid,
2782 sbsec->sid,
2783 SECCLASS_FILESYSTEM,
2784 FILESYSTEM__ASSOCIATE,
2785 &ad);
2786}
2787
2788static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
2789 const void *value, size_t size,
2790 int flags)
2791{
2792 struct inode *inode = dentry->d_inode;
2793 struct inode_security_struct *isec = inode->i_security;
2794 u32 newsid;
2795 int rc;
2796
2797 if (strcmp(name, XATTR_NAME_SELINUX)) {
2798
2799 return;
2800 }
2801
2802 rc = security_context_to_sid_force(value, size, &newsid);
2803 if (rc) {
2804 printk(KERN_ERR "SELinux: unable to map context to SID"
2805 "for (%s, %lu), rc=%d\n",
2806 inode->i_sb->s_id, inode->i_ino, -rc);
2807 return;
2808 }
2809
2810 isec->sid = newsid;
2811 return;
2812}
2813
2814static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
2815{
2816 const struct cred *cred = current_cred();
2817
2818 return dentry_has_perm(cred, dentry, FILE__GETATTR);
2819}
2820
2821static int selinux_inode_listxattr(struct dentry *dentry)
2822{
2823 const struct cred *cred = current_cred();
2824
2825 return dentry_has_perm(cred, dentry, FILE__GETATTR);
2826}
2827
2828static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
2829{
2830 if (strcmp(name, XATTR_NAME_SELINUX))
2831 return selinux_inode_setotherxattr(dentry, name);
2832
2833
2834
2835 return -EACCES;
2836}
2837
2838
2839
2840
2841
2842
2843static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
2844{
2845 u32 size;
2846 int error;
2847 char *context = NULL;
2848 struct inode_security_struct *isec = inode->i_security;
2849
2850 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2851 return -EOPNOTSUPP;
2852
2853
2854
2855
2856
2857
2858
2859
2860
2861
2862 error = selinux_capable(current, current_cred(),
2863 &init_user_ns, CAP_MAC_ADMIN,
2864 SECURITY_CAP_NOAUDIT);
2865 if (!error)
2866 error = security_sid_to_context_force(isec->sid, &context,
2867 &size);
2868 else
2869 error = security_sid_to_context(isec->sid, &context, &size);
2870 if (error)
2871 return error;
2872 error = size;
2873 if (alloc) {
2874 *buffer = context;
2875 goto out_nofree;
2876 }
2877 kfree(context);
2878out_nofree:
2879 return error;
2880}
2881
2882static int selinux_inode_setsecurity(struct inode *inode, const char *name,
2883 const void *value, size_t size, int flags)
2884{
2885 struct inode_security_struct *isec = inode->i_security;
2886 u32 newsid;
2887 int rc;
2888
2889 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2890 return -EOPNOTSUPP;
2891
2892 if (!value || !size)
2893 return -EACCES;
2894
2895 rc = security_context_to_sid((void *)value, size, &newsid);
2896 if (rc)
2897 return rc;
2898
2899 isec->sid = newsid;
2900 isec->initialized = 1;
2901 return 0;
2902}
2903
2904static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
2905{
2906 const int len = sizeof(XATTR_NAME_SELINUX);
2907 if (buffer && len <= buffer_size)
2908 memcpy(buffer, XATTR_NAME_SELINUX, len);
2909 return len;
2910}
2911
2912static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
2913{
2914 struct inode_security_struct *isec = inode->i_security;
2915 *secid = isec->sid;
2916}
2917
2918
2919
2920static int selinux_revalidate_file_permission(struct file *file, int mask)
2921{
2922 const struct cred *cred = current_cred();
2923 struct inode *inode = file->f_path.dentry->d_inode;
2924
2925
2926 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
2927 mask |= MAY_APPEND;
2928
2929 return file_has_perm(cred, file,
2930 file_mask_to_av(inode->i_mode, mask));
2931}
2932
2933static int selinux_file_permission(struct file *file, int mask)
2934{
2935 struct inode *inode = file->f_path.dentry->d_inode;
2936 struct file_security_struct *fsec = file->f_security;
2937 struct inode_security_struct *isec = inode->i_security;
2938 u32 sid = current_sid();
2939
2940 if (!mask)
2941
2942 return 0;
2943
2944 if (sid == fsec->sid && fsec->isid == isec->sid &&
2945 fsec->pseqno == avc_policy_seqno())
2946
2947 return 0;
2948
2949 return selinux_revalidate_file_permission(file, mask);
2950}
2951
2952static int selinux_file_alloc_security(struct file *file)
2953{
2954 return file_alloc_security(file);
2955}
2956
2957static void selinux_file_free_security(struct file *file)
2958{
2959 file_free_security(file);
2960}
2961
2962static int selinux_file_ioctl(struct file *file, unsigned int cmd,
2963 unsigned long arg)
2964{
2965 const struct cred *cred = current_cred();
2966 int error = 0;
2967
2968 switch (cmd) {
2969 case FIONREAD:
2970
2971 case FIBMAP:
2972
2973 case FIGETBSZ:
2974
2975 case EXT2_IOC_GETFLAGS:
2976
2977 case EXT2_IOC_GETVERSION:
2978 error = file_has_perm(cred, file, FILE__GETATTR);
2979 break;
2980
2981 case EXT2_IOC_SETFLAGS:
2982
2983 case EXT2_IOC_SETVERSION:
2984 error = file_has_perm(cred, file, FILE__SETATTR);
2985 break;
2986
2987
2988 case FIONBIO:
2989
2990 case FIOASYNC:
2991 error = file_has_perm(cred, file, 0);
2992 break;
2993
2994 case KDSKBENT:
2995 case KDSKBSENT:
2996 error = task_has_capability(current, cred, CAP_SYS_TTY_CONFIG,
2997 SECURITY_CAP_AUDIT);
2998 break;
2999
3000
3001
3002
3003 default:
3004 error = file_has_perm(cred, file, FILE__IOCTL);
3005 }
3006 return error;
3007}
3008
3009static int default_noexec;
3010
3011static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
3012{
3013 const struct cred *cred = current_cred();
3014 int rc = 0;
3015
3016 if (default_noexec &&
3017 (prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
3018
3019
3020
3021
3022
3023 rc = cred_has_perm(cred, cred, PROCESS__EXECMEM);
3024 if (rc)
3025 goto error;
3026 }
3027
3028 if (file) {
3029
3030 u32 av = FILE__READ;
3031
3032
3033 if (shared && (prot & PROT_WRITE))
3034 av |= FILE__WRITE;
3035
3036 if (prot & PROT_EXEC)
3037 av |= FILE__EXECUTE;
3038
3039 return file_has_perm(cred, file, av);
3040 }
3041
3042error:
3043 return rc;
3044}
3045
3046static int selinux_file_mmap(struct file *file, unsigned long reqprot,
3047 unsigned long prot, unsigned long flags,
3048 unsigned long addr, unsigned long addr_only)
3049{
3050 int rc = 0;
3051 u32 sid = current_sid();
3052
3053
3054
3055
3056
3057
3058
3059 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
3060 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
3061 MEMPROTECT__MMAP_ZERO, NULL);
3062 if (rc)
3063 return rc;
3064 }
3065
3066
3067 rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
3068 if (rc || addr_only)
3069 return rc;
3070
3071 if (selinux_checkreqprot)
3072 prot = reqprot;
3073
3074 return file_map_prot_check(file, prot,
3075 (flags & MAP_TYPE) == MAP_SHARED);
3076}
3077
3078static int selinux_file_mprotect(struct vm_area_struct *vma,
3079 unsigned long reqprot,
3080 unsigned long prot)
3081{
3082 const struct cred *cred = current_cred();
3083
3084 if (selinux_checkreqprot)
3085 prot = reqprot;
3086
3087 if (default_noexec &&
3088 (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3089 int rc = 0;
3090 if (vma->vm_start >= vma->vm_mm->start_brk &&
3091 vma->vm_end <= vma->vm_mm->brk) {
3092 rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP);
3093 } else if (!vma->vm_file &&
3094 vma->vm_start <= vma->vm_mm->start_stack &&
3095 vma->vm_end >= vma->vm_mm->start_stack) {
3096 rc = current_has_perm(current, PROCESS__EXECSTACK);
3097 } else if (vma->vm_file && vma->anon_vma) {
3098
3099
3100
3101
3102
3103
3104
3105 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3106 }
3107 if (rc)
3108 return rc;
3109 }
3110
3111 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3112}
3113
3114static int selinux_file_lock(struct file *file, unsigned int cmd)
3115{
3116 const struct cred *cred = current_cred();
3117
3118 return file_has_perm(cred, file, FILE__LOCK);
3119}
3120
3121static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3122 unsigned long arg)
3123{
3124 const struct cred *cred = current_cred();
3125 int err = 0;
3126
3127 switch (cmd) {
3128 case F_SETFL:
3129 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3130 err = -EINVAL;
3131 break;
3132 }
3133
3134 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3135 err = file_has_perm(cred, file, FILE__WRITE);
3136 break;
3137 }
3138
3139 case F_SETOWN:
3140 case F_SETSIG:
3141 case F_GETFL:
3142 case F_GETOWN:
3143 case F_GETSIG:
3144
3145 err = file_has_perm(cred, file, 0);
3146 break;
3147 case F_GETLK:
3148 case F_SETLK:
3149 case F_SETLKW:
3150#if BITS_PER_LONG == 32
3151 case F_GETLK64:
3152 case F_SETLK64:
3153 case F_SETLKW64:
3154#endif
3155 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3156 err = -EINVAL;
3157 break;
3158 }
