1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/init.h>
28#include <linux/kd.h>
29#include <linux/kernel.h>
30#include <linux/tracehook.h>
31#include <linux/errno.h>
32#include <linux/sched/signal.h>
33#include <linux/sched/task.h>
34#include <linux/lsm_hooks.h>
35#include <linux/xattr.h>
36#include <linux/capability.h>
37#include <linux/unistd.h>
38#include <linux/mm.h>
39#include <linux/mman.h>
40#include <linux/slab.h>
41#include <linux/pagemap.h>
42#include <linux/proc_fs.h>
43#include <linux/swap.h>
44#include <linux/spinlock.h>
45#include <linux/syscalls.h>
46#include <linux/dcache.h>
47#include <linux/file.h>
48#include <linux/fdtable.h>
49#include <linux/namei.h>
50#include <linux/mount.h>
51#include <linux/netfilter_ipv4.h>
52#include <linux/netfilter_ipv6.h>
53#include <linux/tty.h>
54#include <net/icmp.h>
55#include <net/ip.h>
56#include <net/tcp.h>
57#include <net/inet_connection_sock.h>
58#include <net/net_namespace.h>
59#include <net/netlabel.h>
60#include <linux/uaccess.h>
61#include <asm/ioctls.h>
62#include <linux/atomic.h>
63#include <linux/bitops.h>
64#include <linux/interrupt.h>
65#include <linux/netdevice.h>
66#include <net/netlink.h>
67#include <linux/tcp.h>
68#include <linux/udp.h>
69#include <linux/dccp.h>
70#include <linux/sctp.h>
71#include <net/sctp/structs.h>
72#include <linux/quota.h>
73#include <linux/un.h>
74#include <net/af_unix.h>
75#include <linux/parser.h>
76#include <linux/nfs_mount.h>
77#include <net/ipv6.h>
78#include <linux/hugetlb.h>
79#include <linux/personality.h>
80#include <linux/audit.h>
81#include <linux/string.h>
82#include <linux/selinux.h>
83#include <linux/mutex.h>
84#include <linux/posix-timers.h>
85#include <linux/syslog.h>
86#include <linux/user_namespace.h>
87#include <linux/export.h>
88#include <linux/msg.h>
89#include <linux/shm.h>
90#include <linux/bpf.h>
91
92#include "avc.h"
93#include "objsec.h"
94#include "netif.h"
95#include "netnode.h"
96#include "netport.h"
97#include "ibpkey.h"
98#include "xfrm.h"
99#include "netlabel.h"
100#include "audit.h"
101#include "avc_ss.h"
102
103struct selinux_state selinux_state;
104
105
106static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
107
108#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
109static int selinux_enforcing_boot;
110
111static int __init enforcing_setup(char *str)
112{
113 unsigned long enforcing;
114 if (!kstrtoul(str, 0, &enforcing))
115 selinux_enforcing_boot = enforcing ? 1 : 0;
116 return 1;
117}
118__setup("enforcing=", enforcing_setup);
119#else
120#define selinux_enforcing_boot 1
121#endif
122
123#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
124int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
125
126static int __init selinux_enabled_setup(char *str)
127{
128 unsigned long enabled;
129 if (!kstrtoul(str, 0, &enabled))
130 selinux_enabled = enabled ? 1 : 0;
131 return 1;
132}
133__setup("selinux=", selinux_enabled_setup);
134#else
135int selinux_enabled = 1;
136#endif
137
138static unsigned int selinux_checkreqprot_boot =
139 CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE;
140
141static int __init checkreqprot_setup(char *str)
142{
143 unsigned long checkreqprot;
144
145 if (!kstrtoul(str, 0, &checkreqprot))
146 selinux_checkreqprot_boot = checkreqprot ? 1 : 0;
147 return 1;
148}
149__setup("checkreqprot=", checkreqprot_setup);
150
151static struct kmem_cache *sel_inode_cache;
152static struct kmem_cache *file_security_cache;
153
154
155
156
157
158
159
160
161
162
163
164
165static int selinux_secmark_enabled(void)
166{
167 return (selinux_policycap_alwaysnetwork() ||
168 atomic_read(&selinux_secmark_refcount));
169}
170
171
172
173
174
175
176
177
178
179
180
181static int selinux_peerlbl_enabled(void)
182{
183 return (selinux_policycap_alwaysnetwork() ||
184 netlbl_enabled() || selinux_xfrm_enabled());
185}
186
187static int selinux_netcache_avc_callback(u32 event)
188{
189 if (event == AVC_CALLBACK_RESET) {
190 sel_netif_flush();
191 sel_netnode_flush();
192 sel_netport_flush();
193 synchronize_net();
194 }
195 return 0;
196}
197
198static int selinux_lsm_notifier_avc_callback(u32 event)
199{
200 if (event == AVC_CALLBACK_RESET) {
201 sel_ib_pkey_flush();
202 call_lsm_notifier(LSM_POLICY_CHANGE, NULL);
203 }
204
205 return 0;
206}
207
208
209
210
211static void cred_init_security(void)
212{
213 struct cred *cred = (struct cred *) current->real_cred;
214 struct task_security_struct *tsec;
215
216 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
217 if (!tsec)
218 panic("SELinux: Failed to initialize initial task.\n");
219
220 tsec->osid = tsec->sid = SECINITSID_KERNEL;
221 cred->security = tsec;
222}
223
224
225
226
227static inline u32 cred_sid(const struct cred *cred)
228{
229 const struct task_security_struct *tsec;
230
231 tsec = cred->security;
232 return tsec->sid;
233}
234
235
236
237
238static inline u32 task_sid(const struct task_struct *task)
239{
240 u32 sid;
241
242 rcu_read_lock();
243 sid = cred_sid(__task_cred(task));
244 rcu_read_unlock();
245 return sid;
246}
247
248
249
250static int inode_alloc_security(struct inode *inode)
251{
252 struct inode_security_struct *isec;
253 u32 sid = current_sid();
254
255 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
256 if (!isec)
257 return -ENOMEM;
258
259 spin_lock_init(&isec->lock);
260 INIT_LIST_HEAD(&isec->list);
261 isec->inode = inode;
262 isec->sid = SECINITSID_UNLABELED;
263 isec->sclass = SECCLASS_FILE;
264 isec->task_sid = sid;
265 isec->initialized = LABEL_INVALID;
266 inode->i_security = isec;
267
268 return 0;
269}
270
271static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
272
273
274
275
276
277
278
279static int __inode_security_revalidate(struct inode *inode,
280 struct dentry *dentry,
281 bool may_sleep)
282{
283 struct inode_security_struct *isec = inode->i_security;
284
285 might_sleep_if(may_sleep);
286
287 if (selinux_state.initialized &&
288 isec->initialized != LABEL_INITIALIZED) {
289 if (!may_sleep)
290 return -ECHILD;
291
292
293
294
295
296
297 inode_doinit_with_dentry(inode, dentry);
298 }
299 return 0;
300}
301
302static struct inode_security_struct *inode_security_novalidate(struct inode *inode)
303{
304 return inode->i_security;
305}
306
307static struct inode_security_struct *inode_security_rcu(struct inode *inode, bool rcu)
308{
309 int error;
310
311 error = __inode_security_revalidate(inode, NULL, !rcu);
312 if (error)
313 return ERR_PTR(error);
314 return inode->i_security;
315}
316
317
318
319
320static struct inode_security_struct *inode_security(struct inode *inode)
321{
322 __inode_security_revalidate(inode, NULL, true);
323 return inode->i_security;
324}
325
326static struct inode_security_struct *backing_inode_security_novalidate(struct dentry *dentry)
327{
328 struct inode *inode = d_backing_inode(dentry);
329
330 return inode->i_security;
331}
332
333
334
335
336static struct inode_security_struct *backing_inode_security(struct dentry *dentry)
337{
338 struct inode *inode = d_backing_inode(dentry);
339
340 __inode_security_revalidate(inode, dentry, true);
341 return inode->i_security;
342}
343
344static void inode_free_rcu(struct rcu_head *head)
345{
346 struct inode_security_struct *isec;
347
348 isec = container_of(head, struct inode_security_struct, rcu);
349 kmem_cache_free(sel_inode_cache, isec);
350}
351
352static void inode_free_security(struct inode *inode)
353{
354 struct inode_security_struct *isec = inode->i_security;
355 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
356
357
358
359
360
361
362
363
364
365
366
367 if (!list_empty_careful(&isec->list)) {
368 spin_lock(&sbsec->isec_lock);
369 list_del_init(&isec->list);
370 spin_unlock(&sbsec->isec_lock);
371 }
372
373
374
375
376
377
378
379
380
381
382 call_rcu(&isec->rcu, inode_free_rcu);
383}
384
385static int file_alloc_security(struct file *file)
386{
387 struct file_security_struct *fsec;
388 u32 sid = current_sid();
389
390 fsec = kmem_cache_zalloc(file_security_cache, GFP_KERNEL);
391 if (!fsec)
392 return -ENOMEM;
393
394 fsec->sid = sid;
395 fsec->fown_sid = sid;
396 file->f_security = fsec;
397
398 return 0;
399}
400
401static void file_free_security(struct file *file)
402{
403 struct file_security_struct *fsec = file->f_security;
404 file->f_security = NULL;
405 kmem_cache_free(file_security_cache, fsec);
406}
407
408static int superblock_alloc_security(struct super_block *sb)
409{
410 struct superblock_security_struct *sbsec;
411
412 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
413 if (!sbsec)
414 return -ENOMEM;
415
416 mutex_init(&sbsec->lock);
417 INIT_LIST_HEAD(&sbsec->isec_head);
418 spin_lock_init(&sbsec->isec_lock);
419 sbsec->sb = sb;
420 sbsec->sid = SECINITSID_UNLABELED;
421 sbsec->def_sid = SECINITSID_FILE;
422 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
423 sb->s_security = sbsec;
424
425 return 0;
426}
427
428static void superblock_free_security(struct super_block *sb)
429{
430 struct superblock_security_struct *sbsec = sb->s_security;
431 sb->s_security = NULL;
432 kfree(sbsec);
433}
434
435static inline int inode_doinit(struct inode *inode)
436{
437 return inode_doinit_with_dentry(inode, NULL);
438}
439
440enum {
441 Opt_error = -1,
442 Opt_context = 1,
443 Opt_fscontext = 2,
444 Opt_defcontext = 3,
445 Opt_rootcontext = 4,
446 Opt_labelsupport = 5,
447 Opt_nextmntopt = 6,
448};
449
450#define NUM_SEL_MNT_OPTS (Opt_nextmntopt - 1)
451
452static const match_table_t tokens = {
453 {Opt_context, CONTEXT_STR "%s"},
454 {Opt_fscontext, FSCONTEXT_STR "%s"},
455 {Opt_defcontext, DEFCONTEXT_STR "%s"},
456 {Opt_rootcontext, ROOTCONTEXT_STR "%s"},
457 {Opt_labelsupport, LABELSUPP_STR},
458 {Opt_error, NULL},
459};
460
461#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
462
463static int may_context_mount_sb_relabel(u32 sid,
464 struct superblock_security_struct *sbsec,
465 const struct cred *cred)
466{
467 const struct task_security_struct *tsec = cred->security;
468 int rc;
469
470 rc = avc_has_perm(&selinux_state,
471 tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
472 FILESYSTEM__RELABELFROM, NULL);
473 if (rc)
474 return rc;
475
476 rc = avc_has_perm(&selinux_state,
