1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/init.h>
28#include <linux/kd.h>
29#include <linux/kernel.h>
30#include <linux/tracehook.h>
31#include <linux/errno.h>
32#include <linux/sched/signal.h>
33#include <linux/sched/task.h>
34#include <linux/lsm_hooks.h>
35#include <linux/xattr.h>
36#include <linux/capability.h>
37#include <linux/unistd.h>
38#include <linux/mm.h>
39#include <linux/mman.h>
40#include <linux/slab.h>
41#include <linux/pagemap.h>
42#include <linux/proc_fs.h>
43#include <linux/swap.h>
44#include <linux/spinlock.h>
45#include <linux/syscalls.h>
46#include <linux/dcache.h>
47#include <linux/file.h>
48#include <linux/fdtable.h>
49#include <linux/namei.h>
50#include <linux/mount.h>
51#include <linux/netfilter_ipv4.h>
52#include <linux/netfilter_ipv6.h>
53#include <linux/tty.h>
54#include <net/icmp.h>
55#include <net/ip.h>
56#include <net/tcp.h>
57#include <net/inet_connection_sock.h>
58#include <net/net_namespace.h>
59#include <net/netlabel.h>
60#include <linux/uaccess.h>
61#include <asm/ioctls.h>
62#include <linux/atomic.h>
63#include <linux/bitops.h>
64#include <linux/interrupt.h>
65#include <linux/netdevice.h>
66#include <net/netlink.h>
67#include <linux/tcp.h>
68#include <linux/udp.h>
69#include <linux/dccp.h>
70#include <linux/sctp.h>
71#include <net/sctp/structs.h>
72#include <linux/quota.h>
73#include <linux/un.h>
74#include <net/af_unix.h>
75#include <linux/parser.h>
76#include <linux/nfs_mount.h>
77#include <net/ipv6.h>
78#include <linux/hugetlb.h>
79#include <linux/personality.h>
80#include <linux/audit.h>
81#include <linux/string.h>
82#include <linux/selinux.h>
83#include <linux/mutex.h>
84#include <linux/posix-timers.h>
85#include <linux/syslog.h>
86#include <linux/user_namespace.h>
87#include <linux/export.h>
88#include <linux/msg.h>
89#include <linux/shm.h>
90#include <linux/bpf.h>
91
92#include "avc.h"
93#include "objsec.h"
94#include "netif.h"
95#include "netnode.h"
96#include "netport.h"
97#include "ibpkey.h"
98#include "xfrm.h"
99#include "netlabel.h"
100#include "audit.h"
101#include "avc_ss.h"
102
103struct selinux_state selinux_state;
104
105
106static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
107
108#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
109static int selinux_enforcing_boot;
110
111static int __init enforcing_setup(char *str)
112{
113 unsigned long enforcing;
114 if (!kstrtoul(str, 0, &enforcing))
115 selinux_enforcing_boot = enforcing ? 1 : 0;
116 return 1;
117}
118__setup("enforcing=", enforcing_setup);
119#else
120#define selinux_enforcing_boot 1
121#endif
122
123#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
124int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
125
126static int __init selinux_enabled_setup(char *str)
127{
128 unsigned long enabled;
129 if (!kstrtoul(str, 0, &enabled))
130 selinux_enabled = enabled ? 1 : 0;
131 return 1;
132}
133__setup("selinux=", selinux_enabled_setup);
134#else
135int selinux_enabled = 1;
136#endif
137
138static unsigned int selinux_checkreqprot_boot =
139 CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE;
140
141static int __init checkreqprot_setup(char *str)
142{
143 unsigned long checkreqprot;
144
145 if (!kstrtoul(str, 0, &checkreqprot))
146 selinux_checkreqprot_boot = checkreqprot ? 1 : 0;
147 return 1;
148}
149__setup("checkreqprot=", checkreqprot_setup);
150
151static struct kmem_cache *sel_inode_cache;
152static struct kmem_cache *file_security_cache;
153
154
155
156
157
158
159
160
161
162
163
164
165static int selinux_secmark_enabled(void)
166{
167 return (selinux_policycap_alwaysnetwork() ||
168 atomic_read(&selinux_secmark_refcount));
169}
170
171
172
173
174
175
176
177
178
179
180
181static int selinux_peerlbl_enabled(void)
182{
183 return (selinux_policycap_alwaysnetwork() ||
184 netlbl_enabled() || selinux_xfrm_enabled());
185}
186
187static int selinux_netcache_avc_callback(u32 event)
188{
189 if (event == AVC_CALLBACK_RESET) {
190 sel_netif_flush();
191 sel_netnode_flush();
192 sel_netport_flush();
193 synchronize_net();
194 }
195 return 0;
196}
197
198static int selinux_lsm_notifier_avc_callback(u32 event)
199{
200 if (event == AVC_CALLBACK_RESET) {
201 sel_ib_pkey_flush();
202 call_lsm_notifier(LSM_POLICY_CHANGE, NULL);
203 }
204
205 return 0;
206}
207
208
209
210
211static void cred_init_security(void)
212{
213 struct cred *cred = (struct cred *) current->real_cred;
214 struct task_security_struct *tsec;
215
216 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
217 if (!tsec)
218 panic("SELinux: Failed to initialize initial task.\n");
219
220 tsec->osid = tsec->sid = SECINITSID_KERNEL;
221 cred->security = tsec;
222}
223
224
225
226
227static inline u32 cred_sid(const struct cred *cred)
228{
229 const struct task_security_struct *tsec;
230
231 tsec = cred->security;
232 return tsec->sid;
233}
234
235
236
237
238static inline u32 task_sid(const struct task_struct *task)
239{
240 u32 sid;
241
242 rcu_read_lock();
243 sid = cred_sid(__task_cred(task));
244 rcu_read_unlock();
245 return sid;
246}
247
248
249
250static int inode_alloc_security(struct inode *inode)
251{
252 struct inode_security_struct *isec;
253 u32 sid = current_sid();
254
255 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
256 if (!isec)
257 return -ENOMEM;
258
259 spin_lock_init(&isec->lock);
260 INIT_LIST_HEAD(&isec->list);
261 isec->inode = inode;
262 isec->sid = SECINITSID_UNLABELED;
263 isec->sclass = SECCLASS_FILE;
264 isec->task_sid = sid;
265 isec->initialized = LABEL_INVALID;
266 inode->i_security = isec;
267
268 return 0;
269}
270
271static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
272
273
274
275
276
277
278
279
280static int __inode_security_revalidate(struct inode *inode,
281 struct dentry *opt_dentry,
282 bool may_sleep)
283{
284 struct inode_security_struct *isec = inode->i_security;
285
286 might_sleep_if(may_sleep);
287
288 if (selinux_state.initialized &&
289 isec->initialized != LABEL_INITIALIZED) {
290 if (!may_sleep)
291 return -ECHILD;
292
293
294
295
296
297
298 inode_doinit_with_dentry(inode, opt_dentry);
299 }
300 return 0;
301}
302
303static struct inode_security_struct *inode_security_novalidate(struct inode *inode)
304{
305 return inode->i_security;
306}
307
308static struct inode_security_struct *inode_security_rcu(struct inode *inode, bool rcu)
309{
310 int error;
311
312 error = __inode_security_revalidate(inode, NULL, !rcu);
313 if (error)
314 return ERR_PTR(error);
315 return inode->i_security;
316}
317
318
319
320
321static struct inode_security_struct *inode_security(struct inode *inode)
322{
323 __inode_security_revalidate(inode, NULL, true);
324 return inode->i_security;
325}
326
327static struct inode_security_struct *backing_inode_security_novalidate(struct dentry *dentry)
328{
329 struct inode *inode = d_backing_inode(dentry);
330
331 return inode->i_security;
332}
333
334
335
336
337static struct inode_security_struct *backing_inode_security(struct dentry *dentry)
338{
339 struct inode *inode = d_backing_inode(dentry);
340
341 __inode_security_revalidate(inode, dentry, true);
342 return inode->i_security;
343}
344
345static void inode_free_rcu(struct rcu_head *head)
346{
347 struct inode_security_struct *isec;
348
349 isec = container_of(head, struct inode_security_struct, rcu);
350 kmem_cache_free(sel_inode_cache, isec);
351}
352
353static void inode_free_security(struct inode *inode)
354{
355 struct inode_security_struct *isec = inode->i_security;
356 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
357
358
359
360
361
362
363
364
365
366
367
368 if (!list_empty_careful(&isec->list)) {
369 spin_lock(&sbsec->isec_lock);
370 list_del_init(&isec->list);
371 spin_unlock(&sbsec->isec_lock);
372 }
373
374
375
376
377
378
379
380
381
382
383 call_rcu(&isec->rcu, inode_free_rcu);
384}
385
386static int file_alloc_security(struct file *file)
387{
388 struct file_security_struct *fsec;
389 u32 sid = current_sid();
390
391 fsec = kmem_cache_zalloc(file_security_cache, GFP_KERNEL);
392 if (!fsec)
393 return -ENOMEM;
394
395 fsec->sid = sid;
396 fsec->fown_sid = sid;
397 file->f_security = fsec;
398
399 return 0;
400}
401
402static void file_free_security(struct file *file)
403{
404 struct file_security_struct *fsec = file->f_security;
405 file->f_security = NULL;
406 kmem_cache_free(file_security_cache, fsec);
407}
408
409static int superblock_alloc_security(struct super_block *sb)
410{
411 struct superblock_security_struct *sbsec;
412
413 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
414 if (!sbsec)
415 return -ENOMEM;
416
417 mutex_init(&sbsec->lock);
418 INIT_LIST_HEAD(&sbsec->isec_head);
419 spin_lock_init(&sbsec->isec_lock);
420 sbsec->sb = sb;
421 sbsec->sid = SECINITSID_UNLABELED;
422 sbsec->def_sid = SECINITSID_FILE;
423 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
424 sb->s_security = sbsec;
425
426 return 0;
427}
428
429static void superblock_free_security(struct super_block *sb)
430{
431 struct superblock_security_struct *sbsec = sb->s_security;
432 sb->s_security = NULL;
433 kfree(sbsec);
434}
435
436static inline int inode_doinit(struct inode *inode)
437{
438 return inode_doinit_with_dentry(inode, NULL);
439}
440
441enum {
442 Opt_error = -1,
443 Opt_context = 1,
444 Opt_fscontext = 2,
445 Opt_defcontext = 3,
446 Opt_rootcontext = 4,
447 Opt_labelsupport = 5,
448 Opt_nextmntopt = 6,
449};
450
451#define NUM_SEL_MNT_OPTS (Opt_nextmntopt - 1)
452
453static const match_table_t tokens = {
454 {Opt_context, CONTEXT_STR "%s"},
455 {Opt_fscontext, FSCONTEXT_STR "%s"},
456 {Opt_defcontext, DEFCONTEXT_STR "%s"},
457 {Opt_rootcontext, ROOTCONTEXT_STR "%s"},
458 {Opt_labelsupport, LABELSUPP_STR},
459 {Opt_error, NULL},
460};
461
462#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
463
464static int may_context_mount_sb_relabel(u32 sid,
465 struct superblock_security_struct *sbsec,
466 const struct cred *cred)
467{
468 const struct task_security_struct *tsec = cred->security;
469 int rc;
470
471 rc = avc_has_perm(&selinux_state,
472 tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
473 FILESYSTEM__RELABELFROM, NULL);
474 if (rc)
475 return rc;
476
477 rc = avc_has_perm(&selinux_state,
478 tsec->sid, sid, SECCLASS_FILESYSTEM,
479 FILESYSTEM__RELABELTO, NULL);
480 return rc;
481}
482
483static int may_context_mount_inode_relabel(u32 sid,
484 struct superblock_security_struct *sbsec,
485 const struct cred *cred)
486{
487 const struct task_security_struct *tsec = cred->security;
488 int rc;
489 rc = avc_has_perm(&selinux_state,
490 tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
491 FILESYSTEM__RELABELFROM, NULL);
492 if (rc)
493 return rc;
494
495 rc = avc_has_perm(&selinux_state,
496 sid, sbsec->sid, SECCLASS_FILESYSTEM,
497 FILESYSTEM__ASSOCIATE, NULL);
498 return rc;
499}
500
501static int selinux_is_sblabel_mnt(struct super_block *sb)
502{
503 struct superblock_security_struct *sbsec = sb->s_security;
504
505 return sbsec->behavior == SECURITY_FS_USE_XATTR ||
506 sbsec->behavior == SECURITY_FS_USE_TRANS ||
507 sbsec->behavior == SECURITY_FS_USE_TASK ||
508 sbsec->behavior == SECURITY_FS_USE_NATIVE ||
509
510 !strcmp(sb->s_type->name, "sysfs") ||
511 !strcmp(sb->s_type->name, "pstore") ||
512 !strcmp(sb->s_type->name, "debugfs") ||
513 !strcmp(sb->s_type->name, "tracefs") ||
514 !strcmp(sb->s_type->name, "rootfs") ||
515 (selinux_policycap_cgroupseclabel() &&
516 (!strcmp(sb->s_type->name, "cgroup") ||
517 !strcmp(sb->s_type->name, "cgroup2")));
518}
519
520static int sb_finish_set_opts(struct super_block *sb)
521{
522 struct superblock_security_struct *sbsec = sb->s_security;
523 struct dentry *root = sb->s_root;
524 struct inode *root_inode = d_backing_inode(root);
525 int rc = 0;
526
527 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
528
529
530
531
532
533 if (!(root_inode->i_opflags & IOP_XATTR)) {
534 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
535 "xattr support\n", sb->s_id, sb->s_type->name);
536 rc = -EOPNOTSUPP;
537 goto out;
538 }
539
540 rc = __vfs_getxattr(root, root_inode, XATTR_NAME_SELINUX, NULL, 0);
541 if (rc < 0 && rc != -ENODATA) {
542 if (rc == -EOPNOTSUPP)
543 printk(KERN_WARNING "SELinux: (dev %s, type "
544 "%s) has no security xattr handler\n",
545 sb->s_id, sb->s_type->name);
546 else
547 printk(KERN_WARNING "SELinux: (dev %s, type "
548 "%s) getxattr errno %d\n", sb->s_id,
549 sb->s_type->name, -rc);
550 goto out;
551 }
552 }
553
554 sbsec->flags |= SE_SBINITIALIZED;
555
556
557
558
559
560
561 if (selinux_is_sblabel_mnt(sb))
562 sbsec->flags |= SBLABEL_MNT;
563 else
564 sbsec->flags &= ~SBLABEL_MNT;
565
566
567 rc = inode_doinit_with_dentry(root_inode, root);
568
569
570
571
572
573 spin_lock(&sbsec->isec_lock);
574next_inode:
575 if (!list_empty(&sbsec->isec_head)) {
576 struct inode_security_struct *isec =
577 list_entry(sbsec->isec_head.next,
578 struct inode_security_struct, list);
579 struct inode *inode = isec->inode;
580 list_del_init(&isec->list);
581 spin_unlock(&sbsec->isec_lock);
582 inode = igrab(inode);
583 if (inode) {
584 if (!IS_PRIVATE(inode))
585 inode_doinit(inode);
586 iput(inode);
587 }
588 spin_lock(&sbsec->isec_lock);
589 goto next_inode;
590 }
591 spin_unlock(&sbsec->isec_lock);
592out:
593 return rc;
594}
595
596
597
598
599
600
601static int selinux_get_mnt_opts(const struct super_block *sb,
602 struct security_mnt_opts *opts)
603{
604 int rc = 0, i;
605 struct superblock_security_struct *sbsec = sb->s_security;
606 char *context = NULL;
607 u32 len;
608 char tmp;
609
610 security_init_mnt_opts(opts);
611
612 if (!(sbsec->flags & SE_SBINITIALIZED))
613 return -EINVAL;
614
615 if (!selinux_state.initialized)
616 return -EINVAL;
617
618
619 BUILD_BUG_ON(SE_MNTMASK >= (1 << NUM_SEL_MNT_OPTS));
620
621 tmp = sbsec->flags & SE_MNTMASK;
622
623 for (i = 0; i < NUM_SEL_MNT_OPTS; i++) {
624 if (tmp & 0x01)
625 opts->num_mnt_opts++;
626 tmp >>= 1;
627 }
628
629 if (sbsec->flags & SBLABEL_MNT)
630 opts->num_mnt_opts++;
631
632 opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
633 if (!opts->mnt_opts) {
634 rc = -ENOMEM;
635 goto out_free;
636 }
637
638 opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);
639 if (!opts->mnt_opts_flags) {
640 rc = -ENOMEM;
641 goto out_free;
642 }
643
644 i = 0;
645 if (sbsec->flags & FSCONTEXT_MNT) {
646 rc = security_sid_to_context(&selinux_state, sbsec->sid,
647 &context, &len);
648 if (rc)
649 goto out_free;
650 opts->mnt_opts[i] = context;
651 opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
652 }
653 if (sbsec->flags & CONTEXT_MNT) {
654 rc = security_sid_to_context(&selinux_state,
655 sbsec->mntpoint_sid,
656 &context, &len);
657 if (rc)
658 goto out_free;
659 opts->mnt_opts[i] = context;
660 opts->mnt_opts_flags[i++] = CONTEXT_MNT;
661 }
662 if (sbsec->flags & DEFCONTEXT_MNT) {
663 rc = security_sid_to_context(&selinux_state, sbsec->def_sid,
664 &context, &len);
665 if (rc)
666 goto out_free;
667 opts->mnt_opts[i] = context;
668 opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;
669 }
670 if (sbsec->flags & ROOTCONTEXT_MNT) {
671 struct dentry *root = sbsec->sb->s_root;
672 struct inode_security_struct *isec = backing_inode_security(root);
673
674 rc = security_sid_to_context(&selinux_state, isec->sid,
675 &context, &len);
676 if (rc)
677 goto out_free;
678 opts->mnt_opts[i] = context;
679 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
680 }
681 if (sbsec->flags & SBLABEL_MNT) {
682 opts->mnt_opts[i] = NULL;
683 opts->mnt_opts_flags[i++] = SBLABEL_MNT;
684 }
685
686 BUG_ON(i != opts->num_mnt_opts);
687
688 return 0;
689
690out_free:
691 security_free_mnt_opts(opts);
692 return rc;
693}
694
695static int bad_option(struct superblock_security_struct *sbsec, char flag,
696 u32 old_sid, u32 new_sid)
697{
698 char mnt_flags = sbsec->flags & SE_MNTMASK;
699
700
701 if (sbsec->flags & SE_SBINITIALIZED)
702 if (!(sbsec->flags & flag) ||
703 (old_sid != new_sid))
704 return 1;
705
706
707
708
709 if (!(sbsec->flags & SE_SBINITIALIZED))
710 if (mnt_flags & flag)
711 return 1;
712 return 0;
713}
714
715
716
717
718
719static int selinux_set_mnt_opts(struct super_block *sb,
720 struct security_mnt_opts *opts,
721 unsigned long kern_flags,
722 unsigned long *set_kern_flags)
723{
724 const struct cred *cred = current_cred();
725 int rc = 0, i;
726 struct superblock_security_struct *sbsec = sb->s_security;
727 const char *name = sb->s_type->name;
728 struct dentry *root = sbsec->sb->s_root;
729 struct inode_security_struct *root_isec;
730 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
731 u32 defcontext_sid = 0;
732 char **mount_options = opts->mnt_opts;
733 int *flags = opts->mnt_opts_flags;
734 int num_opts = opts->num_mnt_opts;
735
736 mutex_lock(&sbsec->lock);
737
738 if (!selinux_state.initialized) {
739 if (!num_opts) {
740
741
742
743 goto out;
744 }
745 rc = -EINVAL;
746 printk(KERN_WARNING "SELinux: Unable to set superblock options "
747 "before the security server is initialized\n");
748 goto out;
749 }
750 if (kern_flags && !set_kern_flags) {
751
752
753 rc = -EINVAL;
754 goto out;
755 }
756
757
758
759
760
761
762
763
764
765
766
767
768 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
769 && (num_opts == 0))
770 goto out;
771
772 root_isec = backing_inode_security_novalidate(root);
773
774
775
776
777
778
779 for (i = 0; i < num_opts; i++) {
780 u32 sid;
781
782 if (flags[i] == SBLABEL_MNT)
783 continue;
784 rc = security_context_str_to_sid(&selinux_state,
785 mount_options[i], &sid,
786 GFP_KERNEL);
787 if (rc) {
788 printk(KERN_WARNING "SELinux: security_context_str_to_sid"
789 "(%s) failed for (dev %s, type %s) errno=%d\n",
790 mount_options[i], sb->s_id, name, rc);
791 goto out;
792 }
793 switch (flags[i]) {
794 case FSCONTEXT_MNT:
795 fscontext_sid = sid;
796
797 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
798 fscontext_sid))
799 goto out_double_mount;
800
801 sbsec->flags |= FSCONTEXT_MNT;
802 break;
803 case CONTEXT_MNT:
804 context_sid = sid;
805
806 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
807 context_sid))
808 goto out_double_mount;
809
810 sbsec->flags |= CONTEXT_MNT;
811 break;
812 case ROOTCONTEXT_MNT:
813 rootcontext_sid = sid;
814
815 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
816 rootcontext_sid))
817 goto out_double_mount;
818
819 sbsec->flags |= ROOTCONTEXT_MNT;
820
821 break;
822 case DEFCONTEXT_MNT:
823 defcontext_sid = sid;
824
825 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
826 defcontext_sid))
827 goto out_double_mount;
828
829 sbsec->flags |= DEFCONTEXT_MNT;
830
831 break;
832 default:
833 rc = -EINVAL;
834 goto out;
835 }
836 }
837
838 if (sbsec->flags & SE_SBINITIALIZED) {
839
840 if ((sbsec->flags & SE_MNTMASK) && !num_opts)
841 goto out_double_mount;
842 rc = 0;
843 goto out;
844 }
845
846 if (strcmp(sb->s_type->name, "proc") == 0)
847 sbsec->flags |= SE_SBPROC | SE_SBGENFS;
848
849 if (!strcmp(sb->s_type->name, "debugfs") ||
850 !strcmp(sb->s_type->name, "tracefs") ||
851 !strcmp(sb->s_type->name, "sysfs") ||
852 !strcmp(sb->s_type->name, "pstore") ||
853 !strcmp(sb->s_type->name, "cgroup") ||
854 !strcmp(sb->s_type->name, "cgroup2"))
855 sbsec->flags |= SE_SBGENFS;
856
857 if (!sbsec->behavior) {
858
859
860
861
862 rc = security_fs_use(&selinux_state, sb);
863 if (rc) {
864 printk(KERN_WARNING
865 "%s: security_fs_use(%s) returned %d\n",
866 __func__, sb->s_type->name, rc);
867 goto out;
868 }
869 }
870
871
872
873
874
875
876 if (sb->s_user_ns != &init_user_ns &&
877 strcmp(sb->s_type->name, "tmpfs") &&
878 strcmp(sb->s_type->name, "ramfs") &&
879 strcmp(sb->s_type->name, "devpts")) {
880 if (context_sid || fscontext_sid || rootcontext_sid ||
881 defcontext_sid) {
882 rc = -EACCES;
883 goto out;
884 }
885 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
886 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
887 rc = security_transition_sid(&selinux_state,
888 current_sid(),
889 current_sid(),
890 SECCLASS_FILE, NULL,
891 &sbsec->mntpoint_sid);
892 if (rc)
893 goto out;
894 }
895 goto out_set_opts;
896 }
897
898
899 if (fscontext_sid) {
900 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
901 if (rc)
902 goto out;
903
904 sbsec->sid = fscontext_sid;
905 }
906
907
908
909
910
911
912 if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !context_sid) {
913 sbsec->behavior = SECURITY_FS_USE_NATIVE;