3159 err = file_has_perm(cred, file, FILE__LOCK);
3160 break;
3161 }
3162
3163 return err;
3164}
3165
3166static int selinux_file_set_fowner(struct file *file)
3167{
3168 struct file_security_struct *fsec;
3169
3170 fsec = file->f_security;
3171 fsec->fown_sid = current_sid();
3172
3173 return 0;
3174}
3175
3176static int selinux_file_send_sigiotask(struct task_struct *tsk,
3177 struct fown_struct *fown, int signum)
3178{
3179 struct file *file;
3180 u32 sid = task_sid(tsk);
3181 u32 perm;
3182 struct file_security_struct *fsec;
3183
3184
3185 file = container_of(fown, struct file, f_owner);
3186
3187 fsec = file->f_security;
3188
3189 if (!signum)
3190 perm = signal_to_av(SIGIO);
3191 else
3192 perm = signal_to_av(signum);
3193
3194 return avc_has_perm(fsec->fown_sid, sid,
3195 SECCLASS_PROCESS, perm, NULL);
3196}
3197
3198static int selinux_file_receive(struct file *file)
3199{
3200 const struct cred *cred = current_cred();
3201
3202 return file_has_perm(cred, file, file_to_av(file));
3203}
3204
3205static int selinux_dentry_open(struct file *file, const struct cred *cred)
3206{
3207 struct file_security_struct *fsec;
3208 struct inode *inode;
3209 struct inode_security_struct *isec;
3210
3211 inode = file->f_path.dentry->d_inode;
3212 fsec = file->f_security;
3213 isec = inode->i_security;
3214
3215
3216
3217
3218
3219
3220
3221 fsec->isid = isec->sid;
3222 fsec->pseqno = avc_policy_seqno();
3223
3224
3225
3226
3227
3228
3229
3230
3231 return inode_has_perm_noadp(cred, inode, open_file_to_av(file), 0);
3232}
3233
3234
3235
3236static int selinux_task_create(unsigned long clone_flags)
3237{
3238 return current_has_perm(current, PROCESS__FORK);
3239}
3240
3241
3242
3243
3244static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp)
3245{
3246 struct task_security_struct *tsec;
3247
3248 tsec = kzalloc(sizeof(struct task_security_struct), gfp);
3249 if (!tsec)
3250 return -ENOMEM;
3251
3252 cred->security = tsec;
3253 return 0;
3254}
3255
3256
3257
3258
3259static void selinux_cred_free(struct cred *cred)
3260{
3261 struct task_security_struct *tsec = cred->security;
3262
3263
3264
3265
3266
3267 BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE);
3268 cred->security = (void *) 0x7UL;
3269 kfree(tsec);
3270}
3271
3272
3273
3274
3275static int selinux_cred_prepare(struct cred *new, const struct cred *old,
3276 gfp_t gfp)
3277{
3278 const struct task_security_struct *old_tsec;
3279 struct task_security_struct *tsec;
3280
3281 old_tsec = old->security;
3282
3283 tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp);
3284 if (!tsec)
3285 return -ENOMEM;
3286
3287 new->security = tsec;
3288 return 0;
3289}
3290
3291
3292
3293
3294static void selinux_cred_transfer(struct cred *new, const struct cred *old)
3295{
3296 const struct task_security_struct *old_tsec = old->security;
3297 struct task_security_struct *tsec = new->security;
3298
3299 *tsec = *old_tsec;
3300}
3301
3302
3303
3304
3305
3306static int selinux_kernel_act_as(struct cred *new, u32 secid)
3307{
3308 struct task_security_struct *tsec = new->security;
3309 u32 sid = current_sid();
3310 int ret;
3311
3312 ret = avc_has_perm(sid, secid,
3313 SECCLASS_KERNEL_SERVICE,
3314 KERNEL_SERVICE__USE_AS_OVERRIDE,
3315 NULL);
3316 if (ret == 0) {
3317 tsec->sid = secid;
3318 tsec->create_sid = 0;
3319 tsec->keycreate_sid = 0;
3320 tsec->sockcreate_sid = 0;
3321 }
3322 return ret;
3323}
3324
3325
3326
3327
3328
3329static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3330{
3331 struct inode_security_struct *isec = inode->i_security;
3332 struct task_security_struct *tsec = new->security;
3333 u32 sid = current_sid();
3334 int ret;
3335
3336 ret = avc_has_perm(sid, isec->sid,
3337 SECCLASS_KERNEL_SERVICE,
3338 KERNEL_SERVICE__CREATE_FILES_AS,
3339 NULL);
3340
3341 if (ret == 0)
3342 tsec->create_sid = isec->sid;
3343 return ret;
3344}
3345
3346static int selinux_kernel_module_request(char *kmod_name)
3347{
3348 u32 sid;
3349 struct common_audit_data ad;
3350
3351 sid = task_sid(current);
3352
3353 COMMON_AUDIT_DATA_INIT(&ad, KMOD);
3354 ad.u.kmod_name = kmod_name;
3355
3356 return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM,
3357 SYSTEM__MODULE_REQUEST, &ad);
3358}
3359
3360static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
3361{
3362 return current_has_perm(p, PROCESS__SETPGID);
3363}
3364
3365static int selinux_task_getpgid(struct task_struct *p)
3366{
3367 return current_has_perm(p, PROCESS__GETPGID);
3368}
3369
3370static int selinux_task_getsid(struct task_struct *p)
3371{
3372 return current_has_perm(p, PROCESS__GETSESSION);
3373}
3374
3375static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
3376{
3377 *secid = task_sid(p);
3378}
3379
3380static int selinux_task_setnice(struct task_struct *p, int nice)
3381{
3382 int rc;
3383
3384 rc = cap_task_setnice(p, nice);
3385 if (rc)
3386 return rc;
3387
3388 return current_has_perm(p, PROCESS__SETSCHED);
3389}
3390
3391static int selinux_task_setioprio(struct task_struct *p, int ioprio)
3392{
3393 int rc;
3394
3395 rc = cap_task_setioprio(p, ioprio);
3396 if (rc)
3397 return rc;
3398
3399 return current_has_perm(p, PROCESS__SETSCHED);
3400}
3401
3402static int selinux_task_getioprio(struct task_struct *p)
3403{
3404 return current_has_perm(p, PROCESS__GETSCHED);
3405}
3406
3407static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
3408 struct rlimit *new_rlim)
3409{
3410 struct rlimit *old_rlim = p->signal->rlim + resource;
3411
3412
3413
3414
3415
3416 if (old_rlim->rlim_max != new_rlim->rlim_max)
3417 return current_has_perm(p, PROCESS__SETRLIMIT);
3418
3419 return 0;
3420}
3421
3422static int selinux_task_setscheduler(struct task_struct *p)
3423{
3424 int rc;
3425
3426 rc = cap_task_setscheduler(p);
3427 if (rc)
3428 return rc;
3429
3430 return current_has_perm(p, PROCESS__SETSCHED);
3431}
3432
3433static int selinux_task_getscheduler(struct task_struct *p)
3434{
3435 return current_has_perm(p, PROCESS__GETSCHED);
3436}
3437
3438static int selinux_task_movememory(struct task_struct *p)
3439{
3440 return current_has_perm(p, PROCESS__SETSCHED);
3441}
3442
3443static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
3444 int sig, u32 secid)
3445{
3446 u32 perm;
3447 int rc;
3448
3449 if (!sig)
3450 perm = PROCESS__SIGNULL;
3451 else
3452 perm = signal_to_av(sig);
3453 if (secid)
3454 rc = avc_has_perm(secid, task_sid(p),
3455 SECCLASS_PROCESS, perm, NULL);
3456 else
3457 rc = current_has_perm(p, perm);
3458 return rc;
3459}
3460
3461static int selinux_task_wait(struct task_struct *p)
3462{
3463 return task_has_perm(p, current, PROCESS__SIGCHLD);
3464}
3465
3466static void selinux_task_to_inode(struct task_struct *p,
3467 struct inode *inode)
3468{
3469 struct inode_security_struct *isec = inode->i_security;
3470 u32 sid = task_sid(p);
3471
3472 isec->sid = sid;
3473 isec->initialized = 1;
3474}
3475
3476
3477static int selinux_parse_skb_ipv4(struct sk_buff *skb,
3478 struct common_audit_data *ad, u8 *proto)
3479{
3480 int offset, ihlen, ret = -EINVAL;
3481 struct iphdr _iph, *ih;
3482
3483 offset = skb_network_offset(skb);
3484 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
3485 if (ih == NULL)
3486 goto out;
3487
3488 ihlen = ih->ihl * 4;
3489 if (ihlen < sizeof(_iph))
3490 goto out;
3491
3492 ad->u.net.v4info.saddr = ih->saddr;
3493 ad->u.net.v4info.daddr = ih->daddr;
3494 ret = 0;
3495
3496 if (proto)
3497 *proto = ih->protocol;
3498
3499 switch (ih->protocol) {
3500 case IPPROTO_TCP: {
3501 struct tcphdr _tcph, *th;
3502
3503 if (ntohs(ih->frag_off) & IP_OFFSET)
3504 break;
3505
3506 offset += ihlen;
3507 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3508 if (th == NULL)
3509 break;
3510
3511 ad->u.net.sport = th->source;
3512 ad->u.net.dport = th->dest;
3513 break;
3514 }
3515
3516 case IPPROTO_UDP: {
3517 struct udphdr _udph, *uh;
3518
3519 if (ntohs(ih->frag_off) & IP_OFFSET)
3520 break;
3521
3522 offset += ihlen;
3523 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3524 if (uh == NULL)
3525 break;
3526
3527 ad->u.net.sport = uh->source;
3528 ad->u.net.dport = uh->dest;
3529 break;
3530 }
3531
3532 case IPPROTO_DCCP: {
3533 struct dccp_hdr _dccph, *dh;
3534
3535 if (ntohs(ih->frag_off) & IP_OFFSET)
3536 break;
3537
3538 offset += ihlen;
3539 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3540 if (dh == NULL)
3541 break;
3542
3543 ad->u.net.sport = dh->dccph_sport;
3544 ad->u.net.dport = dh->dccph_dport;
3545 break;
3546 }
3547
3548 default:
3549 break;
3550 }
3551out:
3552 return ret;
3553}
3554