477 tsec->sid, sid, SECCLASS_FILESYSTEM,
478 FILESYSTEM__RELABELTO, NULL);
479 return rc;
480}
481
482static int may_context_mount_inode_relabel(u32 sid,
483 struct superblock_security_struct *sbsec,
484 const struct cred *cred)
485{
486 const struct task_security_struct *tsec = cred->security;
487 int rc;
488 rc = avc_has_perm(&selinux_state,
489 tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
490 FILESYSTEM__RELABELFROM, NULL);
491 if (rc)
492 return rc;
493
494 rc = avc_has_perm(&selinux_state,
495 sid, sbsec->sid, SECCLASS_FILESYSTEM,
496 FILESYSTEM__ASSOCIATE, NULL);
497 return rc;
498}
499
500static int selinux_is_sblabel_mnt(struct super_block *sb)
501{
502 struct superblock_security_struct *sbsec = sb->s_security;
503
504 return sbsec->behavior == SECURITY_FS_USE_XATTR ||
505 sbsec->behavior == SECURITY_FS_USE_TRANS ||
506 sbsec->behavior == SECURITY_FS_USE_TASK ||
507 sbsec->behavior == SECURITY_FS_USE_NATIVE ||
508
509 !strcmp(sb->s_type->name, "sysfs") ||
510 !strcmp(sb->s_type->name, "pstore") ||
511 !strcmp(sb->s_type->name, "debugfs") ||
512 !strcmp(sb->s_type->name, "tracefs") ||
513 !strcmp(sb->s_type->name, "rootfs") ||
514 (selinux_policycap_cgroupseclabel() &&
515 (!strcmp(sb->s_type->name, "cgroup") ||
516 !strcmp(sb->s_type->name, "cgroup2")));
517}
518
519static int sb_finish_set_opts(struct super_block *sb)
520{
521 struct superblock_security_struct *sbsec = sb->s_security;
522 struct dentry *root = sb->s_root;
523 struct inode *root_inode = d_backing_inode(root);
524 int rc = 0;
525
526 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
527
528
529
530
531
532 if (!(root_inode->i_opflags & IOP_XATTR)) {
533 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
534 "xattr support\n", sb->s_id, sb->s_type->name);
535 rc = -EOPNOTSUPP;
536 goto out;
537 }
538
539 rc = __vfs_getxattr(root, root_inode, XATTR_NAME_SELINUX, NULL, 0);
540 if (rc < 0 && rc != -ENODATA) {
541 if (rc == -EOPNOTSUPP)
542 printk(KERN_WARNING "SELinux: (dev %s, type "
543 "%s) has no security xattr handler\n",
544 sb->s_id, sb->s_type->name);
545 else
546 printk(KERN_WARNING "SELinux: (dev %s, type "
547 "%s) getxattr errno %d\n", sb->s_id,
548 sb->s_type->name, -rc);
549 goto out;
550 }
551 }
552
553 sbsec->flags |= SE_SBINITIALIZED;
554
555
556
557
558
559
560 if (selinux_is_sblabel_mnt(sb))
561 sbsec->flags |= SBLABEL_MNT;
562 else
563 sbsec->flags &= ~SBLABEL_MNT;
564
565
566 rc = inode_doinit_with_dentry(root_inode, root);
567
568
569
570
571
572 spin_lock(&sbsec->isec_lock);
573next_inode:
574 if (!list_empty(&sbsec->isec_head)) {
575 struct inode_security_struct *isec =
576 list_entry(sbsec->isec_head.next,
577 struct inode_security_struct, list);
578 struct inode *inode = isec->inode;
579 list_del_init(&isec->list);
580 spin_unlock(&sbsec->isec_lock);
581 inode = igrab(inode);
582 if (inode) {
583 if (!IS_PRIVATE(inode))
584 inode_doinit(inode);
585 iput(inode);
586 }
587 spin_lock(&sbsec->isec_lock);
588 goto next_inode;
589 }
590 spin_unlock(&sbsec->isec_lock);
591out:
592 return rc;
593}
594
595
596
597
598
599
600static int selinux_get_mnt_opts(const struct super_block *sb,
601 struct security_mnt_opts *opts)
602{
603 int rc = 0, i;
604 struct superblock_security_struct *sbsec = sb->s_security;
605 char *context = NULL;
606 u32 len;
607 char tmp;
608
609 security_init_mnt_opts(opts);
610
611 if (!(sbsec->flags & SE_SBINITIALIZED))
612 return -EINVAL;
613
614 if (!selinux_state.initialized)
615 return -EINVAL;
616
617
618 BUILD_BUG_ON(SE_MNTMASK >= (1 << NUM_SEL_MNT_OPTS));
619
620 tmp = sbsec->flags & SE_MNTMASK;
621
622 for (i = 0; i < NUM_SEL_MNT_OPTS; i++) {
623 if (tmp & 0x01)
624 opts->num_mnt_opts++;
625 tmp >>= 1;
626 }
627
628 if (sbsec->flags & SBLABEL_MNT)
629 opts->num_mnt_opts++;
630
631 opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
632 if (!opts->mnt_opts) {
633 rc = -ENOMEM;
634 goto out_free;
635 }
636
637 opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);
638 if (!opts->mnt_opts_flags) {
639 rc = -ENOMEM;
640 goto out_free;
641 }
642
643 i = 0;
644 if (sbsec->flags & FSCONTEXT_MNT) {
645 rc = security_sid_to_context(&selinux_state, sbsec->sid,
646 &context, &len);
647 if (rc)
648 goto out_free;
649 opts->mnt_opts[i] = context;
650 opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
651 }
652 if (sbsec->flags & CONTEXT_MNT) {
653 rc = security_sid_to_context(&selinux_state,
654 sbsec->mntpoint_sid,
655 &context, &len);
656 if (rc)
657 goto out_free;
658 opts->mnt_opts[i] = context;
659 opts->mnt_opts_flags[i++] = CONTEXT_MNT;
660 }
661 if (sbsec->flags & DEFCONTEXT_MNT) {
662 rc = security_sid_to_context(&selinux_state, sbsec->def_sid,
663 &context, &len);
664 if (rc)
665 goto out_free;
666 opts->mnt_opts[i] = context;
667 opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;
668 }
669 if (sbsec->flags & ROOTCONTEXT_MNT) {
670 struct dentry *root = sbsec->sb->s_root;
671 struct inode_security_struct *isec = backing_inode_security(root);
672
673 rc = security_sid_to_context(&selinux_state, isec->sid,
674 &context, &len);
675 if (rc)
676 goto out_free;
677 opts->mnt_opts[i] = context;
678 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
679 }
680 if (sbsec->flags & SBLABEL_MNT) {
681 opts->mnt_opts[i] = NULL;
682 opts->mnt_opts_flags[i++] = SBLABEL_MNT;
683 }
684
685 BUG_ON(i != opts->num_mnt_opts);
686
687 return 0;
688
689out_free:
690 security_free_mnt_opts(opts);
691 return rc;
692}
693
694static int bad_option(struct superblock_security_struct *sbsec, char flag,
695 u32 old_sid, u32 new_sid)
696{
697 char mnt_flags = sbsec->flags & SE_MNTMASK;
698
699
700 if (sbsec->flags & SE_SBINITIALIZED)
701 if (!(sbsec->flags & flag) ||
702 (old_sid != new_sid))
703 return 1;
704
705
706
707
708 if (!(sbsec->flags & SE_SBINITIALIZED))
709 if (mnt_flags & flag)
710 return 1;
711 return 0;
712}
713
714
715
716
717
718static int selinux_set_mnt_opts(struct super_block *sb,
719 struct security_mnt_opts *opts,
720 unsigned long kern_flags,
721 unsigned long *set_kern_flags)
722{
723 const struct cred *cred = current_cred();
724 int rc = 0, i;
725 struct superblock_security_struct *sbsec = sb->s_security;
726 const char *name = sb->s_type->name;
727 struct dentry *root = sbsec->sb->s_root;
728 struct inode_security_struct *root_isec;
729 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
730 u32 defcontext_sid = 0;
731 char **mount_options = opts->mnt_opts;
732 int *flags = opts->mnt_opts_flags;
733 int num_opts = opts->num_mnt_opts;
734
735 mutex_lock(&sbsec->lock);
736
737 if (!selinux_state.initialized) {
738 if (!num_opts) {
739
740
741
742 goto out;
743 }
744 rc = -EINVAL;
745 printk(KERN_WARNING "SELinux: Unable to set superblock options "
746 "before the security server is initialized\n");
747 goto out;
748 }
749 if (kern_flags && !set_kern_flags) {
750
751
752 rc = -EINVAL;
753 goto out;
754 }
755
756
757
758
759
760
761
762
763
764
765
766
767 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
768 && (num_opts == 0))
769 goto out;
770
771 root_isec = backing_inode_security_novalidate(root);
772
773
774
775
776
777
778 for (i = 0; i < num_opts; i++) {
779 u32 sid;
780
781 if (flags[i] == SBLABEL_MNT)
782 continue;
783 rc = security_context_str_to_sid(&selinux_state,
784 mount_options[i], &sid,
785 GFP_KERNEL);
786 if (rc) {
787 printk(KERN_WARNING "SELinux: security_context_str_to_sid"
788 "(%s) failed for (dev %s, type %s) errno=%d\n",
789 mount_options[i], sb->s_id, name, rc);
790 goto out;
791 }
792 switch (flags[i]) {
793 case FSCONTEXT_MNT:
794 fscontext_sid = sid;
795
796 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
797 fscontext_sid))
798 goto out_double_mount;
799
800 sbsec->flags |= FSCONTEXT_MNT;
801 break;
802 case CONTEXT_MNT:
803 context_sid = sid;
804
805 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
806 context_sid))
807 goto out_double_mount;
808
809 sbsec->flags |= CONTEXT_MNT;
810 break;
811 case ROOTCONTEXT_MNT:
812 rootcontext_sid = sid;
813
814 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
815 rootcontext_sid))
816 goto out_double_mount;
817
818 sbsec->flags |= ROOTCONTEXT_MNT;
819
820 break;
821 case DEFCONTEXT_MNT:
822 defcontext_sid = sid;
823
824 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
825 defcontext_sid))
826 goto out_double_mount;
827
828 sbsec->flags |= DEFCONTEXT_MNT;
829
830 break;
831 default:
832 rc = -EINVAL;
833 goto out;
834 }
835 }
836
837 if (sbsec->flags & SE_SBINITIALIZED) {
838
839 if ((sbsec->flags & SE_MNTMASK) && !num_opts)
840 goto out_double_mount;
841 rc = 0;
842 goto out;
843 }
844
845 if (strcmp(sb->s_type->name, "proc") == 0)
846 sbsec->flags |= SE_SBPROC | SE_SBGENFS;
847
848 if (!strcmp(sb->s_type->name, "debugfs") ||
849 !strcmp(sb->s_type->name, "tracefs") ||
850 !strcmp(sb->s_type->name, "sysfs") ||
851 !strcmp(sb->s_type->name, "pstore") ||
852 !strcmp(sb->s_type->name, "cgroup") ||
853 !strcmp(sb->s_type->name, "cgroup2"))
854 sbsec->flags |= SE_SBGENFS;
855
856 if (!sbsec->behavior) {
857
858
859
860
861 rc = security_fs_use(&selinux_state, sb);
862 if (rc) {
863 printk(KERN_WARNING
864 "%s: security_fs_use(%s) returned %d\n",
865 __func__, sb->s_type->name, rc);
866 goto out;
867 }
868 }
869
870
871
872
873
874
875 if (sb->s_user_ns != &init_user_ns &&
876 strcmp(sb->s_type->name, "tmpfs") &&
877 strcmp(sb->s_type->name, "ramfs") &&
878 strcmp(sb->s_type->name, "devpts")) {
879 if (context_sid || fscontext_sid || rootcontext_sid ||
880 defcontext_sid) {
881 rc = -EACCES;
882 goto out;
883 }
884 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
885 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
886 rc = security_transition_sid(&selinux_state,
887 current_sid(),
888 current_sid(),
889 SECCLASS_FILE, NULL,
890 &sbsec->mntpoint_sid);
891 if (rc)
892 goto out;
893 }
894 goto out_set_opts;
895 }
896
897
898 if (fscontext_sid) {
899 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
900 if (rc)
901 goto out;
902
903 sbsec->sid = fscontext_sid;
904 }
905
906
907
908
909
910
911 if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !context_sid) {
912 sbsec->behavior = SECURITY_FS_USE_NATIVE;