914 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
915 }
916
917 if (context_sid) {
918 if (!fscontext_sid) {
919 rc = may_context_mount_sb_relabel(context_sid, sbsec,
920 cred);
921 if (rc)
922 goto out;
923 sbsec->sid = context_sid;
924 } else {
925 rc = may_context_mount_inode_relabel(context_sid, sbsec,
926 cred);
927 if (rc)
928 goto out;
929 }
930 if (!rootcontext_sid)
931 rootcontext_sid = context_sid;
932
933 sbsec->mntpoint_sid = context_sid;
934 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
935 }
936
937 if (rootcontext_sid) {
938 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
939 cred);
940 if (rc)
941 goto out;
942
943 root_isec->sid = rootcontext_sid;
944 root_isec->initialized = LABEL_INITIALIZED;
945 }
946
947 if (defcontext_sid) {
948 if (sbsec->behavior != SECURITY_FS_USE_XATTR &&
949 sbsec->behavior != SECURITY_FS_USE_NATIVE) {
950 rc = -EINVAL;
951 printk(KERN_WARNING "SELinux: defcontext option is "
952 "invalid for this filesystem type\n");
953 goto out;
954 }
955
956 if (defcontext_sid != sbsec->def_sid) {
957 rc = may_context_mount_inode_relabel(defcontext_sid,
958 sbsec, cred);
959 if (rc)
960 goto out;
961 }
962
963 sbsec->def_sid = defcontext_sid;
964 }
965
966out_set_opts:
967 rc = sb_finish_set_opts(sb);
968out:
969 mutex_unlock(&sbsec->lock);
970 return rc;
971out_double_mount:
972 rc = -EINVAL;
973 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
974 "security settings for (dev %s, type %s)\n", sb->s_id, name);
975 goto out;
976}
977
978static int selinux_cmp_sb_context(const struct super_block *oldsb,
979 const struct super_block *newsb)
980{
981 struct superblock_security_struct *old = oldsb->s_security;
982 struct superblock_security_struct *new = newsb->s_security;
983 char oldflags = old->flags & SE_MNTMASK;
984 char newflags = new->flags & SE_MNTMASK;
985
986 if (oldflags != newflags)
987 goto mismatch;
988 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid)
989 goto mismatch;
990 if ((oldflags & CONTEXT_MNT) && old->mntpoint_sid != new->mntpoint_sid)
991 goto mismatch;
992 if ((oldflags & DEFCONTEXT_MNT) && old->def_sid != new->def_sid)
993 goto mismatch;
994 if (oldflags & ROOTCONTEXT_MNT) {
995 struct inode_security_struct *oldroot = backing_inode_security(oldsb->s_root);
996 struct inode_security_struct *newroot = backing_inode_security(newsb->s_root);
997 if (oldroot->sid != newroot->sid)
998 goto mismatch;
999 }
1000 return 0;
1001mismatch:
1002 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, "
1003 "different security settings for (dev %s, "
1004 "type %s)\n", newsb->s_id, newsb->s_type->name);
1005 return -EBUSY;
1006}
1007
1008static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
1009 struct super_block *newsb,
1010 unsigned long kern_flags,
1011 unsigned long *set_kern_flags)
1012{
1013 int rc = 0;
1014 const struct superblock_security_struct *oldsbsec = oldsb->s_security;
1015 struct superblock_security_struct *newsbsec = newsb->s_security;
1016
1017 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
1018 int set_context = (oldsbsec->flags & CONTEXT_MNT);
1019 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
1020
1021
1022
1023
1024
1025 if (!selinux_state.initialized)
1026 return 0;
1027
1028
1029
1030
1031
1032 if (kern_flags && !set_kern_flags)
1033 return -EINVAL;
1034
1035
1036 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
1037
1038
1039 if (newsbsec->flags & SE_SBINITIALIZED)
1040 return selinux_cmp_sb_context(oldsb, newsb);
1041
1042 mutex_lock(&newsbsec->lock);
1043
1044 newsbsec->flags = oldsbsec->flags;
1045
1046 newsbsec->sid = oldsbsec->sid;
1047 newsbsec->def_sid = oldsbsec->def_sid;
1048 newsbsec->behavior = oldsbsec->behavior;
1049
1050 if (newsbsec->behavior == SECURITY_FS_USE_NATIVE &&
1051 !(kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context) {
1052 rc = security_fs_use(&selinux_state, newsb);
1053 if (rc)
1054 goto out;
1055 }
1056
1057 if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !set_context) {
1058 newsbsec->behavior = SECURITY_FS_USE_NATIVE;
1059 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
1060 }
1061
1062 if (set_context) {
1063 u32 sid = oldsbsec->mntpoint_sid;
1064
1065 if (!set_fscontext)
1066 newsbsec->sid = sid;
1067 if (!set_rootcontext) {
1068 struct inode_security_struct *newisec = backing_inode_security(newsb->s_root);
1069 newisec->sid = sid;
1070 }
1071 newsbsec->mntpoint_sid = sid;
1072 }
1073 if (set_rootcontext) {
1074 const struct inode_security_struct *oldisec = backing_inode_security(oldsb->s_root);
1075 struct inode_security_struct *newisec = backing_inode_security(newsb->s_root);
1076
1077 newisec->sid = oldisec->sid;
1078 }
1079
1080 sb_finish_set_opts(newsb);
1081out:
1082 mutex_unlock(&newsbsec->lock);
1083 return rc;
1084}
1085
1086static int selinux_parse_opts_str(char *options,
1087 struct security_mnt_opts *opts)
1088{
1089 char *p;
1090 char *context = NULL, *defcontext = NULL;
1091 char *fscontext = NULL, *rootcontext = NULL;
1092 int rc, num_mnt_opts = 0;
1093
1094 opts->num_mnt_opts = 0;
1095
1096
1097 while ((p = strsep(&options, "|")) != NULL) {
1098 int token;
1099 substring_t args[MAX_OPT_ARGS];
1100
1101 if (!*p)
1102 continue;
1103
1104 token = match_token(p, tokens, args);
1105
1106 switch (token) {
1107 case Opt_context:
1108 if (context || defcontext) {
1109 rc = -EINVAL;
1110 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
1111 goto out_err;
1112 }
1113 context = match_strdup(&args[0]);
1114 if (!context) {
1115 rc = -ENOMEM;
1116 goto out_err;
1117 }
1118 break;
1119
1120 case Opt_fscontext:
1121 if (fscontext) {
1122 rc = -EINVAL;
1123 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
1124 goto out_err;
1125 }
1126 fscontext = match_strdup(&args[0]);
1127 if (!fscontext) {
1128 rc = -ENOMEM;
1129 goto out_err;
1130 }
1131 break;
1132
1133 case Opt_rootcontext:
1134 if (rootcontext) {
1135 rc = -EINVAL;
1136 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
1137 goto out_err;
1138 }
1139 rootcontext = match_strdup(&args[0]);
1140 if (!rootcontext) {
1141 rc = -ENOMEM;
1142 goto out_err;
1143 }
1144 break;
1145
1146 case Opt_defcontext:
1147 if (context || defcontext) {
1148 rc = -EINVAL;
1149 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
1150 goto out_err;
1151 }
1152 defcontext = match_strdup(&args[0]);
1153 if (!defcontext) {
1154 rc = -ENOMEM;
1155 goto out_err;
1156 }
1157 break;
1158 case Opt_labelsupport:
1159 break;
1160 default:
1161 rc = -EINVAL;
1162 printk(KERN_WARNING "SELinux: unknown mount option\n");
1163 goto out_err;
1164
1165 }
1166 }
1167
1168 rc = -ENOMEM;
1169 opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_KERNEL);
1170 if (!opts->mnt_opts)
1171 goto out_err;
1172
1173 opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int),
1174 GFP_KERNEL);
1175 if (!opts->mnt_opts_flags)
1176 goto out_err;
1177
1178 if (fscontext) {
1179 opts->mnt_opts[num_mnt_opts] = fscontext;
1180 opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;
1181 }
1182 if (context) {
1183 opts->mnt_opts[num_mnt_opts] = context;
1184 opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;
1185 }
1186 if (rootcontext) {
1187 opts->mnt_opts[num_mnt_opts] = rootcontext;
1188 opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;
1189 }
1190 if (defcontext) {
1191 opts->mnt_opts[num_mnt_opts] = defcontext;
1192 opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;
1193 }
1194
1195 opts->num_mnt_opts = num_mnt_opts;
1196 return 0;
1197
1198out_err:
1199 security_free_mnt_opts(opts);
1200 kfree(context);
1201 kfree(defcontext);
1202 kfree(fscontext);
1203 kfree(rootcontext);
1204 return rc;
1205}
1206
1207
1208
1209static int superblock_doinit(struct super_block *sb, void *data)
1210{
1211 int rc = 0;
1212 char *options = data;
1213 struct security_mnt_opts opts;
1214
1215 security_init_mnt_opts(&opts);
1216
1217 if (!data)
1218 goto out;
1219
1220 BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
1221
1222 rc = selinux_parse_opts_str(options, &opts);
1223 if (rc)
1224 goto out_err;
1225
1226out:
1227 rc = selinux_set_mnt_opts(sb, &opts, 0, NULL);
1228
1229out_err:
1230 security_free_mnt_opts(&opts);
1231 return rc;
1232}
1233
1234static void selinux_write_opts(struct seq_file *m,
1235 struct security_mnt_opts *opts)
1236{
1237 int i;
1238 char *prefix;
1239
1240 for (i = 0; i < opts->num_mnt_opts; i++) {
1241 char *has_comma;
1242
1243 if (opts->mnt_opts[i])
1244 has_comma = strchr(opts->mnt_opts[i], ',');
1245 else
1246 has_comma = NULL;
1247
1248 switch (opts->mnt_opts_flags[i]) {
1249 case CONTEXT_MNT:
1250 prefix = CONTEXT_STR;
1251 break;
1252 case FSCONTEXT_MNT:
1253 prefix = FSCONTEXT_STR;
1254 break;
1255 case ROOTCONTEXT_MNT:
1256 prefix = ROOTCONTEXT_STR;
1257 break;
1258 case DEFCONTEXT_MNT:
1259 prefix = DEFCONTEXT_STR;
1260 break;
1261 case SBLABEL_MNT:
1262 seq_putc(m, ',');
1263 seq_puts(m, LABELSUPP_STR);
1264 continue;
1265 default:
1266 BUG();
1267 return;
1268 };
1269
1270 seq_putc(m, ',');
1271 seq_puts(m, prefix);
1272 if (has_comma)
1273 seq_putc(m, '\"');
1274 seq_escape(m, opts->mnt_opts[i], "\"\n\\");
1275 if (has_comma)
1276 seq_putc(m, '\"');
1277 }
1278}
1279
1280static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
1281{
1282 struct security_mnt_opts opts;
1283 int rc;
1284
1285 rc = selinux_get_mnt_opts(sb, &opts);
1286 if (rc) {
1287
1288 if (rc == -EINVAL)
1289 rc = 0;
1290 return rc;
1291 }
1292
1293 selinux_write_opts(m, &opts);
1294
1295 security_free_mnt_opts(&opts);
1296
1297 return rc;
1298}
1299
1300static inline u16 inode_mode_to_security_class(umode_t mode)
1301{
1302 switch (mode & S_IFMT) {
1303 case S_IFSOCK:
1304 return SECCLASS_SOCK_FILE;
1305 case S_IFLNK:
1306 return SECCLASS_LNK_FILE;
1307 case S_IFREG:
1308 return SECCLASS_FILE;
1309 case S_IFBLK:
1310 return SECCLASS_BLK_FILE;
1311 case S_IFDIR:
1312 return SECCLASS_DIR;
1313 case S_IFCHR:
1314 return SECCLASS_CHR_FILE;
1315 case S_IFIFO:
1316 return SECCLASS_FIFO_FILE;
1317
1318 }
1319
1320 return SECCLASS_FILE;
1321}
1322
1323static inline int default_protocol_stream(int protocol)
1324{
1325 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
1326}
1327
1328static inline int default_protocol_dgram(int protocol)
1329{
1330 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
1331}
1332
1333static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1334{
1335 int extsockclass = selinux_policycap_extsockclass();
1336
1337 switch (family) {
1338 case PF_UNIX:
1339 switch (type) {
1340 case SOCK_STREAM:
1341 case SOCK_SEQPACKET:
1342 return SECCLASS_UNIX_STREAM_SOCKET;
1343 case SOCK_DGRAM:
1344 case SOCK_RAW:
1345 return SECCLASS_UNIX_DGRAM_SOCKET;
1346 }
1347 break;
1348 case PF_INET:
1349 case PF_INET6:
1350 switch (type) {
1351 case SOCK_STREAM:
1352 case SOCK_SEQPACKET:
1353 if (default_protocol_stream(protocol))
1354 return SECCLASS_TCP_SOCKET;
1355 else if (extsockclass && protocol == IPPROTO_SCTP)
1356 return SECCLASS_SCTP_SOCKET;
1357 else
1358 return SECCLASS_RAWIP_SOCKET;
1359 case SOCK_DGRAM:
1360 if (default_protocol_dgram(protocol))
1361 return SECCLASS_UDP_SOCKET;
1362 else if (extsockclass && (protocol == IPPROTO_ICMP ||
1363 protocol == IPPROTO_ICMPV6))
1364 return SECCLASS_ICMP_SOCKET;
1365 else
1366 return SECCLASS_RAWIP_SOCKET;
1367 case SOCK_DCCP:
1368 return SECCLASS_DCCP_SOCKET;
1369 default:
1370 return SECCLASS_RAWIP_SOCKET;
1371 }
1372 break;
1373 case PF_NETLINK:
1374 switch (protocol) {
1375 case NETLINK_ROUTE:
1376 return SECCLASS_NETLINK_ROUTE_SOCKET;
1377 case NETLINK_SOCK_DIAG:
1378 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1379 case NETLINK_NFLOG:
1380 return SECCLASS_NETLINK_NFLOG_SOCKET;
1381 case NETLINK_XFRM:
1382 return SECCLASS_NETLINK_XFRM_SOCKET;
1383 case NETLINK_SELINUX:
1384 return SECCLASS_NETLINK_SELINUX_SOCKET;
1385 case NETLINK_ISCSI:
1386 return SECCLASS_NETLINK_ISCSI_SOCKET;
1387 case NETLINK_AUDIT:
1388 return SECCLASS_NETLINK_AUDIT_SOCKET;
1389 case NETLINK_FIB_LOOKUP:
1390 return SECCLASS_NETLINK_FIB_LOOKUP_SOCKET;
1391 case NETLINK_CONNECTOR:
1392 return SECCLASS_NETLINK_CONNECTOR_SOCKET;
1393 case NETLINK_NETFILTER:
1394 return SECCLASS_NETLINK_NETFILTER_SOCKET;
1395 case NETLINK_DNRTMSG:
1396 return SECCLASS_NETLINK_DNRT_SOCKET;
1397 case NETLINK_KOBJECT_UEVENT:
1398 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1399 case NETLINK_GENERIC:
1400 return SECCLASS_NETLINK_GENERIC_SOCKET;
1401 case NETLINK_SCSITRANSPORT:
1402 return SECCLASS_NETLINK_SCSITRANSPORT_SOCKET;
1403 case NETLINK_RDMA:
1404 return SECCLASS_NETLINK_RDMA_SOCKET;
1405 case NETLINK_CRYPTO:
1406 return SECCLASS_NETLINK_CRYPTO_SOCKET;
1407 default:
1408 return SECCLASS_NETLINK_SOCKET;
1409 }
1410 case PF_PACKET:
1411 return SECCLASS_PACKET_SOCKET;
1412 case PF_KEY:
1413 return SECCLASS_KEY_SOCKET;
1414 case PF_APPLETALK:
1415 return SECCLASS_APPLETALK_SOCKET;
1416 }
1417
1418 if (extsockclass) {
1419 switch (family) {
1420 case PF_AX25:
1421 return SECCLASS_AX25_SOCKET;
1422 case PF_IPX:
1423 return SECCLASS_IPX_SOCKET;
1424 case PF_NETROM:
1425 return SECCLASS_NETROM_SOCKET;
1426 case PF_ATMPVC:
1427 return SECCLASS_ATMPVC_SOCKET;
1428 case PF_X25:
1429 return SECCLASS_X25_SOCKET;
1430 case PF_ROSE:
1431 return SECCLASS_ROSE_SOCKET;
1432 case PF_DECnet:
1433 return SECCLASS_DECNET_SOCKET;
1434 case PF_ATMSVC:
1435 return SECCLASS_ATMSVC_SOCKET;
1436 case PF_RDS:
1437 return SECCLASS_RDS_SOCKET;
1438 case PF_IRDA:
1439 return SECCLASS_IRDA_SOCKET;
1440 case PF_PPPOX:
1441 return SECCLASS_PPPOX_SOCKET;
1442 case PF_LLC:
1443 return SECCLASS_LLC_SOCKET;
1444 case PF_CAN:
1445 return SECCLASS_CAN_SOCKET;
1446 case PF_TIPC:
1447 return SECCLASS_TIPC_SOCKET;
1448 case PF_BLUETOOTH:
1449 return SECCLASS_BLUETOOTH_SOCKET;
1450 case PF_IUCV:
1451 return SECCLASS_IUCV_SOCKET;
1452 case PF_RXRPC:
1453 return SECCLASS_RXRPC_SOCKET;
1454 case PF_ISDN:
1455 return SECCLASS_ISDN_SOCKET;
1456 case PF_PHONET:
1457 return SECCLASS_PHONET_SOCKET;
1458 case PF_IEEE802154:
1459 return SECCLASS_IEEE802154_SOCKET;
1460 case PF_CAIF:
1461 return SECCLASS_CAIF_SOCKET;
1462 case PF_ALG:
1463 return SECCLASS_ALG_SOCKET;
1464 case PF_NFC:
1465 return SECCLASS_NFC_SOCKET;
1466 case PF_VSOCK:
1467 return SECCLASS_VSOCK_SOCKET;
1468 case PF_KCM:
1469 return SECCLASS_KCM_SOCKET;
1470 case PF_QIPCRTR:
1471 return SECCLASS_QIPCRTR_SOCKET;
1472 case PF_SMC:
1473 return SECCLASS_SMC_SOCKET;
1474#if PF_MAX > 44
1475#error New address family defined, please update this function.
1476#endif
1477 }
1478 }
1479
1480 return SECCLASS_SOCKET;
1481}
1482
1483static int selinux_genfs_get_sid(struct dentry *dentry,
1484 u16 tclass,
1485 u16 flags,
1486 u32 *sid)
1487{
1488 int rc;
1489 struct super_block *sb = dentry->d_sb;
1490 char *buffer, *path;
1491
1492 buffer = (char *)__get_free_page(GFP_KERNEL);
1493 if (!buffer)
1494 return -ENOMEM;
1495
1496 path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
1497 if (IS_ERR(path))
1498 rc = PTR_ERR(path);
1499 else {
1500 if (flags & SE_SBPROC) {
1501
1502
1503
1504 while (path[1] >= '0' && path[1] <= '9') {
1505 path[1] = '/';
1506 path++;
1507 }
1508 }
1509 rc = security_genfs_sid(&selinux_state, sb->s_type->name,
1510 path, tclass, sid);
1511 }
1512 free_page((unsigned long)buffer);
1513 return rc;
1514}
1515
1516
1517static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1518{
1519 struct superblock_security_struct *sbsec = NULL;
1520 struct inode_security_struct *isec = inode->i_security;
1521 u32 task_sid, sid = 0;
1522 u16 sclass;
1523 struct dentry *dentry;
1524#define INITCONTEXTLEN 255
1525 char *context = NULL;
1526 unsigned len = 0;
1527 int rc = 0;
1528
1529 if (isec->initialized == LABEL_INITIALIZED)
1530 return 0;
1531
1532 spin_lock(&isec->lock);
1533 if (isec->initialized == LABEL_INITIALIZED)
1534 goto out_unlock;
1535
1536 if (isec->sclass == SECCLASS_FILE)
1537 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1538
1539 sbsec = inode->i_sb->s_security;
1540 if (!(sbsec->flags & SE_SBINITIALIZED)) {
1541
1542
1543
1544 spin_lock(&sbsec->isec_lock);
1545 if (list_empty(&isec->list))
1546 list_add(&isec->list, &sbsec->isec_head);
1547 spin_unlock(&sbsec->isec_lock);
1548 goto out_unlock;
1549 }
1550
1551 sclass = isec->sclass;
1552 task_sid = isec->task_sid;
1553 sid = isec->sid;
1554 isec->initialized = LABEL_PENDING;
1555 spin_unlock(&isec->lock);
1556
1557 switch (sbsec->behavior) {
1558 case SECURITY_FS_USE_NATIVE:
1559 break;
1560 case SECURITY_FS_USE_XATTR:
1561 if (!(inode->i_opflags & IOP_XATTR)) {
1562 sid = sbsec->def_sid;
1563 break;
1564 }
1565
1566
1567 if (opt_dentry) {
1568
1569 dentry = dget(opt_dentry);
1570 } else {
1571
1572
1573
1574
1575
1576
1577 dentry = d_find_alias(inode);
1578 if (!dentry)
1579 dentry = d_find_any_alias(inode);
1580 }
1581 if (!dentry) {
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591 goto out;
1592 }
1593
1594 len = INITCONTEXTLEN;
1595 context = kmalloc(len+1, GFP_NOFS);
1596 if (!context) {
1597 rc = -ENOMEM;
1598 dput(dentry);
1599 goto out;
1600 }
1601 context[len] = '\0';
1602 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len);
1603 if (rc == -ERANGE) {
1604 kfree(context);
1605
1606
1607 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, NULL, 0);
1608 if (rc < 0) {
1609 dput(dentry);
1610 goto out;
1611 }
1612 len = rc;
1613 context = kmalloc(len+1, GFP_NOFS);
1614 if (!context) {
1615 rc = -ENOMEM;
1616 dput(dentry);
1617 goto out;
1618 }
1619 context[len] = '\0';
1620 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len);
1621 }
1622 dput(dentry);
1623 if (rc < 0) {
1624 if (rc != -ENODATA) {
1625 printk(KERN_WARNING "SELinux: %s: getxattr returned "
1626 "%d for dev=%s ino=%ld\n", __func__,
1627 -rc, inode->i_sb->s_id, inode->i_ino);
1628 kfree(context);
1629 goto out;
1630 }
1631
1632 sid = sbsec->def_sid;
1633 rc = 0;
1634 } else {
1635 rc = security_context_to_sid_default(&selinux_state,
1636 context, rc, &sid,
1637 sbsec->def_sid,
1638 GFP_NOFS);
1639 if (rc) {
1640 char *dev = inode->i_sb->s_id;
1641 unsigned long ino = inode->i_ino;
1642
1643 if (rc == -EINVAL) {
1644 if (printk_ratelimit())
1645 printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
1646 "context=%s. This indicates you may need to relabel the inode or the "
1647 "filesystem in question.\n", ino, dev, context);
1648 } else {
1649 printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
1650 "returned %d for dev=%s ino=%ld\n",
1651 __func__, context, -rc, dev, ino);
1652 }
1653 kfree(context);
1654
1655 rc = 0;
1656 break;
1657 }
1658 }
1659 kfree(context);
1660 break;
1661 case SECURITY_FS_USE_TASK:
1662 sid = task_sid;
1663 break;
1664 case SECURITY_FS_USE_TRANS:
1665
1666 sid = sbsec->sid;
1667
1668
1669 rc = security_transition_sid(&selinux_state, task_sid, sid,
1670 sclass, NULL, &sid);
1671 if (rc)
1672 goto out;
1673 break;
1674 case SECURITY_FS_USE_MNTPOINT:
1675 sid = sbsec->mntpoint_sid;
1676 break;
1677 default:
1678
1679 sid = sbsec->sid;
1680
1681 if ((sbsec->flags & SE_SBGENFS) && !S_ISLNK(inode->i_mode)) {
1682
1683
1684 if (opt_dentry) {
1685
1686
1687 dentry = dget(opt_dentry);
1688 } else {
1689
1690
1691
1692
1693 dentry = d_find_alias(inode);
1694 if (!dentry)
1695 dentry = d_find_any_alias(inode);
1696 }
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706 if (!dentry)
1707 goto out;
1708 rc = selinux_genfs_get_sid(dentry, sclass,
1709 sbsec->flags, &sid);
1710 dput(dentry);
1711 if (rc)
1712 goto out;
1713 }
1714 break;
1715 }
1716
1717out:
1718 spin_lock(&isec->lock);
1719 if (isec->initialized == LABEL_PENDING) {
1720 if (!sid || rc) {
1721 isec->initialized = LABEL_INVALID;
1722 goto out_unlock;
1723 }
1724
1725 isec->initialized = LABEL_INITIALIZED;
1726 isec->sid = sid;
1727 }
1728
1729out_unlock:
1730 spin_unlock(&isec->lock);
1731 return rc;
1732}
1733
1734
1735static inline u32 signal_to_av(int sig)
1736{
1737 u32 perm = 0;
1738
1739 switch (sig) {
1740 case SIGCHLD:
1741
1742 perm = PROCESS__SIGCHLD;
1743 break;
1744 case SIGKILL:
1745
1746 perm = PROCESS__SIGKILL;
1747 break;
1748 case SIGSTOP:
1749
1750 perm = PROCESS__SIGSTOP;
1751 break;
1752 default:
1753
1754 perm = PROCESS__SIGNAL;
1755 break;
1756 }
1757
1758 return perm;
1759}
1760
1761#if CAP_LAST_CAP > 63
1762#error Fix SELinux to handle capabilities > 63.