3555#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3556
3557
3558static int selinux_parse_skb_ipv6(struct sk_buff *skb,
3559 struct common_audit_data *ad, u8 *proto)
3560{
3561 u8 nexthdr;
3562 int ret = -EINVAL, offset;
3563 struct ipv6hdr _ipv6h, *ip6;
3564
3565 offset = skb_network_offset(skb);
3566 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3567 if (ip6 == NULL)
3568 goto out;
3569
3570 ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr);
3571 ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr);
3572 ret = 0;
3573
3574 nexthdr = ip6->nexthdr;
3575 offset += sizeof(_ipv6h);
3576 offset = ipv6_skip_exthdr(skb, offset, &nexthdr);
3577 if (offset < 0)
3578 goto out;
3579
3580 if (proto)
3581 *proto = nexthdr;
3582
3583 switch (nexthdr) {
3584 case IPPROTO_TCP: {
3585 struct tcphdr _tcph, *th;
3586
3587 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3588 if (th == NULL)
3589 break;
3590
3591 ad->u.net.sport = th->source;
3592 ad->u.net.dport = th->dest;
3593 break;
3594 }
3595
3596 case IPPROTO_UDP: {
3597 struct udphdr _udph, *uh;
3598
3599 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3600 if (uh == NULL)
3601 break;
3602
3603 ad->u.net.sport = uh->source;
3604 ad->u.net.dport = uh->dest;
3605 break;
3606 }
3607
3608 case IPPROTO_DCCP: {
3609 struct dccp_hdr _dccph, *dh;
3610
3611 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3612 if (dh == NULL)
3613 break;
3614
3615 ad->u.net.sport = dh->dccph_sport;
3616 ad->u.net.dport = dh->dccph_dport;
3617 break;
3618 }
3619
3620
3621 default:
3622 break;
3623 }
3624out:
3625 return ret;
3626}
3627
3628#endif
3629
3630static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
3631 char **_addrp, int src, u8 *proto)
3632{
3633 char *addrp;
3634 int ret;
3635
3636 switch (ad->u.net.family) {
3637 case PF_INET:
3638 ret = selinux_parse_skb_ipv4(skb, ad, proto);
3639 if (ret)
3640 goto parse_error;
3641 addrp = (char *)(src ? &ad->u.net.v4info.saddr :
3642 &ad->u.net.v4info.daddr);
3643 goto okay;
3644
3645#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3646 case PF_INET6:
3647 ret = selinux_parse_skb_ipv6(skb, ad, proto);
3648 if (ret)
3649 goto parse_error;
3650 addrp = (char *)(src ? &ad->u.net.v6info.saddr :
3651 &ad->u.net.v6info.daddr);
3652 goto okay;
3653#endif
3654 default:
3655 addrp = NULL;
3656 goto okay;
3657 }
3658
3659parse_error:
3660 printk(KERN_WARNING
3661 "SELinux: failure in selinux_parse_skb(),"
3662 " unable to parse packet\n");
3663 return ret;
3664
3665okay:
3666 if (_addrp)
3667 *_addrp = addrp;
3668 return 0;
3669}
3670
3671
3672
3673
3674
3675
3676
3677
3678
3679
3680
3681
3682
3683
3684
3685
3686static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
3687{
3688 int err;
3689 u32 xfrm_sid;
3690 u32 nlbl_sid;
3691 u32 nlbl_type;
3692
3693 selinux_skb_xfrm_sid(skb, &xfrm_sid);
3694 selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
3695
3696 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
3697 if (unlikely(err)) {
3698 printk(KERN_WARNING
3699 "SELinux: failure in selinux_skb_peerlbl_sid(),"
3700 " unable to determine packet's peer label\n");
3701 return -EACCES;
3702 }
3703
3704 return 0;
3705}
3706
3707
3708
3709static int socket_sockcreate_sid(const struct task_security_struct *tsec,
3710 u16 secclass, u32 *socksid)
3711{
3712 if (tsec->sockcreate_sid > SECSID_NULL) {
3713 *socksid = tsec->sockcreate_sid;
3714 return 0;
3715 }
3716
3717 return security_transition_sid(tsec->sid, tsec->sid, secclass, NULL,
3718 socksid);
3719}
3720
3721static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms)
3722{
3723 struct sk_security_struct *sksec = sk->sk_security;
3724 struct common_audit_data ad;
3725 u32 tsid = task_sid(task);
3726
3727 if (sksec->sid == SECINITSID_KERNEL)
3728 return 0;
3729
3730 COMMON_AUDIT_DATA_INIT(&ad, NET);
3731 ad.u.net.sk = sk;
3732
3733 return avc_has_perm(tsid, sksec->sid, sksec->sclass, perms, &ad);
3734}
3735
3736static int selinux_socket_create(int family, int type,
3737 int protocol, int kern)
3738{
3739 const struct task_security_struct *tsec = current_security();
3740 u32 newsid;
3741 u16 secclass;
3742 int rc;
3743
3744 if (kern)
3745 return 0;
3746
3747 secclass = socket_type_to_security_class(family, type, protocol);
3748 rc = socket_sockcreate_sid(tsec, secclass, &newsid);
3749 if (rc)
3750 return rc;
3751
3752 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
3753}
3754
3755static int selinux_socket_post_create(struct socket *sock, int family,
3756 int type, int protocol, int kern)
3757{
3758 const struct task_security_struct *tsec = current_security();
3759 struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;
3760 struct sk_security_struct *sksec;
3761 int err = 0;
3762
3763 isec->sclass = socket_type_to_security_class(family, type, protocol);
3764
3765 if (kern)
3766 isec->sid = SECINITSID_KERNEL;
3767 else {
3768 err = socket_sockcreate_sid(tsec, isec->sclass, &(isec->sid));
3769 if (err)
3770 return err;
3771 }
3772
3773 isec->initialized = 1;
3774
3775 if (sock->sk) {
3776 sksec = sock->sk->sk_security;
3777 sksec->sid = isec->sid;
3778 sksec->sclass = isec->sclass;
3779 err = selinux_netlbl_socket_post_create(sock->sk, family);
3780 }
3781
3782 return err;
3783}
3784
3785
3786
3787
3788
3789static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
3790{
3791 struct sock *sk = sock->sk;
3792 u16 family;
3793 int err;
3794
3795 err = sock_has_perm(current, sk, SOCKET__BIND);
3796 if (err)
3797 goto out;
3798
3799
3800
3801
3802
3803
3804 family = sk->sk_family;
3805 if (family == PF_INET || family == PF_INET6) {
3806 char *addrp;
3807 struct sk_security_struct *sksec = sk->sk_security;
3808 struct common_audit_data ad;
3809 struct sockaddr_in *addr4 = NULL;
3810 struct sockaddr_in6 *addr6 = NULL;
3811 unsigned short snum;
3812 u32 sid, node_perm;
3813
3814 if (family == PF_INET) {
3815 addr4 = (struct sockaddr_in *)address;
3816 snum = ntohs(addr4->sin_port);
3817 addrp = (char *)&addr4->sin_addr.s_addr;
3818 } else {
3819 addr6 = (struct sockaddr_in6 *)address;
3820 snum = ntohs(addr6->sin6_port);
3821 addrp = (char *)&addr6->sin6_addr.s6_addr;
3822 }
3823
3824 if (snum) {
3825 int low, high;
3826
3827 inet_get_local_port_range(&low, &high);
3828
3829 if (snum < max(PROT_SOCK, low) || snum > high) {
3830 err = sel_netport_sid(sk->sk_protocol,
3831 snum, &sid);
3832 if (err)
3833 goto out;
3834 COMMON_AUDIT_DATA_INIT(&ad, NET);
3835 ad.u.net.sport = htons(snum);
3836 ad.u.net.family = family;
3837 err = avc_has_perm(sksec->sid, sid,
3838 sksec->sclass,
3839 SOCKET__NAME_BIND, &ad);
3840 if (err)
3841 goto out;
3842 }
3843 }
3844
3845 switch (sksec->sclass) {
3846 case SECCLASS_TCP_SOCKET:
3847 node_perm = TCP_SOCKET__NODE_BIND;
3848 break;
3849
3850 case SECCLASS_UDP_SOCKET:
3851 node_perm = UDP_SOCKET__NODE_BIND;
3852 break;
3853
3854 case SECCLASS_DCCP_SOCKET:
3855 node_perm = DCCP_SOCKET__NODE_BIND;
3856 break;
3857
3858 default:
3859 node_perm = RAWIP_SOCKET__NODE_BIND;
3860 break;
3861 }
3862
3863 err = sel_netnode_sid(addrp, family, &sid);
3864 if (err)
3865 goto out;
3866
3867 COMMON_AUDIT_DATA_INIT(&ad, NET);
3868 ad.u.net.sport = htons(snum);
3869 ad.u.net.family = family;
3870
3871 if (family == PF_INET)
3872 ad.u.net.v4info.saddr = addr4->sin_addr.s_addr;
3873 else
3874 ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr);
3875
3876 err = avc_has_perm(sksec->sid, sid,
3877 sksec->sclass, node_perm, &ad);
3878 if (err)
3879 goto out;
3880 }
3881out:
3882 return err;
3883}
3884
3885static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
3886{
3887 struct sock *sk = sock->sk;
3888 struct sk_security_struct *sksec = sk->sk_security;
3889 int err;
3890
3891 err = sock_has_perm(current, sk, SOCKET__CONNECT);
3892 if (err)
3893 return err;
3894
3895
3896
3897
3898 if (sksec->sclass == SECCLASS_TCP_SOCKET ||
3899 sksec->sclass == SECCLASS_DCCP_SOCKET) {
3900 struct common_audit_data ad;
3901 struct sockaddr_in *addr4 = NULL;
3902 struct sockaddr_in6 *addr6 = NULL;
3903 unsigned short snum;
3904 u32 sid, perm;
3905
3906 if (sk->sk_family == PF_INET) {
3907 addr4 = (struct sockaddr_in *)address;
3908 if (addrlen < sizeof(struct sockaddr_in))
3909 return -EINVAL;
3910 snum = ntohs(addr4->sin_port);
3911 } else {
3912 addr6 = (struct sockaddr_in6 *)address;
3913 if (addrlen < SIN6_LEN_RFC2133)
3914 return -EINVAL;
3915 snum = ntohs(addr6->sin6_port);
3916 }
3917
3918 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
3919 if (err)
3920 goto out;
3921
3922 perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ?