913 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
914 }
915
916 if (context_sid) {
917 if (!fscontext_sid) {
918 rc = may_context_mount_sb_relabel(context_sid, sbsec,
919 cred);
920 if (rc)
921 goto out;
922 sbsec->sid = context_sid;
923 } else {
924 rc = may_context_mount_inode_relabel(context_sid, sbsec,
925 cred);
926 if (rc)
927 goto out;
928 }
929 if (!rootcontext_sid)
930 rootcontext_sid = context_sid;
931
932 sbsec->mntpoint_sid = context_sid;
933 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
934 }
935
936 if (rootcontext_sid) {
937 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
938 cred);
939 if (rc)
940 goto out;
941
942 root_isec->sid = rootcontext_sid;
943 root_isec->initialized = LABEL_INITIALIZED;
944 }
945
946 if (defcontext_sid) {
947 if (sbsec->behavior != SECURITY_FS_USE_XATTR &&
948 sbsec->behavior != SECURITY_FS_USE_NATIVE) {
949 rc = -EINVAL;
950 printk(KERN_WARNING "SELinux: defcontext option is "
951 "invalid for this filesystem type\n");
952 goto out;
953 }
954
955 if (defcontext_sid != sbsec->def_sid) {
956 rc = may_context_mount_inode_relabel(defcontext_sid,
957 sbsec, cred);
958 if (rc)
959 goto out;
960 }
961
962 sbsec->def_sid = defcontext_sid;
963 }
964
965out_set_opts:
966 rc = sb_finish_set_opts(sb);
967out:
968 mutex_unlock(&sbsec->lock);
969 return rc;
970out_double_mount:
971 rc = -EINVAL;
972 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
973 "security settings for (dev %s, type %s)\n", sb->s_id, name);
974 goto out;
975}
976
977static int selinux_cmp_sb_context(const struct super_block *oldsb,
978 const struct super_block *newsb)
979{
980 struct superblock_security_struct *old = oldsb->s_security;
981 struct superblock_security_struct *new = newsb->s_security;
982 char oldflags = old->flags & SE_MNTMASK;
983 char newflags = new->flags & SE_MNTMASK;
984
985 if (oldflags != newflags)
986 goto mismatch;
987 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid)
988 goto mismatch;
989 if ((oldflags & CONTEXT_MNT) && old->mntpoint_sid != new->mntpoint_sid)
990 goto mismatch;
991 if ((oldflags & DEFCONTEXT_MNT) && old->def_sid != new->def_sid)
992 goto mismatch;
993 if (oldflags & ROOTCONTEXT_MNT) {
994 struct inode_security_struct *oldroot = backing_inode_security(oldsb->s_root);
995 struct inode_security_struct *newroot = backing_inode_security(newsb->s_root);
996 if (oldroot->sid != newroot->sid)
997 goto mismatch;
998 }
999 return 0;
1000mismatch:
1001 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, "
1002 "different security settings for (dev %s, "
1003 "type %s)\n", newsb->s_id, newsb->s_type->name);
1004 return -EBUSY;
1005}
1006
1007static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
1008 struct super_block *newsb,
1009 unsigned long kern_flags,
1010 unsigned long *set_kern_flags)
1011{
1012 int rc = 0;
1013 const struct superblock_security_struct *oldsbsec = oldsb->s_security;
1014 struct superblock_security_struct *newsbsec = newsb->s_security;
1015
1016 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
1017 int set_context = (oldsbsec->flags & CONTEXT_MNT);
1018 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
1019
1020
1021
1022
1023
1024 if (!selinux_state.initialized)
1025 return 0;
1026
1027
1028
1029
1030
1031 if (kern_flags && !set_kern_flags)
1032 return -EINVAL;
1033
1034
1035 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
1036
1037
1038 if (newsbsec->flags & SE_SBINITIALIZED)
1039 return selinux_cmp_sb_context(oldsb, newsb);
1040
1041 mutex_lock(&newsbsec->lock);
1042
1043 newsbsec->flags = oldsbsec->flags;
1044
1045 newsbsec->sid = oldsbsec->sid;
1046 newsbsec->def_sid = oldsbsec->def_sid;
1047 newsbsec->behavior = oldsbsec->behavior;
1048
1049 if (newsbsec->behavior == SECURITY_FS_USE_NATIVE &&
1050 !(kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context) {
1051 rc = security_fs_use(&selinux_state, newsb);
1052 if (rc)
1053 goto out;
1054 }
1055
1056 if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !set_context) {
1057 newsbsec->behavior = SECURITY_FS_USE_NATIVE;
1058 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
1059 }
1060
1061 if (set_context) {
1062 u32 sid = oldsbsec->mntpoint_sid;
1063
1064 if (!set_fscontext)
1065 newsbsec->sid = sid;
1066 if (!set_rootcontext) {
1067 struct inode_security_struct *newisec = backing_inode_security(newsb->s_root);
1068 newisec->sid = sid;
1069 }
1070 newsbsec->mntpoint_sid = sid;
1071 }
1072 if (set_rootcontext) {
1073 const struct inode_security_struct *oldisec = backing_inode_security(oldsb->s_root);
1074 struct inode_security_struct *newisec = backing_inode_security(newsb->s_root);
1075
1076 newisec->sid = oldisec->sid;
1077 }
1078
1079 sb_finish_set_opts(newsb);
1080out:
1081 mutex_unlock(&newsbsec->lock);
1082 return rc;
1083}
1084
1085static int selinux_parse_opts_str(char *options,
1086 struct security_mnt_opts *opts)
1087{
1088 char *p;
1089 char *context = NULL, *defcontext = NULL;
1090 char *fscontext = NULL, *rootcontext = NULL;
1091 int rc, num_mnt_opts = 0;
1092
1093 opts->num_mnt_opts = 0;
1094
1095
1096 while ((p = strsep(&options, "|")) != NULL) {
1097 int token;
1098 substring_t args[MAX_OPT_ARGS];
1099
1100 if (!*p)
1101 continue;
1102
1103 token = match_token(p, tokens, args);
1104
1105 switch (token) {
1106 case Opt_context:
1107 if (context || defcontext) {
1108 rc = -EINVAL;
1109 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
1110 goto out_err;
1111 }
1112 context = match_strdup(&args[0]);
1113 if (!context) {
1114 rc = -ENOMEM;
1115 goto out_err;
1116 }
1117 break;
1118
1119 case Opt_fscontext:
1120 if (fscontext) {
1121 rc = -EINVAL;
1122 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
1123 goto out_err;
1124 }
1125 fscontext = match_strdup(&args[0]);
1126 if (!fscontext) {
1127 rc = -ENOMEM;
1128 goto out_err;
1129 }
1130 break;
1131
1132 case Opt_rootcontext:
1133 if (rootcontext) {
1134 rc = -EINVAL;
1135 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
1136 goto out_err;
1137 }
1138 rootcontext = match_strdup(&args[0]);
1139 if (!rootcontext) {
1140 rc = -ENOMEM;
1141 goto out_err;
1142 }
1143 break;
1144
1145 case Opt_defcontext:
1146 if (context || defcontext) {
1147 rc = -EINVAL;
1148 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
1149 goto out_err;
1150 }
1151 defcontext = match_strdup(&args[0]);
1152 if (!defcontext) {
1153 rc = -ENOMEM;
1154 goto out_err;
1155 }
1156 break;
1157 case Opt_labelsupport:
1158 break;
1159 default:
1160 rc = -EINVAL;
1161 printk(KERN_WARNING "SELinux: unknown mount option\n");
1162 goto out_err;
1163
1164 }
1165 }
1166
1167 rc = -ENOMEM;
1168 opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_KERNEL);
1169 if (!opts->mnt_opts)
1170 goto out_err;
1171
1172 opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int),
1173 GFP_KERNEL);
1174 if (!opts->mnt_opts_flags)
1175 goto out_err;
1176
1177 if (fscontext) {
1178 opts->mnt_opts[num_mnt_opts] = fscontext;
1179 opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;
1180 }
1181 if (context) {
1182 opts->mnt_opts[num_mnt_opts] = context;
1183 opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;
1184 }
1185 if (rootcontext) {
1186 opts->mnt_opts[num_mnt_opts] = rootcontext;
1187 opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;
1188 }
1189 if (defcontext) {
1190 opts->mnt_opts[num_mnt_opts] = defcontext;
1191 opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;
1192 }
1193
1194 opts->num_mnt_opts = num_mnt_opts;
1195 return 0;
1196
1197out_err:
1198 security_free_mnt_opts(opts);
1199 kfree(context);
1200 kfree(defcontext);
1201 kfree(fscontext);
1202 kfree(rootcontext);
1203 return rc;
1204}
1205
1206
1207
1208static int superblock_doinit(struct super_block *sb, void *data)
1209{
1210 int rc = 0;
1211 char *options = data;
1212 struct security_mnt_opts opts;
1213
1214 security_init_mnt_opts(&opts);
1215
1216 if (!data)
1217 goto out;
1218
1219 BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
1220
1221 rc = selinux_parse_opts_str(options, &opts);
1222 if (rc)
1223 goto out_err;
1224
1225out:
1226 rc = selinux_set_mnt_opts(sb, &opts, 0, NULL);
1227
1228out_err:
1229 security_free_mnt_opts(&opts);
1230 return rc;
1231}
1232
1233static void selinux_write_opts(struct seq_file *m,
1234 struct security_mnt_opts *opts)
1235{
1236 int i;
1237 char *prefix;
1238
1239 for (i = 0; i < opts->num_mnt_opts; i++) {
1240 char *has_comma;
1241
1242 if (opts->mnt_opts[i])
1243 has_comma = strchr(opts->mnt_opts[i], ',');
1244 else
1245 has_comma = NULL;
1246
1247 switch (opts->mnt_opts_flags[i]) {
1248 case CONTEXT_MNT:
1249 prefix = CONTEXT_STR;
1250 break;
1251 case FSCONTEXT_MNT:
1252 prefix = FSCONTEXT_STR;
1253 break;
1254 case ROOTCONTEXT_MNT:
1255 prefix = ROOTCONTEXT_STR;
1256 break;
1257 case DEFCONTEXT_MNT:
1258 prefix = DEFCONTEXT_STR;
1259 break;
1260 case SBLABEL_MNT:
1261 seq_putc(m, ',');
1262 seq_puts(m, LABELSUPP_STR);
1263 continue;
1264 default:
1265 BUG();
1266 return;
1267 };
1268
1269 seq_putc(m, ',');
1270 seq_puts(m, prefix);
1271 if (has_comma)
1272 seq_putc(m, '\"');
1273 seq_escape(m, opts->mnt_opts[i], "\"\n\\");
1274 if (has_comma)
1275 seq_putc(m, '\"');
1276 }
1277}
1278
1279static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
1280{
1281 struct security_mnt_opts opts;
1282 int rc;
1283
1284 rc = selinux_get_mnt_opts(sb, &opts);
1285 if (rc) {
1286
1287 if (rc == -EINVAL)
1288 rc = 0;
1289 return rc;
1290 }
1291
1292 selinux_write_opts(m, &opts);
1293
1294 security_free_mnt_opts(&opts);
1295
1296 return rc;
1297}
1298
1299static inline u16 inode_mode_to_security_class(umode_t mode)
1300{
1301 switch (mode & S_IFMT) {
1302 case S_IFSOCK:
1303 return SECCLASS_SOCK_FILE;
1304 case S_IFLNK:
1305 return SECCLASS_LNK_FILE;
1306 case S_IFREG:
1307 return SECCLASS_FILE;
1308 case S_IFBLK:
1309 return SECCLASS_BLK_FILE;
1310 case S_IFDIR:
1311 return SECCLASS_DIR;
1312 case S_IFCHR:
1313 return SECCLASS_CHR_FILE;
1314 case S_IFIFO:
1315 return SECCLASS_FIFO_FILE;
1316
1317 }
1318
1319 return SECCLASS_FILE;
1320}
1321
1322static inline int default_protocol_stream(int protocol)
1323{
1324 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
1325}
1326