1763#endif
1764
1765
1766static int cred_has_capability(const struct cred *cred,
1767 int cap, int audit, bool initns)
1768{
1769 struct common_audit_data ad;
1770 struct av_decision avd;
1771 u16 sclass;
1772 u32 sid = cred_sid(cred);
1773 u32 av = CAP_TO_MASK(cap);
1774 int rc;
1775
1776 ad.type = LSM_AUDIT_DATA_CAP;
1777 ad.u.cap = cap;
1778
1779 switch (CAP_TO_INDEX(cap)) {
1780 case 0:
1781 sclass = initns ? SECCLASS_CAPABILITY : SECCLASS_CAP_USERNS;
1782 break;
1783 case 1:
1784 sclass = initns ? SECCLASS_CAPABILITY2 : SECCLASS_CAP2_USERNS;
1785 break;
1786 default:
1787 printk(KERN_ERR
1788 "SELinux: out of range capability %d\n", cap);
1789 BUG();
1790 return -EINVAL;
1791 }
1792
1793 rc = avc_has_perm_noaudit(&selinux_state,
1794 sid, sid, sclass, av, 0, &avd);
1795 if (audit == SECURITY_CAP_AUDIT) {
1796 int rc2 = avc_audit(&selinux_state,
1797 sid, sid, sclass, av, &avd, rc, &ad, 0);
1798 if (rc2)
1799 return rc2;
1800 }
1801 return rc;
1802}
1803
1804
1805
1806
1807static int inode_has_perm(const struct cred *cred,
1808 struct inode *inode,
1809 u32 perms,
1810 struct common_audit_data *adp)
1811{
1812 struct inode_security_struct *isec;
1813 u32 sid;
1814
1815 validate_creds(cred);
1816
1817 if (unlikely(IS_PRIVATE(inode)))
1818 return 0;
1819
1820 sid = cred_sid(cred);
1821 isec = inode->i_security;
1822
1823 return avc_has_perm(&selinux_state,
1824 sid, isec->sid, isec->sclass, perms, adp);
1825}
1826
1827
1828
1829
1830static inline int dentry_has_perm(const struct cred *cred,
1831 struct dentry *dentry,
1832 u32 av)
1833{
1834 struct inode *inode = d_backing_inode(dentry);
1835 struct common_audit_data ad;
1836
1837 ad.type = LSM_AUDIT_DATA_DENTRY;
1838 ad.u.dentry = dentry;
1839 __inode_security_revalidate(inode, dentry, true);
1840 return inode_has_perm(cred, inode, av, &ad);
1841}
1842
1843
1844
1845
1846static inline int path_has_perm(const struct cred *cred,
1847 const struct path *path,
1848 u32 av)
1849{
1850 struct inode *inode = d_backing_inode(path->dentry);
1851 struct common_audit_data ad;
1852
1853 ad.type = LSM_AUDIT_DATA_PATH;
1854 ad.u.path = *path;
1855 __inode_security_revalidate(inode, path->dentry, true);
1856 return inode_has_perm(cred, inode, av, &ad);
1857}
1858
1859
1860static inline int file_path_has_perm(const struct cred *cred,
1861 struct file *file,
1862 u32 av)
1863{
1864 struct common_audit_data ad;
1865
1866 ad.type = LSM_AUDIT_DATA_FILE;
1867 ad.u.file = file;
1868 return inode_has_perm(cred, file_inode(file), av, &ad);
1869}
1870
1871#ifdef CONFIG_BPF_SYSCALL
1872static int bpf_fd_pass(struct file *file, u32 sid);
1873#endif
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883static int file_has_perm(const struct cred *cred,
1884 struct file *file,
1885 u32 av)
1886{
1887 struct file_security_struct *fsec = file->f_security;
1888 struct inode *inode = file_inode(file);
1889 struct common_audit_data ad;
1890 u32 sid = cred_sid(cred);
1891 int rc;
1892
1893 ad.type = LSM_AUDIT_DATA_FILE;
1894 ad.u.file = file;
1895
1896 if (sid != fsec->sid) {
1897 rc = avc_has_perm(&selinux_state,
1898 sid, fsec->sid,
1899 SECCLASS_FD,
1900 FD__USE,
1901 &ad);
1902 if (rc)
1903 goto out;
1904 }
1905
1906#ifdef CONFIG_BPF_SYSCALL
1907 rc = bpf_fd_pass(file, cred_sid(cred));
1908 if (rc)
1909 return rc;
1910#endif
1911
1912
1913 rc = 0;
1914 if (av)
1915 rc = inode_has_perm(cred, inode, av, &ad);
1916
1917out:
1918 return rc;
1919}
1920
1921
1922
1923
1924static int
1925selinux_determine_inode_label(const struct task_security_struct *tsec,
1926 struct inode *dir,
1927 const struct qstr *name, u16 tclass,
1928 u32 *_new_isid)
1929{
1930 const struct superblock_security_struct *sbsec = dir->i_sb->s_security;
1931
1932 if ((sbsec->flags & SE_SBINITIALIZED) &&
1933 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) {
1934 *_new_isid = sbsec->mntpoint_sid;
1935 } else if ((sbsec->flags & SBLABEL_MNT) &&
1936 tsec->create_sid) {
1937 *_new_isid = tsec->create_sid;
1938 } else {
1939 const struct inode_security_struct *dsec = inode_security(dir);
1940 return security_transition_sid(&selinux_state, tsec->sid,
1941 dsec->sid, tclass,
1942 name, _new_isid);
1943 }
1944
1945 return 0;
1946}
1947
1948
1949static int may_create(struct inode *dir,
1950 struct dentry *dentry,
1951 u16 tclass)
1952{
1953 const struct task_security_struct *tsec = current_security();
1954 struct inode_security_struct *dsec;
1955 struct superblock_security_struct *sbsec;
1956 u32 sid, newsid;
1957 struct common_audit_data ad;
1958 int rc;
1959
1960 dsec = inode_security(dir);
1961 sbsec = dir->i_sb->s_security;
1962
1963 sid = tsec->sid;
1964
1965 ad.type = LSM_AUDIT_DATA_DENTRY;
1966 ad.u.dentry = dentry;
1967
1968 rc = avc_has_perm(&selinux_state,
1969 sid, dsec->sid, SECCLASS_DIR,
1970 DIR__ADD_NAME | DIR__SEARCH,
1971 &ad);
1972 if (rc)
1973 return rc;
1974
1975 rc = selinux_determine_inode_label(current_security(), dir,
1976 &dentry->d_name, tclass, &newsid);
1977 if (rc)
1978 return rc;
1979
1980 rc = avc_has_perm(&selinux_state,
1981 sid, newsid, tclass, FILE__CREATE, &ad);
1982 if (rc)
1983 return rc;
1984
1985 return avc_has_perm(&selinux_state,
1986 newsid, sbsec->sid,
1987 SECCLASS_FILESYSTEM,
1988 FILESYSTEM__ASSOCIATE, &ad);
1989}
1990
1991#define MAY_LINK 0
1992#define MAY_UNLINK 1
1993#define MAY_RMDIR 2
1994
1995
1996static int may_link(struct inode *dir,
1997 struct dentry *dentry,
1998 int kind)
1999
2000{
2001 struct inode_security_struct *dsec, *isec;
2002 struct common_audit_data ad;
2003 u32 sid = current_sid();
2004 u32 av;
2005 int rc;
2006
2007 dsec = inode_security(dir);
2008 isec = backing_inode_security(dentry);
2009
2010 ad.type = LSM_AUDIT_DATA_DENTRY;
2011 ad.u.dentry = dentry;
2012
2013 av = DIR__SEARCH;
2014 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
2015 rc = avc_has_perm(&selinux_state,
2016 sid, dsec->sid, SECCLASS_DIR, av, &ad);
2017 if (rc)
2018 return rc;
2019
2020 switch (kind) {
2021 case MAY_LINK:
2022 av = FILE__LINK;
2023 break;
2024 case MAY_UNLINK:
2025 av = FILE__UNLINK;
2026 break;
2027 case MAY_RMDIR:
2028 av = DIR__RMDIR;
2029 break;
2030 default:
2031 printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
2032 __func__, kind);
2033 return 0;
2034 }
2035
2036 rc = avc_has_perm(&selinux_state,
2037 sid, isec->sid, isec->sclass, av, &ad);
2038 return rc;
2039}
2040
2041static inline int may_rename(struct inode *old_dir,
2042 struct dentry *old_dentry,
2043 struct inode *new_dir,
2044 struct dentry *new_dentry)
2045{
2046 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
2047 struct common_audit_data ad;
2048 u32 sid = current_sid();
2049 u32 av;
2050 int old_is_dir, new_is_dir;
2051 int rc;
2052
2053 old_dsec = inode_security(old_dir);
2054 old_isec = backing_inode_security(old_dentry);
2055 old_is_dir = d_is_dir(old_dentry);
2056 new_dsec = inode_security(new_dir);
2057
2058 ad.type = LSM_AUDIT_DATA_DENTRY;
2059
2060 ad.u.dentry = old_dentry;
2061 rc = avc_has_perm(&selinux_state,
2062 sid, old_dsec->sid, SECCLASS_DIR,
2063 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
2064 if (rc)
2065 return rc;
2066 rc = avc_has_perm(&selinux_state,
2067 sid, old_isec->sid,
2068 old_isec->sclass, FILE__RENAME, &ad);
2069 if (rc)
2070 return rc;
2071 if (old_is_dir && new_dir != old_dir) {
2072 rc = avc_has_perm(&selinux_state,
2073 sid, old_isec->sid,
2074 old_isec->sclass, DIR__REPARENT, &ad);
2075 if (rc)
2076 return rc;
2077 }
2078
2079 ad.u.dentry = new_dentry;
2080 av = DIR__ADD_NAME | DIR__SEARCH;
2081 if (d_is_positive(new_dentry))
2082 av |= DIR__REMOVE_NAME;
2083 rc = avc_has_perm(&selinux_state,
2084 sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
2085 if (rc)
2086 return rc;
2087 if (d_is_positive(new_dentry)) {
2088 new_isec = backing_inode_security(new_dentry);
2089 new_is_dir = d_is_dir(new_dentry);
2090 rc = avc_has_perm(&selinux_state,
2091 sid, new_isec->sid,
2092 new_isec->sclass,
2093 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
2094 if (rc)
2095 return rc;
2096 }
2097
2098 return 0;
2099}
2100
2101
2102static int superblock_has_perm(const struct cred *cred,
2103 struct super_block *sb,
2104 u32 perms,
2105 struct common_audit_data *ad)
2106{
2107 struct superblock_security_struct *sbsec;
2108 u32 sid = cred_sid(cred);
2109
2110 sbsec = sb->s_security;
2111 return avc_has_perm(&selinux_state,
2112 sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
2113}
2114
2115
2116static inline u32 file_mask_to_av(int mode, int mask)
2117{
2118 u32 av = 0;
2119
2120 if (!S_ISDIR(mode)) {
2121 if (mask & MAY_EXEC)
2122 av |= FILE__EXECUTE;
2123 if (mask & MAY_READ)
2124 av |= FILE__READ;
2125
2126 if (mask & MAY_APPEND)
2127 av |= FILE__APPEND;
2128 else if (mask & MAY_WRITE)
2129 av |= FILE__WRITE;
2130
2131 } else {
2132 if (mask & MAY_EXEC)
2133 av |= DIR__SEARCH;
2134 if (mask & MAY_WRITE)
2135 av |= DIR__WRITE;
2136 if (mask & MAY_READ)
2137 av |= DIR__READ;
2138 }
2139
2140 return av;
2141}
2142
2143
2144static inline u32 file_to_av(struct file *file)
2145{
2146 u32 av = 0;
2147
2148 if (file->f_mode & FMODE_READ)
2149 av |= FILE__READ;
2150 if (file->f_mode & FMODE_WRITE) {
2151 if (file->f_flags & O_APPEND)
2152 av |= FILE__APPEND;
2153 else
2154 av |= FILE__WRITE;
2155 }
2156 if (!av) {
2157
2158
2159
2160 av = FILE__IOCTL;
2161 }
2162
2163 return av;
2164}
2165
2166
2167
2168
2169
2170static inline u32 open_file_to_av(struct file *file)
2171{
2172 u32 av = file_to_av(file);
2173 struct inode *inode = file_inode(file);
2174
2175 if (selinux_policycap_openperm() &&
2176 inode->i_sb->s_magic != SOCKFS_MAGIC)
2177 av |= FILE__OPEN;
2178
2179 return av;
2180}
2181
2182
2183
2184static int selinux_binder_set_context_mgr(struct task_struct *mgr)
2185{
2186 u32 mysid = current_sid();
2187 u32 mgrsid = task_sid(mgr);
2188
2189 return avc_has_perm(&selinux_state,
2190 mysid, mgrsid, SECCLASS_BINDER,
2191 BINDER__SET_CONTEXT_MGR, NULL);
2192}
2193
2194static int selinux_binder_transaction(struct task_struct *from,
2195 struct task_struct *to)
2196{
2197 u32 mysid = current_sid();
2198 u32 fromsid = task_sid(from);
2199 u32 tosid = task_sid(to);
2200 int rc;
2201
2202 if (mysid != fromsid) {
2203 rc = avc_has_perm(&selinux_state,
2204 mysid, fromsid, SECCLASS_BINDER,
2205 BINDER__IMPERSONATE, NULL);
2206 if (rc)
2207 return rc;
2208 }
2209
2210 return avc_has_perm(&selinux_state,
2211 fromsid, tosid, SECCLASS_BINDER, BINDER__CALL,
2212 NULL);
2213}
2214
2215static int selinux_binder_transfer_binder(struct task_struct *from,
2216 struct task_struct *to)
2217{
2218 u32 fromsid = task_sid(from);
2219 u32 tosid = task_sid(to);
2220
2221 return avc_has_perm(&selinux_state,
2222 fromsid, tosid, SECCLASS_BINDER, BINDER__TRANSFER,
2223 NULL);
2224}
2225
2226static int selinux_binder_transfer_file(struct task_struct *from,
2227 struct task_struct *to,
2228 struct file *file)
2229{
2230 u32 sid = task_sid(to);
2231 struct file_security_struct *fsec = file->f_security;
2232 struct dentry *dentry = file->f_path.dentry;
2233 struct inode_security_struct *isec;
2234 struct common_audit_data ad;
2235 int rc;
2236
2237 ad.type = LSM_AUDIT_DATA_PATH;
2238 ad.u.path = file->f_path;
2239
2240 if (sid != fsec->sid) {
2241 rc = avc_has_perm(&selinux_state,
2242 sid, fsec->sid,
2243 SECCLASS_FD,
2244 FD__USE,
2245 &ad);
2246 if (rc)
2247 return rc;
2248 }
2249
2250#ifdef CONFIG_BPF_SYSCALL
2251 rc = bpf_fd_pass(file, sid);
2252 if (rc)
2253 return rc;
2254#endif
2255
2256 if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2257 return 0;
2258
2259 isec = backing_inode_security(dentry);
2260 return avc_has_perm(&selinux_state,
2261 sid, isec->sid, isec->sclass, file_to_av(file),
2262 &ad);
2263}
2264
2265static int selinux_ptrace_access_check(struct task_struct *child,
2266 unsigned int mode)
2267{
2268 u32 sid = current_sid();
2269 u32 csid = task_sid(child);
2270
2271 if (mode & PTRACE_MODE_READ)
2272 return avc_has_perm(&selinux_state,
2273 sid, csid, SECCLASS_FILE, FILE__READ, NULL);
2274
2275 return avc_has_perm(&selinux_state,
2276 sid, csid, SECCLASS_PROCESS, PROCESS__PTRACE, NULL);
2277}
2278
2279static int selinux_ptrace_traceme(struct task_struct *parent)
2280{
2281 return avc_has_perm(&selinux_state,
2282 task_sid(parent), current_sid(), SECCLASS_PROCESS,
2283 PROCESS__PTRACE, NULL);
2284}
2285
2286static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
2287 kernel_cap_t *inheritable, kernel_cap_t *permitted)
2288{
2289 return avc_has_perm(&selinux_state,
2290 current_sid(), task_sid(target), SECCLASS_PROCESS,
2291 PROCESS__GETCAP, NULL);
2292}
2293
2294static int selinux_capset(struct cred *new, const struct cred *old,
2295 const kernel_cap_t *effective,
2296 const kernel_cap_t *inheritable,
2297 const kernel_cap_t *permitted)
2298{
2299 return avc_has_perm(&selinux_state,
2300 cred_sid(old), cred_sid(new), SECCLASS_PROCESS,
2301 PROCESS__SETCAP, NULL);
2302}
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
2315 int cap, int audit)
2316{
2317 return cred_has_capability(cred, cap, audit, ns == &init_user_ns);
2318}
2319
2320static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
2321{
2322 const struct cred *cred = current_cred();
2323 int rc = 0;
2324
2325 if (!sb)
2326 return 0;
2327
2328 switch (cmds) {
2329 case Q_SYNC:
2330 case Q_QUOTAON:
2331 case Q_QUOTAOFF:
2332 case Q_SETINFO:
2333 case Q_SETQUOTA:
2334 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
2335 break;
2336 case Q_GETFMT:
2337 case Q_GETINFO:
2338 case Q_GETQUOTA:
2339 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
2340 break;
2341 default:
2342 rc = 0;
2343 break;
2344 }
2345 return rc;
2346}
2347
2348static int selinux_quota_on(struct dentry *dentry)
2349{
2350 const struct cred *cred = current_cred();
2351
2352 return dentry_has_perm(cred, dentry, FILE__QUOTAON);
2353}
2354
2355static int selinux_syslog(int type)
2356{
2357 switch (type) {
2358 case SYSLOG_ACTION_READ_ALL:
2359 case SYSLOG_ACTION_SIZE_BUFFER:
2360 return avc_has_perm(&selinux_state,
2361 current_sid(), SECINITSID_KERNEL,
2362 SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, NULL);
2363 case SYSLOG_ACTION_CONSOLE_OFF:
2364 case SYSLOG_ACTION_CONSOLE_ON:
2365
2366 case SYSLOG_ACTION_CONSOLE_LEVEL:
2367 return avc_has_perm(&selinux_state,
2368 current_sid(), SECINITSID_KERNEL,
2369 SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE,
2370 NULL);
2371 }
2372
2373 return avc_has_perm(&selinux_state,
2374 current_sid(), SECINITSID_KERNEL,
2375 SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, NULL);
2376}
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
2387{
2388 int rc, cap_sys_admin = 0;
2389
2390 rc = cred_has_capability(current_cred(), CAP_SYS_ADMIN,
2391 SECURITY_CAP_NOAUDIT, true);
2392 if (rc == 0)
2393 cap_sys_admin = 1;
2394
2395 return cap_sys_admin;
2396}
2397
2398
2399
2400static u32 ptrace_parent_sid(void)
2401{
2402 u32 sid = 0;
2403 struct task_struct *tracer;
2404
2405 rcu_read_lock();
2406 tracer = ptrace_parent(current);
2407 if (tracer)
2408 sid = task_sid(tracer);
2409 rcu_read_unlock();
2410
2411 return sid;
2412}
2413
2414static int check_nnp_nosuid(const struct linux_binprm *bprm,
2415 const struct task_security_struct *old_tsec,
2416 const struct task_security_struct *new_tsec)
2417{
2418 int nnp = (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS);
2419 int nosuid = !mnt_may_suid(bprm->file->f_path.mnt);
2420 int rc;
2421 u32 av;
2422
2423 if (!nnp && !nosuid)
2424 return 0;
2425
2426 if (new_tsec->sid == old_tsec->sid)
2427 return 0;
2428
2429
2430
2431
2432
2433
2434
2435 if (selinux_policycap_nnp_nosuid_transition()) {
2436 av = 0;
2437 if (nnp)
2438 av |= PROCESS2__NNP_TRANSITION;
2439 if (nosuid)
2440 av |= PROCESS2__NOSUID_TRANSITION;
2441 rc = avc_has_perm(&selinux_state,
2442 old_tsec->sid, new_tsec->sid,
2443 SECCLASS_PROCESS2, av, NULL);
2444 if (!rc)
2445 return 0;
2446 }
2447
2448
2449
2450
2451
2452
2453 rc = security_bounded_transition(&selinux_state, old_tsec->sid,
2454 new_tsec->sid);
2455 if (!rc)
2456 return 0;
2457
2458
2459
2460
2461
2462
2463 if (nnp)
2464 return -EPERM;
2465 return -EACCES;
2466}
2467
2468static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2469{
2470 const struct task_security_struct *old_tsec;
2471 struct task_security_struct *new_tsec;
2472 struct inode_security_struct *isec;
2473 struct common_audit_data ad;
2474 struct inode *inode = file_inode(bprm->file);
2475 int rc;
2476
2477
2478
2479 if (bprm->called_set_creds)
2480 return 0;
2481
2482 old_tsec = current_security();
2483 new_tsec = bprm->cred->security;
2484 isec = inode_security(inode);
2485
2486
2487 new_tsec->sid = old_tsec->sid;
2488 new_tsec->osid = old_tsec->sid;
2489
2490
2491 new_tsec->create_sid = 0;
2492 new_tsec->keycreate_sid = 0;
2493 new_tsec->sockcreate_sid = 0;
2494
2495 if (old_tsec->exec_sid) {
2496 new_tsec->sid = old_tsec->exec_sid;
2497
2498 new_tsec->exec_sid = 0;
2499
2500
2501 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec);
2502 if (rc)
2503 return rc;
2504 } else {
2505
2506 rc = security_transition_sid(&selinux_state, old_tsec->sid,
2507 isec->sid, SECCLASS_PROCESS, NULL,
2508 &new_tsec->sid);
2509 if (rc)
2510 return rc;
2511
2512
2513
2514
2515
2516 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec);
2517 if (rc)
2518 new_tsec->sid = old_tsec->sid;
2519 }
2520
2521 ad.type = LSM_AUDIT_DATA_FILE;
2522 ad.u.file = bprm->file;
2523
2524 if (new_tsec->sid == old_tsec->sid) {
2525 rc = avc_has_perm(&selinux_state,
2526 old_tsec->sid, isec->sid,
2527 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2528 if (rc)
2529 return rc;
2530 } else {
2531
2532 rc = avc_has_perm(&selinux_state,
2533 old_tsec->sid, new_tsec->sid,
2534 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2535 if (rc)
2536 return rc;
2537
2538 rc = avc_has_perm(&selinux_state,
2539 new_tsec->sid, isec->sid,
2540 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2541 if (rc)
2542 return rc;
2543
2544
2545 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2546 rc = avc_has_perm(&selinux_state,
2547 old_tsec->sid, new_tsec->sid,
2548 SECCLASS_PROCESS, PROCESS__SHARE,
2549 NULL);
2550 if (rc)
2551 return -EPERM;
2552 }
2553
2554
2555
2556 if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
2557 u32 ptsid = ptrace_parent_sid();
2558 if (ptsid != 0) {
2559 rc = avc_has_perm(&selinux_state,
2560 ptsid, new_tsec->sid,
2561 SECCLASS_PROCESS,
2562 PROCESS__PTRACE, NULL);
2563 if (rc)
2564 return -EPERM;
2565 }
2566 }
2567
2568
2569 bprm->per_clear |= PER_CLEAR_ON_SETID;
2570
2571
2572
2573
2574 rc = avc_has_perm(&selinux_state,
2575 old_tsec->sid, new_tsec->sid,
2576 SECCLASS_PROCESS, PROCESS__NOATSECURE,
2577 NULL);
2578 bprm->secureexec |= !!rc;
2579 }
2580
2581 return 0;
2582}
2583
2584static int match_file(const void *p, struct file *file, unsigned fd)
2585{
2586 return file_has_perm(p, file, file_to_av(file)) ? fd + 1 : 0;
2587}
2588
2589
2590static inline void flush_unauthorized_files(const struct cred *cred,
2591 struct files_struct *files)
2592{
2593 struct file *file, *devnull = NULL;
2594 struct tty_struct *tty;
2595 int drop_tty = 0;
2596 unsigned n;
2597
2598 tty = get_current_tty();
2599 if (tty) {
2600 spin_lock(&tty->files_lock);
2601 if (!list_empty(&tty->tty_files)) {
2602 struct tty_file_private *file_priv;
2603
2604
2605
2606
2607
2608
2609 file_priv = list_first_entry(&tty->tty_files,
2610 struct tty_file_private, list);
2611 file = file_priv->file;
2612 if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))
2613 drop_tty = 1;
2614 }
2615 spin_unlock(&tty->files_lock);
2616 tty_kref_put(tty);
2617 }
2618
2619 if (drop_tty)
2620 no_tty();
2621
2622
2623 n = iterate_fd(files, 0, match_file, cred);
2624 if (!n)
2625 return;
2626
2627 devnull = dentry_open(&selinux_null, O_RDWR, cred);
2628 if (IS_ERR(devnull))
2629 devnull = NULL;
2630
2631 do {
2632 replace_fd(n - 1, devnull, 0);
2633 } while ((n = iterate_fd(files, n, match_file, cred)) != 0);
2634 if (devnull)
2635 fput(devnull);
2636}
2637
2638
2639
2640
2641static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2642{
2643 struct task_security_struct *new_tsec;
2644 struct rlimit *rlim, *initrlim;
2645 int rc, i;
2646
2647 new_tsec = bprm->cred->security;
2648 if (new_tsec->sid == new_tsec->osid)
2649 return;
2650
2651
2652 flush_unauthorized_files(bprm->cred, current->files);
2653
2654
2655 current->pdeath_signal = 0;
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667 rc = avc_has_perm(&selinux_state,
2668 new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2669 PROCESS__RLIMITINH, NULL);
2670 if (rc) {
2671
2672 task_lock(current);
2673 for (i = 0; i < RLIM_NLIMITS; i++) {
2674 rlim = current->signal->rlim + i;
2675 initrlim = init_task.signal->rlim + i;
2676 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2677 }
2678 task_unlock(current);
2679 if (IS_ENABLED(CONFIG_POSIX_TIMERS))
2680 update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
2681 }
2682}
2683
2684
2685
2686
2687
2688static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2689{
2690 const struct task_security_struct *tsec = current_security();
2691 struct itimerval itimer;
2692 u32 osid, sid;
2693 int rc, i;
2694
2695 osid = tsec->osid;
2696 sid = tsec->sid;
2697
2698 if (sid == osid)
2699 return;
2700
2701
2702
2703
2704
2705
2706
2707
2708 rc = avc_has_perm(&selinux_state,
2709 osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2710 if (rc) {
2711 if (IS_ENABLED(CONFIG_POSIX_TIMERS)) {
2712 memset(&itimer, 0, sizeof itimer);
2713 for (i = 0; i < 3; i++)
2714 do_setitimer(i, &itimer, NULL);
2715 }
2716 spin_lock_irq(¤t->sighand->siglock);
2717 if (!fatal_signal_pending(current)) {
2718 flush_sigqueue(¤t->pending);
2719 flush_sigqueue(¤t->signal->shared_pending);
2720 flush_signal_handlers(current, 1);
2721 sigemptyset(¤t->blocked);
2722 recalc_sigpending();
2723 }
2724 spin_unlock_irq(¤t->sighand->siglock);
2725 }
2726
2727
2728
2729 read_lock(&tasklist_lock);
2730 __wake_up_parent(current, current->real_parent);
2731 read_unlock(&tasklist_lock);
2732}
2733
2734
2735
2736static int selinux_sb_alloc_security(struct super_block *sb)
2737{
2738 return superblock_alloc_security(sb);
2739}
2740
2741static void selinux_sb_free_security(struct super_block *sb)
2742{
2743 superblock_free_security(sb);
2744}
2745
2746static inline int match_prefix(char *prefix, int plen, char *option, int olen)
2747{
2748 if (plen > olen)
2749 return 0;
2750
2751 return !memcmp(prefix, option, plen);
2752}
2753
2754static inline int selinux_option(char *option, int len)
2755{
2756 return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) ||
2757 match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) ||
2758 match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) ||