3923 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
3924
3925 COMMON_AUDIT_DATA_INIT(&ad, NET);
3926 ad.u.net.dport = htons(snum);
3927 ad.u.net.family = sk->sk_family;
3928 err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad);
3929 if (err)
3930 goto out;
3931 }
3932
3933 err = selinux_netlbl_socket_connect(sk, address);
3934
3935out:
3936 return err;
3937}
3938
3939static int selinux_socket_listen(struct socket *sock, int backlog)
3940{
3941 return sock_has_perm(current, sock->sk, SOCKET__LISTEN);
3942}
3943
3944static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
3945{
3946 int err;
3947 struct inode_security_struct *isec;
3948 struct inode_security_struct *newisec;
3949
3950 err = sock_has_perm(current, sock->sk, SOCKET__ACCEPT);
3951 if (err)
3952 return err;
3953
3954 newisec = SOCK_INODE(newsock)->i_security;
3955
3956 isec = SOCK_INODE(sock)->i_security;
3957 newisec->sclass = isec->sclass;
3958 newisec->sid = isec->sid;
3959 newisec->initialized = 1;
3960
3961 return 0;
3962}
3963
3964static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3965 int size)
3966{
3967 return sock_has_perm(current, sock->sk, SOCKET__WRITE);
3968}
3969
3970static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
3971 int size, int flags)
3972{
3973 return sock_has_perm(current, sock->sk, SOCKET__READ);
3974}
3975
3976static int selinux_socket_getsockname(struct socket *sock)
3977{
3978 return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
3979}
3980
3981static int selinux_socket_getpeername(struct socket *sock)
3982{
3983 return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
3984}
3985
3986static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
3987{
3988 int err;
3989
3990 err = sock_has_perm(current, sock->sk, SOCKET__SETOPT);
3991 if (err)
3992 return err;
3993
3994 return selinux_netlbl_socket_setsockopt(sock, level, optname);
3995}
3996
3997static int selinux_socket_getsockopt(struct socket *sock, int level,
3998 int optname)
3999{
4000 return sock_has_perm(current, sock->sk, SOCKET__GETOPT);
4001}
4002
4003static int selinux_socket_shutdown(struct socket *sock, int how)
4004{
4005 return sock_has_perm(current, sock->sk, SOCKET__SHUTDOWN);
4006}
4007
4008static int selinux_socket_unix_stream_connect(struct sock *sock,
4009 struct sock *other,
4010 struct sock *newsk)
4011{
4012 struct sk_security_struct *sksec_sock = sock->sk_security;
4013 struct sk_security_struct *sksec_other = other->sk_security;
4014 struct sk_security_struct *sksec_new = newsk->sk_security;
4015 struct common_audit_data ad;
4016 int err;
4017
4018 COMMON_AUDIT_DATA_INIT(&ad, NET);
4019 ad.u.net.sk = other;
4020
4021 err = avc_has_perm(sksec_sock->sid, sksec_other->sid,
4022 sksec_other->sclass,
4023 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
4024 if (err)
4025 return err;
4026
4027
4028 sksec_new->peer_sid = sksec_sock->sid;
4029 err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid,
4030 &sksec_new->sid);
4031 if (err)
4032 return err;
4033
4034
4035 sksec_sock->peer_sid = sksec_new->sid;
4036
4037 return 0;
4038}
4039
4040static int selinux_socket_unix_may_send(struct socket *sock,
4041 struct socket *other)
4042{
4043 struct sk_security_struct *ssec = sock->sk->sk_security;
4044 struct sk_security_struct *osec = other->sk->sk_security;
4045 struct common_audit_data ad;
4046
4047 COMMON_AUDIT_DATA_INIT(&ad, NET);
4048 ad.u.net.sk = other->sk;
4049
4050 return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
4051 &ad);
4052}
4053
4054static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family,
4055 u32 peer_sid,
4056 struct common_audit_data *ad)
4057{
4058 int err;
4059 u32 if_sid;
4060 u32 node_sid;
4061
4062 err = sel_netif_sid(ifindex, &if_sid);
4063 if (err)
4064 return err;
4065 err = avc_has_perm(peer_sid, if_sid,
4066 SECCLASS_NETIF, NETIF__INGRESS, ad);
4067 if (err)
4068 return err;
4069
4070 err = sel_netnode_sid(addrp, family, &node_sid);
4071 if (err)
4072 return err;
4073 return avc_has_perm(peer_sid, node_sid,
4074 SECCLASS_NODE, NODE__RECVFROM, ad);
4075}
4076
4077static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4078 u16 family)
4079{
4080 int err = 0;
4081 struct sk_security_struct *sksec = sk->sk_security;
4082 u32 sk_sid = sksec->sid;
4083 struct common_audit_data ad;
4084 char *addrp;
4085
4086 COMMON_AUDIT_DATA_INIT(&ad, NET);
4087 ad.u.net.netif = skb->skb_iif;
4088 ad.u.net.family = family;
4089 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4090 if (err)
4091 return err;
4092
4093 if (selinux_secmark_enabled()) {
4094 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4095 PACKET__RECV, &ad);
4096 if (err)
4097 return err;
4098 }
4099
4100 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
4101 if (err)
4102 return err;
4103 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
4104
4105 return err;
4106}
4107
4108static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4109{
4110 int err;
4111 struct sk_security_struct *sksec = sk->sk_security;
4112 u16 family = sk->sk_family;
4113 u32 sk_sid = sksec->sid;
4114 struct common_audit_data ad;
4115 char *addrp;
4116 u8 secmark_active;
4117 u8 peerlbl_active;
4118
4119 if (family != PF_INET && family != PF_INET6)
4120 return 0;
4121
4122
4123 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4124 family = PF_INET;
4125
4126
4127
4128
4129
4130 if (!selinux_policycap_netpeer)
4131 return selinux_sock_rcv_skb_compat(sk, skb, family);
4132
4133 secmark_active = selinux_secmark_enabled();
4134 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4135 if (!secmark_active && !peerlbl_active)
4136 return 0;
4137
4138 COMMON_AUDIT_DATA_INIT(&ad, NET);
4139 ad.u.net.netif = skb->skb_iif;
4140 ad.u.net.family = family;
4141 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4142 if (err)
4143 return err;
4144
4145 if (peerlbl_active) {
4146 u32 peer_sid;
4147
4148 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4149 if (err)
4150 return err;
4151 err = selinux_inet_sys_rcv_skb(skb->skb_iif, addrp, family,
4152 peer_sid, &ad);
4153 if (err) {
4154 selinux_netlbl_err(skb, err, 0);
4155 return err;
4156 }
4157 err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
4158 PEER__RECV, &ad);
4159 if (err)
4160 selinux_netlbl_err(skb, err, 0);
4161 }
4162
4163 if (secmark_active) {
4164 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4165 PACKET__RECV, &ad);
4166 if (err)
4167 return err;
4168 }
4169
4170 return err;
4171}
4172
4173static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
4174 int __user *optlen, unsigned len)
4175{
4176 int err = 0;
4177 char *scontext;
4178 u32 scontext_len;
4179 struct sk_security_struct *sksec = sock->sk->sk_security;
4180 u32 peer_sid = SECSID_NULL;
4181
4182 if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
4183 sksec->sclass == SECCLASS_TCP_SOCKET)
4184 peer_sid = sksec->peer_sid;
4185 if (peer_sid == SECSID_NULL)
4186 return -ENOPROTOOPT;
4187
4188 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
4189 if (err)
4190 return err;
4191
4192 if (scontext_len > len) {
4193 err = -ERANGE;
4194 goto out_len;
4195 }
4196
4197 if (copy_to_user(optval, scontext, scontext_len))
4198 err = -EFAULT;
4199
4200out_len:
4201 if (put_user(scontext_len, optlen))
4202 err = -EFAULT;
4203 kfree(scontext);
4204 return err;
4205}
4206
4207static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
4208{
4209 u32 peer_secid = SECSID_NULL;
4210 u16 family;
4211
4212 if (skb && skb->protocol == htons(ETH_P_IP))
4213 family = PF_INET;
4214 else if (skb && skb->protocol == htons(ETH_P_IPV6))
4215 family = PF_INET6;
4216 else if (sock)
4217 family = sock->sk->sk_family;
4218 else
4219 goto out;
4220
4221 if (sock && family == PF_UNIX)
4222 selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
4223 else if (skb)
4224 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
4225
4226out:
4227 *secid = peer_secid;
4228 if (peer_secid == SECSID_NULL)
4229 return -EINVAL;
4230 return 0;
4231}
4232
4233static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
4234{
4235 struct sk_security_struct *sksec;
4236
4237 sksec = kzalloc(sizeof(*sksec), priority);
4238 if (!sksec)
4239 return -ENOMEM;
4240
4241 sksec->peer_sid = SECINITSID_UNLABELED;
4242 sksec->sid = SECINITSID_UNLABELED;
4243 selinux_netlbl_sk_security_reset(sksec);
4244 sk->sk_security = sksec;
4245
4246 return 0;
4247}
4248
4249static void selinux_sk_free_security(struct sock *sk)
4250{
4251 struct sk_security_struct *sksec = sk->sk_security;
4252
4253 sk->sk_security = NULL;
4254 selinux_netlbl_sk_security_free(sksec);
4255 kfree(sksec);
4256}
4257
4258static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
4259{
4260 struct sk_security_struct *sksec = sk->sk_security;
4261 struct sk_security_struct *newsksec = newsk->sk_security;
4262
4263 newsksec->sid = sksec->sid;
4264 newsksec->peer_sid = sksec->peer_sid;
4265 newsksec->sclass = sksec->sclass;
4266
4267 selinux_netlbl_sk_security_reset(newsksec);
4268}
4269
4270static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
4271{
4272 if (!sk)
4273 *secid = SECINITSID_ANY_SOCKET;
4274 else {
4275 struct sk_security_struct *sksec = sk->sk_security;
4276
4277 *secid = sksec->sid;
4278 }
4279}
4280
4281static void selinux_sock_graft(struct sock *sk, struct socket *parent)
4282{
4283 struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
4284 struct sk_security_struct *sksec = sk->sk_security;
4285
4286 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
4287 sk->sk_family == PF_UNIX)
4288 isec->sid = sksec->sid;
4289 sksec->sclass = isec->sclass;
4290}
4291
4292static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4293 struct request_sock *req)
4294{
4295 struct sk_security_struct *sksec = sk->sk_security;
4296 int err;
4297 u16 family = sk->sk_family;