1327static inline int default_protocol_dgram(int protocol)
1328{
1329 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
1330}
1331
1332static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1333{
1334 int extsockclass = selinux_policycap_extsockclass();
1335
1336 switch (family) {
1337 case PF_UNIX:
1338 switch (type) {
1339 case SOCK_STREAM:
1340 case SOCK_SEQPACKET:
1341 return SECCLASS_UNIX_STREAM_SOCKET;
1342 case SOCK_DGRAM:
1343 case SOCK_RAW:
1344 return SECCLASS_UNIX_DGRAM_SOCKET;
1345 }
1346 break;
1347 case PF_INET:
1348 case PF_INET6:
1349 switch (type) {
1350 case SOCK_STREAM:
1351 case SOCK_SEQPACKET:
1352 if (default_protocol_stream(protocol))
1353 return SECCLASS_TCP_SOCKET;
1354 else if (extsockclass && protocol == IPPROTO_SCTP)
1355 return SECCLASS_SCTP_SOCKET;
1356 else
1357 return SECCLASS_RAWIP_SOCKET;
1358 case SOCK_DGRAM:
1359 if (default_protocol_dgram(protocol))
1360 return SECCLASS_UDP_SOCKET;
1361 else if (extsockclass && (protocol == IPPROTO_ICMP ||
1362 protocol == IPPROTO_ICMPV6))
1363 return SECCLASS_ICMP_SOCKET;
1364 else
1365 return SECCLASS_RAWIP_SOCKET;
1366 case SOCK_DCCP:
1367 return SECCLASS_DCCP_SOCKET;
1368 default:
1369 return SECCLASS_RAWIP_SOCKET;
1370 }
1371 break;
1372 case PF_NETLINK:
1373 switch (protocol) {
1374 case NETLINK_ROUTE:
1375 return SECCLASS_NETLINK_ROUTE_SOCKET;
1376 case NETLINK_SOCK_DIAG:
1377 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1378 case NETLINK_NFLOG:
1379 return SECCLASS_NETLINK_NFLOG_SOCKET;
1380 case NETLINK_XFRM:
1381 return SECCLASS_NETLINK_XFRM_SOCKET;
1382 case NETLINK_SELINUX:
1383 return SECCLASS_NETLINK_SELINUX_SOCKET;
1384 case NETLINK_ISCSI:
1385 return SECCLASS_NETLINK_ISCSI_SOCKET;
1386 case NETLINK_AUDIT:
1387 return SECCLASS_NETLINK_AUDIT_SOCKET;
1388 case NETLINK_FIB_LOOKUP:
1389 return SECCLASS_NETLINK_FIB_LOOKUP_SOCKET;
1390 case NETLINK_CONNECTOR:
1391 return SECCLASS_NETLINK_CONNECTOR_SOCKET;
1392 case NETLINK_NETFILTER:
1393 return SECCLASS_NETLINK_NETFILTER_SOCKET;
1394 case NETLINK_DNRTMSG:
1395 return SECCLASS_NETLINK_DNRT_SOCKET;
1396 case NETLINK_KOBJECT_UEVENT:
1397 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1398 case NETLINK_GENERIC:
1399 return SECCLASS_NETLINK_GENERIC_SOCKET;
1400 case NETLINK_SCSITRANSPORT:
1401 return SECCLASS_NETLINK_SCSITRANSPORT_SOCKET;
1402 case NETLINK_RDMA:
1403 return SECCLASS_NETLINK_RDMA_SOCKET;
1404 case NETLINK_CRYPTO:
1405 return SECCLASS_NETLINK_CRYPTO_SOCKET;
1406 default:
1407 return SECCLASS_NETLINK_SOCKET;
1408 }
1409 case PF_PACKET:
1410 return SECCLASS_PACKET_SOCKET;
1411 case PF_KEY:
1412 return SECCLASS_KEY_SOCKET;
1413 case PF_APPLETALK:
1414 return SECCLASS_APPLETALK_SOCKET;
1415 }
1416
1417 if (extsockclass) {
1418 switch (family) {
1419 case PF_AX25:
1420 return SECCLASS_AX25_SOCKET;
1421 case PF_IPX:
1422 return SECCLASS_IPX_SOCKET;
1423 case PF_NETROM:
1424 return SECCLASS_NETROM_SOCKET;
1425 case PF_ATMPVC:
1426 return SECCLASS_ATMPVC_SOCKET;
1427 case PF_X25:
1428 return SECCLASS_X25_SOCKET;
1429 case PF_ROSE:
1430 return SECCLASS_ROSE_SOCKET;
1431 case PF_DECnet:
1432 return SECCLASS_DECNET_SOCKET;
1433 case PF_ATMSVC:
1434 return SECCLASS_ATMSVC_SOCKET;
1435 case PF_RDS:
1436 return SECCLASS_RDS_SOCKET;
1437 case PF_IRDA:
1438 return SECCLASS_IRDA_SOCKET;
1439 case PF_PPPOX:
1440 return SECCLASS_PPPOX_SOCKET;
1441 case PF_LLC:
1442 return SECCLASS_LLC_SOCKET;
1443 case PF_CAN:
1444 return SECCLASS_CAN_SOCKET;
1445 case PF_TIPC:
1446 return SECCLASS_TIPC_SOCKET;
1447 case PF_BLUETOOTH:
1448 return SECCLASS_BLUETOOTH_SOCKET;
1449 case PF_IUCV:
1450 return SECCLASS_IUCV_SOCKET;
1451 case PF_RXRPC:
1452 return SECCLASS_RXRPC_SOCKET;
1453 case PF_ISDN:
1454 return SECCLASS_ISDN_SOCKET;
1455 case PF_PHONET:
1456 return SECCLASS_PHONET_SOCKET;
1457 case PF_IEEE802154:
1458 return SECCLASS_IEEE802154_SOCKET;
1459 case PF_CAIF:
1460 return SECCLASS_CAIF_SOCKET;
1461 case PF_ALG:
1462 return SECCLASS_ALG_SOCKET;
1463 case PF_NFC:
1464 return SECCLASS_NFC_SOCKET;
1465 case PF_VSOCK:
1466 return SECCLASS_VSOCK_SOCKET;
1467 case PF_KCM:
1468 return SECCLASS_KCM_SOCKET;
1469 case PF_QIPCRTR:
1470 return SECCLASS_QIPCRTR_SOCKET;
1471 case PF_SMC:
1472 return SECCLASS_SMC_SOCKET;
1473 case PF_XDP:
1474 return SECCLASS_XDP_SOCKET;
1475#if PF_MAX > 45
1476#error New address family defined, please update this function.
1477#endif
1478 }
1479 }
1480
1481 return SECCLASS_SOCKET;
1482}
1483
1484static int selinux_genfs_get_sid(struct dentry *dentry,
1485 u16 tclass,
1486 u16 flags,
1487 u32 *sid)
1488{
1489 int rc;
1490 struct super_block *sb = dentry->d_sb;
1491 char *buffer, *path;
1492
1493 buffer = (char *)__get_free_page(GFP_KERNEL);
1494 if (!buffer)
1495 return -ENOMEM;
1496
1497 path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
1498 if (IS_ERR(path))
1499 rc = PTR_ERR(path);
1500 else {
1501 if (flags & SE_SBPROC) {
1502
1503
1504
1505 while (path[1] >= '0' && path[1] <= '9') {
1506 path[1] = '/';
1507 path++;
1508 }
1509 }
1510 rc = security_genfs_sid(&selinux_state, sb->s_type->name,
1511 path, tclass, sid);
1512 }
1513 free_page((unsigned long)buffer);
1514 return rc;
1515}
1516
1517
1518static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1519{
1520 struct superblock_security_struct *sbsec = NULL;
1521 struct inode_security_struct *isec = inode->i_security;
1522 u32 task_sid, sid = 0;
1523 u16 sclass;
1524 struct dentry *dentry;
1525#define INITCONTEXTLEN 255
1526 char *context = NULL;
1527 unsigned len = 0;
1528 int rc = 0;
1529
1530 if (isec->initialized == LABEL_INITIALIZED)
1531 return 0;
1532
1533 spin_lock(&isec->lock);
1534 if (isec->initialized == LABEL_INITIALIZED)
1535 goto out_unlock;
1536
1537 if (isec->sclass == SECCLASS_FILE)
1538 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1539
1540 sbsec = inode->i_sb->s_security;
1541 if (!(sbsec->flags & SE_SBINITIALIZED)) {
1542
1543
1544
1545 spin_lock(&sbsec->isec_lock);
1546 if (list_empty(&isec->list))
1547 list_add(&isec->list, &sbsec->isec_head);
1548 spin_unlock(&sbsec->isec_lock);
1549 goto out_unlock;
1550 }
1551
1552 sclass = isec->sclass;
1553 task_sid = isec->task_sid;
1554 sid = isec->sid;
1555 isec->initialized = LABEL_PENDING;
1556 spin_unlock(&isec->lock);
1557
1558 switch (sbsec->behavior) {
1559 case SECURITY_FS_USE_NATIVE:
1560 break;
1561 case SECURITY_FS_USE_XATTR:
1562 if (!(inode->i_opflags & IOP_XATTR)) {
1563 sid = sbsec->def_sid;
1564 break;
1565 }
1566
1567
1568 if (opt_dentry) {
1569
1570 dentry = dget(opt_dentry);
1571 } else {
1572
1573
1574
1575
1576
1577
1578 dentry = d_find_alias(inode);
1579 if (!dentry)
1580 dentry = d_find_any_alias(inode);
1581 }
1582 if (!dentry) {
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592 goto out;
1593 }
1594
1595 len = INITCONTEXTLEN;
1596 context = kmalloc(len+1, GFP_NOFS);
1597 if (!context) {
1598 rc = -ENOMEM;
1599 dput(dentry);
1600 goto out;
1601 }
1602 context[len] = '\0';
1603 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len);
1604 if (rc == -ERANGE) {
1605 kfree(context);
1606
1607
1608 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, NULL, 0);
1609 if (rc < 0) {
1610 dput(dentry);
1611 goto out;
1612 }
1613 len = rc;
1614 context = kmalloc(len+1, GFP_NOFS);
1615 if (!context) {
1616 rc = -ENOMEM;
1617 dput(dentry);
1618 goto out;
1619 }
1620 context[len] = '\0';
1621 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len);
1622 }
1623 dput(dentry);
1624 if (rc < 0) {
1625 if (rc != -ENODATA) {
1626 printk(KERN_WARNING "SELinux: %s: getxattr returned "
1627 "%d for dev=%s ino=%ld\n", __func__,
1628 -rc, inode->i_sb->s_id, inode->i_ino);
1629 kfree(context);
1630 goto out;
1631 }
1632
1633 sid = sbsec->def_sid;
1634 rc = 0;
1635 } else {
1636 rc = security_context_to_sid_default(&selinux_state,
1637 context, rc, &sid,
1638 sbsec->def_sid,
1639 GFP_NOFS);
1640 if (rc) {
1641 char *dev = inode->i_sb->s_id;
1642 unsigned long ino = inode->i_ino;
1643
1644 if (rc == -EINVAL) {
1645 if (printk_ratelimit())
1646 printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
1647 "context=%s. This indicates you may need to relabel the inode or the "
1648 "filesystem in question.\n", ino, dev, context);
1649 } else {
1650 printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
1651 "returned %d for dev=%s ino=%ld\n",
1652 __func__, context, -rc, dev, ino);
1653 }
1654 kfree(context);
1655
1656 rc = 0;
1657 break;
1658 }
1659 }
1660 kfree(context);
1661 break;
1662 case SECURITY_FS_USE_TASK:
1663 sid = task_sid;
1664 break;
1665 case SECURITY_FS_USE_TRANS:
1666
1667 sid = sbsec->sid;
1668
1669
1670 rc = security_transition_sid(&selinux_state, task_sid, sid,
1671 sclass, NULL, &sid);
1672 if (rc)
1673 goto out;
1674 break;
1675 case SECURITY_FS_USE_MNTPOINT:
1676 sid = sbsec->mntpoint_sid;
1677 break;
1678 default:
1679
1680 sid = sbsec->sid;
1681
1682 if ((sbsec->flags & SE_SBGENFS) && !S_ISLNK(inode->i_mode)) {
1683
1684
1685 if (opt_dentry) {
1686
1687
1688 dentry = dget(opt_dentry);
1689 } else {
1690
1691
1692
1693
1694 dentry = d_find_alias(inode);
1695 if (!dentry)
1696 dentry = d_find_any_alias(inode);
1697 }
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707 if (!dentry)
1708 goto out;
1709 rc = selinux_genfs_get_sid(dentry, sclass,
1710 sbsec->flags, &sid);
1711 dput(dentry);
1712 if (rc)
1713 goto out;
1714 }
1715 break;
1716 }
1717
1718out:
1719 spin_lock(&isec->lock);
1720 if (isec->initialized == LABEL_PENDING) {
1721 if (!sid || rc) {
1722 isec->initialized = LABEL_INVALID;
1723 goto out_unlock;
1724 }
1725
1726 isec->initialized = LABEL_INITIALIZED;
1727 isec->sid = sid;
1728 }
1729
1730out_unlock:
1731 spin_unlock(&isec->lock);
1732 return rc;
1733}
1734
1735
1736static inline u32 signal_to_av(int sig)
1737{
1738 u32 perm = 0;
1739
1740 switch (sig) {
1741 case SIGCHLD:
1742
1743 perm = PROCESS__SIGCHLD;
1744 break;
1745 case SIGKILL:
1746
1747 perm = PROCESS__SIGKILL;
1748 break;
1749 case SIGSTOP:
1750
1751 perm = PROCESS__SIGSTOP;
1752 break;
1753 default:
1754
1755 perm = PROCESS__SIGNAL;
1756 break;
1757 }
1758
1759 return perm;
1760}
1761
1762#if CAP_LAST_CAP > 63
1763#error Fix SELinux to handle capabilities > 63.