2759 match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) ||
2760 match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len));
2761}
2762
2763static inline void take_option(char **to, char *from, int *first, int len)
2764{
2765 if (!*first) {
2766 **to = ',';
2767 *to += 1;
2768 } else
2769 *first = 0;
2770 memcpy(*to, from, len);
2771 *to += len;
2772}
2773
2774static inline void take_selinux_option(char **to, char *from, int *first,
2775 int len)
2776{
2777 int current_size = 0;
2778
2779 if (!*first) {
2780 **to = '|';
2781 *to += 1;
2782 } else
2783 *first = 0;
2784
2785 while (current_size < len) {
2786 if (*from != '"') {
2787 **to = *from;
2788 *to += 1;
2789 }
2790 from += 1;
2791 current_size += 1;
2792 }
2793}
2794
2795static int selinux_sb_copy_data(char *orig, char *copy)
2796{
2797 int fnosec, fsec, rc = 0;
2798 char *in_save, *in_curr, *in_end;
2799 char *sec_curr, *nosec_save, *nosec;
2800 int open_quote = 0;
2801
2802 in_curr = orig;
2803 sec_curr = copy;
2804
2805 nosec = (char *)get_zeroed_page(GFP_KERNEL);
2806 if (!nosec) {
2807 rc = -ENOMEM;
2808 goto out;
2809 }
2810
2811 nosec_save = nosec;
2812 fnosec = fsec = 1;
2813 in_save = in_end = orig;
2814
2815 do {
2816 if (*in_end == '"')
2817 open_quote = !open_quote;
2818 if ((*in_end == ',' && open_quote == 0) ||
2819 *in_end == '\0') {
2820 int len = in_end - in_curr;
2821
2822 if (selinux_option(in_curr, len))
2823 take_selinux_option(&sec_curr, in_curr, &fsec, len);
2824 else
2825 take_option(&nosec, in_curr, &fnosec, len);
2826
2827 in_curr = in_end + 1;
2828 }
2829 } while (*in_end++);
2830
2831 strcpy(in_save, nosec_save);
2832 free_page((unsigned long)nosec_save);
2833out:
2834 return rc;
2835}
2836
2837static int selinux_sb_remount(struct super_block *sb, void *data)
2838{
2839 int rc, i, *flags;
2840 struct security_mnt_opts opts;
2841 char *secdata, **mount_options;
2842 struct superblock_security_struct *sbsec = sb->s_security;
2843
2844 if (!(sbsec->flags & SE_SBINITIALIZED))
2845 return 0;
2846
2847 if (!data)
2848 return 0;
2849
2850 if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
2851 return 0;
2852
2853 security_init_mnt_opts(&opts);
2854 secdata = alloc_secdata();
2855 if (!secdata)
2856 return -ENOMEM;
2857 rc = selinux_sb_copy_data(data, secdata);
2858 if (rc)
2859 goto out_free_secdata;
2860
2861 rc = selinux_parse_opts_str(secdata, &opts);
2862 if (rc)
2863 goto out_free_secdata;
2864
2865 mount_options = opts.mnt_opts;
2866 flags = opts.mnt_opts_flags;
2867
2868 for (i = 0; i < opts.num_mnt_opts; i++) {
2869 u32 sid;
2870
2871 if (flags[i] == SBLABEL_MNT)
2872 continue;
2873 rc = security_context_str_to_sid(&selinux_state,
2874 mount_options[i], &sid,
2875 GFP_KERNEL);
2876 if (rc) {
2877 printk(KERN_WARNING "SELinux: security_context_str_to_sid"
2878 "(%s) failed for (dev %s, type %s) errno=%d\n",
2879 mount_options[i], sb->s_id, sb->s_type->name, rc);
2880 goto out_free_opts;
2881 }
2882 rc = -EINVAL;
2883 switch (flags[i]) {
2884 case FSCONTEXT_MNT:
2885 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
2886 goto out_bad_option;
2887 break;
2888 case CONTEXT_MNT:
2889 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
2890 goto out_bad_option;
2891 break;
2892 case ROOTCONTEXT_MNT: {
2893 struct inode_security_struct *root_isec;
2894 root_isec = backing_inode_security(sb->s_root);
2895
2896 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
2897 goto out_bad_option;
2898 break;
2899 }
2900 case DEFCONTEXT_MNT:
2901 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
2902 goto out_bad_option;
2903 break;
2904 default:
2905 goto out_free_opts;
2906 }
2907 }
2908
2909 rc = 0;
2910out_free_opts:
2911 security_free_mnt_opts(&opts);
2912out_free_secdata:
2913 free_secdata(secdata);
2914 return rc;
2915out_bad_option:
2916 printk(KERN_WARNING "SELinux: unable to change security options "
2917 "during remount (dev %s, type=%s)\n", sb->s_id,
2918 sb->s_type->name);
2919 goto out_free_opts;
2920}
2921
2922static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2923{
2924 const struct cred *cred = current_cred();
2925 struct common_audit_data ad;
2926 int rc;
2927
2928 rc = superblock_doinit(sb, data);
2929 if (rc)
2930 return rc;
2931
2932
2933 if (flags & MS_KERNMOUNT)
2934 return 0;
2935
2936 ad.type = LSM_AUDIT_DATA_DENTRY;
2937 ad.u.dentry = sb->s_root;
2938 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2939}
2940
2941static int selinux_sb_statfs(struct dentry *dentry)
2942{
2943 const struct cred *cred = current_cred();
2944 struct common_audit_data ad;
2945
2946 ad.type = LSM_AUDIT_DATA_DENTRY;
2947 ad.u.dentry = dentry->d_sb->s_root;
2948 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2949}
2950
2951static int selinux_mount(const char *dev_name,
2952 const struct path *path,
2953 const char *type,
2954 unsigned long flags,
2955 void *data)
2956{
2957 const struct cred *cred = current_cred();
2958
2959 if (flags & MS_REMOUNT)
2960 return superblock_has_perm(cred, path->dentry->d_sb,
2961 FILESYSTEM__REMOUNT, NULL);
2962 else
2963 return path_has_perm(cred, path, FILE__MOUNTON);
2964}
2965
2966static int selinux_umount(struct vfsmount *mnt, int flags)
2967{
2968 const struct cred *cred = current_cred();
2969
2970 return superblock_has_perm(cred, mnt->mnt_sb,
2971 FILESYSTEM__UNMOUNT, NULL);
2972}
2973
2974
2975
2976static int selinux_inode_alloc_security(struct inode *inode)
2977{
2978 return inode_alloc_security(inode);
2979}
2980
2981static void selinux_inode_free_security(struct inode *inode)
2982{
2983 inode_free_security(inode);
2984}
2985
2986static int selinux_dentry_init_security(struct dentry *dentry, int mode,
2987 const struct qstr *name, void **ctx,
2988 u32 *ctxlen)
2989{
2990 u32 newsid;
2991 int rc;
2992
2993 rc = selinux_determine_inode_label(current_security(),
2994 d_inode(dentry->d_parent), name,
2995 inode_mode_to_security_class(mode),
2996 &newsid);
2997 if (rc)
2998 return rc;
2999
3000 return security_sid_to_context(&selinux_state, newsid, (char **)ctx,
3001 ctxlen);
3002}
3003
3004static int selinux_dentry_create_files_as(struct dentry *dentry, int mode,
3005 struct qstr *name,
3006 const struct cred *old,
3007 struct cred *new)
3008{
3009 u32 newsid;
3010 int rc;
3011 struct task_security_struct *tsec;
3012
3013 rc = selinux_determine_inode_label(old->security,
3014 d_inode(dentry->d_parent), name,
3015 inode_mode_to_security_class(mode),
3016 &newsid);
3017 if (rc)
3018 return rc;
3019
3020 tsec = new->security;
3021 tsec->create_sid = newsid;
3022 return 0;
3023}
3024
3025static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
3026 const struct qstr *qstr,
3027 const char **name,
3028 void **value, size_t *len)
3029{
3030 const struct task_security_struct *tsec = current_security();
3031 struct superblock_security_struct *sbsec;
3032 u32 newsid, clen;
3033 int rc;
3034 char *context;
3035
3036 sbsec = dir->i_sb->s_security;
3037
3038 newsid = tsec->create_sid;
3039
3040 rc = selinux_determine_inode_label(current_security(),
3041 dir, qstr,
3042 inode_mode_to_security_class(inode->i_mode),
3043 &newsid);
3044 if (rc)
3045 return rc;
3046
3047
3048 if (sbsec->flags & SE_SBINITIALIZED) {
3049 struct inode_security_struct *isec = inode->i_security;
3050 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3051 isec->sid = newsid;
3052 isec->initialized = LABEL_INITIALIZED;
3053 }
3054
3055 if (!selinux_state.initialized || !(sbsec->flags & SBLABEL_MNT))
3056 return -EOPNOTSUPP;
3057
3058 if (name)
3059 *name = XATTR_SELINUX_SUFFIX;
3060
3061 if (value && len) {
3062 rc = security_sid_to_context_force(&selinux_state, newsid,
3063 &context, &clen);
3064 if (rc)
3065 return rc;
3066 *value = context;
3067 *len = clen;
3068 }
3069
3070 return 0;
3071}
3072
3073static int selinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
3074{
3075 return may_create(dir, dentry, SECCLASS_FILE);
3076}
3077
3078static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
3079{
3080 return may_link(dir, old_dentry, MAY_LINK);
3081}
3082
3083static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
3084{
3085 return may_link(dir, dentry, MAY_UNLINK);
3086}
3087
3088static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
3089{
3090 return may_create(dir, dentry, SECCLASS_LNK_FILE);
3091}
3092
3093static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask)
3094{
3095 return may_create(dir, dentry, SECCLASS_DIR);
3096}
3097
3098static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
3099{
3100 return may_link(dir, dentry, MAY_RMDIR);
3101}
3102
3103static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
3104{
3105 return may_create(dir, dentry, inode_mode_to_security_class(mode));
3106}
3107
3108static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
3109 struct inode *new_inode, struct dentry *new_dentry)
3110{
3111 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
3112}
3113
3114static int selinux_inode_readlink(struct dentry *dentry)
3115{
3116 const struct cred *cred = current_cred();
3117
3118 return dentry_has_perm(cred, dentry, FILE__READ);
3119}
3120
3121static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
3122 bool rcu)
3123{
3124 const struct cred *cred = current_cred();
3125 struct common_audit_data ad;
3126 struct inode_security_struct *isec;
3127 u32 sid;
3128
3129 validate_creds(cred);
3130
3131 ad.type = LSM_AUDIT_DATA_DENTRY;
3132 ad.u.dentry = dentry;
3133 sid = cred_sid(cred);
3134 isec = inode_security_rcu(inode, rcu);
3135 if (IS_ERR(isec))
3136 return PTR_ERR(isec);
3137
3138 return avc_has_perm_flags(&selinux_state,
3139 sid, isec->sid, isec->sclass, FILE__READ, &ad,
3140 rcu ? MAY_NOT_BLOCK : 0);
3141}
3142
3143static noinline int audit_inode_permission(struct inode *inode,
3144 u32 perms, u32 audited, u32 denied,
3145 int result,
3146 unsigned flags)
3147{
3148 struct common_audit_data ad;
3149 struct inode_security_struct *isec = inode->i_security;
3150 int rc;
3151
3152 ad.type = LSM_AUDIT_DATA_INODE;
3153 ad.u.inode = inode;
3154
3155 rc = slow_avc_audit(&selinux_state,
3156 current_sid(), isec->sid, isec->sclass, perms,
3157 audited, denied, result, &ad, flags);
3158 if (rc)
3159 return rc;
3160 return 0;
3161}
3162
3163static int selinux_inode_permission(struct inode *inode, int mask)
3164{
3165 const struct cred *cred = current_cred();
3166 u32 perms;
3167 bool from_access;
3168 unsigned flags = mask & MAY_NOT_BLOCK;
3169 struct inode_security_struct *isec;
3170 u32 sid;
3171 struct av_decision avd;
3172 int rc, rc2;
3173 u32 audited, denied;
3174
3175 from_access = mask & MAY_ACCESS;
3176 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
3177
3178
3179 if (!mask)
3180 return 0;
3181
3182 validate_creds(cred);
3183
3184 if (unlikely(IS_PRIVATE(inode)))
3185 return 0;
3186
3187 perms = file_mask_to_av(inode->i_mode, mask);
3188
3189 sid = cred_sid(cred);
3190 isec = inode_security_rcu(inode, flags & MAY_NOT_BLOCK);
3191 if (IS_ERR(isec))
3192 return PTR_ERR(isec);
3193
3194 rc = avc_has_perm_noaudit(&selinux_state,
3195 sid, isec->sid, isec->sclass, perms, 0, &avd);
3196 audited = avc_audit_required(perms, &avd, rc,
3197 from_access ? FILE__AUDIT_ACCESS : 0,
3198 &denied);
3199 if (likely(!audited))
3200 return rc;
3201
3202 rc2 = audit_inode_permission(inode, perms, audited, denied, rc, flags);
3203 if (rc2)
3204 return rc2;
3205 return rc;
3206}
3207
3208static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
3209{
3210 const struct cred *cred = current_cred();
3211 struct inode *inode = d_backing_inode(dentry);
3212 unsigned int ia_valid = iattr->ia_valid;
3213 __u32 av = FILE__WRITE;
3214
3215
3216 if (ia_valid & ATTR_FORCE) {
3217 ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE |
3218 ATTR_FORCE);
3219 if (!ia_valid)
3220 return 0;
3221 }
3222
3223 if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
3224 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
3225 return dentry_has_perm(cred, dentry, FILE__SETATTR);
3226
3227 if (selinux_policycap_openperm() &&
3228 inode->i_sb->s_magic != SOCKFS_MAGIC &&
3229 (ia_valid & ATTR_SIZE) &&
3230 !(ia_valid & ATTR_FILE))
3231 av |= FILE__OPEN;
3232
3233 return dentry_has_perm(cred, dentry, av);
3234}
3235
3236static int selinux_inode_getattr(const struct path *path)
3237{
3238 return path_has_perm(current_cred(), path, FILE__GETATTR);
3239}
3240
3241static bool has_cap_mac_admin(bool audit)
3242{
3243 const struct cred *cred = current_cred();
3244 int cap_audit = audit ? SECURITY_CAP_AUDIT : SECURITY_CAP_NOAUDIT;
3245
3246 if (cap_capable(cred, &init_user_ns, CAP_MAC_ADMIN, cap_audit))
3247 return false;
3248 if (cred_has_capability(cred, CAP_MAC_ADMIN, cap_audit, true))
3249 return false;
3250 return true;
3251}
3252
3253static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
3254 const void *value, size_t size, int flags)
3255{
3256 struct inode *inode = d_backing_inode(dentry);
3257 struct inode_security_struct *isec;
3258 struct superblock_security_struct *sbsec;
3259 struct common_audit_data ad;
3260 u32 newsid, sid = current_sid();
3261 int rc = 0;
3262
3263 if (strcmp(name, XATTR_NAME_SELINUX)) {
3264 rc = cap_inode_setxattr(dentry, name, value, size, flags);
3265 if (rc)
3266 return rc;
3267
3268
3269
3270 return dentry_has_perm(current_cred(), dentry, FILE__SETATTR);
3271 }
3272
3273 sbsec = inode->i_sb->s_security;
3274 if (!(sbsec->flags & SBLABEL_MNT))
3275 return -EOPNOTSUPP;
3276
3277 if (!inode_owner_or_capable(inode))
3278 return -EPERM;
3279
3280 ad.type = LSM_AUDIT_DATA_DENTRY;
3281 ad.u.dentry = dentry;
3282
3283 isec = backing_inode_security(dentry);
3284 rc = avc_has_perm(&selinux_state,
3285 sid, isec->sid, isec->sclass,
3286 FILE__RELABELFROM, &ad);
3287 if (rc)
3288 return rc;
3289
3290 rc = security_context_to_sid(&selinux_state, value, size, &newsid,
3291 GFP_KERNEL);
3292 if (rc == -EINVAL) {
3293 if (!has_cap_mac_admin(true)) {
3294 struct audit_buffer *ab;
3295 size_t audit_size;
3296
3297
3298
3299 if (value) {
3300 const char *str = value;
3301
3302 if (str[size - 1] == '\0')
3303 audit_size = size - 1;
3304 else
3305 audit_size = size;
3306 } else {
3307 audit_size = 0;
3308 }
3309 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
3310 audit_log_format(ab, "op=setxattr invalid_context=");
3311 audit_log_n_untrustedstring(ab, value, audit_size);
3312 audit_log_end(ab);
3313
3314 return rc;
3315 }
3316 rc = security_context_to_sid_force(&selinux_state, value,
3317 size, &newsid);
3318 }
3319 if (rc)
3320 return rc;
3321
3322 rc = avc_has_perm(&selinux_state,
3323 sid, newsid, isec->sclass,
3324 FILE__RELABELTO, &ad);
3325 if (rc)
3326 return rc;
3327
3328 rc = security_validate_transition(&selinux_state, isec->sid, newsid,
3329 sid, isec->sclass);
3330 if (rc)
3331 return rc;
3332
3333 return avc_has_perm(&selinux_state,
3334 newsid,
3335 sbsec->sid,
3336 SECCLASS_FILESYSTEM,
3337 FILESYSTEM__ASSOCIATE,
3338 &ad);
3339}
3340
3341static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
3342 const void *value, size_t size,
3343 int flags)
3344{
3345 struct inode *inode = d_backing_inode(dentry);
3346 struct inode_security_struct *isec;
3347 u32 newsid;
3348 int rc;
3349
3350 if (strcmp(name, XATTR_NAME_SELINUX)) {
3351
3352 return;
3353 }
3354
3355 rc = security_context_to_sid_force(&selinux_state, value, size,
3356 &newsid);
3357 if (rc) {
3358 printk(KERN_ERR "SELinux: unable to map context to SID"
3359 "for (%s, %lu), rc=%d\n",
3360 inode->i_sb->s_id, inode->i_ino, -rc);
3361 return;
3362 }
3363
3364 isec = backing_inode_security(dentry);
3365 spin_lock(&isec->lock);
3366 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3367 isec->sid = newsid;
3368 isec->initialized = LABEL_INITIALIZED;
3369 spin_unlock(&isec->lock);
3370
3371 return;
3372}
3373
3374static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
3375{
3376 const struct cred *cred = current_cred();
3377
3378 return dentry_has_perm(cred, dentry, FILE__GETATTR);
3379}
3380
3381static int selinux_inode_listxattr(struct dentry *dentry)
3382{
3383 const struct cred *cred = current_cred();
3384
3385 return dentry_has_perm(cred, dentry, FILE__GETATTR);
3386}
3387
3388static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
3389{
3390 if (strcmp(name, XATTR_NAME_SELINUX)) {
3391 int rc = cap_inode_removexattr(dentry, name);
3392 if (rc)
3393 return rc;
3394
3395
3396
3397 return dentry_has_perm(current_cred(), dentry, FILE__SETATTR);
3398 }
3399
3400
3401
3402 return -EACCES;
3403}
3404
3405
3406
3407
3408
3409
3410static int selinux_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)
3411{
3412 u32 size;
3413 int error;
3414 char *context = NULL;
3415 struct inode_security_struct *isec;
3416
3417 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3418 return -EOPNOTSUPP;
3419
3420
3421
3422
3423
3424
3425
3426
3427
3428
3429 isec = inode_security(inode);
3430 if (has_cap_mac_admin(false))
3431 error = security_sid_to_context_force(&selinux_state,
3432 isec->sid, &context,
3433 &size);
3434 else
3435 error = security_sid_to_context(&selinux_state, isec->sid,
3436 &context, &size);
3437 if (error)
3438 return error;
3439 error = size;
3440 if (alloc) {
3441 *buffer = context;
3442 goto out_nofree;
3443 }
3444 kfree(context);
3445out_nofree:
3446 return error;
3447}
3448
3449static int selinux_inode_setsecurity(struct inode *inode, const char *name,
3450 const void *value, size_t size, int flags)
3451{
3452 struct inode_security_struct *isec = inode_security_novalidate(inode);
3453 u32 newsid;
3454 int rc;
3455
3456 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3457 return -EOPNOTSUPP;
3458
3459 if (!value || !size)
3460 return -EACCES;
3461
3462 rc = security_context_to_sid(&selinux_state, value, size, &newsid,
3463 GFP_KERNEL);
3464 if (rc)
3465 return rc;
3466
3467 spin_lock(&isec->lock);
3468 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3469 isec->sid = newsid;
3470 isec->initialized = LABEL_INITIALIZED;
3471 spin_unlock(&isec->lock);
3472 return 0;
3473}
3474
3475static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
3476{
3477 const int len = sizeof(XATTR_NAME_SELINUX);
3478 if (buffer && len <= buffer_size)
3479 memcpy(buffer, XATTR_NAME_SELINUX, len);
3480 return len;
3481}
3482
3483static void selinux_inode_getsecid(struct inode *inode, u32 *secid)
3484{
3485 struct inode_security_struct *isec = inode_security_novalidate(inode);
3486 *secid = isec->sid;
3487}
3488
3489static int selinux_inode_copy_up(struct dentry *src, struct cred **new)
3490{
3491 u32 sid;
3492 struct task_security_struct *tsec;
3493 struct cred *new_creds = *new;
3494
3495 if (new_creds == NULL) {
3496 new_creds = prepare_creds();
3497 if (!new_creds)
3498 return -ENOMEM;
3499 }
3500
3501 tsec = new_creds->security;
3502
3503 selinux_inode_getsecid(d_inode(src), &sid);
3504 tsec->create_sid = sid;
3505 *new = new_creds;
3506 return 0;
3507}
3508
3509static int selinux_inode_copy_up_xattr(const char *name)
3510{
3511
3512
3513
3514
3515 if (strcmp(name, XATTR_NAME_SELINUX) == 0)
3516 return 1;
3517
3518
3519
3520
3521 return -EOPNOTSUPP;
3522}
3523
3524
3525
3526static int selinux_revalidate_file_permission(struct file *file, int mask)
3527{
3528 const struct cred *cred = current_cred();
3529 struct inode *inode = file_inode(file);
3530
3531
3532 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
3533 mask |= MAY_APPEND;
3534
3535 return file_has_perm(cred, file,
3536 file_mask_to_av(inode->i_mode, mask));
3537}
3538
3539static int selinux_file_permission(struct file *file, int mask)
3540{
3541 struct inode *inode = file_inode(file);
3542 struct file_security_struct *fsec = file->f_security;
3543 struct inode_security_struct *isec;
3544 u32 sid = current_sid();
3545
3546 if (!mask)
3547
3548 return 0;
3549
3550 isec = inode_security(inode);
3551 if (sid == fsec->sid && fsec->isid == isec->sid &&
3552 fsec->pseqno == avc_policy_seqno(&selinux_state))
3553
3554 return 0;
3555
3556 return selinux_revalidate_file_permission(file, mask);
3557}
3558
3559static int selinux_file_alloc_security(struct file *file)
3560{
3561 return file_alloc_security(file);
3562}
3563
3564static void selinux_file_free_security(struct file *file)
3565{
3566 file_free_security(file);
3567}
3568
3569
3570
3571
3572
3573static int ioctl_has_perm(const struct cred *cred, struct file *file,
3574 u32 requested, u16 cmd)
3575{
3576 struct common_audit_data ad;
3577 struct file_security_struct *fsec = file->f_security;
3578 struct inode *inode = file_inode(file);
3579 struct inode_security_struct *isec;
3580 struct lsm_ioctlop_audit ioctl;
3581 u32 ssid = cred_sid(cred);
3582 int rc;
3583 u8 driver = cmd >> 8;
3584 u8 xperm = cmd & 0xff;
3585
3586 ad.type = LSM_AUDIT_DATA_IOCTL_OP;
3587 ad.u.op = &ioctl;
3588 ad.u.op->cmd = cmd;
3589 ad.u.op->path = file->f_path;
3590
3591 if (ssid != fsec->sid) {
3592 rc = avc_has_perm(&selinux_state,
3593 ssid, fsec->sid,
3594 SECCLASS_FD,
3595 FD__USE,
3596 &ad);
3597 if (rc)
3598 goto out;
3599 }
3600
3601 if (unlikely(IS_PRIVATE(inode)))
3602 return 0;
3603
3604 isec = inode_security(inode);
3605 rc = avc_has_extended_perms(&selinux_state,
3606 ssid, isec->sid, isec->sclass,
3607 requested, driver, xperm, &ad);
3608out:
3609 return rc;
3610}
3611
3612static int selinux_file_ioctl(struct file *file, unsigned int cmd,
3613 unsigned long arg)
3614{
3615 const struct cred *cred = current_cred();
3616 int error = 0;
3617
3618 switch (cmd) {
3619 case FIONREAD:
3620
3621 case FIBMAP:
3622
3623 case FIGETBSZ:
3624
3625 case FS_IOC_GETFLAGS:
3626
3627 case FS_IOC_GETVERSION:
3628 error = file_has_perm(cred, file, FILE__GETATTR);
3629 break;
3630
3631 case FS_IOC_SETFLAGS:
3632
3633 case FS_IOC_SETVERSION:
3634 error = file_has_perm(cred, file, FILE__SETATTR);
3635 break;
3636
3637
3638 case FIONBIO:
3639
3640 case FIOASYNC:
3641 error = file_has_perm(cred, file, 0);
3642 break;
3643
3644 case KDSKBENT:
3645 case KDSKBSENT:
3646 error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG,
3647 SECURITY_CAP_AUDIT, true);
3648 break;
3649
3650
3651
3652
3653 default:
3654 error = ioctl_has_perm(cred, file, FILE__IOCTL, (u16) cmd);
3655 }
3656 return error;
3657}
3658
3659static int default_noexec;
3660
3661static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
3662{
3663 const struct cred *cred = current_cred();
3664 u32 sid = cred_sid(cred);
3665 int rc = 0;
3666
3667 if (default_noexec &&
3668 (prot & PROT_EXEC) && (!file || IS_PRIVATE(file_inode(file)) ||
3669 (!shared && (prot & PROT_WRITE)))) {
3670
3671
3672
3673
3674
3675 rc = avc_has_perm(&selinux_state,
3676 sid, sid, SECCLASS_PROCESS,
3677 PROCESS__EXECMEM, NULL);
3678 if (rc)
3679 goto error;
3680 }
3681
3682 if (file) {
3683
3684 u32 av = FILE__READ;
3685
3686
3687 if (shared && (prot & PROT_WRITE))
3688 av |= FILE__WRITE;