4298 u32 newsid;
4299 u32 peersid;
4300
4301
4302 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4303 family = PF_INET;
4304
4305 err = selinux_skb_peerlbl_sid(skb, family, &peersid);
4306 if (err)
4307 return err;
4308 if (peersid == SECSID_NULL) {
4309 req->secid = sksec->sid;
4310 req->peer_secid = SECSID_NULL;
4311 } else {
4312 err = security_sid_mls_copy(sksec->sid, peersid, &newsid);
4313 if (err)
4314 return err;
4315 req->secid = newsid;
4316 req->peer_secid = peersid;
4317 }
4318
4319 return selinux_netlbl_inet_conn_request(req, family);
4320}
4321
4322static void selinux_inet_csk_clone(struct sock *newsk,
4323 const struct request_sock *req)
4324{
4325 struct sk_security_struct *newsksec = newsk->sk_security;
4326
4327 newsksec->sid = req->secid;
4328 newsksec->peer_sid = req->peer_secid;
4329
4330
4331
4332
4333
4334
4335
4336 selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
4337}
4338
4339static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
4340{
4341 u16 family = sk->sk_family;
4342 struct sk_security_struct *sksec = sk->sk_security;
4343
4344
4345 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4346 family = PF_INET;
4347
4348 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
4349}
4350
4351static int selinux_secmark_relabel_packet(u32 sid)
4352{
4353 const struct task_security_struct *__tsec;
4354 u32 tsid;
4355
4356 __tsec = current_security();
4357 tsid = __tsec->sid;
4358
4359 return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL);
4360}
4361
4362static void selinux_secmark_refcount_inc(void)
4363{
4364 atomic_inc(&selinux_secmark_refcount);
4365}
4366
4367static void selinux_secmark_refcount_dec(void)
4368{
4369 atomic_dec(&selinux_secmark_refcount);
4370}
4371
4372static void selinux_req_classify_flow(const struct request_sock *req,
4373 struct flowi *fl)
4374{
4375 fl->flowi_secid = req->secid;
4376}
4377
4378static int selinux_tun_dev_create(void)
4379{
4380 u32 sid = current_sid();
4381
4382
4383
4384
4385
4386
4387
4388
4389 return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
4390 NULL);
4391}
4392
4393static void selinux_tun_dev_post_create(struct sock *sk)
4394{
4395 struct sk_security_struct *sksec = sk->sk_security;
4396
4397
4398
4399
4400
4401
4402
4403
4404
4405
4406
4407 sksec->sid = current_sid();
4408 sksec->sclass = SECCLASS_TUN_SOCKET;
4409}
4410
4411static int selinux_tun_dev_attach(struct sock *sk)
4412{
4413 struct sk_security_struct *sksec = sk->sk_security;
4414 u32 sid = current_sid();
4415 int err;
4416
4417 err = avc_has_perm(sid, sksec->sid, SECCLASS_TUN_SOCKET,
4418 TUN_SOCKET__RELABELFROM, NULL);
4419 if (err)
4420 return err;
4421 err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET,
4422 TUN_SOCKET__RELABELTO, NULL);
4423 if (err)
4424 return err;
4425
4426 sksec->sid = sid;
4427
4428 return 0;
4429}
4430
4431static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
4432{
4433 int err = 0;
4434 u32 perm;
4435 struct nlmsghdr *nlh;
4436 struct sk_security_struct *sksec = sk->sk_security;
4437
4438 if (skb->len < NLMSG_SPACE(0)) {
4439 err = -EINVAL;
4440 goto out;
4441 }
4442 nlh = nlmsg_hdr(skb);
4443
4444 err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);
4445 if (err) {
4446 if (err == -EINVAL) {
4447 audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR,
4448 "SELinux: unrecognized netlink message"
4449 " type=%hu for sclass=%hu\n",
4450 nlh->nlmsg_type, sksec->sclass);
4451 if (!selinux_enforcing || security_get_allow_unknown())
4452 err = 0;
4453 }
4454
4455
4456 if (err == -ENOENT)
4457 err = 0;
4458 goto out;
4459 }
4460
4461 err = sock_has_perm(current, sk, perm);
4462out:
4463 return err;
4464}
4465
4466#ifdef CONFIG_NETFILTER
4467
4468static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
4469 u16 family)
4470{
4471 int err;
4472 char *addrp;
4473 u32 peer_sid;
4474 struct common_audit_data ad;
4475 u8 secmark_active;
4476 u8 netlbl_active;
4477 u8 peerlbl_active;
4478
4479 if (!selinux_policycap_netpeer)
4480 return NF_ACCEPT;
4481
4482 secmark_active = selinux_secmark_enabled();
4483 netlbl_active = netlbl_enabled();
4484 peerlbl_active = netlbl_active || selinux_xfrm_enabled();
4485 if (!secmark_active && !peerlbl_active)
4486 return NF_ACCEPT;
4487
4488 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
4489 return NF_DROP;
4490
4491 COMMON_AUDIT_DATA_INIT(&ad, NET);
4492 ad.u.net.netif = ifindex;
4493 ad.u.net.family = family;
4494 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
4495 return NF_DROP;
4496
4497 if (peerlbl_active) {
4498 err = selinux_inet_sys_rcv_skb(ifindex, addrp, family,
4499 peer_sid, &ad);
4500 if (err) {
4501 selinux_netlbl_err(skb, err, 1);
4502 return NF_DROP;
4503 }
4504 }
4505
4506 if (secmark_active)
4507 if (avc_has_perm(peer_sid, skb->secmark,
4508 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
4509 return NF_DROP;
4510
4511 if (netlbl_active)
4512
4513
4514
4515
4516 if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
4517 return NF_DROP;
4518
4519 return NF_ACCEPT;
4520}
4521
4522static unsigned int selinux_ipv4_forward(unsigned int hooknum,
4523 struct sk_buff *skb,
4524 const struct net_device *in,
4525 const struct net_device *out,
4526 int (*okfn)(struct sk_buff *))
4527{
4528 return selinux_ip_forward(skb, in->ifindex, PF_INET);
4529}
4530
4531#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4532static unsigned int selinux_ipv6_forward(unsigned int hooknum,
4533 struct sk_buff *skb,
4534 const struct net_device *in,
4535 const struct net_device *out,
4536 int (*okfn)(struct sk_buff *))
4537{
4538 return selinux_ip_forward(skb, in->ifindex, PF_INET6);
4539}
4540#endif
4541
4542static unsigned int selinux_ip_output(struct sk_buff *skb,
4543 u16 family)
4544{
4545 u32 sid;
4546
4547 if (!netlbl_enabled())
4548 return NF_ACCEPT;
4549
4550
4551
4552
4553 if (skb->sk) {
4554 struct sk_security_struct *sksec = skb->sk->sk_security;
4555 sid = sksec->sid;
4556 } else
4557 sid = SECINITSID_KERNEL;
4558 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
4559 return NF_DROP;
4560
4561 return NF_ACCEPT;
4562}
4563
4564static unsigned int selinux_ipv4_output(unsigned int hooknum,
4565 struct sk_buff *skb,
4566 const struct net_device *in,
4567 const struct net_device *out,
4568 int (*okfn)(struct sk_buff *))
4569{
4570 return selinux_ip_output(skb, PF_INET);
4571}
4572
4573static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4574 int ifindex,
4575 u16 family)
4576{
4577 struct sock *sk = skb->sk;
4578 struct sk_security_struct *sksec;
4579 struct common_audit_data ad;
4580 char *addrp;
4581 u8 proto;
4582
4583 if (sk == NULL)
4584 return NF_ACCEPT;
4585 sksec = sk->sk_security;
4586
4587 COMMON_AUDIT_DATA_INIT(&ad, NET);
4588 ad.u.net.netif = ifindex;
4589 ad.u.net.family = family;
4590 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
4591 return NF_DROP;
4592
4593 if (selinux_secmark_enabled())
4594 if (avc_has_perm(sksec->sid, skb->secmark,
4595 SECCLASS_PACKET, PACKET__SEND, &ad))
4596 return NF_DROP_ERR(-ECONNREFUSED);
4597
4598 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
4599 return NF_DROP_ERR(-ECONNREFUSED);
4600
4601 return NF_ACCEPT;
4602}
4603
4604static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4605 u16 family)
4606{
4607 u32 secmark_perm;
4608 u32 peer_sid;
4609 struct sock *sk;
4610 struct common_audit_data ad;
4611 char *addrp;
4612 u8 secmark_active;
4613 u8 peerlbl_active;
4614
4615
4616
4617
4618
4619 if (!selinux_policycap_netpeer)
4620 return selinux_ip_postroute_compat(skb, ifindex, family);
4621#ifdef CONFIG_XFRM
4622
4623
4624
4625
4626
4627
4628 if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL)
4629 return NF_ACCEPT;
4630#endif
4631 secmark_active = selinux_secmark_enabled();
4632 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4633 if (!secmark_active && !peerlbl_active)
4634 return NF_ACCEPT;
4635
4636
4637
4638
4639
4640 sk = skb->sk;
4641 if (sk == NULL) {
4642 if (skb->skb_iif) {
4643 secmark_perm = PACKET__FORWARD_OUT;
4644 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
4645 return NF_DROP;
4646 } else {
4647 secmark_perm = PACKET__SEND;
4648 peer_sid = SECINITSID_KERNEL;
4649 }
4650 } else {
4651 struct sk_security_struct *sksec = sk->sk_security;
4652 peer_sid = sksec->sid;
4653 secmark_perm = PACKET__SEND;
4654 }
4655
4656 COMMON_AUDIT_DATA_INIT(&ad, NET);
4657 ad.u.net.netif = ifindex;
4658 ad.u.net.family = family;
4659 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
4660 return NF_DROP;
4661
4662 if (secmark_active)
4663 if (avc_has_perm(peer_sid, skb->secmark,
4664 SECCLASS_PACKET, secmark_perm, &ad))
4665 return NF_DROP_ERR(-ECONNREFUSED);
4666
4667 if (peerlbl_active) {
4668 u32 if_sid;
4669 u32 node_sid;
4670
4671 if (sel_netif_sid(ifindex, &if_sid))
4672 return NF_DROP;
4673 if (avc_has_perm(peer_sid, if_sid,
4674 SECCLASS_NETIF, NETIF__EGRESS, &ad))
4675 return NF_DROP_ERR(-ECONNREFUSED);
4676
4677 if (sel_netnode_sid(addrp, family, &node_sid))
4678 return NF_DROP;
4679 if (avc_has_perm(peer_sid, node_sid,
4680 SECCLASS_NODE, NODE__SENDTO, &ad))
4681 return NF_DROP_ERR(-ECONNREFUSED);
4682 }
4683
4684 return NF_ACCEPT;
4685}
4686
4687static unsigned int selinux_ipv4_postroute(unsigned int hooknum,
4688 struct sk_buff *skb,
4689 const struct net_device *in,
4690 const struct net_device *out,
4691 int (*okfn)(struct sk_buff *))
4692{
4693 return selinux_ip_postroute(skb, out->ifindex, PF_INET);
4694}
4695
4696#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4697static unsigned int selinux_ipv6_postroute(unsigned int hooknum,
4698 struct sk_buff *skb,
4699 const struct net_device *in,
4700 const struct net_device *out,
4701 int (*okfn)(struct sk_buff *))
4702{
4703 return selinux_ip_postroute(skb, out->ifindex, PF_INET6);
4704}
4705#endif
4706
4707#endif