1764#endif
1765
1766
1767static int cred_has_capability(const struct cred *cred,
1768 int cap, int audit, bool initns)
1769{
1770 struct common_audit_data ad;
1771 struct av_decision avd;
1772 u16 sclass;
1773 u32 sid = cred_sid(cred);
1774 u32 av = CAP_TO_MASK(cap);
1775 int rc;
1776
1777 ad.type = LSM_AUDIT_DATA_CAP;
1778 ad.u.cap = cap;
1779
1780 switch (CAP_TO_INDEX(cap)) {
1781 case 0:
1782 sclass = initns ? SECCLASS_CAPABILITY : SECCLASS_CAP_USERNS;
1783 break;
1784 case 1:
1785 sclass = initns ? SECCLASS_CAPABILITY2 : SECCLASS_CAP2_USERNS;
1786 break;
1787 default:
1788 printk(KERN_ERR
1789 "SELinux: out of range capability %d\n", cap);
1790 BUG();
1791 return -EINVAL;
1792 }
1793
1794 rc = avc_has_perm_noaudit(&selinux_state,
1795 sid, sid, sclass, av, 0, &avd);
1796 if (audit == SECURITY_CAP_AUDIT) {
1797 int rc2 = avc_audit(&selinux_state,
1798 sid, sid, sclass, av, &avd, rc, &ad, 0);
1799 if (rc2)
1800 return rc2;
1801 }
1802 return rc;
1803}
1804
1805
1806
1807
1808static int inode_has_perm(const struct cred *cred,
1809 struct inode *inode,
1810 u32 perms,
1811 struct common_audit_data *adp)
1812{
1813 struct inode_security_struct *isec;
1814 u32 sid;
1815
1816 validate_creds(cred);
1817
1818 if (unlikely(IS_PRIVATE(inode)))
1819 return 0;
1820
1821 sid = cred_sid(cred);
1822 isec = inode->i_security;
1823
1824 return avc_has_perm(&selinux_state,
1825 sid, isec->sid, isec->sclass, perms, adp);
1826}
1827
1828
1829
1830
1831static inline int dentry_has_perm(const struct cred *cred,
1832 struct dentry *dentry,
1833 u32 av)
1834{
1835 struct inode *inode = d_backing_inode(dentry);
1836 struct common_audit_data ad;
1837
1838 ad.type = LSM_AUDIT_DATA_DENTRY;
1839 ad.u.dentry = dentry;
1840 __inode_security_revalidate(inode, dentry, true);
1841 return inode_has_perm(cred, inode, av, &ad);
1842}
1843
1844
1845
1846
1847static inline int path_has_perm(const struct cred *cred,
1848 const struct path *path,
1849 u32 av)
1850{
1851 struct inode *inode = d_backing_inode(path->dentry);
1852 struct common_audit_data ad;
1853
1854 ad.type = LSM_AUDIT_DATA_PATH;
1855 ad.u.path = *path;
1856 __inode_security_revalidate(inode, path->dentry, true);
1857 return inode_has_perm(cred, inode, av, &ad);
1858}
1859
1860
1861static inline int file_path_has_perm(const struct cred *cred,
1862 struct file *file,
1863 u32 av)
1864{
1865 struct common_audit_data ad;
1866
1867 ad.type = LSM_AUDIT_DATA_FILE;
1868 ad.u.file = file;
1869 return inode_has_perm(cred, file_inode(file), av, &ad);
1870}
1871
1872#ifdef CONFIG_BPF_SYSCALL
1873static int bpf_fd_pass(struct file *file, u32 sid);
1874#endif
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884static int file_has_perm(const struct cred *cred,
1885 struct file *file,
1886 u32 av)
1887{
1888 struct file_security_struct *fsec = file->f_security;
1889 struct inode *inode = file_inode(file);
1890 struct common_audit_data ad;
1891 u32 sid = cred_sid(cred);
1892 int rc;
1893
1894 ad.type = LSM_AUDIT_DATA_FILE;
1895 ad.u.file = file;
1896
1897 if (sid != fsec->sid) {
1898 rc = avc_has_perm(&selinux_state,
1899 sid, fsec->sid,
1900 SECCLASS_FD,
1901 FD__USE,
1902 &ad);
1903 if (rc)
1904 goto out;
1905 }
1906
1907#ifdef CONFIG_BPF_SYSCALL
1908 rc = bpf_fd_pass(file, cred_sid(cred));
1909 if (rc)
1910 return rc;
1911#endif
1912
1913
1914 rc = 0;
1915 if (av)
1916 rc = inode_has_perm(cred, inode, av, &ad);
1917
1918out:
1919 return rc;
1920}
1921
1922
1923
1924
1925static int
1926selinux_determine_inode_label(const struct task_security_struct *tsec,
1927 struct inode *dir,
1928 const struct qstr *name, u16 tclass,
1929 u32 *_new_isid)
1930{
1931 const struct superblock_security_struct *sbsec = dir->i_sb->s_security;
1932
1933 if ((sbsec->flags & SE_SBINITIALIZED) &&
1934 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) {
1935 *_new_isid = sbsec->mntpoint_sid;
1936 } else if ((sbsec->flags & SBLABEL_MNT) &&
1937 tsec->create_sid) {
1938 *_new_isid = tsec->create_sid;
1939 } else {
1940 const struct inode_security_struct *dsec = inode_security(dir);
1941 return security_transition_sid(&selinux_state, tsec->sid,
1942 dsec->sid, tclass,
1943 name, _new_isid);
1944 }
1945
1946 return 0;
1947}
1948
1949
1950static int may_create(struct inode *dir,
1951 struct dentry *dentry,
1952 u16 tclass)
1953{
1954 const struct task_security_struct *tsec = current_security();
1955 struct inode_security_struct *dsec;
1956 struct superblock_security_struct *sbsec;
1957 u32 sid, newsid;
1958 struct common_audit_data ad;
1959 int rc;
1960
1961 dsec = inode_security(dir);
1962 sbsec = dir->i_sb->s_security;
1963
1964 sid = tsec->sid;
1965
1966 ad.type = LSM_AUDIT_DATA_DENTRY;
1967 ad.u.dentry = dentry;
1968
1969 rc = avc_has_perm(&selinux_state,
1970 sid, dsec->sid, SECCLASS_DIR,
1971 DIR__ADD_NAME | DIR__SEARCH,
1972 &ad);
1973 if (rc)
1974 return rc;
1975
1976 rc = selinux_determine_inode_label(current_security(), dir,
1977 &dentry->d_name, tclass, &newsid);
1978 if (rc)
1979 return rc;
1980
1981 rc = avc_has_perm(&selinux_state,
1982 sid, newsid, tclass, FILE__CREATE, &ad);
1983 if (rc)
1984 return rc;
1985
1986 return avc_has_perm(&selinux_state,
1987 newsid, sbsec->sid,
1988 SECCLASS_FILESYSTEM,
1989 FILESYSTEM__ASSOCIATE, &ad);
1990}
1991
1992#define MAY_LINK 0
1993#define MAY_UNLINK 1
1994#define MAY_RMDIR 2
1995
1996
1997static int may_link(struct inode *dir,
1998 struct dentry *dentry,
1999 int kind)
2000
2001{
2002 struct inode_security_struct *dsec, *isec;
2003 struct common_audit_data ad;
2004 u32 sid = current_sid();
2005 u32 av;
2006 int rc;
2007
2008 dsec = inode_security(dir);
2009 isec = backing_inode_security(dentry);
2010
2011 ad.type = LSM_AUDIT_DATA_DENTRY;
2012 ad.u.dentry = dentry;
2013
2014 av = DIR__SEARCH;
2015 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
2016 rc = avc_has_perm(&selinux_state,
2017 sid, dsec->sid, SECCLASS_DIR, av, &ad);
2018 if (rc)
2019 return rc;
2020
2021 switch (kind) {
2022 case MAY_LINK:
2023 av = FILE__LINK;
2024 break;
2025 case MAY_UNLINK:
2026 av = FILE__UNLINK;
2027 break;
2028 case MAY_RMDIR:
2029 av = DIR__RMDIR;
2030 break;
2031 default:
2032 printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
2033 __func__, kind);
2034 return 0;
2035 }
2036
2037 rc = avc_has_perm(&selinux_state,
2038 sid, isec->sid, isec->sclass, av, &ad);
2039 return rc;
2040}
2041
2042static inline int may_rename(struct inode *old_dir,
2043 struct dentry *old_dentry,
2044 struct inode *new_dir,
2045 struct dentry *new_dentry)
2046{
2047 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
2048 struct common_audit_data ad;
2049 u32 sid = current_sid();
2050 u32 av;
2051 int old_is_dir, new_is_dir;
2052 int rc;
2053
2054 old_dsec = inode_security(old_dir);
2055 old_isec = backing_inode_security(old_dentry);
2056 old_is_dir = d_is_dir(old_dentry);
2057 new_dsec = inode_security(new_dir);
2058
2059 ad.type = LSM_AUDIT_DATA_DENTRY;
2060
2061 ad.u.dentry = old_dentry;
2062 rc = avc_has_perm(&selinux_state,
2063 sid, old_dsec->sid, SECCLASS_DIR,
2064 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
2065 if (rc)
2066 return rc;
2067 rc = avc_has_perm(&selinux_state,
2068 sid, old_isec->sid,
2069 old_isec->sclass, FILE__RENAME, &ad);
2070 if (rc)
2071 return rc;
2072 if (old_is_dir && new_dir != old_dir) {
2073 rc = avc_has_perm(&selinux_state,
2074 sid, old_isec->sid,
2075 old_isec->sclass, DIR__REPARENT, &ad);
2076 if (rc)
2077 return rc;
2078 }
2079
2080 ad.u.dentry = new_dentry;
2081 av = DIR__ADD_NAME | DIR__SEARCH;
2082 if (d_is_positive(new_dentry))
2083 av |= DIR__REMOVE_NAME;
2084 rc = avc_has_perm(&selinux_state,
2085 sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
2086 if (rc)
2087 return rc;
2088 if (d_is_positive(new_dentry)) {
2089 new_isec = backing_inode_security(new_dentry);
2090 new_is_dir = d_is_dir(new_dentry);
2091 rc = avc_has_perm(&selinux_state,
2092 sid, new_isec->sid,
2093 new_isec->sclass,
2094 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
2095 if (rc)
2096 return rc;
2097 }
2098
2099 return 0;
2100}
2101
2102
2103static int superblock_has_perm(const struct cred *cred,
2104 struct super_block *sb,
2105 u32 perms,
2106 struct common_audit_data *ad)
2107{
2108 struct superblock_security_struct *sbsec;
2109 u32 sid = cred_sid(cred);
2110
2111 sbsec = sb->s_security;
2112 return avc_has_perm(&selinux_state,
2113 sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
2114}
2115
2116
2117static inline u32 file_mask_to_av(int mode, int mask)
2118{
2119 u32 av = 0;
2120
2121 if (!S_ISDIR(mode)) {
2122 if (mask & MAY_EXEC)
2123 av |= FILE__EXECUTE;
2124 if (mask & MAY_READ)
2125 av |= FILE__READ;
2126
2127 if (mask & MAY_APPEND)
2128 av |= FILE__APPEND;
2129 else if (mask & MAY_WRITE)
2130 av |= FILE__WRITE;
2131
2132 } else {
2133 if (mask & MAY_EXEC)
2134 av |= DIR__SEARCH;
2135 if (mask & MAY_WRITE)
2136 av |= DIR__WRITE;
2137 if (mask & MAY_READ)
2138 av |= DIR__READ;
2139 }
2140
2141 return av;
2142}
2143
2144
2145static inline u32 file_to_av(struct file *file)
2146{
2147 u32 av = 0;
2148
2149 if (file->f_mode & FMODE_READ)
2150 av |= FILE__READ;
2151 if (file->f_mode & FMODE_WRITE) {
2152 if (file->f_flags & O_APPEND)
2153 av |= FILE__APPEND;
2154 else
2155 av |= FILE__WRITE;
2156 }
2157 if (!av) {
2158
2159
2160
2161 av = FILE__IOCTL;
2162 }
2163
2164 return av;
2165}
2166
2167
2168
2169
2170
2171static inline u32 open_file_to_av(struct file *file)
2172{
2173 u32 av = file_to_av(file);
2174 struct inode *inode = file_inode(file);
2175
2176 if (selinux_policycap_openperm() &&
2177 inode->i_sb->s_magic != SOCKFS_MAGIC)
2178 av |= FILE__OPEN;
2179
2180 return av;
2181}
2182
2183
2184
2185static int selinux_binder_set_context_mgr(struct task_struct *mgr)
2186{
2187 u32 mysid = current_sid();
2188 u32 mgrsid = task_sid(mgr);
2189
2190 return avc_has_perm(&selinux_state,
2191 mysid, mgrsid, SECCLASS_BINDER,
2192 BINDER__SET_CONTEXT_MGR, NULL);
2193}
2194
2195static int selinux_binder_transaction(struct task_struct *from,
2196 struct task_struct *to)
2197{
2198 u32 mysid = current_sid();
2199 u32 fromsid = task_sid(from);
2200 u32 tosid = task_sid(to);
2201 int rc;
2202
2203 if (mysid != fromsid) {
2204 rc = avc_has_perm(&selinux_state,
2205 mysid, fromsid, SECCLASS_BINDER,
2206 BINDER__IMPERSONATE, NULL);
2207 if (rc)
2208 return rc;
2209 }
2210
2211 return avc_has_perm(&selinux_state,