3689
3690 if (prot & PROT_EXEC)
3691 av |= FILE__EXECUTE;
3692
3693 return file_has_perm(cred, file, av);
3694 }
3695
3696error:
3697 return rc;
3698}
3699
3700static int selinux_mmap_addr(unsigned long addr)
3701{
3702 int rc = 0;
3703
3704 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
3705 u32 sid = current_sid();
3706 rc = avc_has_perm(&selinux_state,
3707 sid, sid, SECCLASS_MEMPROTECT,
3708 MEMPROTECT__MMAP_ZERO, NULL);
3709 }
3710
3711 return rc;
3712}
3713
3714static int selinux_mmap_file(struct file *file, unsigned long reqprot,
3715 unsigned long prot, unsigned long flags)
3716{
3717 struct common_audit_data ad;
3718 int rc;
3719
3720 if (file) {
3721 ad.type = LSM_AUDIT_DATA_FILE;
3722 ad.u.file = file;
3723 rc = inode_has_perm(current_cred(), file_inode(file),
3724 FILE__MAP, &ad);
3725 if (rc)
3726 return rc;
3727 }
3728
3729 if (selinux_state.checkreqprot)
3730 prot = reqprot;
3731
3732 return file_map_prot_check(file, prot,
3733 (flags & MAP_TYPE) == MAP_SHARED);
3734}
3735
3736static int selinux_file_mprotect(struct vm_area_struct *vma,
3737 unsigned long reqprot,
3738 unsigned long prot)
3739{
3740 const struct cred *cred = current_cred();
3741 u32 sid = cred_sid(cred);
3742
3743 if (selinux_state.checkreqprot)
3744 prot = reqprot;
3745
3746 if (default_noexec &&
3747 (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3748 int rc = 0;
3749 if (vma->vm_start >= vma->vm_mm->start_brk &&
3750 vma->vm_end <= vma->vm_mm->brk) {
3751 rc = avc_has_perm(&selinux_state,
3752 sid, sid, SECCLASS_PROCESS,
3753 PROCESS__EXECHEAP, NULL);
3754 } else if (!vma->vm_file &&
3755 ((vma->vm_start <= vma->vm_mm->start_stack &&
3756 vma->vm_end >= vma->vm_mm->start_stack) ||
3757 vma_is_stack_for_current(vma))) {
3758 rc = avc_has_perm(&selinux_state,
3759 sid, sid, SECCLASS_PROCESS,
3760 PROCESS__EXECSTACK, NULL);
3761 } else if (vma->vm_file && vma->anon_vma) {
3762
3763
3764
3765
3766
3767
3768
3769 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3770 }
3771 if (rc)
3772 return rc;
3773 }
3774
3775 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3776}
3777
3778static int selinux_file_lock(struct file *file, unsigned int cmd)
3779{
3780 const struct cred *cred = current_cred();
3781
3782 return file_has_perm(cred, file, FILE__LOCK);
3783}
3784
3785static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3786 unsigned long arg)
3787{
3788 const struct cred *cred = current_cred();
3789 int err = 0;
3790
3791 switch (cmd) {
3792 case F_SETFL:
3793 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3794 err = file_has_perm(cred, file, FILE__WRITE);
3795 break;
3796 }
3797
3798 case F_SETOWN:
3799 case F_SETSIG:
3800 case F_GETFL:
3801 case F_GETOWN:
3802 case F_GETSIG:
3803 case F_GETOWNER_UIDS:
3804
3805 err = file_has_perm(cred, file, 0);
3806 break;
3807 case F_GETLK:
3808 case F_SETLK:
3809 case F_SETLKW:
3810 case F_OFD_GETLK:
3811 case F_OFD_SETLK:
3812 case F_OFD_SETLKW:
3813#if BITS_PER_LONG == 32
3814 case F_GETLK64:
3815 case F_SETLK64:
3816 case F_SETLKW64:
3817#endif
3818 err = file_has_perm(cred, file, FILE__LOCK);
3819 break;
3820 }
3821
3822 return err;
3823}
3824
3825static void selinux_file_set_fowner(struct file *file)
3826{
3827 struct file_security_struct *fsec;
3828
3829 fsec = file->f_security;
3830 fsec->fown_sid = current_sid();
3831}
3832
3833static int selinux_file_send_sigiotask(struct task_struct *tsk,
3834 struct fown_struct *fown, int signum)
3835{
3836 struct file *file;
3837 u32 sid = task_sid(tsk);
3838 u32 perm;
3839 struct file_security_struct *fsec;
3840
3841
3842 file = container_of(fown, struct file, f_owner);
3843
3844 fsec = file->f_security;
3845
3846 if (!signum)
3847 perm = signal_to_av(SIGIO);
3848 else
3849 perm = signal_to_av(signum);
3850
3851 return avc_has_perm(&selinux_state,
3852 fsec->fown_sid, sid,
3853 SECCLASS_PROCESS, perm, NULL);
3854}
3855
3856static int selinux_file_receive(struct file *file)
3857{
3858 const struct cred *cred = current_cred();
3859
3860 return file_has_perm(cred, file, file_to_av(file));
3861}
3862
3863static int selinux_file_open(struct file *file, const struct cred *cred)
3864{
3865 struct file_security_struct *fsec;
3866 struct inode_security_struct *isec;
3867
3868 fsec = file->f_security;
3869 isec = inode_security(file_inode(file));
3870
3871
3872
3873
3874
3875
3876
3877 fsec->isid = isec->sid;
3878 fsec->pseqno = avc_policy_seqno(&selinux_state);
3879
3880
3881
3882
3883
3884
3885
3886
3887 return file_path_has_perm(cred, file, open_file_to_av(file));
3888}
3889
3890
3891
3892static int selinux_task_alloc(struct task_struct *task,
3893 unsigned long clone_flags)
3894{
3895 u32 sid = current_sid();
3896
3897 return avc_has_perm(&selinux_state,
3898 sid, sid, SECCLASS_PROCESS, PROCESS__FORK, NULL);
3899}
3900
3901
3902
3903
3904static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp)
3905{
3906 struct task_security_struct *tsec;
3907
3908 tsec = kzalloc(sizeof(struct task_security_struct), gfp);
3909 if (!tsec)
3910 return -ENOMEM;
3911
3912 cred->security = tsec;
3913 return 0;
3914}
3915
3916
3917
3918
3919static void selinux_cred_free(struct cred *cred)
3920{
3921 struct task_security_struct *tsec = cred->security;
3922
3923
3924
3925
3926
3927 BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE);
3928 cred->security = (void *) 0x7UL;
3929 kfree(tsec);
3930}
3931
3932
3933
3934
3935static int selinux_cred_prepare(struct cred *new, const struct cred *old,
3936 gfp_t gfp)
3937{
3938 const struct task_security_struct *old_tsec;
3939 struct task_security_struct *tsec;
3940
3941 old_tsec = old->security;
3942
3943 tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp);
3944 if (!tsec)
3945 return -ENOMEM;
3946
3947 new->security = tsec;
3948 return 0;
3949}
3950
3951
3952
3953
3954static void selinux_cred_transfer(struct cred *new, const struct cred *old)
3955{
3956 const struct task_security_struct *old_tsec = old->security;
3957 struct task_security_struct *tsec = new->security;
3958
3959 *tsec = *old_tsec;
3960}
3961
3962static void selinux_cred_getsecid(const struct cred *c, u32 *secid)
3963{
3964 *secid = cred_sid(c);
3965}
3966
3967
3968
3969
3970
3971static int selinux_kernel_act_as(struct cred *new, u32 secid)
3972{
3973 struct task_security_struct *tsec = new->security;
3974 u32 sid = current_sid();
3975 int ret;
3976
3977 ret = avc_has_perm(&selinux_state,
3978 sid, secid,
3979 SECCLASS_KERNEL_SERVICE,
3980 KERNEL_SERVICE__USE_AS_OVERRIDE,
3981 NULL);
3982 if (ret == 0) {
3983 tsec->sid = secid;
3984 tsec->create_sid = 0;
3985 tsec->keycreate_sid = 0;
3986 tsec->sockcreate_sid = 0;
3987 }
3988 return ret;
3989}
3990
3991
3992
3993
3994
3995static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3996{
3997 struct inode_security_struct *isec = inode_security(inode);
3998 struct task_security_struct *tsec = new->security;
3999 u32 sid = current_sid();
4000 int ret;
4001
4002 ret = avc_has_perm(&selinux_state,
4003 sid, isec->sid,
4004 SECCLASS_KERNEL_SERVICE,
4005 KERNEL_SERVICE__CREATE_FILES_AS,
4006 NULL);
4007
4008 if (ret == 0)
4009 tsec->create_sid = isec->sid;
4010 return ret;
4011}
4012
4013static int selinux_kernel_module_request(char *kmod_name)
4014{
4015 struct common_audit_data ad;
4016
4017 ad.type = LSM_AUDIT_DATA_KMOD;
4018 ad.u.kmod_name = kmod_name;
4019
4020 return avc_has_perm(&selinux_state,
4021 current_sid(), SECINITSID_KERNEL, SECCLASS_SYSTEM,
4022 SYSTEM__MODULE_REQUEST, &ad);
4023}
4024
4025static int selinux_kernel_module_from_file(struct file *file)
4026{
4027 struct common_audit_data ad;
4028 struct inode_security_struct *isec;
4029 struct file_security_struct *fsec;
4030 u32 sid = current_sid();
4031 int rc;
4032
4033
4034 if (file == NULL)
4035 return avc_has_perm(&selinux_state,
4036 sid, sid, SECCLASS_SYSTEM,
4037 SYSTEM__MODULE_LOAD, NULL);
4038
4039
4040
4041 ad.type = LSM_AUDIT_DATA_FILE;
4042 ad.u.file = file;
4043
4044 fsec = file->f_security;
4045 if (sid != fsec->sid) {
4046 rc = avc_has_perm(&selinux_state,
4047 sid, fsec->sid, SECCLASS_FD, FD__USE, &ad);
4048 if (rc)
4049 return rc;
4050 }
4051
4052 isec = inode_security(file_inode(file));
4053 return avc_has_perm(&selinux_state,
4054 sid, isec->sid, SECCLASS_SYSTEM,
4055 SYSTEM__MODULE_LOAD, &ad);
4056}
4057
4058static int selinux_kernel_read_file(struct file *file,
4059 enum kernel_read_file_id id)
4060{
4061 int rc = 0;
4062
4063 switch (id) {
4064 case READING_MODULE:
4065 rc = selinux_kernel_module_from_file(file);
4066 break;
4067 default:
4068 break;
4069 }
4070
4071 return rc;
4072}
4073
4074static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
4075{
4076 return avc_has_perm(&selinux_state,
4077 current_sid(), task_sid(p), SECCLASS_PROCESS,
4078 PROCESS__SETPGID, NULL);
4079}
4080
4081static int selinux_task_getpgid(struct task_struct *p)
4082{
4083 return avc_has_perm(&selinux_state,
4084 current_sid(), task_sid(p), SECCLASS_PROCESS,
4085 PROCESS__GETPGID, NULL);
4086}
4087
4088static int selinux_task_getsid(struct task_struct *p)
4089{
4090 return avc_has_perm(&selinux_state,
4091 current_sid(), task_sid(p), SECCLASS_PROCESS,
4092 PROCESS__GETSESSION, NULL);
4093}
4094
4095static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
4096{
4097 *secid = task_sid(p);
4098}
4099
4100static int selinux_task_setnice(struct task_struct *p, int nice)
4101{
4102 return avc_has_perm(&selinux_state,
4103 current_sid(), task_sid(p), SECCLASS_PROCESS,
4104 PROCESS__SETSCHED, NULL);
4105}
4106
4107static int selinux_task_setioprio(struct task_struct *p, int ioprio)
4108{
4109 return avc_has_perm(&selinux_state,
4110 current_sid(), task_sid(p), SECCLASS_PROCESS,
4111 PROCESS__SETSCHED, NULL);
4112}
4113
4114static int selinux_task_getioprio(struct task_struct *p)
4115{
4116 return avc_has_perm(&selinux_state,
4117 current_sid(), task_sid(p), SECCLASS_PROCESS,
4118 PROCESS__GETSCHED, NULL);
4119}
4120
4121static int selinux_task_prlimit(const struct cred *cred, const struct cred *tcred,
4122 unsigned int flags)
4123{
4124 u32 av = 0;
4125
4126 if (!flags)
4127 return 0;
4128 if (flags & LSM_PRLIMIT_WRITE)
4129 av |= PROCESS__SETRLIMIT;
4130 if (flags & LSM_PRLIMIT_READ)
4131 av |= PROCESS__GETRLIMIT;
4132 return avc_has_perm(&selinux_state,
4133 cred_sid(cred), cred_sid(tcred),
4134 SECCLASS_PROCESS, av, NULL);
4135}
4136
4137static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
4138 struct rlimit *new_rlim)
4139{
4140 struct rlimit *old_rlim = p->signal->rlim + resource;
4141
4142
4143
4144
4145
4146 if (old_rlim->rlim_max != new_rlim->rlim_max)
4147 return avc_has_perm(&selinux_state,
4148 current_sid(), task_sid(p),
4149 SECCLASS_PROCESS, PROCESS__SETRLIMIT, NULL);
4150
4151 return 0;
4152}
4153
4154static int selinux_task_setscheduler(struct task_struct *p)
4155{
4156 return avc_has_perm(&selinux_state,
4157 current_sid(), task_sid(p), SECCLASS_PROCESS,
4158 PROCESS__SETSCHED, NULL);
4159}
4160
4161static int selinux_task_getscheduler(struct task_struct *p)
4162{
4163 return avc_has_perm(&selinux_state,
4164 current_sid(), task_sid(p), SECCLASS_PROCESS,
4165 PROCESS__GETSCHED, NULL);
4166}
4167
4168static int selinux_task_movememory(struct task_struct *p)
4169{
4170 return avc_has_perm(&selinux_state,
4171 current_sid(), task_sid(p), SECCLASS_PROCESS,
4172 PROCESS__SETSCHED, NULL);
4173}
4174
4175static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
4176 int sig, const struct cred *cred)
4177{
4178 u32 secid;
4179 u32 perm;
4180
4181 if (!sig)
4182 perm = PROCESS__SIGNULL;
4183 else
4184 perm = signal_to_av(sig);
4185 if (!cred)
4186 secid = current_sid();
4187 else
4188 secid = cred_sid(cred);
4189 return avc_has_perm(&selinux_state,
4190 secid, task_sid(p), SECCLASS_PROCESS, perm, NULL);
4191}
4192
4193static void selinux_task_to_inode(struct task_struct *p,
4194 struct inode *inode)
4195{
4196 struct inode_security_struct *isec = inode->i_security;
4197 u32 sid = task_sid(p);
4198
4199 spin_lock(&isec->lock);
4200 isec->sclass = inode_mode_to_security_class(inode->i_mode);
4201 isec->sid = sid;
4202 isec->initialized = LABEL_INITIALIZED;
4203 spin_unlock(&isec->lock);
4204}
4205
4206
4207static int selinux_parse_skb_ipv4(struct sk_buff *skb,
4208 struct common_audit_data *ad, u8 *proto)
4209{
4210 int offset, ihlen, ret = -EINVAL;
4211 struct iphdr _iph, *ih;
4212
4213 offset = skb_network_offset(skb);
4214 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
4215 if (ih == NULL)
4216 goto out;
4217
4218 ihlen = ih->ihl * 4;
4219 if (ihlen < sizeof(_iph))
4220 goto out;
4221
4222 ad->u.net->v4info.saddr = ih->saddr;
4223 ad->u.net->v4info.daddr = ih->daddr;
4224 ret = 0;
4225
4226 if (proto)
4227 *proto = ih->protocol;
4228
4229 switch (ih->protocol) {
4230 case IPPROTO_TCP: {
4231 struct tcphdr _tcph, *th;
4232
4233 if (ntohs(ih->frag_off) & IP_OFFSET)
4234 break;
4235
4236 offset += ihlen;
4237 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
4238 if (th == NULL)
4239 break;
4240
4241 ad->u.net->sport = th->source;
4242 ad->u.net->dport = th->dest;
4243 break;
4244 }
4245
4246 case IPPROTO_UDP: {
4247 struct udphdr _udph, *uh;
4248
4249 if (ntohs(ih->frag_off) & IP_OFFSET)
4250 break;
4251
4252 offset += ihlen;
4253 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
4254 if (uh == NULL)
4255 break;
4256
4257 ad->u.net->sport = uh->source;
4258 ad->u.net->dport = uh->dest;
4259 break;
4260 }
4261
4262 case IPPROTO_DCCP: {
4263 struct dccp_hdr _dccph, *dh;
4264
4265 if (ntohs(ih->frag_off) & IP_OFFSET)
4266 break;
4267
4268 offset += ihlen;
4269 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
4270 if (dh == NULL)
4271 break;
4272
4273 ad->u.net->sport = dh->dccph_sport;
4274 ad->u.net->dport = dh->dccph_dport;
4275 break;
4276 }
4277
4278#if IS_ENABLED(CONFIG_IP_SCTP)
4279 case IPPROTO_SCTP: {
4280 struct sctphdr _sctph, *sh;
4281
4282 if (ntohs(ih->frag_off) & IP_OFFSET)
4283 break;
4284
4285 offset += ihlen;
4286 sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);
4287 if (sh == NULL)
4288 break;
4289
4290 ad->u.net->sport = sh->source;
4291 ad->u.net->dport = sh->dest;
4292 break;
4293 }
4294#endif
4295 default:
4296 break;
4297 }
4298out:
4299 return ret;
4300}
4301
4302#if IS_ENABLED(CONFIG_IPV6)
4303
4304
4305static int selinux_parse_skb_ipv6(struct sk_buff *skb,
4306 struct common_audit_data *ad, u8 *proto)
4307{
4308 u8 nexthdr;
4309 int ret = -EINVAL, offset;
4310 struct ipv6hdr _ipv6h, *ip6;
4311 __be16 frag_off;
4312
4313 offset = skb_network_offset(skb);
4314 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
4315 if (ip6 == NULL)
4316 goto out;
4317
4318 ad->u.net->v6info.saddr = ip6->saddr;
4319 ad->u.net->v6info.daddr = ip6->daddr;
4320 ret = 0;
4321
4322 nexthdr = ip6->nexthdr;
4323 offset += sizeof(_ipv6h);
4324 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
4325 if (offset < 0)
4326 goto out;
4327
4328 if (proto)
4329 *proto = nexthdr;
4330
4331 switch (nexthdr) {
4332 case IPPROTO_TCP: {
4333 struct tcphdr _tcph, *th;
4334
4335 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
4336 if (th == NULL)
4337 break;
4338
4339 ad->u.net->sport = th->source;
4340 ad->u.net->dport = th->dest;
4341 break;
4342 }
4343
4344 case IPPROTO_UDP: {
4345 struct udphdr _udph, *uh;
4346
4347 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
4348 if (uh == NULL)
4349 break;
4350
4351 ad->u.net->sport = uh->source;
4352 ad->u.net->dport = uh->dest;
4353 break;
4354 }
4355
4356 case IPPROTO_DCCP: {
4357 struct dccp_hdr _dccph, *dh;
4358
4359 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
4360 if (dh == NULL)
4361 break;
4362
4363 ad->u.net->sport = dh->dccph_sport;
4364 ad->u.net->dport = dh->dccph_dport;
4365 break;
4366 }
4367
4368#if IS_ENABLED(CONFIG_IP_SCTP)
4369 case IPPROTO_SCTP: {
4370 struct sctphdr _sctph, *sh;
4371
4372 sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);
4373 if (sh == NULL)
4374 break;
4375
4376 ad->u.net->sport = sh->source;
4377 ad->u.net->dport = sh->dest;
4378 break;
4379 }
4380#endif
4381
4382 default:
4383 break;
4384 }
4385out:
4386 return ret;
4387}
4388
4389#endif
4390
4391static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
4392 char **_addrp, int src, u8 *proto)
4393{
4394 char *addrp;
4395 int ret;
4396
4397 switch (ad->u.net->family) {
4398 case PF_INET:
4399 ret = selinux_parse_skb_ipv4(skb, ad, proto);
4400 if (ret)
4401 goto parse_error;
4402 addrp = (char *)(src ? &ad->u.net->v4info.saddr :
4403 &ad->u.net->v4info.daddr);
4404 goto okay;
4405
4406#if IS_ENABLED(CONFIG_IPV6)
4407 case PF_INET6:
4408 ret = selinux_parse_skb_ipv6(skb, ad, proto);
4409 if (ret)
4410 goto parse_error;
4411 addrp = (char *)(src ? &ad->u.net->v6info.saddr :
4412 &ad->u.net->v6info.daddr);
4413 goto okay;
4414#endif
4415 default:
4416 addrp = NULL;
4417 goto okay;
4418 }
4419
4420parse_error:
4421 printk(KERN_WARNING
4422 "SELinux: failure in selinux_parse_skb(),"
4423 " unable to parse packet\n");
4424 return ret;
4425
4426okay:
4427 if (_addrp)
4428 *_addrp = addrp;
4429 return 0;
4430}
4431
4432
4433
4434
4435
4436
4437
4438
4439
4440
4441
4442
4443
4444
4445
4446
4447static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
4448{
4449 int err;
4450 u32 xfrm_sid;
4451 u32 nlbl_sid;
4452 u32 nlbl_type;
4453
4454 err = selinux_xfrm_skb_sid(skb, &xfrm_sid);
4455 if (unlikely(err))
4456 return -EACCES;
4457 err = selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
4458 if (unlikely(err))
4459 return -EACCES;
4460
4461 err = security_net_peersid_resolve(&selinux_state, nlbl_sid,
4462 nlbl_type, xfrm_sid, sid);
4463 if (unlikely(err)) {
4464 printk(KERN_WARNING
4465 "SELinux: failure in selinux_skb_peerlbl_sid(),"
4466 " unable to determine packet's peer label\n");
4467 return -EACCES;
4468 }
4469
4470 return 0;
4471}
4472
4473
4474
4475
4476
4477
4478
4479
4480
4481
4482
4483
4484
4485static int selinux_conn_sid(u32 sk_sid, u32 skb_sid, u32 *conn_sid)
4486{
4487 int err = 0;
4488
4489 if (skb_sid != SECSID_NULL)
4490 err = security_sid_mls_copy(&selinux_state, sk_sid, skb_sid,
4491 conn_sid);
4492 else
4493 *conn_sid = sk_sid;
4494
4495 return err;
4496}
4497
4498
4499
4500static int socket_sockcreate_sid(const struct task_security_struct *tsec,
4501 u16 secclass, u32 *socksid)
4502{
4503 if (tsec->sockcreate_sid > SECSID_NULL) {
4504 *socksid = tsec->sockcreate_sid;
4505 return 0;
4506 }
4507
4508 return security_transition_sid(&selinux_state, tsec->sid, tsec->sid,
4509 secclass, NULL, socksid);
4510}
4511
4512static int sock_has_perm(struct sock *sk, u32 perms)
4513{
4514 struct sk_security_struct *sksec = sk->sk_security;
4515 struct common_audit_data ad;
4516 struct lsm_network_audit net = {0,};
4517
4518 if (sksec->sid == SECINITSID_KERNEL)
4519 return 0;
4520
4521 ad.type = LSM_AUDIT_DATA_NET;
4522 ad.u.net = &net;
4523 ad.u.net->sk = sk;
4524
4525 return avc_has_perm(&selinux_state,
4526 current_sid(), sksec->sid, sksec->sclass, perms,
4527 &ad);
4528}
4529
4530static int selinux_socket_create(int family, int type,
4531 int protocol, int kern)
4532{
4533 const struct task_security_struct *tsec = current_security();
4534 u32 newsid;
4535 u16 secclass;
4536 int rc;
4537
4538 if (kern)
4539 return 0;
4540
4541 secclass = socket_type_to_security_class(family, type, protocol);
4542 rc = socket_sockcreate_sid(tsec, secclass, &newsid);
4543 if (rc)
4544 return rc;
4545
4546 return avc_has_perm(&selinux_state,
4547 tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
4548}
4549
4550static int selinux_socket_post_create(struct socket *sock, int family,
4551 int type, int protocol, int kern)
4552{
4553 const struct task_security_struct *tsec = current_security();
4554 struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(sock));
4555 struct sk_security_struct *sksec;
4556 u16 sclass = socket_type_to_security_class(family, type, protocol);
4557 u32 sid = SECINITSID_KERNEL;
4558 int err = 0;
4559
4560 if (!kern) {
4561 err = socket_sockcreate_sid(tsec, sclass, &sid);
4562 if (err)
4563 return err;
4564 }
4565
4566 isec->sclass = sclass;
4567 isec->sid = sid;
4568 isec->initialized = LABEL_INITIALIZED;
4569
4570 if (sock->sk) {
4571 sksec = sock->sk->sk_security;
4572 sksec->sclass = sclass;
4573 sksec->sid = sid;
4574
4575 if (sksec->sclass == SECCLASS_SCTP_SOCKET)
4576 sksec->sctp_assoc_state = SCTP_ASSOC_UNSET;
4577
4578 err = selinux_netlbl_socket_post_create(sock->sk, family);
4579 }
4580
4581 return err;
4582}
4583
4584
4585
4586
4587
4588static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
4589{
4590 struct sock *sk = sock->sk;
4591 struct sk_security_struct *sksec = sk->sk_security;
4592 u16 family;
4593 int err;
4594
4595 err = sock_has_perm(sk, SOCKET__BIND);
4596 if (err)
4597 goto out;
4598
4599
4600 family = sk->sk_family;
4601 if (family == PF_INET || family == PF_INET6) {
4602 char *addrp;
4603 struct common_audit_data ad;
4604 struct lsm_network_audit net = {0,};
4605 struct sockaddr_in *addr4 = NULL;
4606 struct sockaddr_in6 *addr6 = NULL;
4607 u16 family_sa = address->sa_family;
4608 unsigned short snum;
4609 u32 sid, node_perm;
4610
4611
4612
4613
4614
4615
4616
4617 switch (family_sa) {
4618 case AF_UNSPEC:
4619 case AF_INET:
4620 if (addrlen < sizeof(struct sockaddr_in))
4621 return -EINVAL;
4622 addr4 = (struct sockaddr_in *)address;
4623 if (family_sa == AF_UNSPEC) {
4624
4625
4626
4627 if (addr4->sin_addr.s_addr != htonl(INADDR_ANY))
4628 goto err_af;
4629 family_sa = AF_INET;
4630 }
4631 snum = ntohs(addr4->sin_port);
4632 addrp = (char *)&addr4->sin_addr.s_addr;
4633 break;
4634 case AF_INET6:
4635 if (addrlen < SIN6_LEN_RFC2133)
4636 return -EINVAL;
4637 addr6 = (struct sockaddr_in6 *)address;
4638 snum = ntohs(addr6->sin6_port);
4639 addrp = (char *)&addr6->sin6_addr.s6_addr;
4640 break;
4641 default:
4642 goto err_af;
4643 }
4644
4645 ad.type = LSM_AUDIT_DATA_NET;
4646 ad.u.net = &net;
4647 ad.u.net->sport = htons(snum);
4648 ad.u.net->family = family_sa;
4649
4650 if (snum) {
4651 int low, high;
4652
4653 inet_get_local_port_range(sock_net(sk), &low, &high);
4654
4655 if (snum < max(inet_prot_sock(sock_net(sk)), low) ||
4656 snum > high) {
4657 err = sel_netport_sid(sk->sk_protocol,
4658 snum, &sid);
4659 if (err)
4660 goto out;
4661 err = avc_has_perm(&selinux_state,
4662 sksec->sid, sid,
4663 sksec->sclass,
4664 SOCKET__NAME_BIND, &ad);
4665 if (err)
4666 goto out;
4667 }
4668 }
4669
4670 switch (sksec->sclass) {
4671 case SECCLASS_TCP_SOCKET:
4672 node_perm = TCP_SOCKET__NODE_BIND;
4673 break;
4674
4675 case SECCLASS_UDP_SOCKET:
4676 node_perm = UDP_SOCKET__NODE_BIND;
4677 break;
4678
4679 case SECCLASS_DCCP_SOCKET:
4680 node_perm = DCCP_SOCKET__NODE_BIND;
4681 break;
4682
4683 case SECCLASS_SCTP_SOCKET:
4684 node_perm = SCTP_SOCKET__NODE_BIND;
4685 break;
4686
4687 default:
4688 node_perm = RAWIP_SOCKET__NODE_BIND;