4708
4709static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
4710{
4711 int err;
4712
4713 err = cap_netlink_send(sk, skb);
4714 if (err)
4715 return err;
4716
4717 return selinux_nlmsg_perm(sk, skb);
4718}
4719
4720static int selinux_netlink_recv(struct sk_buff *skb, int capability)
4721{
4722 int err;
4723 struct common_audit_data ad;
4724 u32 sid;
4725
4726 err = cap_netlink_recv(skb, capability);
4727 if (err)
4728 return err;
4729
4730 COMMON_AUDIT_DATA_INIT(&ad, CAP);
4731 ad.u.cap = capability;
4732
4733 security_task_getsecid(current, &sid);
4734 return avc_has_perm(sid, sid, SECCLASS_CAPABILITY,
4735 CAP_TO_MASK(capability), &ad);
4736}
4737
4738static int ipc_alloc_security(struct task_struct *task,
4739 struct kern_ipc_perm *perm,
4740 u16 sclass)
4741{
4742 struct ipc_security_struct *isec;
4743 u32 sid;
4744
4745 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
4746 if (!isec)
4747 return -ENOMEM;
4748
4749 sid = task_sid(task);
4750 isec->sclass = sclass;
4751 isec->sid = sid;
4752 perm->security = isec;
4753
4754 return 0;
4755}
4756
4757static void ipc_free_security(struct kern_ipc_perm *perm)
4758{
4759 struct ipc_security_struct *isec = perm->security;
4760 perm->security = NULL;
4761 kfree(isec);
4762}
4763
4764static int msg_msg_alloc_security(struct msg_msg *msg)
4765{
4766 struct msg_security_struct *msec;
4767
4768 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
4769 if (!msec)
4770 return -ENOMEM;
4771
4772 msec->sid = SECINITSID_UNLABELED;
4773 msg->security = msec;
4774
4775 return 0;
4776}
4777
4778static void msg_msg_free_security(struct msg_msg *msg)
4779{
4780 struct msg_security_struct *msec = msg->security;
4781
4782 msg->security = NULL;
4783 kfree(msec);
4784}
4785
4786static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
4787 u32 perms)
4788{
4789 struct ipc_security_struct *isec;
4790 struct common_audit_data ad;
4791 u32 sid = current_sid();
4792
4793 isec = ipc_perms->security;
4794
4795 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4796 ad.u.ipc_id = ipc_perms->key;
4797
4798 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
4799}
4800
4801static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
4802{
4803 return msg_msg_alloc_security(msg);
4804}
4805
4806static void selinux_msg_msg_free_security(struct msg_msg *msg)
4807{
4808 msg_msg_free_security(msg);
4809}
4810
4811
4812static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4813{
4814 struct ipc_security_struct *isec;
4815 struct common_audit_data ad;
4816 u32 sid = current_sid();
4817 int rc;
4818
4819 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
4820 if (rc)
4821 return rc;
4822
4823 isec = msq->q_perm.security;
4824
4825 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4826 ad.u.ipc_id = msq->q_perm.key;
4827
4828 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4829 MSGQ__CREATE, &ad);
4830 if (rc) {
4831 ipc_free_security(&msq->q_perm);
4832 return rc;
4833 }
4834 return 0;
4835}
4836
4837static void selinux_msg_queue_free_security(struct msg_queue *msq)
4838{
4839 ipc_free_security(&msq->q_perm);
4840}
4841
4842static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
4843{
4844 struct ipc_security_struct *isec;
4845 struct common_audit_data ad;
4846 u32 sid = current_sid();
4847
4848 isec = msq->q_perm.security;
4849
4850 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4851 ad.u.ipc_id = msq->q_perm.key;
4852
4853 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4854 MSGQ__ASSOCIATE, &ad);
4855}
4856
4857static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
4858{
4859 int err;
4860 int perms;
4861
4862 switch (cmd) {
4863 case IPC_INFO:
4864 case MSG_INFO:
4865
4866 return task_has_system(current, SYSTEM__IPC_INFO);
4867 case IPC_STAT:
4868 case MSG_STAT:
4869 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
4870 break;
4871 case IPC_SET:
4872 perms = MSGQ__SETATTR;
4873 break;
4874 case IPC_RMID:
4875 perms = MSGQ__DESTROY;
4876 break;
4877 default:
4878 return 0;
4879 }
4880
4881 err = ipc_has_perm(&msq->q_perm, perms);
4882 return err;
4883}
4884
4885static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
4886{
4887 struct ipc_security_struct *isec;
4888 struct msg_security_struct *msec;
4889 struct common_audit_data ad;
4890 u32 sid = current_sid();
4891 int rc;
4892
4893 isec = msq->q_perm.security;
4894 msec = msg->security;
4895
4896
4897
4898
4899 if (msec->sid == SECINITSID_UNLABELED) {
4900
4901
4902
4903
4904 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG,
4905 NULL, &msec->sid);
4906 if (rc)
4907 return rc;
4908 }
4909
4910 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4911 ad.u.ipc_id = msq->q_perm.key;
4912
4913
4914 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4915 MSGQ__WRITE, &ad);
4916 if (!rc)
4917
4918 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG,
4919 MSG__SEND, &ad);
4920 if (!rc)
4921
4922 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ,
4923 MSGQ__ENQUEUE, &ad);
4924
4925 return rc;
4926}
4927
4928static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
4929 struct task_struct *target,
4930 long type, int mode)
4931{
4932 struct ipc_security_struct *isec;
4933 struct msg_security_struct *msec;
4934 struct common_audit_data ad;
4935 u32 sid = task_sid(target);
4936 int rc;
4937
4938 isec = msq->q_perm.security;
4939 msec = msg->security;
4940
4941 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4942 ad.u.ipc_id = msq->q_perm.key;
4943
4944 rc = avc_has_perm(sid, isec->sid,
4945 SECCLASS_MSGQ, MSGQ__READ, &ad);
4946 if (!rc)
4947 rc = avc_has_perm(sid, msec->sid,
4948 SECCLASS_MSG, MSG__RECEIVE, &ad);
4949 return rc;
4950}
4951
4952
4953static int selinux_shm_alloc_security(struct shmid_kernel *shp)
4954{
4955 struct ipc_security_struct *isec;
4956 struct common_audit_data ad;
4957 u32 sid = current_sid();
4958 int rc;
4959
4960 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
4961 if (rc)
4962 return rc;
4963
4964 isec = shp->shm_perm.security;
4965
4966 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4967 ad.u.ipc_id = shp->shm_perm.key;
4968
4969 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
4970 SHM__CREATE, &ad);
4971 if (rc) {
4972 ipc_free_security(&shp->shm_perm);
4973 return rc;
4974 }
4975 return 0;
4976}
4977
4978static void selinux_shm_free_security(struct shmid_kernel *shp)
4979{
4980 ipc_free_security(&shp->shm_perm);
4981}
4982
4983static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
4984{
4985 struct ipc_security_struct *isec;
4986 struct common_audit_data ad;
4987 u32 sid = current_sid();
4988
4989 isec = shp->shm_perm.security;
4990
4991 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4992 ad.u.ipc_id = shp->shm_perm.key;
4993
4994 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
4995 SHM__ASSOCIATE, &ad);
4996}
4997
4998
4999static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
5000{
5001 int perms;
5002 int err;
5003
5004 switch (cmd) {
5005 case IPC_INFO:
5006 case SHM_INFO:
5007
5008 return task_has_system(current, SYSTEM__IPC_INFO);
5009 case IPC_STAT:
5010 case SHM_STAT:
5011 perms = SHM__GETATTR | SHM__ASSOCIATE;
5012 break;
5013 case IPC_SET:
5014 perms = SHM__SETATTR;
5015 break;
5016 case SHM_LOCK:
5017 case SHM_UNLOCK:
5018 perms = SHM__LOCK;
5019 break;
5020 case IPC_RMID:
5021 perms = SHM__DESTROY;
5022 break;
5023 default:
5024 return 0;
5025 }
5026
5027 err = ipc_has_perm(&shp->shm_perm, perms);
5028 return err;
5029}
5030
5031static int selinux_shm_shmat(struct shmid_kernel *shp,
5032 char __user *shmaddr, int shmflg)
5033{
5034 u32 perms;
5035
5036 if (shmflg & SHM_RDONLY)
5037 perms = SHM__READ;
5038 else
5039 perms = SHM__READ | SHM__WRITE;
5040
5041 return ipc_has_perm(&shp->shm_perm, perms);
5042}
5043
5044
5045static int selinux_sem_alloc_security(struct sem_array *sma)
5046{
5047 struct ipc_security_struct *isec;
5048 struct common_audit_data ad;
5049 u32 sid = current_sid();
5050 int rc;
5051
5052 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
5053 if (rc)
5054 return rc;
5055
5056 isec = sma->sem_perm.security;
5057
5058 COMMON_AUDIT_DATA_INIT(&ad, IPC);
5059 ad.u.ipc_id = sma->sem_perm.key;
5060
5061 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5062 SEM__CREATE, &ad);
5063 if (rc) {
5064 ipc_free_security(&sma->sem_perm);
5065 return rc;
5066 }
5067 return 0;
5068}
5069
5070static void selinux_sem_free_security(struct sem_array *sma)
5071{
5072 ipc_free_security(&sma->sem_perm);
5073}
5074
5075static int selinux_sem_associate(struct sem_array *sma, int semflg)
5076{
5077 struct ipc_security_struct *isec;
5078 struct common_audit_data ad;
5079 u32 sid = current_sid();
5080
5081 isec = sma->sem_perm.security;
5082
5083 COMMON_AUDIT_DATA_INIT(&ad, IPC);
5084 ad.u.ipc_id = sma->sem_perm.key;
5085
5086 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5087 SEM__ASSOCIATE, &ad);
5088}
5089
5090
5091static int selinux_sem_semctl(struct sem_array *sma, int cmd)
5092{
5093 int err;
5094 u32 perms;
5095
5096 switch (cmd) {
5097 case IPC_INFO:
5098 case SEM_INFO:
5099
5100 return task_has_system(current, SYSTEM__IPC_INFO);
5101 case GETPID:
5102 case GETNCNT:
5103 case GETZCNT:
5104 perms = SEM__GETATTR;
5105 break;
5106 case GETVAL:
5107 case GETALL:
5108 perms = SEM__READ;
5109 break;
5110 case SETVAL:
5111 case SETALL:
5112 perms = SEM__WRITE;
5113 break;
5114 case IPC_RMID:
5115 perms = SEM__DESTROY;
5116 break;
5117 case IPC_SET:
5118 perms = SEM__SETATTR;
5119 break;
5120 case IPC_STAT:
5121 case SEM_STAT:
5122 perms = SEM__GETATTR | SEM__ASSOCIATE;
5123 break;
5124 default:
5125 return 0;
5126 }
5127
5128 err = ipc_has_perm(&sma->sem_perm, perms);
5129 return err;
5130}
5131
5132static int selinux_sem_semop(struct sem_array *sma,
5133 struct sembuf *sops, unsigned nsops, int alter)