2212 fromsid, tosid, SECCLASS_BINDER, BINDER__CALL,
2213 NULL);
2214}
2215
2216static int selinux_binder_transfer_binder(struct task_struct *from,
2217 struct task_struct *to)
2218{
2219 u32 fromsid = task_sid(from);
2220 u32 tosid = task_sid(to);
2221
2222 return avc_has_perm(&selinux_state,
2223 fromsid, tosid, SECCLASS_BINDER, BINDER__TRANSFER,
2224 NULL);
2225}
2226
2227static int selinux_binder_transfer_file(struct task_struct *from,
2228 struct task_struct *to,
2229 struct file *file)
2230{
2231 u32 sid = task_sid(to);
2232 struct file_security_struct *fsec = file->f_security;
2233 struct dentry *dentry = file->f_path.dentry;
2234 struct inode_security_struct *isec;
2235 struct common_audit_data ad;
2236 int rc;
2237
2238 ad.type = LSM_AUDIT_DATA_PATH;
2239 ad.u.path = file->f_path;
2240
2241 if (sid != fsec->sid) {
2242 rc = avc_has_perm(&selinux_state,
2243 sid, fsec->sid,
2244 SECCLASS_FD,
2245 FD__USE,
2246 &ad);
2247 if (rc)
2248 return rc;
2249 }
2250
2251#ifdef CONFIG_BPF_SYSCALL
2252 rc = bpf_fd_pass(file, sid);
2253 if (rc)
2254 return rc;
2255#endif
2256
2257 if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2258 return 0;
2259
2260 isec = backing_inode_security(dentry);
2261 return avc_has_perm(&selinux_state,
2262 sid, isec->sid, isec->sclass, file_to_av(file),
2263 &ad);
2264}
2265
2266static int selinux_ptrace_access_check(struct task_struct *child,
2267 unsigned int mode)
2268{
2269 u32 sid = current_sid();
2270 u32 csid = task_sid(child);
2271
2272 if (mode & PTRACE_MODE_READ)
2273 return avc_has_perm(&selinux_state,
2274 sid, csid, SECCLASS_FILE, FILE__READ, NULL);
2275
2276 return avc_has_perm(&selinux_state,
2277 sid, csid, SECCLASS_PROCESS, PROCESS__PTRACE, NULL);
2278}
2279
2280static int selinux_ptrace_traceme(struct task_struct *parent)
2281{
2282 return avc_has_perm(&selinux_state,
2283 task_sid(parent), current_sid(), SECCLASS_PROCESS,
2284 PROCESS__PTRACE, NULL);
2285}
2286
2287static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
2288 kernel_cap_t *inheritable, kernel_cap_t *permitted)
2289{
2290 return avc_has_perm(&selinux_state,
2291 current_sid(), task_sid(target), SECCLASS_PROCESS,
2292 PROCESS__GETCAP, NULL);
2293}
2294
2295static int selinux_capset(struct cred *new, const struct cred *old,
2296 const kernel_cap_t *effective,
2297 const kernel_cap_t *inheritable,
2298 const kernel_cap_t *permitted)
2299{
2300 return avc_has_perm(&selinux_state,
2301 cred_sid(old), cred_sid(new), SECCLASS_PROCESS,
2302 PROCESS__SETCAP, NULL);
2303}
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
2316 int cap, int audit)
2317{
2318 return cred_has_capability(cred, cap, audit, ns == &init_user_ns);
2319}
2320
2321static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
2322{
2323 const struct cred *cred = current_cred();
2324 int rc = 0;
2325
2326 if (!sb)
2327 return 0;
2328
2329 switch (cmds) {
2330 case Q_SYNC:
2331 case Q_QUOTAON:
2332 case Q_QUOTAOFF:
2333 case Q_SETINFO:
2334 case Q_SETQUOTA:
2335 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
2336 break;
2337 case Q_GETFMT:
2338 case Q_GETINFO:
2339 case Q_GETQUOTA:
2340 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
2341 break;
2342 default:
2343 rc = 0;
2344 break;
2345 }
2346 return rc;
2347}
2348
2349static int selinux_quota_on(struct dentry *dentry)
2350{
2351 const struct cred *cred = current_cred();
2352
2353 return dentry_has_perm(cred, dentry, FILE__QUOTAON);
2354}
2355
2356static int selinux_syslog(int type)
2357{
2358 switch (type) {
2359 case SYSLOG_ACTION_READ_ALL:
2360 case SYSLOG_ACTION_SIZE_BUFFER:
2361 return avc_has_perm(&selinux_state,
2362 current_sid(), SECINITSID_KERNEL,
2363 SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, NULL);
2364 case SYSLOG_ACTION_CONSOLE_OFF:
2365 case SYSLOG_ACTION_CONSOLE_ON:
2366
2367 case SYSLOG_ACTION_CONSOLE_LEVEL:
2368 return avc_has_perm(&selinux_state,
2369 current_sid(), SECINITSID_KERNEL,
2370 SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE,
2371 NULL);
2372 }
2373
2374 return avc_has_perm(&selinux_state,
2375 current_sid(), SECINITSID_KERNEL,
2376 SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, NULL);
2377}
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
2388{
2389 int rc, cap_sys_admin = 0;
2390
2391 rc = cred_has_capability(current_cred(), CAP_SYS_ADMIN,
2392 SECURITY_CAP_NOAUDIT, true);
2393 if (rc == 0)
2394 cap_sys_admin = 1;
2395
2396 return cap_sys_admin;
2397}
2398
2399
2400
2401static u32 ptrace_parent_sid(void)
2402{
2403 u32 sid = 0;
2404 struct task_struct *tracer;
2405
2406 rcu_read_lock();
2407 tracer = ptrace_parent(current);
2408 if (tracer)
2409 sid = task_sid(tracer);
2410 rcu_read_unlock();
2411
2412 return sid;
2413}
2414
2415static int check_nnp_nosuid(const struct linux_binprm *bprm,
2416 const struct task_security_struct *old_tsec,
2417 const struct task_security_struct *new_tsec)
2418{
2419 int nnp = (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS);
2420 int nosuid = !mnt_may_suid(bprm->file->f_path.mnt);
2421 int rc;
2422 u32 av;
2423
2424 if (!nnp && !nosuid)
2425 return 0;
2426
2427 if (new_tsec->sid == old_tsec->sid)
2428 return 0;
2429
2430
2431
2432
2433
2434
2435
2436 if (selinux_policycap_nnp_nosuid_transition()) {
2437 av = 0;
2438 if (nnp)
2439 av |= PROCESS2__NNP_TRANSITION;
2440 if (nosuid)
2441 av |= PROCESS2__NOSUID_TRANSITION;
2442 rc = avc_has_perm(&selinux_state,
2443 old_tsec->sid, new_tsec->sid,
2444 SECCLASS_PROCESS2, av, NULL);
2445 if (!rc)
2446 return 0;
2447 }
2448
2449
2450
2451
2452
2453
2454 rc = security_bounded_transition(&selinux_state, old_tsec->sid,
2455 new_tsec->sid);
2456 if (!rc)
2457 return 0;
2458
2459
2460
2461
2462
2463
2464 if (nnp)
2465 return -EPERM;
2466 return -EACCES;
2467}
2468
2469static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2470{
2471 const struct task_security_struct *old_tsec;
2472 struct task_security_struct *new_tsec;
2473 struct inode_security_struct *isec;
2474 struct common_audit_data ad;
2475 struct inode *inode = file_inode(bprm->file);
2476 int rc;
2477
2478
2479
2480 if (bprm->called_set_creds)
2481 return 0;
2482
2483 old_tsec = current_security();
2484 new_tsec = bprm->cred->security;
2485 isec = inode_security(inode);
2486
2487
2488 new_tsec->sid = old_tsec->sid;
2489 new_tsec->osid = old_tsec->sid;
2490
2491
2492 new_tsec->create_sid = 0;
2493 new_tsec->keycreate_sid = 0;
2494 new_tsec->sockcreate_sid = 0;
2495
2496 if (old_tsec->exec_sid) {
2497 new_tsec->sid = old_tsec->exec_sid;
2498
2499 new_tsec->exec_sid = 0;
2500
2501
2502 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec);
2503 if (rc)
2504 return rc;
2505 } else {
2506
2507 rc = security_transition_sid(&selinux_state, old_tsec->sid,
2508 isec->sid, SECCLASS_PROCESS, NULL,
2509 &new_tsec->sid);
2510 if (rc)
2511 return rc;
2512
2513
2514
2515
2516
2517 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec);
2518 if (rc)
2519 new_tsec->sid = old_tsec->sid;
2520 }
2521
2522 ad.type = LSM_AUDIT_DATA_FILE;
2523 ad.u.file = bprm->file;
2524
2525 if (new_tsec->sid == old_tsec->sid) {
2526 rc = avc_has_perm(&selinux_state,
2527 old_tsec->sid, isec->sid,
2528 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2529 if (rc)
2530 return rc;
2531 } else {
2532
2533 rc = avc_has_perm(&selinux_state,
2534 old_tsec->sid, new_tsec->sid,
2535 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2536 if (rc)
2537 return rc;
2538
2539 rc = avc_has_perm(&selinux_state,
2540 new_tsec->sid, isec->sid,
2541 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2542 if (rc)
2543 return rc;
2544
2545
2546 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2547 rc = avc_has_perm(&selinux_state,
2548 old_tsec->sid, new_tsec->sid,
2549 SECCLASS_PROCESS, PROCESS__SHARE,
2550 NULL);
2551 if (rc)
2552 return -EPERM;
2553 }
2554
2555
2556
2557 if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
2558 u32 ptsid = ptrace_parent_sid();
2559 if (ptsid != 0) {
2560 rc = avc_has_perm(&selinux_state,
2561 ptsid, new_tsec->sid,
2562 SECCLASS_PROCESS,
2563 PROCESS__PTRACE, NULL);
2564 if (rc)
2565 return -EPERM;
2566 }
2567 }
2568
2569
2570 bprm->per_clear |= PER_CLEAR_ON_SETID;
2571
2572
2573
2574
2575 rc = avc_has_perm(&selinux_state,
2576 old_tsec->sid, new_tsec->sid,
2577 SECCLASS_PROCESS, PROCESS__NOATSECURE,
2578 NULL);
2579 bprm->secureexec |= !!rc;
2580 }
2581
2582 return 0;
2583}
2584
2585static int match_file(const void *p, struct file *file, unsigned fd)
2586{
2587 return file_has_perm(p, file, file_to_av(file)) ? fd + 1 : 0;
2588}
2589
2590
2591static inline void flush_unauthorized_files(const struct cred *cred,
2592 struct files_struct *files)
2593{
2594 struct file *file, *devnull = NULL;
2595 struct tty_struct *tty;
2596 int drop_tty = 0;
2597 unsigned n;
2598
2599 tty = get_current_tty();
2600 if (tty) {
2601 spin_lock(&tty->files_lock);
2602 if (!list_empty(&tty->tty_files)) {
2603 struct tty_file_private *file_priv;
2604
2605
2606
2607
2608
2609
2610 file_priv = list_first_entry(&tty->tty_files,
2611 struct tty_file_private, list);
2612 file = file_priv->file;
2613 if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))
2614 drop_tty = 1;
2615 }
2616 spin_unlock(&tty->files_lock);
2617 tty_kref_put(tty);
2618 }
2619
2620 if (drop_tty)
2621 no_tty();
2622
2623
2624 n = iterate_fd(files, 0, match_file, cred);
2625 if (!n)
2626 return;
2627
2628 devnull = dentry_open(&selinux_null, O_RDWR, cred);
2629 if (IS_ERR(devnull))
2630 devnull = NULL;
2631
2632 do {
2633 replace_fd(n - 1, devnull, 0);
2634 } while ((n = iterate_fd(files, n, match_file, cred)) != 0);
2635 if (devnull)
2636 fput(devnull);
2637}
2638
2639
2640
2641
2642static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2643{
2644 struct task_security_struct *new_tsec;
2645 struct rlimit *rlim, *initrlim;
2646 int rc, i;
2647
2648 new_tsec = bprm->cred->security;
2649 if (new_tsec->sid == new_tsec->osid)
2650 return;
2651
2652
2653 flush_unauthorized_files(bprm->cred, current->files);
2654
2655
2656 current->pdeath_signal = 0;
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668 rc = avc_has_perm(&selinux_state,
2669 new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2670 PROCESS__RLIMITINH, NULL);
2671 if (rc) {
2672
2673 task_lock(current);
2674 for (i = 0; i < RLIM_NLIMITS; i++) {
2675 rlim = current->signal->rlim + i;
2676 initrlim = init_task.signal->rlim + i;