4689 break;
4690 }
4691
4692 err = sel_netnode_sid(addrp, family_sa, &sid);
4693 if (err)
4694 goto out;
4695
4696 if (family_sa == AF_INET)
4697 ad.u.net->v4info.saddr = addr4->sin_addr.s_addr;
4698 else
4699 ad.u.net->v6info.saddr = addr6->sin6_addr;
4700
4701 err = avc_has_perm(&selinux_state,
4702 sksec->sid, sid,
4703 sksec->sclass, node_perm, &ad);
4704 if (err)
4705 goto out;
4706 }
4707out:
4708 return err;
4709err_af:
4710
4711 if (sksec->sclass == SECCLASS_SCTP_SOCKET)
4712 return -EINVAL;
4713 return -EAFNOSUPPORT;
4714}
4715
4716
4717
4718
4719static int selinux_socket_connect_helper(struct socket *sock,
4720 struct sockaddr *address, int addrlen)
4721{
4722 struct sock *sk = sock->sk;
4723 struct sk_security_struct *sksec = sk->sk_security;
4724 int err;
4725
4726 err = sock_has_perm(sk, SOCKET__CONNECT);
4727 if (err)
4728 return err;
4729
4730
4731
4732
4733
4734 if (sksec->sclass == SECCLASS_TCP_SOCKET ||
4735 sksec->sclass == SECCLASS_DCCP_SOCKET ||
4736 sksec->sclass == SECCLASS_SCTP_SOCKET) {
4737 struct common_audit_data ad;
4738 struct lsm_network_audit net = {0,};
4739 struct sockaddr_in *addr4 = NULL;
4740 struct sockaddr_in6 *addr6 = NULL;
4741 unsigned short snum;
4742 u32 sid, perm;
4743
4744
4745
4746
4747
4748
4749 switch (address->sa_family) {
4750 case AF_INET:
4751 addr4 = (struct sockaddr_in *)address;
4752 if (addrlen < sizeof(struct sockaddr_in))
4753 return -EINVAL;
4754 snum = ntohs(addr4->sin_port);
4755 break;
4756 case AF_INET6:
4757 addr6 = (struct sockaddr_in6 *)address;
4758 if (addrlen < SIN6_LEN_RFC2133)
4759 return -EINVAL;
4760 snum = ntohs(addr6->sin6_port);
4761 break;
4762 default:
4763
4764
4765
4766 if (sksec->sclass == SECCLASS_SCTP_SOCKET)
4767 return -EINVAL;
4768 else
4769 return -EAFNOSUPPORT;
4770 }
4771
4772 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
4773 if (err)
4774 return err;
4775
4776 switch (sksec->sclass) {
4777 case SECCLASS_TCP_SOCKET:
4778 perm = TCP_SOCKET__NAME_CONNECT;
4779 break;
4780 case SECCLASS_DCCP_SOCKET:
4781 perm = DCCP_SOCKET__NAME_CONNECT;
4782 break;
4783 case SECCLASS_SCTP_SOCKET:
4784 perm = SCTP_SOCKET__NAME_CONNECT;
4785 break;
4786 }
4787
4788 ad.type = LSM_AUDIT_DATA_NET;
4789 ad.u.net = &net;
4790 ad.u.net->dport = htons(snum);
4791 ad.u.net->family = address->sa_family;
4792 err = avc_has_perm(&selinux_state,
4793 sksec->sid, sid, sksec->sclass, perm, &ad);
4794 if (err)
4795 return err;
4796 }
4797
4798 return 0;
4799}
4800
4801
4802static int selinux_socket_connect(struct socket *sock,
4803 struct sockaddr *address, int addrlen)
4804{
4805 int err;
4806 struct sock *sk = sock->sk;
4807
4808 err = selinux_socket_connect_helper(sock, address, addrlen);
4809 if (err)
4810 return err;
4811
4812 return selinux_netlbl_socket_connect(sk, address);
4813}
4814
4815static int selinux_socket_listen(struct socket *sock, int backlog)
4816{
4817 return sock_has_perm(sock->sk, SOCKET__LISTEN);
4818}
4819
4820static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
4821{
4822 int err;
4823 struct inode_security_struct *isec;
4824 struct inode_security_struct *newisec;
4825 u16 sclass;
4826 u32 sid;
4827
4828 err = sock_has_perm(sock->sk, SOCKET__ACCEPT);
4829 if (err)
4830 return err;
4831
4832 isec = inode_security_novalidate(SOCK_INODE(sock));
4833 spin_lock(&isec->lock);
4834 sclass = isec->sclass;
4835 sid = isec->sid;
4836 spin_unlock(&isec->lock);
4837
4838 newisec = inode_security_novalidate(SOCK_INODE(newsock));
4839 newisec->sclass = sclass;
4840 newisec->sid = sid;
4841 newisec->initialized = LABEL_INITIALIZED;
4842
4843 return 0;
4844}
4845
4846static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
4847 int size)
4848{
4849 return sock_has_perm(sock->sk, SOCKET__WRITE);
4850}
4851
4852static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
4853 int size, int flags)
4854{
4855 return sock_has_perm(sock->sk, SOCKET__READ);
4856}
4857
4858static int selinux_socket_getsockname(struct socket *sock)
4859{
4860 return sock_has_perm(sock->sk, SOCKET__GETATTR);
4861}
4862
4863static int selinux_socket_getpeername(struct socket *sock)
4864{
4865 return sock_has_perm(sock->sk, SOCKET__GETATTR);
4866}
4867
4868static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
4869{
4870 int err;
4871
4872 err = sock_has_perm(sock->sk, SOCKET__SETOPT);
4873 if (err)
4874 return err;
4875
4876 return selinux_netlbl_socket_setsockopt(sock, level, optname);
4877}
4878
4879static int selinux_socket_getsockopt(struct socket *sock, int level,
4880 int optname)
4881{
4882 return sock_has_perm(sock->sk, SOCKET__GETOPT);
4883}
4884
4885static int selinux_socket_shutdown(struct socket *sock, int how)
4886{
4887 return sock_has_perm(sock->sk, SOCKET__SHUTDOWN);
4888}
4889
4890static int selinux_socket_unix_stream_connect(struct sock *sock,
4891 struct sock *other,
4892 struct sock *newsk)
4893{
4894 struct sk_security_struct *sksec_sock = sock->sk_security;
4895 struct sk_security_struct *sksec_other = other->sk_security;
4896 struct sk_security_struct *sksec_new = newsk->sk_security;
4897 struct common_audit_data ad;
4898 struct lsm_network_audit net = {0,};
4899 int err;
4900
4901 ad.type = LSM_AUDIT_DATA_NET;
4902 ad.u.net = &net;
4903 ad.u.net->sk = other;
4904
4905 err = avc_has_perm(&selinux_state,
4906 sksec_sock->sid, sksec_other->sid,
4907 sksec_other->sclass,
4908 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
4909 if (err)
4910 return err;
4911
4912
4913 sksec_new->peer_sid = sksec_sock->sid;
4914 err = security_sid_mls_copy(&selinux_state, sksec_other->sid,
4915 sksec_sock->sid, &sksec_new->sid);
4916 if (err)
4917 return err;
4918
4919
4920 sksec_sock->peer_sid = sksec_new->sid;
4921
4922 return 0;
4923}
4924
4925static int selinux_socket_unix_may_send(struct socket *sock,
4926 struct socket *other)
4927{
4928 struct sk_security_struct *ssec = sock->sk->sk_security;
4929 struct sk_security_struct *osec = other->sk->sk_security;
4930 struct common_audit_data ad;
4931 struct lsm_network_audit net = {0,};
4932
4933 ad.type = LSM_AUDIT_DATA_NET;
4934 ad.u.net = &net;
4935 ad.u.net->sk = other->sk;
4936
4937 return avc_has_perm(&selinux_state,
4938 ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
4939 &ad);
4940}
4941
4942static int selinux_inet_sys_rcv_skb(struct net *ns, int ifindex,
4943 char *addrp, u16 family, u32 peer_sid,
4944 struct common_audit_data *ad)
4945{
4946 int err;
4947 u32 if_sid;
4948 u32 node_sid;
4949
4950 err = sel_netif_sid(ns, ifindex, &if_sid);
4951 if (err)
4952 return err;
4953 err = avc_has_perm(&selinux_state,
4954 peer_sid, if_sid,
4955 SECCLASS_NETIF, NETIF__INGRESS, ad);
4956 if (err)
4957 return err;
4958
4959 err = sel_netnode_sid(addrp, family, &node_sid);
4960 if (err)
4961 return err;
4962 return avc_has_perm(&selinux_state,
4963 peer_sid, node_sid,
4964 SECCLASS_NODE, NODE__RECVFROM, ad);
4965}
4966
4967static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4968 u16 family)
4969{
4970 int err = 0;
4971 struct sk_security_struct *sksec = sk->sk_security;
4972 u32 sk_sid = sksec->sid;
4973 struct common_audit_data ad;
4974 struct lsm_network_audit net = {0,};
4975 char *addrp;
4976
4977 ad.type = LSM_AUDIT_DATA_NET;
4978 ad.u.net = &net;
4979 ad.u.net->netif = skb->skb_iif;
4980 ad.u.net->family = family;
4981 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4982 if (err)
4983 return err;
4984
4985 if (selinux_secmark_enabled()) {
4986 err = avc_has_perm(&selinux_state,
4987 sk_sid, skb->secmark, SECCLASS_PACKET,
4988 PACKET__RECV, &ad);
4989 if (err)
4990 return err;
4991 }
4992
4993 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
4994 if (err)
4995 return err;
4996 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
4997
4998 return err;
4999}
5000
5001static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
5002{
5003 int err;
5004 struct sk_security_struct *sksec = sk->sk_security;
5005 u16 family = sk->sk_family;
5006 u32 sk_sid = sksec->sid;
5007 struct common_audit_data ad;
5008 struct lsm_network_audit net = {0,};
5009 char *addrp;
5010 u8 secmark_active;
5011 u8 peerlbl_active;
5012
5013 if (family != PF_INET && family != PF_INET6)
5014 return 0;
5015
5016
5017 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
5018 family = PF_INET;
5019
5020
5021
5022
5023
5024 if (!selinux_policycap_netpeer())
5025 return selinux_sock_rcv_skb_compat(sk, skb, family);
5026
5027 secmark_active = selinux_secmark_enabled();
5028 peerlbl_active = selinux_peerlbl_enabled();
5029 if (!secmark_active && !peerlbl_active)
5030 return 0;
5031
5032 ad.type = LSM_AUDIT_DATA_NET;
5033 ad.u.net = &net;
5034 ad.u.net->netif = skb->skb_iif;
5035 ad.u.net->family = family;
5036 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
5037 if (err)
5038 return err;
5039
5040 if (peerlbl_active) {
5041 u32 peer_sid;
5042
5043 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
5044 if (err)
5045 return err;
5046 err = selinux_inet_sys_rcv_skb(sock_net(sk), skb->skb_iif,
5047 addrp, family, peer_sid, &ad);
5048 if (err) {
5049 selinux_netlbl_err(skb, family, err, 0);
5050 return err;
5051 }
5052 err = avc_has_perm(&selinux_state,
5053 sk_sid, peer_sid, SECCLASS_PEER,
5054 PEER__RECV, &ad);
5055 if (err) {
5056 selinux_netlbl_err(skb, family, err, 0);
5057 return err;
5058 }
5059 }
5060
5061 if (secmark_active) {
5062 err = avc_has_perm(&selinux_state,
5063 sk_sid, skb->secmark, SECCLASS_PACKET,
5064 PACKET__RECV, &ad);
5065 if (err)
5066 return err;
5067 }
5068
5069 return err;
5070}
5071
5072static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
5073 int __user *optlen, unsigned len)
5074{
5075 int err = 0;
5076 char *scontext;
5077 u32 scontext_len;
5078 struct sk_security_struct *sksec = sock->sk->sk_security;
5079 u32 peer_sid = SECSID_NULL;
5080
5081 if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
5082 sksec->sclass == SECCLASS_TCP_SOCKET ||
5083 sksec->sclass == SECCLASS_SCTP_SOCKET)
5084 peer_sid = sksec->peer_sid;
5085 if (peer_sid == SECSID_NULL)
5086 return -ENOPROTOOPT;
5087
5088 err = security_sid_to_context(&selinux_state, peer_sid, &scontext,
5089 &scontext_len);
5090 if (err)
5091 return err;
5092
5093 if (scontext_len > len) {
5094 err = -ERANGE;
5095 goto out_len;
5096 }
5097
5098 if (copy_to_user(optval, scontext, scontext_len))
5099 err = -EFAULT;
5100
5101out_len:
5102 if (put_user(scontext_len, optlen))
5103 err = -EFAULT;
5104 kfree(scontext);
5105 return err;
5106}
5107
5108static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
5109{
5110 u32 peer_secid = SECSID_NULL;
5111 u16 family;
5112 struct inode_security_struct *isec;
5113
5114 if (skb && skb->protocol == htons(ETH_P_IP))
5115 family = PF_INET;
5116 else if (skb && skb->protocol == htons(ETH_P_IPV6))
5117 family = PF_INET6;
5118 else if (sock)
5119 family = sock->sk->sk_family;
5120 else
5121 goto out;
5122
5123 if (sock && family == PF_UNIX) {
5124 isec = inode_security_novalidate(SOCK_INODE(sock));
5125 peer_secid = isec->sid;
5126 } else if (skb)
5127 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
5128
5129out:
5130 *secid = peer_secid;
5131 if (peer_secid == SECSID_NULL)
5132 return -EINVAL;
5133 return 0;
5134}
5135
5136static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
5137{
5138 struct sk_security_struct *sksec;
5139
5140 sksec = kzalloc(sizeof(*sksec), priority);
5141 if (!sksec)
5142 return -ENOMEM;
5143
5144 sksec->peer_sid = SECINITSID_UNLABELED;
5145 sksec->sid = SECINITSID_UNLABELED;
5146 sksec->sclass = SECCLASS_SOCKET;
5147 selinux_netlbl_sk_security_reset(sksec);
5148 sk->sk_security = sksec;
5149
5150 return 0;
5151}
5152
5153static void selinux_sk_free_security(struct sock *sk)
5154{
5155 struct sk_security_struct *sksec = sk->sk_security;
5156
5157 sk->sk_security = NULL;
5158 selinux_netlbl_sk_security_free(sksec);
5159 kfree(sksec);
5160}
5161
5162static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
5163{
5164 struct sk_security_struct *sksec = sk->sk_security;
5165 struct sk_security_struct *newsksec = newsk->sk_security;
5166
5167 newsksec->sid = sksec->sid;
5168 newsksec->peer_sid = sksec->peer_sid;
5169 newsksec->sclass = sksec->sclass;
5170
5171 selinux_netlbl_sk_security_reset(newsksec);
5172}
5173
5174static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
5175{
5176 if (!sk)
5177 *secid = SECINITSID_ANY_SOCKET;
5178 else {
5179 struct sk_security_struct *sksec = sk->sk_security;
5180
5181 *secid = sksec->sid;
5182 }
5183}
5184
5185static void selinux_sock_graft(struct sock *sk, struct socket *parent)
5186{
5187 struct inode_security_struct *isec =
5188 inode_security_novalidate(SOCK_INODE(parent));
5189 struct sk_security_struct *sksec = sk->sk_security;
5190
5191 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
5192 sk->sk_family == PF_UNIX)
5193 isec->sid = sksec->sid;
5194 sksec->sclass = isec->sclass;
5195}
5196
5197
5198
5199
5200
5201static int selinux_sctp_assoc_request(struct sctp_endpoint *ep,
5202 struct sk_buff *skb)
5203{
5204 struct sk_security_struct *sksec = ep->base.sk->sk_security;
5205 struct common_audit_data ad;
5206 struct lsm_network_audit net = {0,};
5207 u8 peerlbl_active;
5208 u32 peer_sid = SECINITSID_UNLABELED;
5209 u32 conn_sid;
5210 int err = 0;
5211
5212 if (!selinux_policycap_extsockclass())
5213 return 0;
5214
5215 peerlbl_active = selinux_peerlbl_enabled();
5216
5217 if (peerlbl_active) {
5218
5219
5220
5221 err = selinux_skb_peerlbl_sid(skb, ep->base.sk->sk_family,
5222 &peer_sid);
5223 if (err)
5224 return err;
5225
5226 if (peer_sid == SECSID_NULL)
5227 peer_sid = SECINITSID_UNLABELED;
5228 }
5229
5230 if (sksec->sctp_assoc_state == SCTP_ASSOC_UNSET) {
5231 sksec->sctp_assoc_state = SCTP_ASSOC_SET;
5232
5233
5234
5235
5236
5237
5238 sksec->peer_sid = peer_sid;
5239 } else if (sksec->peer_sid != peer_sid) {
5240
5241
5242
5243 ad.type = LSM_AUDIT_DATA_NET;
5244 ad.u.net = &net;
5245 ad.u.net->sk = ep->base.sk;
5246 err = avc_has_perm(&selinux_state,
5247 sksec->peer_sid, peer_sid, sksec->sclass,
5248 SCTP_SOCKET__ASSOCIATION, &ad);
5249 if (err)
5250 return err;
5251 }
5252
5253
5254
5255
5256
5257
5258
5259 err = selinux_conn_sid(sksec->sid, peer_sid, &conn_sid);
5260 if (err)
5261 return err;
5262
5263 ep->secid = conn_sid;
5264 ep->peer_secid = peer_sid;
5265
5266
5267 return selinux_netlbl_sctp_assoc_request(ep, skb);
5268}
5269
5270
5271
5272
5273static int selinux_sctp_bind_connect(struct sock *sk, int optname,
5274 struct sockaddr *address,
5275 int addrlen)
5276{
5277 int len, err = 0, walk_size = 0;
5278 void *addr_buf;
5279 struct sockaddr *addr;
5280 struct socket *sock;
5281
5282 if (!selinux_policycap_extsockclass())
5283 return 0;
5284
5285
5286 sock = sk->sk_socket;
5287 addr_buf = address;
5288
5289 while (walk_size < addrlen) {
5290 addr = addr_buf;
5291 switch (addr->sa_family) {
5292 case AF_UNSPEC:
5293 case AF_INET:
5294 len = sizeof(struct sockaddr_in);
5295 break;
5296 case AF_INET6:
5297 len = sizeof(struct sockaddr_in6);
5298 break;
5299 default:
5300 return -EINVAL;
5301 }
5302
5303 err = -EINVAL;
5304 switch (optname) {
5305
5306 case SCTP_PRIMARY_ADDR:
5307 case SCTP_SET_PEER_PRIMARY_ADDR:
5308 case SCTP_SOCKOPT_BINDX_ADD:
5309 err = selinux_socket_bind(sock, addr, len);
5310 break;
5311
5312 case SCTP_SOCKOPT_CONNECTX:
5313 case SCTP_PARAM_SET_PRIMARY:
5314 case SCTP_PARAM_ADD_IP:
5315 case SCTP_SENDMSG_CONNECT:
5316 err = selinux_socket_connect_helper(sock, addr, len);
5317 if (err)
5318 return err;
5319
5320
5321
5322
5323
5324
5325
5326
5327
5328
5329
5330
5331 err = selinux_netlbl_socket_connect_locked(sk, addr);
5332 break;
5333 }
5334
5335 if (err)
5336 return err;
5337
5338 addr_buf += len;
5339 walk_size += len;
5340 }
5341
5342 return 0;
5343}
5344
5345
5346static void selinux_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk,
5347 struct sock *newsk)
5348{
5349 struct sk_security_struct *sksec = sk->sk_security;
5350 struct sk_security_struct *newsksec = newsk->sk_security;
5351
5352
5353
5354
5355 if (!selinux_policycap_extsockclass())
5356 return selinux_sk_clone_security(sk, newsk);
5357
5358 newsksec->sid = ep->secid;
5359 newsksec->peer_sid = ep->peer_secid;
5360 newsksec->sclass = sksec->sclass;
5361 selinux_netlbl_sctp_sk_clone(sk, newsk);
5362}
5363
5364static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
5365 struct request_sock *req)
5366{
5367 struct sk_security_struct *sksec = sk->sk_security;
5368 int err;
5369 u16 family = req->rsk_ops->family;
5370 u32 connsid;
5371 u32 peersid;
5372
5373 err = selinux_skb_peerlbl_sid(skb, family, &peersid);
5374 if (err)
5375 return err;
5376 err = selinux_conn_sid(sksec->sid, peersid, &connsid);
5377 if (err)
5378 return err;
5379 req->secid = connsid;
5380 req->peer_secid = peersid;
5381
5382 return selinux_netlbl_inet_conn_request(req, family);
5383}
5384
5385static void selinux_inet_csk_clone(struct sock *newsk,
5386 const struct request_sock *req)
5387{
5388 struct sk_security_struct *newsksec = newsk->sk_security;
5389
5390 newsksec->sid = req->secid;
5391 newsksec->peer_sid = req->peer_secid;
5392
5393
5394
5395
5396
5397
5398
5399 selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
5400}
5401
5402static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
5403{
5404 u16 family = sk->sk_family;
5405 struct sk_security_struct *sksec = sk->sk_security;
5406
5407
5408 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
5409 family = PF_INET;
5410
5411 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
5412}
5413
5414static int selinux_secmark_relabel_packet(u32 sid)
5415{
5416 const struct task_security_struct *__tsec;
5417 u32 tsid;
5418
5419 __tsec = current_security();
5420 tsid = __tsec->sid;
5421
5422 return avc_has_perm(&selinux_state,
5423 tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO,
5424 NULL);
5425}
5426
5427static void selinux_secmark_refcount_inc(void)
5428{
5429 atomic_inc(&selinux_secmark_refcount);
5430}
5431
5432static void selinux_secmark_refcount_dec(void)
5433{
5434 atomic_dec(&selinux_secmark_refcount);
5435}
5436
5437static void selinux_req_classify_flow(const struct request_sock *req,
5438 struct flowi *fl)
5439{
5440 fl->flowi_secid = req->secid;
5441}
5442
5443static int selinux_tun_dev_alloc_security(void **security)
5444{
5445 struct tun_security_struct *tunsec;
5446
5447 tunsec = kzalloc(sizeof(*tunsec), GFP_KERNEL);
5448 if (!tunsec)
5449 return -ENOMEM;
5450 tunsec->sid = current_sid();
5451
5452 *security = tunsec;
5453 return 0;
5454}
5455
5456static void selinux_tun_dev_free_security(void *security)
5457{
5458 kfree(security);
5459}
5460
5461static int selinux_tun_dev_create(void)
5462{
5463 u32 sid = current_sid();
5464
5465
5466
5467
5468
5469
5470
5471
5472 return avc_has_perm(&selinux_state,
5473 sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
5474 NULL);
5475}
5476
5477static int selinux_tun_dev_attach_queue(void *security)
5478{
5479 struct tun_security_struct *tunsec = security;
5480
5481 return avc_has_perm(&selinux_state,
5482 current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET,
5483 TUN_SOCKET__ATTACH_QUEUE, NULL);
5484}
5485
5486static int selinux_tun_dev_attach(struct sock *sk, void *security)
5487{
5488 struct tun_security_struct *tunsec = security;
5489 struct sk_security_struct *sksec = sk->sk_security;
5490
5491
5492
5493
5494
5495
5496
5497
5498 sksec->sid = tunsec->sid;
5499 sksec->sclass = SECCLASS_TUN_SOCKET;
5500
5501 return 0;
5502}
5503
5504static int selinux_tun_dev_open(void *security)
5505{
5506 struct tun_security_struct *tunsec = security;
5507 u32 sid = current_sid();
5508 int err;
5509
5510 err = avc_has_perm(&selinux_state,
5511 sid, tunsec->sid, SECCLASS_TUN_SOCKET,
5512 TUN_SOCKET__RELABELFROM, NULL);
5513 if (err)
5514 return err;
5515 err = avc_has_perm(&selinux_state,
5516 sid, sid, SECCLASS_TUN_SOCKET,
5517 TUN_SOCKET__RELABELTO, NULL);
5518 if (err)
5519 return err;
5520 tunsec->sid = sid;
5521
5522 return 0;
5523}
5524
5525static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
5526{
5527 int err = 0;
5528 u32 perm;
5529 struct nlmsghdr *nlh;
5530 struct sk_security_struct *sksec = sk->sk_security;
5531
5532 if (skb->len < NLMSG_HDRLEN) {
5533 err = -EINVAL;
5534 goto out;
5535 }
5536 nlh = nlmsg_hdr(skb);
5537
5538 err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);
5539 if (err) {
5540 if (err == -EINVAL) {
5541 pr_warn_ratelimited("SELinux: unrecognized netlink"
5542 " message: protocol=%hu nlmsg_type=%hu sclass=%s"
5543 " pig=%d comm=%s\n",
5544 sk->sk_protocol, nlh->nlmsg_type,
5545 secclass_map[sksec->sclass - 1].name,
5546 task_pid_nr(current), current->comm);
5547 if (!enforcing_enabled(&selinux_state) ||
5548 security_get_allow_unknown(&selinux_state))
5549 err = 0;
5550 }
5551
5552
5553 if (err == -ENOENT)
5554 err = 0;
5555 goto out;
5556 }
5557
5558 err = sock_has_perm(sk, perm);
5559out:
5560 return err;
5561}
5562
5563#ifdef CONFIG_NETFILTER
5564
5565static unsigned int selinux_ip_forward(struct sk_buff *skb,
5566 const struct net_device *indev,
5567 u16 family)
5568{
5569 int err;
5570 char *addrp;
5571 u32 peer_sid;
5572 struct common_audit_data ad;
5573 struct lsm_network_audit net = {0,};
5574 u8 secmark_active;
5575 u8 netlbl_active;
5576 u8 peerlbl_active;
5577
5578 if (!selinux_policycap_netpeer())
5579 return NF_ACCEPT;
5580
5581 secmark_active = selinux_secmark_enabled();
5582 netlbl_active = netlbl_enabled();
5583 peerlbl_active = selinux_peerlbl_enabled();
5584 if (!secmark_active && !peerlbl_active)
5585 return NF_ACCEPT;
5586
5587 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
5588 return NF_DROP;
5589
5590 ad.type = LSM_AUDIT_DATA_NET;
5591 ad.u.net = &net;
5592 ad.u.net->netif = indev->ifindex;
5593 ad.u.net->family = family;
5594 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
5595 return NF_DROP;
5596
5597 if (peerlbl_active) {
5598 err = selinux_inet_sys_rcv_skb(dev_net(indev), indev->ifindex,
5599 addrp, family, peer_sid, &ad);
5600 if (err) {
5601 selinux_netlbl_err(skb, family, err, 1);
5602 return NF_DROP;
5603 }
5604 }
5605
5606 if (secmark_active)
5607 if (avc_has_perm(&selinux_state,
5608 peer_sid, skb->secmark,
5609 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
5610 return NF_DROP;
5611
5612 if (netlbl_active)
5613
5614
5615
5616
5617 if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
5618 return NF_DROP;
5619
5620 return NF_ACCEPT;
5621}
5622
5623static unsigned int selinux_ipv4_forward(void *priv,
5624 struct sk_buff *skb,
5625 const struct nf_hook_state *state)
5626{
5627 return selinux_ip_forward(skb, state->in, PF_INET);
5628}
5629
5630#if IS_ENABLED(CONFIG_IPV6)
5631static unsigned int selinux_ipv6_forward(void *priv,
5632 struct sk_buff *skb,
5633 const struct nf_hook_state *state)
5634{