5134{
5135 u32 perms;
5136
5137 if (alter)
5138 perms = SEM__READ | SEM__WRITE;
5139 else
5140 perms = SEM__READ;
5141
5142 return ipc_has_perm(&sma->sem_perm, perms);
5143}
5144
5145static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
5146{
5147 u32 av = 0;
5148
5149 av = 0;
5150 if (flag & S_IRUGO)
5151 av |= IPC__UNIX_READ;
5152 if (flag & S_IWUGO)
5153 av |= IPC__UNIX_WRITE;
5154
5155 if (av == 0)
5156 return 0;
5157
5158 return ipc_has_perm(ipcp, av);
5159}
5160
5161static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
5162{
5163 struct ipc_security_struct *isec = ipcp->security;
5164 *secid = isec->sid;
5165}
5166
5167static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
5168{
5169 if (inode)
5170 inode_doinit_with_dentry(inode, dentry);
5171}
5172
5173static int selinux_getprocattr(struct task_struct *p,
5174 char *name, char **value)
5175{
5176 const struct task_security_struct *__tsec;
5177 u32 sid;
5178 int error;
5179 unsigned len;
5180
5181 if (current != p) {
5182 error = current_has_perm(p, PROCESS__GETATTR);
5183 if (error)
5184 return error;
5185 }
5186
5187 rcu_read_lock();
5188 __tsec = __task_cred(p)->security;
5189
5190 if (!strcmp(name, "current"))
5191 sid = __tsec->sid;
5192 else if (!strcmp(name, "prev"))
5193 sid = __tsec->osid;
5194 else if (!strcmp(name, "exec"))
5195 sid = __tsec->exec_sid;
5196 else if (!strcmp(name, "fscreate"))
5197 sid = __tsec->create_sid;
5198 else if (!strcmp(name, "keycreate"))
5199 sid = __tsec->keycreate_sid;
5200 else if (!strcmp(name, "sockcreate"))
5201 sid = __tsec->sockcreate_sid;
5202 else
5203 goto invalid;
5204 rcu_read_unlock();
5205
5206 if (!sid)
5207 return 0;
5208
5209 error = security_sid_to_context(sid, value, &len);
5210 if (error)
5211 return error;
5212 return len;
5213
5214invalid:
5215 rcu_read_unlock();
5216 return -EINVAL;
5217}
5218
5219static int selinux_setprocattr(struct task_struct *p,
5220 char *name, void *value, size_t size)
5221{
5222 struct task_security_struct *tsec;
5223 struct task_struct *tracer;
5224 struct cred *new;
5225 u32 sid = 0, ptsid;
5226 int error;
5227 char *str = value;
5228
5229 if (current != p) {
5230
5231
5232 return -EACCES;
5233 }
5234
5235
5236
5237
5238
5239
5240 if (!strcmp(name, "exec"))
5241 error = current_has_perm(p, PROCESS__SETEXEC);
5242 else if (!strcmp(name, "fscreate"))
5243 error = current_has_perm(p, PROCESS__SETFSCREATE);
5244 else if (!strcmp(name, "keycreate"))
5245 error = current_has_perm(p, PROCESS__SETKEYCREATE);
5246 else if (!strcmp(name, "sockcreate"))
5247 error = current_has_perm(p, PROCESS__SETSOCKCREATE);
5248 else if (!strcmp(name, "current"))
5249 error = current_has_perm(p, PROCESS__SETCURRENT);
5250 else
5251 error = -EINVAL;
5252 if (error)
5253 return error;
5254
5255
5256 if (size && str[1] && str[1] != '\n') {
5257 if (str[size-1] == '\n') {
5258 str[size-1] = 0;
5259 size--;
5260 }
5261 error = security_context_to_sid(value, size, &sid);
5262 if (error == -EINVAL && !strcmp(name, "fscreate")) {
5263 if (!capable(CAP_MAC_ADMIN))
5264 return error;
5265 error = security_context_to_sid_force(value, size,
5266 &sid);
5267 }
5268 if (error)
5269 return error;
5270 }
5271
5272 new = prepare_creds();
5273 if (!new)
5274 return -ENOMEM;
5275
5276
5277
5278
5279
5280
5281
5282 tsec = new->security;
5283 if (!strcmp(name, "exec")) {
5284 tsec->exec_sid = sid;
5285 } else if (!strcmp(name, "fscreate")) {
5286 tsec->create_sid = sid;
5287 } else if (!strcmp(name, "keycreate")) {
5288 error = may_create_key(sid, p);
5289 if (error)
5290 goto abort_change;
5291 tsec->keycreate_sid = sid;
5292 } else if (!strcmp(name, "sockcreate")) {
5293 tsec->sockcreate_sid = sid;
5294 } else if (!strcmp(name, "current")) {
5295 error = -EINVAL;
5296 if (sid == 0)
5297 goto abort_change;
5298
5299
5300 error = -EPERM;
5301 if (!current_is_single_threaded()) {
5302 error = security_bounded_transition(tsec->sid, sid);
5303 if (error)
5304 goto abort_change;
5305 }
5306
5307
5308 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
5309 PROCESS__DYNTRANSITION, NULL);
5310 if (error)
5311 goto abort_change;
5312
5313
5314
5315 ptsid = 0;
5316 task_lock(p);
5317 tracer = ptrace_parent(p);
5318 if (tracer)
5319 ptsid = task_sid(tracer);
5320 task_unlock(p);
5321
5322 if (tracer) {
5323 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
5324 PROCESS__PTRACE, NULL);
5325 if (error)
5326 goto abort_change;
5327 }
5328
5329 tsec->sid = sid;
5330 } else {
5331 error = -EINVAL;
5332 goto abort_change;
5333 }
5334
5335 commit_creds(new);
5336 return size;
5337
5338abort_change:
5339 abort_creds(new);
5340 return error;
5341}
5342
5343static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
5344{
5345 return security_sid_to_context(secid, secdata, seclen);
5346}
5347
5348static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
5349{
5350 return security_context_to_sid(secdata, seclen, secid);
5351}
5352
5353static void selinux_release_secctx(char *secdata, u32 seclen)
5354{
5355 kfree(secdata);
5356}
5357
5358
5359
5360
5361static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
5362{
5363 return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0);
5364}
5365
5366
5367
5368
5369static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
5370{
5371 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
5372}
5373
5374static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
5375{
5376 int len = 0;
5377 len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,
5378 ctx, true);
5379 if (len < 0)
5380 return len;
5381 *ctxlen = len;
5382 return 0;
5383}
5384#ifdef CONFIG_KEYS
5385
5386static int selinux_key_alloc(struct key *k, const struct cred *cred,
5387 unsigned long flags)
5388{
5389 const struct task_security_struct *tsec;
5390 struct key_security_struct *ksec;
5391
5392 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
5393 if (!ksec)
5394 return -ENOMEM;
5395
5396 tsec = cred->security;
5397 if (tsec->keycreate_sid)
5398 ksec->sid = tsec->keycreate_sid;
5399 else
5400 ksec->sid = tsec->sid;
5401
5402 k->security = ksec;
5403 return 0;
5404}
5405
5406static void selinux_key_free(struct key *k)
5407{
5408 struct key_security_struct *ksec = k->security;
5409
5410 k->security = NULL;
5411 kfree(ksec);
5412}
5413
5414static int selinux_key_permission(key_ref_t key_ref,
5415 const struct cred *cred,
5416 key_perm_t perm)
5417{
5418 struct key *key;
5419 struct key_security_struct *ksec;
5420 u32 sid;
5421
5422
5423
5424
5425 if (perm == 0)
5426 return 0;
5427
5428 sid = cred_sid(cred);
5429
5430 key = key_ref_to_ptr(key_ref);
5431 ksec = key->security;
5432
5433 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL);
5434}
5435
5436static int selinux_key_getsecurity(struct key *key, char **_buffer)
5437{
5438 struct key_security_struct *ksec = key->security;
5439 char *context = NULL;
5440 unsigned len;
5441 int rc;
5442
5443 rc = security_sid_to_context(ksec->sid, &context, &len);
5444 if (!rc)
5445 rc = len;
5446 *_buffer = context;
5447 return rc;
5448}
5449
5450#endif
5451
5452static struct security_operations selinux_ops = {
5453 .name = "selinux",
5454
5455 .ptrace_access_check = selinux_ptrace_access_check,
5456 .ptrace_traceme = selinux_ptrace_traceme,
5457 .capget = selinux_capget,
5458 .capset = selinux_capset,
5459 .capable = selinux_capable,
5460 .quotactl = selinux_quotactl,
5461 .quota_on = selinux_quota_on,
5462 .syslog = selinux_syslog,
5463 .vm_enough_memory = selinux_vm_enough_memory,
5464
5465 .netlink_send = selinux_netlink_send,
5466 .netlink_recv = selinux_netlink_recv,
5467
5468 .bprm_set_creds = selinux_bprm_set_creds,
5469 .bprm_committing_creds = selinux_bprm_committing_creds,
5470 .bprm_committed_creds = selinux_bprm_committed_creds,
5471 .bprm_secureexec = selinux_bprm_secureexec,
5472
5473 .sb_alloc_security = selinux_sb_alloc_security,
5474 .sb_free_security = selinux_sb_free_security,
5475 .sb_copy_data = selinux_sb_copy_data,
5476 .sb_remount = selinux_sb_remount,
5477 .sb_kern_mount = selinux_sb_kern_mount,
5478 .sb_show_options = selinux_sb_show_options,
5479 .sb_statfs = selinux_sb_statfs,
5480 .sb_mount = selinux_mount,
5481 .sb_umount = selinux_umount,
5482 .sb_set_mnt_opts = selinux_set_mnt_opts,
5483 .sb_clone_mnt_opts = selinux_sb_clone_mnt_opts,
5484 .sb_parse_opts_str = selinux_parse_opts_str,
5485
5486
5487 .inode_alloc_security = selinux_inode_alloc_security,
5488 .inode_free_security = selinux_inode_free_security,
5489 .inode_init_security = selinux_inode_init_security,
5490 .inode_create = selinux_inode_create,
5491 .inode_link = selinux_inode_link,
5492 .inode_unlink = selinux_inode_unlink,
5493 .inode_symlink = selinux_inode_symlink,
5494 .inode_mkdir = selinux_inode_mkdir,
5495 .inode_rmdir = selinux_inode_rmdir,
5496 .inode_mknod = selinux_inode_mknod,
5497 .inode_rename = selinux_inode_rename,
5498 .inode_readlink = selinux_inode_readlink,
5499 .inode_follow_link = selinux_inode_follow_link,
5500 .inode_permission = selinux_inode_permission,
5501 .inode_setattr = selinux_inode_setattr,
5502 .inode_getattr = selinux_inode_getattr,
5503 .inode_setxattr = selinux_inode_setxattr,
5504 .inode_post_setxattr = selinux_inode_post_setxattr,
5505 .inode_getxattr = selinux_inode_getxattr,
5506 .inode_listxattr = selinux_inode_listxattr,
5507 .inode_removexattr = selinux_inode_removexattr,
5508 .inode_getsecurity = selinux_inode_getsecurity,
5509 .inode_setsecurity = selinux_inode_setsecurity,
5510 .inode_listsecurity = selinux_inode_listsecurity,
5511 .inode_getsecid = selinux_inode_getsecid,
5512
5513 .file_permission = selinux_file_permission,
5514 .file_alloc_security = selinux_file_alloc_security,
5515 .file_free_security = selinux_file_free_security,
5516 .file_ioctl = selinux_file_ioctl,
5517 .file_mmap = selinux_file_mmap,