2677 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2678 }
2679 task_unlock(current);
2680 if (IS_ENABLED(CONFIG_POSIX_TIMERS))
2681 update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
2682 }
2683}
2684
2685
2686
2687
2688
2689static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2690{
2691 const struct task_security_struct *tsec = current_security();
2692 struct itimerval itimer;
2693 u32 osid, sid;
2694 int rc, i;
2695
2696 osid = tsec->osid;
2697 sid = tsec->sid;
2698
2699 if (sid == osid)
2700 return;
2701
2702
2703
2704
2705
2706
2707
2708
2709 rc = avc_has_perm(&selinux_state,
2710 osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2711 if (rc) {
2712 if (IS_ENABLED(CONFIG_POSIX_TIMERS)) {
2713 memset(&itimer, 0, sizeof itimer);
2714 for (i = 0; i < 3; i++)
2715 do_setitimer(i, &itimer, NULL);
2716 }
2717 spin_lock_irq(¤t->sighand->siglock);
2718 if (!fatal_signal_pending(current)) {
2719 flush_sigqueue(¤t->pending);
2720 flush_sigqueue(¤t->signal->shared_pending);
2721 flush_signal_handlers(current, 1);
2722 sigemptyset(¤t->blocked);
2723 recalc_sigpending();
2724 }
2725 spin_unlock_irq(¤t->sighand->siglock);
2726 }
2727
2728
2729
2730 read_lock(&tasklist_lock);
2731 __wake_up_parent(current, current->real_parent);
2732 read_unlock(&tasklist_lock);
2733}
2734
2735
2736
2737static int selinux_sb_alloc_security(struct super_block *sb)
2738{
2739 return superblock_alloc_security(sb);
2740}
2741
2742static void selinux_sb_free_security(struct super_block *sb)
2743{
2744 superblock_free_security(sb);
2745}
2746
2747static inline int match_prefix(char *prefix, int plen, char *option, int olen)
2748{
2749 if (plen > olen)
2750 return 0;
2751
2752 return !memcmp(prefix, option, plen);
2753}
2754
2755static inline int selinux_option(char *option, int len)
2756{
2757 return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) ||
2758 match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) ||
2759 match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) ||
2760 match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) ||
2761 match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len));
2762}
2763
2764static inline void take_option(char **to, char *from, int *first, int len)
2765{
2766 if (!*first) {
2767 **to = ',';
2768 *to += 1;
2769 } else
2770 *first = 0;
2771 memcpy(*to, from, len);
2772 *to += len;
2773}
2774
2775static inline void take_selinux_option(char **to, char *from, int *first,
2776 int len)
2777{
2778 int current_size = 0;
2779
2780 if (!*first) {
2781 **to = '|';
2782 *to += 1;
2783 } else
2784 *first = 0;
2785
2786 while (current_size < len) {
2787 if (*from != '"') {
2788 **to = *from;
2789 *to += 1;
2790 }
2791 from += 1;
2792 current_size += 1;
2793 }
2794}
2795
2796static int selinux_sb_copy_data(char *orig, char *copy)
2797{
2798 int fnosec, fsec, rc = 0;
2799 char *in_save, *in_curr, *in_end;
2800 char *sec_curr, *nosec_save, *nosec;
2801 int open_quote = 0;
2802
2803 in_curr = orig;
2804 sec_curr = copy;
2805
2806 nosec = (char *)get_zeroed_page(GFP_KERNEL);
2807 if (!nosec) {
2808 rc = -ENOMEM;
2809 goto out;
2810 }
2811
2812 nosec_save = nosec;
2813 fnosec = fsec = 1;
2814 in_save = in_end = orig;
2815
2816 do {
2817 if (*in_end == '"')
2818 open_quote = !open_quote;
2819 if ((*in_end == ',' && open_quote == 0) ||
2820 *in_end == '\0') {
2821 int len = in_end - in_curr;
2822
2823 if (selinux_option(in_curr, len))
2824 take_selinux_option(&sec_curr, in_curr, &fsec, len);
2825 else
2826 take_option(&nosec, in_curr, &fnosec, len);
2827
2828 in_curr = in_end + 1;
2829 }
2830 } while (*in_end++);
2831
2832 strcpy(in_save, nosec_save);
2833 free_page((unsigned long)nosec_save);
2834out:
2835 return rc;
2836}
2837
2838static int selinux_sb_remount(struct super_block *sb, void *data)
2839{
2840 int rc, i, *flags;
2841 struct security_mnt_opts opts;
2842 char *secdata, **mount_options;
2843 struct superblock_security_struct *sbsec = sb->s_security;
2844
2845 if (!(sbsec->flags & SE_SBINITIALIZED))
2846 return 0;
2847
2848 if (!data)
2849 return 0;
2850
2851 if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
2852 return 0;
2853
2854 security_init_mnt_opts(&opts);
2855 secdata = alloc_secdata();
2856 if (!secdata)
2857 return -ENOMEM;
2858 rc = selinux_sb_copy_data(data, secdata);
2859 if (rc)
2860 goto out_free_secdata;
2861
2862 rc = selinux_parse_opts_str(secdata, &opts);
2863 if (rc)
2864 goto out_free_secdata;
2865
2866 mount_options = opts.mnt_opts;
2867 flags = opts.mnt_opts_flags;
2868
2869 for (i = 0; i < opts.num_mnt_opts; i++) {
2870 u32 sid;
2871
2872 if (flags[i] == SBLABEL_MNT)
2873 continue;
2874 rc = security_context_str_to_sid(&selinux_state,
2875 mount_options[i], &sid,
2876 GFP_KERNEL);
2877 if (rc) {
2878 printk(KERN_WARNING "SELinux: security_context_str_to_sid"
2879 "(%s) failed for (dev %s, type %s) errno=%d\n",
2880 mount_options[i], sb->s_id, sb->s_type->name, rc);
2881 goto out_free_opts;
2882 }
2883 rc = -EINVAL;
2884 switch (flags[i]) {
2885 case FSCONTEXT_MNT:
2886 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
2887 goto out_bad_option;
2888 break;
2889 case CONTEXT_MNT:
2890 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
2891 goto out_bad_option;
2892 break;
2893 case ROOTCONTEXT_MNT: {
2894 struct inode_security_struct *root_isec;
2895 root_isec = backing_inode_security(sb->s_root);
2896
2897 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
2898 goto out_bad_option;
2899 break;
2900 }
2901 case DEFCONTEXT_MNT:
2902 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
2903 goto out_bad_option;
2904 break;
2905 default:
2906 goto out_free_opts;
2907 }
2908 }
2909
2910 rc = 0;
2911out_free_opts:
2912 security_free_mnt_opts(&opts);
2913out_free_secdata:
2914 free_secdata(secdata);
2915 return rc;
2916out_bad_option:
2917 printk(KERN_WARNING "SELinux: unable to change security options "
2918 "during remount (dev %s, type=%s)\n", sb->s_id,
2919 sb->s_type->name);
2920 goto out_free_opts;
2921}
2922
2923static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2924{
2925 const struct cred *cred = current_cred();
2926 struct common_audit_data ad;
2927 int rc;
2928
2929 rc = superblock_doinit(sb, data);
2930 if (rc)
2931 return rc;
2932
2933
2934 if (flags & MS_KERNMOUNT)
2935 return 0;
2936
2937 ad.type = LSM_AUDIT_DATA_DENTRY;
2938 ad.u.dentry = sb->s_root;
2939 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2940}
2941
2942static int selinux_sb_statfs(struct dentry *dentry)
2943{
2944 const struct cred *cred = current_cred();
2945 struct common_audit_data ad;
2946
2947 ad.type = LSM_AUDIT_DATA_DENTRY;
2948 ad.u.dentry = dentry->d_sb->s_root;
2949 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2950}
2951
2952static int selinux_mount(const char *dev_name,
2953 const struct path *path,
2954 const char *type,
2955 unsigned long flags,
2956 void *data)
2957{
2958 const struct cred *cred = current_cred();
2959
2960 if (flags & MS_REMOUNT)
2961 return superblock_has_perm(cred, path->dentry->d_sb,
2962 FILESYSTEM__REMOUNT, NULL);
2963 else
2964 return path_has_perm(cred, path, FILE__MOUNTON);
2965}
2966
2967static int selinux_umount(struct vfsmount *mnt, int flags)
2968{
2969 const struct cred *cred = current_cred();
2970
2971 return superblock_has_perm(cred, mnt->mnt_sb,
2972 FILESYSTEM__UNMOUNT, NULL);
2973}
2974
2975
2976
2977static int selinux_inode_alloc_security(struct inode *inode)
2978{
2979 return inode_alloc_security(inode);
2980}
2981
2982static void selinux_inode_free_security(struct inode *inode)
2983{
2984 inode_free_security(inode);
2985}
2986
2987static int selinux_dentry_init_security(struct dentry *dentry, int mode,
2988 const struct qstr *name, void **ctx,
2989 u32 *ctxlen)
2990{
2991 u32 newsid;
2992 int rc;
2993
2994 rc = selinux_determine_inode_label(current_security(),
2995 d_inode(dentry->d_parent), name,
2996 inode_mode_to_security_class(mode),
2997 &newsid);
2998 if (rc)
2999 return rc;
3000
3001 return security_sid_to_context(&selinux_state, newsid, (char **)ctx,
3002 ctxlen);
3003}
3004
3005static int selinux_dentry_create_files_as(struct dentry *dentry, int mode,
3006 struct qstr *name,
3007 const struct cred *old,
3008 struct cred *new)
3009{
3010 u32 newsid;
3011 int rc;
3012 struct task_security_struct *tsec;
3013
3014 rc = selinux_determine_inode_label(old->security,
3015 d_inode(dentry->d_parent), name,
3016 inode_mode_to_security_class(mode),
3017 &newsid);
3018 if (rc)
3019 return rc;
3020
3021 tsec = new->security;
3022 tsec->create_sid = newsid;
3023 return 0;
3024}
3025
3026static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
3027 const struct qstr *qstr,
3028 const char **name,
3029 void **value, size_t *len)
3030{
3031 const struct task_security_struct *tsec = current_security();
3032 struct superblock_security_struct *sbsec;
3033 u32 newsid, clen;
3034 int rc;
3035 char *context;
3036
3037 sbsec = dir->i_sb->s_security;
3038
3039 newsid = tsec->create_sid;
3040
3041 rc = selinux_determine_inode_label(current_security(),
3042 dir, qstr,
3043 inode_mode_to_security_class(inode->i_mode),
3044 &newsid);
3045 if (rc)
3046 return rc;
3047
3048
3049 if (sbsec->flags & SE_SBINITIALIZED) {
3050 struct inode_security_struct *isec = inode->i_security;
3051 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3052 isec->sid = newsid;
3053 isec->initialized = LABEL_INITIALIZED;
3054 }
3055
3056 if (!selinux_state.initialized || !(sbsec->flags & SBLABEL_MNT))
3057 return -EOPNOTSUPP;
3058
3059 if (name)
3060 *name = XATTR_SELINUX_SUFFIX;
3061
3062 if (value && len) {
3063 rc = security_sid_to_context_force(&selinux_state, newsid,
3064 &context, &clen);
3065 if (rc)
3066 return rc;
3067 *value = context;
3068 *len = clen;
3069 }
3070
3071 return 0;
3072}
3073
3074static int selinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
3075{
3076 return may_create(dir, dentry, SECCLASS_FILE);
3077}
3078
3079static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
3080{
3081 return may_link(dir, old_dentry, MAY_LINK);
3082}
3083
3084static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
3085{
3086 return may_link(dir, dentry, MAY_UNLINK);
3087}
3088
3089static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
3090{
3091 return may_create(dir, dentry, SECCLASS_LNK_FILE);
3092}
3093
3094static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask)