5635 return selinux_ip_forward(skb, state->in, PF_INET6);
5636}
5637#endif
5638
5639static unsigned int selinux_ip_output(struct sk_buff *skb,
5640 u16 family)
5641{
5642 struct sock *sk;
5643 u32 sid;
5644
5645 if (!netlbl_enabled())
5646 return NF_ACCEPT;
5647
5648
5649
5650
5651 sk = skb->sk;
5652 if (sk) {
5653 struct sk_security_struct *sksec;
5654
5655 if (sk_listener(sk))
5656
5657
5658
5659
5660
5661
5662
5663
5664
5665
5666
5667
5668 return NF_ACCEPT;
5669
5670
5671 sksec = sk->sk_security;
5672 sid = sksec->sid;
5673 } else
5674 sid = SECINITSID_KERNEL;
5675 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
5676 return NF_DROP;
5677
5678 return NF_ACCEPT;
5679}
5680
5681static unsigned int selinux_ipv4_output(void *priv,
5682 struct sk_buff *skb,
5683 const struct nf_hook_state *state)
5684{
5685 return selinux_ip_output(skb, PF_INET);
5686}
5687
5688#if IS_ENABLED(CONFIG_IPV6)
5689static unsigned int selinux_ipv6_output(void *priv,
5690 struct sk_buff *skb,
5691 const struct nf_hook_state *state)
5692{
5693 return selinux_ip_output(skb, PF_INET6);
5694}
5695#endif
5696
5697static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
5698 int ifindex,
5699 u16 family)
5700{
5701 struct sock *sk = skb_to_full_sk(skb);
5702 struct sk_security_struct *sksec;
5703 struct common_audit_data ad;
5704 struct lsm_network_audit net = {0,};
5705 char *addrp;
5706 u8 proto;
5707
5708 if (sk == NULL)
5709 return NF_ACCEPT;
5710 sksec = sk->sk_security;
5711
5712 ad.type = LSM_AUDIT_DATA_NET;
5713 ad.u.net = &net;
5714 ad.u.net->netif = ifindex;
5715 ad.u.net->family = family;
5716 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
5717 return NF_DROP;
5718
5719 if (selinux_secmark_enabled())
5720 if (avc_has_perm(&selinux_state,
5721 sksec->sid, skb->secmark,
5722 SECCLASS_PACKET, PACKET__SEND, &ad))
5723 return NF_DROP_ERR(-ECONNREFUSED);
5724
5725 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
5726 return NF_DROP_ERR(-ECONNREFUSED);
5727
5728 return NF_ACCEPT;
5729}
5730
5731static unsigned int selinux_ip_postroute(struct sk_buff *skb,
5732 const struct net_device *outdev,
5733 u16 family)
5734{
5735 u32 secmark_perm;
5736 u32 peer_sid;
5737 int ifindex = outdev->ifindex;
5738 struct sock *sk;
5739 struct common_audit_data ad;
5740 struct lsm_network_audit net = {0,};
5741 char *addrp;
5742 u8 secmark_active;
5743 u8 peerlbl_active;
5744
5745
5746
5747
5748
5749 if (!selinux_policycap_netpeer())
5750 return selinux_ip_postroute_compat(skb, ifindex, family);
5751
5752 secmark_active = selinux_secmark_enabled();
5753 peerlbl_active = selinux_peerlbl_enabled();
5754 if (!secmark_active && !peerlbl_active)
5755 return NF_ACCEPT;
5756
5757 sk = skb_to_full_sk(skb);
5758
5759#ifdef CONFIG_XFRM
5760
5761
5762
5763
5764
5765
5766
5767
5768
5769
5770
5771 if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL &&
5772 !(sk && sk_listener(sk)))
5773 return NF_ACCEPT;
5774#endif
5775
5776 if (sk == NULL) {
5777
5778
5779
5780
5781 if (skb->skb_iif) {
5782 secmark_perm = PACKET__FORWARD_OUT;
5783 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
5784 return NF_DROP;
5785 } else {
5786 secmark_perm = PACKET__SEND;
5787 peer_sid = SECINITSID_KERNEL;
5788 }
5789 } else if (sk_listener(sk)) {
5790
5791
5792
5793
5794
5795
5796
5797
5798
5799 u32 skb_sid;
5800 struct sk_security_struct *sksec;
5801
5802 sksec = sk->sk_security;
5803 if (selinux_skb_peerlbl_sid(skb, family, &skb_sid))
5804 return NF_DROP;
5805
5806
5807
5808
5809
5810
5811 if (skb_sid == SECSID_NULL) {
5812 switch (family) {
5813 case PF_INET:
5814 if (IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED)
5815 return NF_ACCEPT;
5816 break;
5817 case PF_INET6:
5818 if (IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED)
5819 return NF_ACCEPT;
5820 break;
5821 default:
5822 return NF_DROP_ERR(-ECONNREFUSED);
5823 }
5824 }
5825 if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid))
5826 return NF_DROP;
5827 secmark_perm = PACKET__SEND;
5828 } else {
5829
5830
5831 struct sk_security_struct *sksec = sk->sk_security;
5832 peer_sid = sksec->sid;
5833 secmark_perm = PACKET__SEND;
5834 }
5835
5836 ad.type = LSM_AUDIT_DATA_NET;
5837 ad.u.net = &net;
5838 ad.u.net->netif = ifindex;
5839 ad.u.net->family = family;
5840 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
5841 return NF_DROP;
5842
5843 if (secmark_active)
5844 if (avc_has_perm(&selinux_state,
5845 peer_sid, skb->secmark,
5846 SECCLASS_PACKET, secmark_perm, &ad))
5847 return NF_DROP_ERR(-ECONNREFUSED);
5848
5849 if (peerlbl_active) {
5850 u32 if_sid;
5851 u32 node_sid;
5852
5853 if (sel_netif_sid(dev_net(outdev), ifindex, &if_sid))
5854 return NF_DROP;
5855 if (avc_has_perm(&selinux_state,
5856 peer_sid, if_sid,
5857 SECCLASS_NETIF, NETIF__EGRESS, &ad))
5858 return NF_DROP_ERR(-ECONNREFUSED);
5859
5860 if (sel_netnode_sid(addrp, family, &node_sid))
5861 return NF_DROP;
5862 if (avc_has_perm(&selinux_state,
5863 peer_sid, node_sid,
5864 SECCLASS_NODE, NODE__SENDTO, &ad))
5865 return NF_DROP_ERR(-ECONNREFUSED);
5866 }
5867
5868 return NF_ACCEPT;
5869}
5870
5871static unsigned int selinux_ipv4_postroute(void *priv,
5872 struct sk_buff *skb,
5873 const struct nf_hook_state *state)
5874{
5875 return selinux_ip_postroute(skb, state->out, PF_INET);
5876}
5877
5878#if IS_ENABLED(CONFIG_IPV6)
5879static unsigned int selinux_ipv6_postroute(void *priv,
5880 struct sk_buff *skb,
5881 const struct nf_hook_state *state)
5882{
5883 return selinux_ip_postroute(skb, state->out, PF_INET6);
5884}
5885#endif
5886
5887#endif
5888
5889static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
5890{
5891 return selinux_nlmsg_perm(sk, skb);
5892}
5893
5894static int ipc_alloc_security(struct kern_ipc_perm *perm,
5895 u16 sclass)
5896{
5897 struct ipc_security_struct *isec;
5898
5899 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
5900 if (!isec)
5901 return -ENOMEM;
5902
5903 isec->sclass = sclass;
5904 isec->sid = current_sid();
5905 perm->security = isec;
5906
5907 return 0;
5908}
5909
5910static void ipc_free_security(struct kern_ipc_perm *perm)
5911{
5912 struct ipc_security_struct *isec = perm->security;
5913 perm->security = NULL;
5914 kfree(isec);
5915}
5916
5917static int msg_msg_alloc_security(struct msg_msg *msg)
5918{
5919 struct msg_security_struct *msec;
5920
5921 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
5922 if (!msec)
5923 return -ENOMEM;
5924
5925 msec->sid = SECINITSID_UNLABELED;
5926 msg->security = msec;
5927
5928 return 0;
5929}
5930
5931static void msg_msg_free_security(struct msg_msg *msg)
5932{
5933 struct msg_security_struct *msec = msg->security;
5934
5935 msg->security = NULL;
5936 kfree(msec);
5937}
5938
5939static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
5940 u32 perms)
5941{
5942 struct ipc_security_struct *isec;
5943 struct common_audit_data ad;
5944 u32 sid = current_sid();
5945
5946 isec = ipc_perms->security;
5947
5948 ad.type = LSM_AUDIT_DATA_IPC;
5949 ad.u.ipc_id = ipc_perms->key;
5950
5951 return avc_has_perm(&selinux_state,
5952 sid, isec->sid, isec->sclass, perms, &ad);
5953}
5954
5955static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
5956{
5957 return msg_msg_alloc_security(msg);
5958}
5959
5960static void selinux_msg_msg_free_security(struct msg_msg *msg)
5961{
5962 msg_msg_free_security(msg);
5963}
5964
5965
5966static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq)
5967{
5968 struct ipc_security_struct *isec;
5969 struct common_audit_data ad;
5970 u32 sid = current_sid();
5971 int rc;
5972
5973 rc = ipc_alloc_security(msq, SECCLASS_MSGQ);
5974 if (rc)
5975 return rc;
5976
5977 isec = msq->security;
5978
5979 ad.type = LSM_AUDIT_DATA_IPC;
5980 ad.u.ipc_id = msq->key;
5981
5982 rc = avc_has_perm(&selinux_state,
5983 sid, isec->sid, SECCLASS_MSGQ,
5984 MSGQ__CREATE, &ad);
5985 if (rc) {
5986 ipc_free_security(msq);
5987 return rc;
5988 }
5989 return 0;
5990}
5991
5992static void selinux_msg_queue_free_security(struct kern_ipc_perm *msq)
5993{
5994 ipc_free_security(msq);
5995}
5996
5997static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg)
5998{
5999 struct ipc_security_struct *isec;
6000 struct common_audit_data ad;
6001 u32 sid = current_sid();
6002
6003 isec = msq->security;
6004
6005 ad.type = LSM_AUDIT_DATA_IPC;
6006 ad.u.ipc_id = msq->key;
6007
6008 return avc_has_perm(&selinux_state,
6009 sid, isec->sid, SECCLASS_MSGQ,
6010 MSGQ__ASSOCIATE, &ad);
6011}
6012
6013static int selinux_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd)
6014{
6015 int err;
6016 int perms;
6017
6018 switch (cmd) {
6019 case IPC_INFO:
6020 case MSG_INFO:
6021
6022 return avc_has_perm(&selinux_state,
6023 current_sid(), SECINITSID_KERNEL,
6024 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
6025 case IPC_STAT:
6026 case MSG_STAT:
6027 case MSG_STAT_ANY:
6028 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
6029 break;
6030 case IPC_SET:
6031 perms = MSGQ__SETATTR;
6032 break;
6033 case IPC_RMID:
6034 perms = MSGQ__DESTROY;
6035 break;
6036 default:
6037 return 0;
6038 }
6039
6040 err = ipc_has_perm(msq, perms);
6041 return err;
6042}
6043
6044static int selinux_msg_queue_msgsnd(struct kern_ipc_perm *msq, struct msg_msg *msg, int msqflg)
6045{
6046 struct ipc_security_struct *isec;
6047 struct msg_security_struct *msec;
6048 struct common_audit_data ad;
6049 u32 sid = current_sid();
6050 int rc;
6051
6052 isec = msq->security;
6053 msec = msg->security;
6054
6055
6056
6057
6058 if (msec->sid == SECINITSID_UNLABELED) {
6059
6060
6061
6062
6063 rc = security_transition_sid(&selinux_state, sid, isec->sid,
6064 SECCLASS_MSG, NULL, &msec->sid);
6065 if (rc)
6066 return rc;
6067 }
6068
6069 ad.type = LSM_AUDIT_DATA_IPC;
6070 ad.u.ipc_id = msq->key;
6071
6072
6073 rc = avc_has_perm(&selinux_state,
6074 sid, isec->sid, SECCLASS_MSGQ,
6075 MSGQ__WRITE, &ad);
6076 if (!rc)
6077
6078 rc = avc_has_perm(&selinux_state,
6079 sid, msec->sid, SECCLASS_MSG,
6080 MSG__SEND, &ad);
6081 if (!rc)
6082
6083 rc = avc_has_perm(&selinux_state,
6084 msec->sid, isec->sid, SECCLASS_MSGQ,
6085 MSGQ__ENQUEUE, &ad);
6086
6087 return rc;
6088}
6089
6090static int selinux_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg,
6091 struct task_struct *target,
6092 long type, int mode)
6093{
6094 struct ipc_security_struct *isec;
6095 struct msg_security_struct *msec;
6096 struct common_audit_data ad;
6097 u32 sid = task_sid(target);
6098 int rc;
6099
6100 isec = msq->security;
6101 msec = msg->security;
6102
6103 ad.type = LSM_AUDIT_DATA_IPC;
6104 ad.u.ipc_id = msq->key;
6105
6106 rc = avc_has_perm(&selinux_state,
6107 sid, isec->sid,
6108 SECCLASS_MSGQ, MSGQ__READ, &ad);
6109 if (!rc)
6110 rc = avc_has_perm(&selinux_state,
6111 sid, msec->sid,
6112 SECCLASS_MSG, MSG__RECEIVE, &ad);
6113 return rc;
6114}
6115
6116
6117static int selinux_shm_alloc_security(struct kern_ipc_perm *shp)
6118{
6119 struct ipc_security_struct *isec;
6120 struct common_audit_data ad;
6121 u32 sid = current_sid();
6122 int rc;
6123
6124 rc = ipc_alloc_security(shp, SECCLASS_SHM);
6125 if (rc)
6126 return rc;
6127
6128 isec = shp->security;
6129
6130 ad.type = LSM_AUDIT_DATA_IPC;
6131 ad.u.ipc_id = shp->key;
6132
6133 rc = avc_has_perm(&selinux_state,
6134 sid, isec->sid, SECCLASS_SHM,
6135 SHM__CREATE, &ad);
6136 if (rc) {
6137 ipc_free_security(shp);
6138 return rc;
6139 }
6140 return 0;
6141}
6142
6143static void selinux_shm_free_security(struct kern_ipc_perm *shp)
6144{
6145 ipc_free_security(shp);
6146}
6147
6148static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg)
6149{
6150 struct ipc_security_struct *isec;
6151 struct common_audit_data ad;
6152 u32 sid = current_sid();
6153
6154 isec = shp->security;
6155
6156 ad.type = LSM_AUDIT_DATA_IPC;
6157 ad.u.ipc_id = shp->key;
6158
6159 return avc_has_perm(&selinux_state,
6160 sid, isec->sid, SECCLASS_SHM,
6161 SHM__ASSOCIATE, &ad);
6162}
6163
6164
6165static int selinux_shm_shmctl(struct kern_ipc_perm *shp, int cmd)
6166{
6167 int perms;
6168 int err;
6169
6170 switch (cmd) {
6171 case IPC_INFO:
6172 case SHM_INFO:
6173
6174 return avc_has_perm(&selinux_state,
6175 current_sid(), SECINITSID_KERNEL,
6176 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
6177 case IPC_STAT:
6178 case SHM_STAT:
6179 case SHM_STAT_ANY:
6180 perms = SHM__GETATTR | SHM__ASSOCIATE;
6181 break;
6182 case IPC_SET:
6183 perms = SHM__SETATTR;
6184 break;
6185 case SHM_LOCK:
6186 case SHM_UNLOCK:
6187 perms = SHM__LOCK;
6188 break;
6189 case IPC_RMID:
6190 perms = SHM__DESTROY;
6191 break;
6192 default:
6193 return 0;
6194 }
6195
6196 err = ipc_has_perm(shp, perms);
6197 return err;
6198}
6199
6200static int selinux_shm_shmat(struct kern_ipc_perm *shp,
6201 char __user *shmaddr, int shmflg)
6202{
6203 u32 perms;
6204
6205 if (shmflg & SHM_RDONLY)
6206 perms = SHM__READ;
6207 else
6208 perms = SHM__READ | SHM__WRITE;
6209
6210 return ipc_has_perm(shp, perms);
6211}
6212
6213
6214static int selinux_sem_alloc_security(struct kern_ipc_perm *sma)
6215{
6216 struct ipc_security_struct *isec;
6217 struct common_audit_data ad;
6218 u32 sid = current_sid();
6219 int rc;
6220
6221 rc = ipc_alloc_security(sma, SECCLASS_SEM);
6222 if (rc)
6223 return rc;
6224
6225 isec = sma->security;
6226
6227 ad.type = LSM_AUDIT_DATA_IPC;
6228 ad.u.ipc_id = sma->key;
6229
6230 rc = avc_has_perm(&selinux_state,
6231 sid, isec->sid, SECCLASS_SEM,
6232 SEM__CREATE, &ad);
6233 if (rc) {
6234 ipc_free_security(sma);
6235 return rc;
6236 }
6237 return 0;
6238}
6239
6240static void selinux_sem_free_security(struct kern_ipc_perm *sma)
6241{
6242 ipc_free_security(sma);
6243}
6244
6245static int selinux_sem_associate(struct kern_ipc_perm *sma, int semflg)
6246{
6247 struct ipc_security_struct *isec;
6248 struct common_audit_data ad;
6249 u32 sid = current_sid();
6250
6251 isec = sma->security;
6252
6253 ad.type = LSM_AUDIT_DATA_IPC;
6254 ad.u.ipc_id = sma->key;
6255
6256 return avc_has_perm(&selinux_state,
6257 sid, isec->sid, SECCLASS_SEM,
6258 SEM__ASSOCIATE, &ad);
6259}
6260
6261
6262static int selinux_sem_semctl(struct kern_ipc_perm *sma, int cmd)
6263{
6264 int err;
6265 u32 perms;
6266
6267 switch (cmd) {
6268 case IPC_INFO:
6269 case SEM_INFO:
6270
6271 return avc_has_perm(&selinux_state,
6272 current_sid(), SECINITSID_KERNEL,
6273 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
6274 case GETPID:
6275 case GETNCNT:
6276 case GETZCNT:
6277 perms = SEM__GETATTR;
6278 break;
6279 case GETVAL:
6280 case GETALL:
6281 perms = SEM__READ;
6282 break;
6283 case SETVAL:
6284 case SETALL:
6285 perms = SEM__WRITE;
6286 break;
6287 case IPC_RMID:
6288 perms = SEM__DESTROY;
6289 break;
6290 case IPC_SET:
6291 perms = SEM__SETATTR;
6292 break;
6293 case IPC_STAT:
6294 case SEM_STAT:
6295 case SEM_STAT_ANY:
6296 perms = SEM__GETATTR | SEM__ASSOCIATE;
6297 break;
6298 default:
6299 return 0;
6300 }
6301
6302 err = ipc_has_perm(sma, perms);
6303 return err;
6304}
6305
6306static int selinux_sem_semop(struct kern_ipc_perm *sma,
6307 struct sembuf *sops, unsigned nsops, int alter)
6308{
6309 u32 perms;
6310
6311 if (alter)
6312 perms = SEM__READ | SEM__WRITE;
6313 else
6314 perms = SEM__READ;
6315
6316 return ipc_has_perm(sma, perms);
6317}
6318
6319static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
6320{
6321 u32 av = 0;
6322
6323 av = 0;
6324 if (flag & S_IRUGO)
6325 av |= IPC__UNIX_READ;
6326 if (flag & S_IWUGO)
6327 av |= IPC__UNIX_WRITE;
6328
6329 if (av == 0)
6330 return 0;
6331
6332 return ipc_has_perm(ipcp, av);
6333}
6334
6335static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
6336{
6337 struct ipc_security_struct *isec = ipcp->security;
6338 *secid = isec->sid;
6339}
6340
6341static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
6342{
6343 if (inode)
6344 inode_doinit_with_dentry(inode, dentry);
6345}
6346
6347static int selinux_getprocattr(struct task_struct *p,
6348 char *name, char **value)
6349{
6350 const struct task_security_struct *__tsec;
6351 u32 sid;
6352 int error;
6353 unsigned len;
6354
6355 rcu_read_lock();
6356 __tsec = __task_cred(p)->security;
6357
6358 if (current != p) {
6359 error = avc_has_perm(&selinux_state,
6360 current_sid(), __tsec->sid,
6361 SECCLASS_PROCESS, PROCESS__GETATTR, NULL);
6362 if (error)
6363 goto bad;
6364 }
6365
6366 if (!strcmp(name, "current"))
6367 sid = __tsec->sid;
6368 else if (!strcmp(name, "prev"))
6369 sid = __tsec->osid;
6370 else if (!strcmp(name, "exec"))
6371 sid = __tsec->exec_sid;
6372 else if (!strcmp(name, "fscreate"))
6373 sid = __tsec->create_sid;
6374 else if (!strcmp(name, "keycreate"))
6375 sid = __tsec->keycreate_sid;
6376 else if (!strcmp(name, "sockcreate"))
6377 sid = __tsec->sockcreate_sid;
6378 else {
6379 error = -EINVAL;
6380 goto bad;
6381 }
6382 rcu_read_unlock();
6383
6384 if (!sid)
6385 return 0;
6386
6387 error = security_sid_to_context(&selinux_state, sid, value, &len);
6388 if (error)
6389 return error;
6390 return len;
6391
6392bad:
6393 rcu_read_unlock();
6394 return error;
6395}
6396
6397static int selinux_setprocattr(const char *name, void *value, size_t size)
6398{
6399 struct task_security_struct *tsec;
6400 struct cred *new;
6401 u32 mysid = current_sid(), sid = 0, ptsid;
6402 int error;
6403 char *str = value;
6404
6405
6406
6407
6408 if (!strcmp(name, "exec"))
6409 error = avc_has_perm(&selinux_state,
6410 mysid, mysid, SECCLASS_PROCESS,
6411 PROCESS__SETEXEC, NULL);
6412 else if (!strcmp(name, "fscreate"))
6413 error = avc_has_perm(&selinux_state,
6414 mysid, mysid, SECCLASS_PROCESS,
6415 PROCESS__SETFSCREATE, NULL);
6416 else if (!strcmp(name, "keycreate"))
6417 error = avc_has_perm(&selinux_state,
6418 mysid, mysid, SECCLASS_PROCESS,
6419 PROCESS__SETKEYCREATE, NULL);
6420 else if (!strcmp(name, "sockcreate"))
6421 error = avc_has_perm(&selinux_state,
6422 mysid, mysid, SECCLASS_PROCESS,
6423 PROCESS__SETSOCKCREATE, NULL);
6424 else if (!strcmp(name, "current"))
6425 error = avc_has_perm(&selinux_state,
6426 mysid, mysid, SECCLASS_PROCESS,
6427 PROCESS__SETCURRENT, NULL);
6428 else
6429 error = -EINVAL;
6430 if (error)
6431 return error;
6432
6433
6434 if (size && str[0] && str[0] != '\n') {
6435 if (str[size-1] == '\n') {
6436 str[size-1] = 0;
6437 size--;
6438 }
6439 error = security_context_to_sid(&selinux_state, value, size,
6440 &sid, GFP_KERNEL);
6441 if (error == -EINVAL && !strcmp(name, "fscreate")) {
6442 if (!has_cap_mac_admin(true)) {
6443 struct audit_buffer *ab;
6444 size_t audit_size;
6445
6446
6447
6448 if (str[size - 1] == '\0')
6449 audit_size = size - 1;
6450 else
6451 audit_size = size;
6452 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
6453 audit_log_format(ab, "op=fscreate invalid_context=");
6454 audit_log_n_untrustedstring(ab, value, audit_size);
6455 audit_log_end(ab);
6456
6457 return error;
6458 }
6459 error = security_context_to_sid_force(
6460 &selinux_state,
6461 value, size, &sid);
6462 }
6463 if (error)
6464 return error;
6465 }
6466
6467 new = prepare_creds();
6468 if (!new)
6469 return -ENOMEM;
6470
6471
6472
6473
6474
6475
6476
6477 tsec = new->security;
6478 if (!strcmp(name, "exec")) {
6479 tsec->exec_sid = sid;
6480 } else if (!strcmp(name, "fscreate")) {
6481 tsec->create_sid = sid;
6482 } else if (!strcmp(name, "keycreate")) {
6483 error = avc_has_perm(&selinux_state,
6484 mysid, sid, SECCLASS_KEY, KEY__CREATE,
6485 NULL);
6486 if (error)
6487 goto abort_change;
6488 tsec->keycreate_sid = sid;
6489 } else if (!strcmp(name, "sockcreate")) {
6490 tsec->sockcreate_sid = sid;
6491 } else if (!strcmp(name, "current")) {
6492 error = -EINVAL;
6493 if (sid == 0)
6494 goto abort_change;
6495
6496
6497 error = -EPERM;
6498 if (!current_is_single_threaded()) {
6499 error = security_bounded_transition(&selinux_state,
6500 tsec->sid, sid);
6501 if (error)
6502 goto abort_change;
6503 }
6504
6505
6506 error = avc_has_perm(&selinux_state,
6507 tsec->sid, sid, SECCLASS_PROCESS,
6508 PROCESS__DYNTRANSITION, NULL);
6509 if (error)
6510 goto abort_change;
6511
6512
6513
6514 ptsid = ptrace_parent_sid();
6515 if (ptsid != 0) {
6516 error = avc_has_perm(&selinux_state,
6517 ptsid, sid, SECCLASS_PROCESS,
6518 PROCESS__PTRACE, NULL);
6519 if (error)
6520 goto abort_change;
6521 }
6522
6523 tsec->sid = sid;
6524 } else {
6525 error = -EINVAL;
6526 goto abort_change;
6527 }
6528
6529 commit_creds(new);
6530 return size;
6531
6532abort_change:
6533 abort_creds(new);
6534 return error;
6535}
6536
6537static int selinux_ismaclabel(const char *name)
6538{
6539 return (strcmp(name, XATTR_SELINUX_SUFFIX) == 0);
6540}
6541
6542static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
6543{
6544 return security_sid_to_context(&selinux_state, secid,
6545 secdata, seclen);
6546}
6547
6548static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
6549{
6550 return security_context_to_sid(&selinux_state, secdata, seclen,
6551 secid, GFP_KERNEL);
6552}
6553
6554static void selinux_release_secctx(char *secdata, u32 seclen)
6555{
6556 kfree(secdata);
6557}
6558
6559static void selinux_inode_invalidate_secctx(struct inode *inode)
6560{
6561 struct inode_security_struct *isec = inode->i_security;
6562
6563 spin_lock(&isec->lock);
6564 isec->initialized = LABEL_INVALID;
6565 spin_unlock(&isec->lock);
6566}
6567
6568
6569
6570
6571static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
6572{
6573 return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0);
6574}
6575
6576
6577
6578
6579static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
6580{
6581 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
6582}
6583
6584static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
6585{
6586 int len = 0;
6587 len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,
6588 ctx, true);
6589 if (len < 0)
6590 return len;
6591 *ctxlen = len;
6592 return 0;
6593}
6594#ifdef CONFIG_KEYS
6595
6596static int selinux_key_alloc(struct key *k, const struct cred *cred,
6597 unsigned long flags)
6598{
6599 const struct task_security_struct *tsec;
6600 struct key_security_struct *ksec;
6601
6602 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
6603 if (!ksec)
6604 return -ENOMEM;
6605
6606 tsec = cred->security;
6607 if (tsec->keycreate_sid)
6608 ksec->sid = tsec->keycreate_sid;
6609 else
6610 ksec->sid = tsec->sid;
6611
6612 k->security = ksec;
6613 return 0;
6614}
6615
6616static void selinux_key_free(struct key *k)
6617{
6618 struct key_security_struct *ksec = k->security;
6619
6620 k->security = NULL;
6621 kfree(ksec);
6622}
6623
6624static int selinux_key_permission(key_ref_t key_ref,
6625 const struct cred *cred,
6626 unsigned perm)
6627{
6628 struct key *key;
6629 struct key_security_struct *ksec;
6630 u32 sid;
6631
6632
6633
6634
6635 if (perm == 0)
6636 return 0;
6637
6638 sid = cred_sid(cred);
6639
6640 key = key_ref_to_ptr(key_ref);
6641 ksec = key->security;
6642
6643 return avc_has_perm(&selinux_state,