5518 .file_mprotect = selinux_file_mprotect,
5519 .file_lock = selinux_file_lock,
5520 .file_fcntl = selinux_file_fcntl,
5521 .file_set_fowner = selinux_file_set_fowner,
5522 .file_send_sigiotask = selinux_file_send_sigiotask,
5523 .file_receive = selinux_file_receive,
5524
5525 .dentry_open = selinux_dentry_open,
5526
5527 .task_create = selinux_task_create,
5528 .cred_alloc_blank = selinux_cred_alloc_blank,
5529 .cred_free = selinux_cred_free,
5530 .cred_prepare = selinux_cred_prepare,
5531 .cred_transfer = selinux_cred_transfer,
5532 .kernel_act_as = selinux_kernel_act_as,
5533 .kernel_create_files_as = selinux_kernel_create_files_as,
5534 .kernel_module_request = selinux_kernel_module_request,
5535 .task_setpgid = selinux_task_setpgid,
5536 .task_getpgid = selinux_task_getpgid,
5537 .task_getsid = selinux_task_getsid,
5538 .task_getsecid = selinux_task_getsecid,
5539 .task_setnice = selinux_task_setnice,
5540 .task_setioprio = selinux_task_setioprio,
5541 .task_getioprio = selinux_task_getioprio,
5542 .task_setrlimit = selinux_task_setrlimit,
5543 .task_setscheduler = selinux_task_setscheduler,
5544 .task_getscheduler = selinux_task_getscheduler,
5545 .task_movememory = selinux_task_movememory,
5546 .task_kill = selinux_task_kill,
5547 .task_wait = selinux_task_wait,
5548 .task_to_inode = selinux_task_to_inode,
5549
5550 .ipc_permission = selinux_ipc_permission,
5551 .ipc_getsecid = selinux_ipc_getsecid,
5552
5553 .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
5554 .msg_msg_free_security = selinux_msg_msg_free_security,
5555
5556 .msg_queue_alloc_security = selinux_msg_queue_alloc_security,
5557 .msg_queue_free_security = selinux_msg_queue_free_security,
5558 .msg_queue_associate = selinux_msg_queue_associate,
5559 .msg_queue_msgctl = selinux_msg_queue_msgctl,
5560 .msg_queue_msgsnd = selinux_msg_queue_msgsnd,
5561 .msg_queue_msgrcv = selinux_msg_queue_msgrcv,
5562
5563 .shm_alloc_security = selinux_shm_alloc_security,
5564 .shm_free_security = selinux_shm_free_security,
5565 .shm_associate = selinux_shm_associate,
5566 .shm_shmctl = selinux_shm_shmctl,
5567 .shm_shmat = selinux_shm_shmat,
5568
5569 .sem_alloc_security = selinux_sem_alloc_security,
5570 .sem_free_security = selinux_sem_free_security,
5571 .sem_associate = selinux_sem_associate,
5572 .sem_semctl = selinux_sem_semctl,
5573 .sem_semop = selinux_sem_semop,
5574
5575 .d_instantiate = selinux_d_instantiate,
5576
5577 .getprocattr = selinux_getprocattr,
5578 .setprocattr = selinux_setprocattr,
5579
5580 .secid_to_secctx = selinux_secid_to_secctx,
5581 .secctx_to_secid = selinux_secctx_to_secid,
5582 .release_secctx = selinux_release_secctx,
5583 .inode_notifysecctx = selinux_inode_notifysecctx,
5584 .inode_setsecctx = selinux_inode_setsecctx,
5585 .inode_getsecctx = selinux_inode_getsecctx,
5586
5587 .unix_stream_connect = selinux_socket_unix_stream_connect,
5588 .unix_may_send = selinux_socket_unix_may_send,
5589
5590 .socket_create = selinux_socket_create,
5591 .socket_post_create = selinux_socket_post_create,
5592 .socket_bind = selinux_socket_bind,
5593 .socket_connect = selinux_socket_connect,
5594 .socket_listen = selinux_socket_listen,
5595 .socket_accept = selinux_socket_accept,
5596 .socket_sendmsg = selinux_socket_sendmsg,
5597 .socket_recvmsg = selinux_socket_recvmsg,
5598 .socket_getsockname = selinux_socket_getsockname,
5599 .socket_getpeername = selinux_socket_getpeername,
5600 .socket_getsockopt = selinux_socket_getsockopt,
5601 .socket_setsockopt = selinux_socket_setsockopt,
5602 .socket_shutdown = selinux_socket_shutdown,
5603 .socket_sock_rcv_skb = selinux_socket_sock_rcv_skb,
5604 .socket_getpeersec_stream = selinux_socket_getpeersec_stream,
5605 .socket_getpeersec_dgram = selinux_socket_getpeersec_dgram,
5606 .sk_alloc_security = selinux_sk_alloc_security,
5607 .sk_free_security = selinux_sk_free_security,
5608 .sk_clone_security = selinux_sk_clone_security,
5609 .sk_getsecid = selinux_sk_getsecid,
5610 .sock_graft = selinux_sock_graft,
5611 .inet_conn_request = selinux_inet_conn_request,
5612 .inet_csk_clone = selinux_inet_csk_clone,
5613 .inet_conn_established = selinux_inet_conn_established,
5614 .secmark_relabel_packet = selinux_secmark_relabel_packet,
5615 .secmark_refcount_inc = selinux_secmark_refcount_inc,
5616 .secmark_refcount_dec = selinux_secmark_refcount_dec,
5617 .req_classify_flow = selinux_req_classify_flow,
5618 .tun_dev_create = selinux_tun_dev_create,
5619 .tun_dev_post_create = selinux_tun_dev_post_create,
5620 .tun_dev_attach = selinux_tun_dev_attach,
5621
5622#ifdef CONFIG_SECURITY_NETWORK_XFRM
5623 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc,
5624 .xfrm_policy_clone_security = selinux_xfrm_policy_clone,
5625 .xfrm_policy_free_security = selinux_xfrm_policy_free,
5626 .xfrm_policy_delete_security = selinux_xfrm_policy_delete,
5627 .xfrm_state_alloc_security = selinux_xfrm_state_alloc,
5628 .xfrm_state_free_security = selinux_xfrm_state_free,
5629 .xfrm_state_delete_security = selinux_xfrm_state_delete,
5630 .xfrm_policy_lookup = selinux_xfrm_policy_lookup,
5631 .xfrm_state_pol_flow_match = selinux_xfrm_state_pol_flow_match,
5632 .xfrm_decode_session = selinux_xfrm_decode_session,
5633#endif
5634
5635#ifdef CONFIG_KEYS
5636 .key_alloc = selinux_key_alloc,
5637 .key_free = selinux_key_free,
5638 .key_permission = selinux_key_permission,
5639 .key_getsecurity = selinux_key_getsecurity,
5640#endif
5641
5642#ifdef CONFIG_AUDIT
5643 .audit_rule_init = selinux_audit_rule_init,
5644 .audit_rule_known = selinux_audit_rule_known,
5645 .audit_rule_match = selinux_audit_rule_match,
5646 .audit_rule_free = selinux_audit_rule_free,
5647#endif
5648};
5649
5650static __init int selinux_init(void)
5651{
5652 if (!security_module_enable(&selinux_ops)) {
5653 selinux_enabled = 0;
5654 return 0;
5655 }
5656
5657 if (!selinux_enabled) {
5658 printk(KERN_INFO "SELinux: Disabled at boot.\n");
5659 return 0;
5660 }
5661
5662 printk(KERN_INFO "SELinux: Initializing.\n");
5663
5664
5665 cred_init_security();
5666
5667 default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
5668
5669 sel_inode_cache = kmem_cache_create("selinux_inode_security",
5670 sizeof(struct inode_security_struct),
5671 0, SLAB_PANIC, NULL);
5672 avc_init();
5673
5674 if (register_security(&selinux_ops))
5675 panic("SELinux: Unable to register with kernel.\n");
5676
5677 if (selinux_enforcing)
5678 printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
5679 else
5680 printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
5681
5682 return 0;
5683}
5684
5685static void delayed_superblock_init(struct super_block *sb, void *unused)
5686{
5687 superblock_doinit(sb, NULL);
5688}
5689
5690void selinux_complete_init(void)
5691{
5692 printk(KERN_DEBUG "SELinux: Completing initialization.\n");
5693
5694
5695 printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
5696 iterate_supers(delayed_superblock_init, NULL);
5697}
5698
5699
5700
5701security_initcall(selinux_init);
5702
5703#if defined(CONFIG_NETFILTER)
5704
5705static struct nf_hook_ops selinux_ipv4_ops[] = {
5706 {
5707 .hook = selinux_ipv4_postroute,
5708 .owner = THIS_MODULE,
5709 .pf = PF_INET,
5710 .hooknum = NF_INET_POST_ROUTING,
5711 .priority = NF_IP_PRI_SELINUX_LAST,
5712 },
5713 {
5714 .hook = selinux_ipv4_forward,
5715 .owner = THIS_MODULE,
5716 .pf = PF_INET,
5717 .hooknum = NF_INET_FORWARD,
5718 .priority = NF_IP_PRI_SELINUX_FIRST,
5719 },
5720 {
5721 .hook = selinux_ipv4_output,
5722 .owner = THIS_MODULE,
5723 .pf = PF_INET,
5724 .hooknum = NF_INET_LOCAL_OUT,
5725 .priority = NF_IP_PRI_SELINUX_FIRST,
5726 }
5727};
5728
5729#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5730
5731static struct nf_hook_ops selinux_ipv6_ops[] = {
5732 {
5733 .hook = selinux_ipv6_postroute,
5734 .owner = THIS_MODULE,
5735 .pf = PF_INET6,
5736 .hooknum = NF_INET_POST_ROUTING,
5737 .priority = NF_IP6_PRI_SELINUX_LAST,
5738 },
5739 {
5740 .hook = selinux_ipv6_forward,
5741 .owner = THIS_MODULE,
5742 .pf = PF_INET6,
5743 .hooknum = NF_INET_FORWARD,
5744 .priority = NF_IP6_PRI_SELINUX_FIRST,
5745 }
5746};
5747
5748#endif
5749
5750static int __init selinux_nf_ip_init(void)
5751{
5752 int err = 0;
5753
5754 if (!selinux_enabled)
5755 goto out;
5756
5757 printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
5758
5759 err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
5760 if (err)
5761 panic("SELinux: nf_register_hooks for IPv4: error %d\n", err);
5762
5763#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5764 err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
5765 if (err)
5766 panic("SELinux: nf_register_hooks for IPv6: error %d\n", err);
5767#endif
5768
5769out:
5770 return err;
5771}
5772
5773__initcall(selinux_nf_ip_init);
5774
5775#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5776static void selinux_nf_ip_exit(void)
5777{
5778 printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
5779
5780 nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
5781#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5782 nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
5783#endif
5784}
5785#endif
5786
5787#else
5788
5789#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5790#define selinux_nf_ip_exit()
5791#endif
5792
5793#endif
5794
5795#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5796static int selinux_disabled;
5797
5798int selinux_disable(void)
5799{
5800 if (ss_initialized) {
5801
5802 return -EINVAL;
5803 }
5804
5805 if (selinux_disabled) {
5806
5807 return -EINVAL;
5808 }
5809
5810 printk(KERN_INFO "SELinux: Disabled at runtime.\n");
5811
5812 selinux_disabled = 1;
5813 selinux_enabled = 0;
5814
5815 reset_security_ops();
5816
5817
5818 avc_disable();
5819
5820
5821 selinux_nf_ip_exit();
5822
5823
5824 exit_sel_fs();
5825
5826 return 0;
5827}
5828#endif
5829