6644 sid, ksec->sid, SECCLASS_KEY, perm, NULL);
6645}
6646
6647static int selinux_key_getsecurity(struct key *key, char **_buffer)
6648{
6649 struct key_security_struct *ksec = key->security;
6650 char *context = NULL;
6651 unsigned len;
6652 int rc;
6653
6654 rc = security_sid_to_context(&selinux_state, ksec->sid,
6655 &context, &len);
6656 if (!rc)
6657 rc = len;
6658 *_buffer = context;
6659 return rc;
6660}
6661#endif
6662
6663#ifdef CONFIG_SECURITY_INFINIBAND
6664static int selinux_ib_pkey_access(void *ib_sec, u64 subnet_prefix, u16 pkey_val)
6665{
6666 struct common_audit_data ad;
6667 int err;
6668 u32 sid = 0;
6669 struct ib_security_struct *sec = ib_sec;
6670 struct lsm_ibpkey_audit ibpkey;
6671
6672 err = sel_ib_pkey_sid(subnet_prefix, pkey_val, &sid);
6673 if (err)
6674 return err;
6675
6676 ad.type = LSM_AUDIT_DATA_IBPKEY;
6677 ibpkey.subnet_prefix = subnet_prefix;
6678 ibpkey.pkey = pkey_val;
6679 ad.u.ibpkey = &ibpkey;
6680 return avc_has_perm(&selinux_state,
6681 sec->sid, sid,
6682 SECCLASS_INFINIBAND_PKEY,
6683 INFINIBAND_PKEY__ACCESS, &ad);
6684}
6685
6686static int selinux_ib_endport_manage_subnet(void *ib_sec, const char *dev_name,
6687 u8 port_num)
6688{
6689 struct common_audit_data ad;
6690 int err;
6691 u32 sid = 0;
6692 struct ib_security_struct *sec = ib_sec;
6693 struct lsm_ibendport_audit ibendport;
6694
6695 err = security_ib_endport_sid(&selinux_state, dev_name, port_num,
6696 &sid);
6697
6698 if (err)
6699 return err;
6700
6701 ad.type = LSM_AUDIT_DATA_IBENDPORT;
6702 strncpy(ibendport.dev_name, dev_name, sizeof(ibendport.dev_name));
6703 ibendport.port = port_num;
6704 ad.u.ibendport = &ibendport;
6705 return avc_has_perm(&selinux_state,
6706 sec->sid, sid,
6707 SECCLASS_INFINIBAND_ENDPORT,
6708 INFINIBAND_ENDPORT__MANAGE_SUBNET, &ad);
6709}
6710
6711static int selinux_ib_alloc_security(void **ib_sec)
6712{
6713 struct ib_security_struct *sec;
6714
6715 sec = kzalloc(sizeof(*sec), GFP_KERNEL);
6716 if (!sec)
6717 return -ENOMEM;
6718 sec->sid = current_sid();
6719
6720 *ib_sec = sec;
6721 return 0;
6722}
6723
6724static void selinux_ib_free_security(void *ib_sec)
6725{
6726 kfree(ib_sec);
6727}
6728#endif
6729
6730#ifdef CONFIG_BPF_SYSCALL
6731static int selinux_bpf(int cmd, union bpf_attr *attr,
6732 unsigned int size)
6733{
6734 u32 sid = current_sid();
6735 int ret;
6736
6737 switch (cmd) {
6738 case BPF_MAP_CREATE:
6739 ret = avc_has_perm(&selinux_state,
6740 sid, sid, SECCLASS_BPF, BPF__MAP_CREATE,
6741 NULL);
6742 break;
6743 case BPF_PROG_LOAD:
6744 ret = avc_has_perm(&selinux_state,
6745 sid, sid, SECCLASS_BPF, BPF__PROG_LOAD,
6746 NULL);
6747 break;
6748 default:
6749 ret = 0;
6750 break;
6751 }
6752
6753 return ret;
6754}
6755
6756static u32 bpf_map_fmode_to_av(fmode_t fmode)
6757{
6758 u32 av = 0;
6759
6760 if (fmode & FMODE_READ)
6761 av |= BPF__MAP_READ;
6762 if (fmode & FMODE_WRITE)
6763 av |= BPF__MAP_WRITE;
6764 return av;
6765}
6766
6767
6768
6769
6770
6771
6772
6773
6774
6775static int bpf_fd_pass(struct file *file, u32 sid)
6776{
6777 struct bpf_security_struct *bpfsec;
6778 struct bpf_prog *prog;
6779 struct bpf_map *map;
6780 int ret;
6781
6782 if (file->f_op == &bpf_map_fops) {
6783 map = file->private_data;
6784 bpfsec = map->security;
6785 ret = avc_has_perm(&selinux_state,
6786 sid, bpfsec->sid, SECCLASS_BPF,
6787 bpf_map_fmode_to_av(file->f_mode), NULL);
6788 if (ret)
6789 return ret;
6790 } else if (file->f_op == &bpf_prog_fops) {
6791 prog = file->private_data;
6792 bpfsec = prog->aux->security;
6793 ret = avc_has_perm(&selinux_state,
6794 sid, bpfsec->sid, SECCLASS_BPF,
6795 BPF__PROG_RUN, NULL);
6796 if (ret)
6797 return ret;
6798 }
6799 return 0;
6800}
6801
6802static int selinux_bpf_map(struct bpf_map *map, fmode_t fmode)
6803{
6804 u32 sid = current_sid();
6805 struct bpf_security_struct *bpfsec;
6806
6807 bpfsec = map->security;
6808 return avc_has_perm(&selinux_state,
6809 sid, bpfsec->sid, SECCLASS_BPF,
6810 bpf_map_fmode_to_av(fmode), NULL);
6811}
6812
6813static int selinux_bpf_prog(struct bpf_prog *prog)
6814{
6815 u32 sid = current_sid();
6816 struct bpf_security_struct *bpfsec;
6817
6818 bpfsec = prog->aux->security;
6819 return avc_has_perm(&selinux_state,
6820 sid, bpfsec->sid, SECCLASS_BPF,
6821 BPF__PROG_RUN, NULL);
6822}
6823
6824static int selinux_bpf_map_alloc(struct bpf_map *map)
6825{
6826 struct bpf_security_struct *bpfsec;
6827
6828 bpfsec = kzalloc(sizeof(*bpfsec), GFP_KERNEL);
6829 if (!bpfsec)
6830 return -ENOMEM;
6831
6832 bpfsec->sid = current_sid();
6833 map->security = bpfsec;
6834
6835 return 0;
6836}
6837
6838static void selinux_bpf_map_free(struct bpf_map *map)
6839{
6840 struct bpf_security_struct *bpfsec = map->security;
6841
6842 map->security = NULL;
6843 kfree(bpfsec);
6844}
6845
6846static int selinux_bpf_prog_alloc(struct bpf_prog_aux *aux)
6847{
6848 struct bpf_security_struct *bpfsec;
6849
6850 bpfsec = kzalloc(sizeof(*bpfsec), GFP_KERNEL);
6851 if (!bpfsec)
6852 return -ENOMEM;
6853
6854 bpfsec->sid = current_sid();
6855 aux->security = bpfsec;
6856
6857 return 0;
6858}
6859
6860static void selinux_bpf_prog_free(struct bpf_prog_aux *aux)
6861{
6862 struct bpf_security_struct *bpfsec = aux->security;
6863
6864 aux->security = NULL;
6865 kfree(bpfsec);
6866}
6867#endif
6868
6869static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
6870 LSM_HOOK_INIT(binder_set_context_mgr, selinux_binder_set_context_mgr),
6871 LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction),
6872 LSM_HOOK_INIT(binder_transfer_binder, selinux_binder_transfer_binder),
6873 LSM_HOOK_INIT(binder_transfer_file, selinux_binder_transfer_file),
6874
6875 LSM_HOOK_INIT(ptrace_access_check, selinux_ptrace_access_check),
6876 LSM_HOOK_INIT(ptrace_traceme, selinux_ptrace_traceme),
6877 LSM_HOOK_INIT(capget, selinux_capget),
6878 LSM_HOOK_INIT(capset, selinux_capset),
6879 LSM_HOOK_INIT(capable, selinux_capable),
6880 LSM_HOOK_INIT(quotactl, selinux_quotactl),
6881 LSM_HOOK_INIT(quota_on, selinux_quota_on),
6882 LSM_HOOK_INIT(syslog, selinux_syslog),
6883 LSM_HOOK_INIT(vm_enough_memory, selinux_vm_enough_memory),
6884
6885 LSM_HOOK_INIT(netlink_send, selinux_netlink_send),
6886
6887 LSM_HOOK_INIT(bprm_set_creds, selinux_bprm_set_creds),
6888 LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds),
6889 LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds),
6890
6891 LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security),
6892 LSM_HOOK_INIT(sb_free_security, selinux_sb_free_security),
6893 LSM_HOOK_INIT(sb_copy_data, selinux_sb_copy_data),
6894 LSM_HOOK_INIT(sb_remount, selinux_sb_remount),
6895 LSM_HOOK_INIT(sb_kern_mount, selinux_sb_kern_mount),
6896 LSM_HOOK_INIT(sb_show_options, selinux_sb_show_options),
6897 LSM_HOOK_INIT(sb_statfs, selinux_sb_statfs),
6898 LSM_HOOK_INIT(sb_mount, selinux_mount),
6899 LSM_HOOK_INIT(sb_umount, selinux_umount),
6900 LSM_HOOK_INIT(sb_set_mnt_opts, selinux_set_mnt_opts),
6901 LSM_HOOK_INIT(sb_clone_mnt_opts, selinux_sb_clone_mnt_opts),
6902 LSM_HOOK_INIT(sb_parse_opts_str, selinux_parse_opts_str),
6903
6904 LSM_HOOK_INIT(dentry_init_security, selinux_dentry_init_security),
6905 LSM_HOOK_INIT(dentry_create_files_as, selinux_dentry_create_files_as),
6906
6907 LSM_HOOK_INIT(inode_alloc_security, selinux_inode_alloc_security),
6908 LSM_HOOK_INIT(inode_free_security, selinux_inode_free_security),
6909 LSM_HOOK_INIT(inode_init_security, selinux_inode_init_security),
6910 LSM_HOOK_INIT(inode_create, selinux_inode_create),
6911 LSM_HOOK_INIT(inode_link, selinux_inode_link),
6912 LSM_HOOK_INIT(inode_unlink, selinux_inode_unlink),
6913 LSM_HOOK_INIT(inode_symlink, selinux_inode_symlink),
6914 LSM_HOOK_INIT(inode_mkdir, selinux_inode_mkdir),
6915 LSM_HOOK_INIT(inode_rmdir, selinux_inode_rmdir),
6916 LSM_HOOK_INIT(inode_mknod, selinux_inode_mknod),
6917 LSM_HOOK_INIT(inode_rename, selinux_inode_rename),
6918 LSM_HOOK_INIT(inode_readlink, selinux_inode_readlink),
6919 LSM_HOOK_INIT(inode_follow_link, selinux_inode_follow_link),
6920 LSM_HOOK_INIT(inode_permission, selinux_inode_permission),
6921 LSM_HOOK_INIT(inode_setattr, selinux_inode_setattr),
6922 LSM_HOOK_INIT(inode_getattr, selinux_inode_getattr),
6923 LSM_HOOK_INIT(inode_setxattr, selinux_inode_setxattr),
6924 LSM_HOOK_INIT(inode_post_setxattr, selinux_inode_post_setxattr),
6925 LSM_HOOK_INIT(inode_getxattr, selinux_inode_getxattr),
6926 LSM_HOOK_INIT(inode_listxattr, selinux_inode_listxattr),
6927 LSM_HOOK_INIT(inode_removexattr, selinux_inode_removexattr),
6928 LSM_HOOK_INIT(inode_getsecurity, selinux_inode_getsecurity),
6929 LSM_HOOK_INIT(inode_setsecurity, selinux_inode_setsecurity),
6930 LSM_HOOK_INIT(inode_listsecurity, selinux_inode_listsecurity),
6931 LSM_HOOK_INIT(inode_getsecid, selinux_inode_getsecid),
6932 LSM_HOOK_INIT(inode_copy_up, selinux_inode_copy_up),
6933 LSM_HOOK_INIT(inode_copy_up_xattr, selinux_inode_copy_up_xattr),
6934
6935 LSM_HOOK_INIT(file_permission, selinux_file_permission),
6936 LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security),
6937 LSM_HOOK_INIT(file_free_security, selinux_file_free_security),
6938 LSM_HOOK_INIT(file_ioctl, selinux_file_ioctl),
6939 LSM_HOOK_INIT(mmap_file, selinux_mmap_file),
6940 LSM_HOOK_INIT(mmap_addr, selinux_mmap_addr),
6941 LSM_HOOK_INIT(file_mprotect, selinux_file_mprotect),
6942 LSM_HOOK_INIT(file_lock, selinux_file_lock),
6943 LSM_HOOK_INIT(file_fcntl, selinux_file_fcntl),
6944 LSM_HOOK_INIT(file_set_fowner, selinux_file_set_fowner),
6945 LSM_HOOK_INIT(file_send_sigiotask, selinux_file_send_sigiotask),
6946 LSM_HOOK_INIT(file_receive, selinux_file_receive),
6947
6948 LSM_HOOK_INIT(file_open, selinux_file_open),
6949
6950 LSM_HOOK_INIT(task_alloc, selinux_task_alloc),
6951 LSM_HOOK_INIT(cred_alloc_blank, selinux_cred_alloc_blank),
6952 LSM_HOOK_INIT(cred_free, selinux_cred_free),
6953 LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare),
6954 LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer),
6955 LSM_HOOK_INIT(cred_getsecid, selinux_cred_getsecid),
6956 LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as),
6957 LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as),
6958 LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request),
6959 LSM_HOOK_INIT(kernel_read_file, selinux_kernel_read_file),
6960 LSM_HOOK_INIT(task_setpgid, selinux_task_setpgid),
6961 LSM_HOOK_INIT(task_getpgid, selinux_task_getpgid),
6962 LSM_HOOK_INIT(task_getsid, selinux_task_getsid),
6963 LSM_HOOK_INIT(task_getsecid, selinux_task_getsecid),
6964 LSM_HOOK_INIT(task_setnice, selinux_task_setnice),
6965 LSM_HOOK_INIT(task_setioprio, selinux_task_setioprio),
6966 LSM_HOOK_INIT(task_getioprio, selinux_task_getioprio),
6967 LSM_HOOK_INIT(task_prlimit, selinux_task_prlimit),
6968 LSM_HOOK_INIT(task_setrlimit, selinux_task_setrlimit),
6969 LSM_HOOK_INIT(task_setscheduler, selinux_task_setscheduler),
6970 LSM_HOOK_INIT(task_getscheduler, selinux_task_getscheduler),
6971 LSM_HOOK_INIT(task_movememory, selinux_task_movememory),
6972 LSM_HOOK_INIT(task_kill, selinux_task_kill),
6973 LSM_HOOK_INIT(task_to_inode, selinux_task_to_inode),
6974
6975 LSM_HOOK_INIT(ipc_permission, selinux_ipc_permission),
6976 LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid),
6977
6978 LSM_HOOK_INIT(msg_msg_alloc_security, selinux_msg_msg_alloc_security),
6979 LSM_HOOK_INIT(msg_msg_free_security, selinux_msg_msg_free_security),
6980
6981 LSM_HOOK_INIT(msg_queue_alloc_security,
6982 selinux_msg_queue_alloc_security),
6983 LSM_HOOK_INIT(msg_queue_free_security, selinux_msg_queue_free_security),
6984 LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate),
6985 LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl),
6986 LSM_HOOK_INIT(msg_queue_msgsnd, selinux_msg_queue_msgsnd),
6987 LSM_HOOK_INIT(msg_queue_msgrcv, selinux_msg_queue_msgrcv),
6988
6989 LSM_HOOK_INIT(shm_alloc_security, selinux_shm_alloc_security),
6990 LSM_HOOK_INIT(shm_free_security, selinux_shm_free_security),
6991 LSM_HOOK_INIT(shm_associate, selinux_shm_associate),
6992 LSM_HOOK_INIT(shm_shmctl, selinux_shm_shmctl),
6993 LSM_HOOK_INIT(shm_shmat, selinux_shm_shmat),
6994
6995 LSM_HOOK_INIT(sem_alloc_security, selinux_sem_alloc_security),
6996 LSM_HOOK_INIT(sem_free_security, selinux_sem_free_security),
6997 LSM_HOOK_INIT(sem_associate, selinux_sem_associate),
6998 LSM_HOOK_INIT(sem_semctl, selinux_sem_semctl),
6999 LSM_HOOK_INIT(sem_semop, selinux_sem_semop),
7000
7001 LSM_HOOK_INIT(d_instantiate, selinux_d_instantiate),
7002
7003 LSM_HOOK_INIT(getprocattr, selinux_getprocattr),
7004 LSM_HOOK_INIT(setprocattr, selinux_setprocattr),
7005
7006 LSM_HOOK_INIT(ismaclabel, selinux_ismaclabel),
7007 LSM_HOOK_INIT(secid_to_secctx, selinux_secid_to_secctx),
7008 LSM_HOOK_INIT(secctx_to_secid, selinux_secctx_to_secid),
7009 LSM_HOOK_INIT(release_secctx, selinux_release_secctx),
7010 LSM_HOOK_INIT(inode_invalidate_secctx, selinux_inode_invalidate_secctx),
7011 LSM_HOOK_INIT(inode_notifysecctx, selinux_inode_notifysecctx),
7012 LSM_HOOK_INIT(inode_setsecctx, selinux_inode_setsecctx),
7013 LSM_HOOK_INIT(inode_getsecctx, selinux_inode_getsecctx),
7014
7015 LSM_HOOK_INIT(unix_stream_connect, selinux_socket_unix_stream_connect),
7016 LSM_HOOK_INIT(unix_may_send, selinux_socket_unix_may_send),
7017
7018 LSM_HOOK_INIT(socket_create, selinux_socket_create),
7019 LSM_HOOK_INIT(socket_post_create, selinux_socket_post_create),
7020 LSM_HOOK_INIT(socket_bind, selinux_socket_bind),
7021 LSM_HOOK_INIT(socket_connect, selinux_socket_connect),
7022 LSM_HOOK_INIT(socket_listen, selinux_socket_listen),
7023 LSM_HOOK_INIT(socket_accept, selinux_socket_accept),
7024 LSM_HOOK_INIT(socket_sendmsg, selinux_socket_sendmsg),
7025 LSM_HOOK_INIT(socket_recvmsg, selinux_socket_recvmsg),
7026 LSM_HOOK_INIT(socket_getsockname, selinux_socket_getsockname),
7027 LSM_HOOK_INIT(socket_getpeername, selinux_socket_getpeername),
7028 LSM_HOOK_INIT(socket_getsockopt, selinux_socket_getsockopt),
7029 LSM_HOOK_INIT(socket_setsockopt, selinux_socket_setsockopt),
7030 LSM_HOOK_INIT(socket_shutdown, selinux_socket_shutdown),
7031 LSM_HOOK_INIT(socket_sock_rcv_skb, selinux_socket_sock_rcv_skb),
7032 LSM_HOOK_INIT(socket_getpeersec_stream,
7033 selinux_socket_getpeersec_stream),
7034 LSM_HOOK_INIT(socket_getpeersec_dgram, selinux_socket_getpeersec_dgram),
7035 LSM_HOOK_INIT(sk_alloc_security, selinux_sk_alloc_security),
7036 LSM_HOOK_INIT(sk_free_security, selinux_sk_free_security),
7037 LSM_HOOK_INIT(sk_clone_security, selinux_sk_clone_security),
7038 LSM_HOOK_INIT(sk_getsecid, selinux_sk_getsecid),
7039 LSM_HOOK_INIT(sock_graft, selinux_sock_graft),
7040 LSM_HOOK_INIT(sctp_assoc_request, selinux_sctp_assoc_request),
7041 LSM_HOOK_INIT(sctp_sk_clone, selinux_sctp_sk_clone),
7042 LSM_HOOK_INIT(sctp_bind_connect, selinux_sctp_bind_connect),
7043 LSM_HOOK_INIT(inet_conn_request, selinux_inet_conn_request),
7044 LSM_HOOK_INIT(inet_csk_clone, selinux_inet_csk_clone),
7045 LSM_HOOK_INIT(inet_conn_established, selinux_inet_conn_established),
7046 LSM_HOOK_INIT(secmark_relabel_packet, selinux_secmark_relabel_packet),
7047 LSM_HOOK_INIT(secmark_refcount_inc, selinux_secmark_refcount_inc),
7048 LSM_HOOK_INIT(secmark_refcount_dec, selinux_secmark_refcount_dec),
7049 LSM_HOOK_INIT(req_classify_flow, selinux_req_classify_flow),
7050 LSM_HOOK_INIT(tun_dev_alloc_security, selinux_tun_dev_alloc_security),
7051 LSM_HOOK_INIT(tun_dev_free_security, selinux_tun_dev_free_security),
7052 LSM_HOOK_INIT(tun_dev_create, selinux_tun_dev_create),
7053 LSM_HOOK_INIT(tun_dev_attach_queue, selinux_tun_dev_attach_queue),
7054 LSM_HOOK_INIT(tun_dev_attach, selinux_tun_dev_attach),
7055 LSM_HOOK_INIT(tun_dev_open, selinux_tun_dev_open),
7056#ifdef CONFIG_SECURITY_INFINIBAND
7057 LSM_HOOK_INIT(ib_pkey_access, selinux_ib_pkey_access),
7058 LSM_HOOK_INIT(ib_endport_manage_subnet,
7059 selinux_ib_endport_manage_subnet),
7060 LSM_HOOK_INIT(ib_alloc_security, selinux_ib_alloc_security),
7061 LSM_HOOK_INIT(ib_free_security, selinux_ib_free_security),
7062#endif
7063#ifdef CONFIG_SECURITY_NETWORK_XFRM
7064 LSM_HOOK_INIT(xfrm_policy_alloc_security, selinux_xfrm_policy_alloc),
7065 LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone),
7066 LSM_HOOK_INIT(xfrm_policy_free_security, selinux_xfrm_policy_free),
7067 LSM_HOOK_INIT(xfrm_policy_delete_security, selinux_xfrm_policy_delete),
7068 LSM_HOOK_INIT(xfrm_state_alloc, selinux_xfrm_state_alloc),
7069 LSM_HOOK_INIT(xfrm_state_alloc_acquire,
7070 selinux_xfrm_state_alloc_acquire),
7071 LSM_HOOK_INIT(xfrm_state_free_security, selinux_xfrm_state_free),
7072 LSM_HOOK_INIT(xfrm_state_delete_security, selinux_xfrm_state_delete),
7073 LSM_HOOK_INIT(xfrm_policy_lookup, selinux_xfrm_policy_lookup),
7074 LSM_HOOK_INIT(xfrm_state_pol_flow_match,
7075 selinux_xfrm_state_pol_flow_match),
7076 LSM_HOOK_INIT(xfrm_decode_session, selinux_xfrm_decode_session),
7077#endif
7078
7079#ifdef CONFIG_KEYS
7080 LSM_HOOK_INIT(key_alloc, selinux_key_alloc),
7081 LSM_HOOK_INIT(key_free, selinux_key_free),
7082 LSM_HOOK_INIT(key_permission, selinux_key_permission),
7083 LSM_HOOK_INIT(key_getsecurity, selinux_key_getsecurity),
7084#endif
7085
7086#ifdef CONFIG_AUDIT
7087 LSM_HOOK_INIT(audit_rule_init, selinux_audit_rule_init),
7088 LSM_HOOK_INIT(audit_rule_known, selinux_audit_rule_known),
7089 LSM_HOOK_INIT(audit_rule_match, selinux_audit_rule_match),
7090 LSM_HOOK_INIT(audit_rule_free, selinux_audit_rule_free),
7091#endif
7092
7093#ifdef CONFIG_BPF_SYSCALL
7094 LSM_HOOK_INIT(bpf, selinux_bpf),
7095 LSM_HOOK_INIT(bpf_map, selinux_bpf_map),
7096 LSM_HOOK_INIT(bpf_prog, selinux_bpf_prog),
7097 LSM_HOOK_INIT(bpf_map_alloc_security, selinux_bpf_map_alloc),
7098 LSM_HOOK_INIT(bpf_prog_alloc_security, selinux_bpf_prog_alloc),
7099 LSM_HOOK_INIT(bpf_map_free_security, selinux_bpf_map_free),
7100 LSM_HOOK_INIT(bpf_prog_free_security, selinux_bpf_prog_free),
7101#endif
7102};
7103
7104static __init int selinux_init(void)
7105{
7106 if (!security_module_enable("selinux")) {
7107 selinux_enabled = 0;
7108 return 0;
7109 }
7110
7111 if (!selinux_enabled) {
7112 printk(KERN_INFO "SELinux: Disabled at boot.\n");
7113 return 0;
7114 }
7115
7116 printk(KERN_INFO "SELinux: Initializing.\n");
7117
7118 memset(&selinux_state, 0, sizeof(selinux_state));
7119 enforcing_set(&selinux_state, selinux_enforcing_boot);
7120 selinux_state.checkreqprot = selinux_checkreqprot_boot;
7121 selinux_ss_init(&selinux_state.ss);
7122 selinux_avc_init(&selinux_state.avc);
7123
7124
7125 cred_init_security();
7126
7127 default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
7128
7129 sel_inode_cache = kmem_cache_create("selinux_inode_security",
7130 sizeof(struct inode_security_struct),
7131 0, SLAB_PANIC, NULL);
7132 file_security_cache = kmem_cache_create("selinux_file_security",
7133 sizeof(struct file_security_struct),
7134 0, SLAB_PANIC, NULL);
7135 avc_init();
7136
7137 avtab_cache_init();
7138
7139 ebitmap_cache_init();
7140
7141 hashtab_cache_init();
7142
7143 security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux");
7144
7145 if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET))
7146 panic("SELinux: Unable to register AVC netcache callback\n");
7147
7148 if (avc_add_callback(selinux_lsm_notifier_avc_callback, AVC_CALLBACK_RESET))
7149 panic("SELinux: Unable to register AVC LSM notifier callback\n");
7150
7151 if (selinux_enforcing_boot)
7152 printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
7153 else
7154 printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
7155
7156 return 0;
7157}
7158
7159static void delayed_superblock_init(struct super_block *sb, void *unused)
7160{
7161 superblock_doinit(sb, NULL);
7162}
7163
7164void selinux_complete_init(void)
7165{
7166 printk(KERN_DEBUG "SELinux: Completing initialization.\n");
7167
7168
7169 printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
7170 iterate_supers(delayed_superblock_init, NULL);
7171}
7172
7173
7174
7175security_initcall(selinux_init);
7176
7177#if defined(CONFIG_NETFILTER)
7178
7179static const struct nf_hook_ops selinux_nf_ops[] = {
7180 {
7181 .hook = selinux_ipv4_postroute,
7182 .pf = NFPROTO_IPV4,
7183 .hooknum = NF_INET_POST_ROUTING,
7184 .priority = NF_IP_PRI_SELINUX_LAST,
7185 },
7186 {
7187 .hook = selinux_ipv4_forward,
7188 .pf = NFPROTO_IPV4,
7189 .hooknum = NF_INET_FORWARD,
7190 .priority = NF_IP_PRI_SELINUX_FIRST,
7191 },
7192 {
7193 .hook = selinux_ipv4_output,
7194 .pf = NFPROTO_IPV4,
7195 .hooknum = NF_INET_LOCAL_OUT,
7196 .priority = NF_IP_PRI_SELINUX_FIRST,
7197 },
7198#if IS_ENABLED(CONFIG_IPV6)
7199 {
7200 .hook = selinux_ipv6_postroute,
7201 .pf = NFPROTO_IPV6,
7202 .hooknum = NF_INET_POST_ROUTING,
7203 .priority = NF_IP6_PRI_SELINUX_LAST,
7204 },
7205 {
7206 .hook = selinux_ipv6_forward,
7207 .pf = NFPROTO_IPV6,
7208 .hooknum = NF_INET_FORWARD,
7209 .priority = NF_IP6_PRI_SELINUX_FIRST,
7210 },
7211 {
7212 .hook = selinux_ipv6_output,
7213 .pf = NFPROTO_IPV6,
7214 .hooknum = NF_INET_LOCAL_OUT,
7215 .priority = NF_IP6_PRI_SELINUX_FIRST,
7216 },
7217#endif
7218};
7219
7220static int __net_init selinux_nf_register(struct net *net)
7221{
7222 return nf_register_net_hooks(net, selinux_nf_ops,
7223 ARRAY_SIZE(selinux_nf_ops));
7224}
7225
7226static void __net_exit selinux_nf_unregister(struct net *net)
7227{
7228 nf_unregister_net_hooks(net, selinux_nf_ops,
7229 ARRAY_SIZE(selinux_nf_ops));
7230}
7231
7232static struct pernet_operations selinux_net_ops = {
7233 .init = selinux_nf_register,
7234 .exit = selinux_nf_unregister,
7235};
7236
7237static int __init selinux_nf_ip_init(void)
7238{
7239 int err;
7240
7241 if (!selinux_enabled)
7242 return 0;
7243
7244 printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
7245
7246 err = register_pernet_subsys(&selinux_net_ops);
7247 if (err)
7248 panic("SELinux: register_pernet_subsys: error %d\n", err);
7249
7250 return 0;
7251}
7252__initcall(selinux_nf_ip_init);
7253
7254#ifdef CONFIG_SECURITY_SELINUX_DISABLE
7255static void selinux_nf_ip_exit(void)
7256{
7257 printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
7258
7259 unregister_pernet_subsys(&selinux_net_ops);
7260}
7261#endif
7262
7263#else
7264
7265#ifdef CONFIG_SECURITY_SELINUX_DISABLE
7266#define selinux_nf_ip_exit()
7267#endif
7268
7269#endif
7270
7271#ifdef CONFIG_SECURITY_SELINUX_DISABLE
7272int selinux_disable(struct selinux_state *state)
7273{
7274 if (state->initialized) {
7275
7276 return -EINVAL;
7277 }
7278
7279 if (state->disabled) {
7280
7281 return -EINVAL;
7282 }
7283
7284 state->disabled = 1;
7285
7286 printk(KERN_INFO "SELinux: Disabled at runtime.\n");
7287
7288 selinux_enabled = 0;
7289
7290 security_delete_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks));
7291
7292
7293 avc_disable();
7294
7295
7296 selinux_nf_ip_exit();
7297
7298
7299 exit_sel_fs();
7300
7301 return 0;
7302}
7303#endif
7304