3095{
3096 return may_create(dir, dentry, SECCLASS_DIR);
3097}
3098
3099static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
3100{
3101 return may_link(dir, dentry, MAY_RMDIR);
3102}
3103
3104static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
3105{
3106 return may_create(dir, dentry, inode_mode_to_security_class(mode));
3107}
3108
3109static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
3110 struct inode *new_inode, struct dentry *new_dentry)
3111{
3112 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
3113}
3114
3115static int selinux_inode_readlink(struct dentry *dentry)
3116{
3117 const struct cred *cred = current_cred();
3118
3119 return dentry_has_perm(cred, dentry, FILE__READ);
3120}
3121
3122static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
3123 bool rcu)
3124{
3125 const struct cred *cred = current_cred();
3126 struct common_audit_data ad;
3127 struct inode_security_struct *isec;
3128 u32 sid;
3129
3130 validate_creds(cred);
3131
3132 ad.type = LSM_AUDIT_DATA_DENTRY;
3133 ad.u.dentry = dentry;
3134 sid = cred_sid(cred);
3135 isec = inode_security_rcu(inode, rcu);
3136 if (IS_ERR(isec))
3137 return PTR_ERR(isec);
3138
3139 return avc_has_perm_flags(&selinux_state,
3140 sid, isec->sid, isec->sclass, FILE__READ, &ad,
3141 rcu ? MAY_NOT_BLOCK : 0);
3142}
3143
3144static noinline int audit_inode_permission(struct inode *inode,
3145 u32 perms, u32 audited, u32 denied,
3146 int result,
3147 unsigned flags)
3148{
3149 struct common_audit_data ad;
3150 struct inode_security_struct *isec = inode->i_security;
3151 int rc;
3152
3153 ad.type = LSM_AUDIT_DATA_INODE;
3154 ad.u.inode = inode;
3155
3156 rc = slow_avc_audit(&selinux_state,
3157 current_sid(), isec->sid, isec->sclass, perms,
3158 audited, denied, result, &ad, flags);
3159 if (rc)
3160 return rc;
3161 return 0;
3162}
3163
3164static int selinux_inode_permission(struct inode *inode, int mask)
3165{
3166 const struct cred *cred = current_cred();
3167 u32 perms;
3168 bool from_access;
3169 unsigned flags = mask & MAY_NOT_BLOCK;
3170 struct inode_security_struct *isec;
3171 u32 sid;
3172 struct av_decision avd;
3173 int rc, rc2;
3174 u32 audited, denied;
3175
3176 from_access = mask & MAY_ACCESS;
3177 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
3178
3179
3180 if (!mask)
3181 return 0;
3182
3183 validate_creds(cred);
3184
3185 if (unlikely(IS_PRIVATE(inode)))
3186 return 0;
3187
3188 perms = file_mask_to_av(inode->i_mode, mask);
3189
3190 sid = cred_sid(cred);
3191 isec = inode_security_rcu(inode, flags & MAY_NOT_BLOCK);
3192 if (IS_ERR(isec))
3193 return PTR_ERR(isec);
3194
3195 rc = avc_has_perm_noaudit(&selinux_state,
3196 sid, isec->sid, isec->sclass, perms, 0, &avd);
3197 audited = avc_audit_required(perms, &avd, rc,
3198 from_access ? FILE__AUDIT_ACCESS : 0,
3199 &denied);
3200 if (likely(!audited))
3201 return rc;
3202
3203 rc2 = audit_inode_permission(inode, perms, audited, denied, rc, flags);
3204 if (rc2)
3205 return rc2;
3206 return rc;
3207}
3208
3209static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
3210{
3211 const struct cred *cred = current_cred();
3212 struct inode *inode = d_backing_inode(dentry);
3213 unsigned int ia_valid = iattr->ia_valid;
3214 __u32 av = FILE__WRITE;
3215
3216
3217 if (ia_valid & ATTR_FORCE) {
3218 ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE |
3219 ATTR_FORCE);
3220 if (!ia_valid)
3221 return 0;
3222 }
3223
3224 if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
3225 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
3226 return dentry_has_perm(cred, dentry, FILE__SETATTR);
3227
3228 if (selinux_policycap_openperm() &&
3229 inode->i_sb->s_magic != SOCKFS_MAGIC &&
3230 (ia_valid & ATTR_SIZE) &&
3231 !(ia_valid & ATTR_FILE))
3232 av |= FILE__OPEN;
3233
3234 return dentry_has_perm(cred, dentry, av);
3235}
3236
3237static int selinux_inode_getattr(const struct path *path)
3238{
3239 return path_has_perm(current_cred(), path, FILE__GETATTR);
3240}
3241
3242static bool has_cap_mac_admin(bool audit)
3243{
3244 const struct cred *cred = current_cred();
3245 int cap_audit = audit ? SECURITY_CAP_AUDIT : SECURITY_CAP_NOAUDIT;
3246
3247 if (cap_capable(cred, &init_user_ns, CAP_MAC_ADMIN, cap_audit))
3248 return false;
3249 if (cred_has_capability(cred, CAP_MAC_ADMIN, cap_audit, true))
3250 return false;
3251 return true;
3252}
3253
3254static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
3255 const void *value, size_t size, int flags)
3256{
3257 struct inode *inode = d_backing_inode(dentry);
3258 struct inode_security_struct *isec;
3259 struct superblock_security_struct *sbsec;
3260 struct common_audit_data ad;
3261 u32 newsid, sid = current_sid();
3262 int rc = 0;
3263
3264 if (strcmp(name, XATTR_NAME_SELINUX)) {
3265 rc = cap_inode_setxattr(dentry, name, value, size, flags);
3266 if (rc)
3267 return rc;
3268
3269
3270
3271 return dentry_has_perm(current_cred(), dentry, FILE__SETATTR);
3272 }
3273
3274 sbsec = inode->i_sb->s_security;
3275 if (!(sbsec->flags & SBLABEL_MNT))
3276 return -EOPNOTSUPP;
3277
3278 if (!inode_owner_or_capable(inode))
3279 return -EPERM;
3280
3281 ad.type = LSM_AUDIT_DATA_DENTRY;
3282 ad.u.dentry = dentry;
3283
3284 isec = backing_inode_security(dentry);
3285 rc = avc_has_perm(&selinux_state,
3286 sid, isec->sid, isec->sclass,
3287 FILE__RELABELFROM, &ad);
3288 if (rc)
3289 return rc;
3290
3291 rc = security_context_to_sid(&selinux_state, value, size, &newsid,
3292 GFP_KERNEL);
3293 if (rc == -EINVAL) {
3294 if (!has_cap_mac_admin(true)) {
3295 struct audit_buffer *ab;
3296 size_t audit_size;
3297
3298
3299
3300 if (value) {
3301 const char *str = value;
3302
3303 if (str[size - 1] == '\0')
3304 audit_size = size - 1;
3305 else
3306 audit_size = size;
3307 } else {
3308 audit_size = 0;
3309 }
3310 ab = audit_log_start(audit_context(),
3311 GFP_ATOMIC, AUDIT_SELINUX_ERR);
3312 audit_log_format(ab, "op=setxattr invalid_context=");
3313 audit_log_n_untrustedstring(ab, value, audit_size);
3314 audit_log_end(ab);
3315
3316 return rc;
3317 }
3318 rc = security_context_to_sid_force(&selinux_state, value,
3319 size, &newsid);
3320 }
3321 if (rc)
3322 return rc;
3323
3324 rc = avc_has_perm(&selinux_state,
3325 sid, newsid, isec->sclass,
3326 FILE__RELABELTO, &ad);
3327 if (rc)
3328 return rc;
3329
3330 rc = security_validate_transition(&selinux_state, isec->sid, newsid,
3331 sid, isec->sclass);
3332 if (rc)
3333 return rc;
3334
3335 return avc_has_perm(&selinux_state,
3336 newsid,
3337 sbsec->sid,
3338 SECCLASS_FILESYSTEM,
3339 FILESYSTEM__ASSOCIATE,
3340 &ad);
3341}
3342
3343static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
3344 const void *value, size_t size,
3345 int flags)
3346{
3347 struct inode *inode = d_backing_inode(dentry);
3348 struct inode_security_struct *isec;
3349 u32 newsid;
3350 int rc;
3351
3352 if (strcmp(name, XATTR_NAME_SELINUX)) {
3353
3354 return;
3355 }
3356
3357 rc = security_context_to_sid_force(&selinux_state, value, size,
3358 &newsid);
3359 if (rc) {
3360 printk(KERN_ERR "SELinux: unable to map context to SID"
3361 "for (%s, %lu), rc=%d\n",
3362 inode->i_sb->s_id, inode->i_ino, -rc);
3363 return;
3364 }
3365
3366 isec = backing_inode_security(dentry);
3367 spin_lock(&isec->lock);
3368 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3369 isec->sid = newsid;
3370 isec->initialized = LABEL_INITIALIZED;
3371 spin_unlock(&isec->lock);
3372
3373 return;
3374}
3375
3376static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
3377{
3378 const struct cred *cred = current_cred();
3379
3380 return dentry_has_perm(cred, dentry, FILE__GETATTR);
3381}
3382
3383static int selinux_inode_listxattr(struct dentry *dentry)
3384{
3385 const struct cred *cred = current_cred();
3386
3387 return dentry_has_perm(cred, dentry, FILE__GETATTR);
3388}
3389
3390static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
3391{
3392 if (strcmp(name, XATTR_NAME_SELINUX)) {
3393 int rc = cap_inode_removexattr(dentry, name);
3394 if (rc)
3395 return rc;
3396
3397
3398
3399 return dentry_has_perm(current_cred(), dentry, FILE__SETATTR);
3400 }
3401
3402
3403
3404 return -EACCES;
3405}
3406
3407
3408
3409
3410
3411
3412static int selinux_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)
3413{
3414 u32 size;
3415 int error;
3416 char *context = NULL;
3417 struct inode_security_struct *isec;
3418
3419 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3420 return -EOPNOTSUPP;
3421
3422
3423
3424
3425
3426
3427
3428
3429
3430
3431 isec = inode_security(inode);
3432 if (has_cap_mac_admin(false))
3433 error = security_sid_to_context_force(&selinux_state,
3434 isec->sid, &context,
3435 &size);
3436 else
3437 error = security_sid_to_context(&selinux_state, isec->sid,
3438 &context, &size);
3439 if (error)
3440 return error;
3441 error = size;
3442 if (alloc) {
3443 *buffer = context;
3444 goto out_nofree;
3445 }
3446 kfree(context);
3447out_nofree:
3448 return error;
3449}
3450
3451static int selinux_inode_setsecurity(struct inode *inode, const char *name,
3452 const void *value, size_t size, int flags)
3453{
3454 struct inode_security_struct *isec = inode_security_novalidate(inode);
3455 u32 newsid;
3456 int rc;
3457
3458 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3459 return -EOPNOTSUPP;
3460
3461 if (!value || !size)
3462 return -EACCES;
3463
3464 rc = security_context_to_sid(&selinux_state, value, size, &newsid,
3465 GFP_KERNEL);
3466 if (rc)
3467 return rc;
3468
3469 spin_lock(&isec->lock);
3470 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3471 isec->sid = newsid;
3472 isec->initialized = LABEL_INITIALIZED;
3473 spin_unlock(&isec->lock);
3474 return 0;
3475}
3476
3477static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
3478{
3479 const int len = sizeof(XATTR_NAME_SELINUX);
3480 if (buffer && len <= buffer_size)
3481 memcpy(buffer, XATTR_NAME_SELINUX, len);
3482 return len;
3483}
3484
3485static void selinux_inode_getsecid(struct inode *inode, u32 *secid)
3486{
3487 struct inode_security_struct *isec = inode_security_novalidate(inode);
3488 *secid = isec->sid;
3489}
3490
3491static int selinux_inode_copy_up(struct dentry *src, struct cred **new)
3492{
3493 u32 sid;
3494 struct task_security_struct *tsec;
3495 struct cred *new_creds = *new;
3496
3497 if (new_creds == NULL) {
3498 new_creds = prepare_creds();
3499 if (!new_creds)
3500 return -ENOMEM;
3501 }
3502
3503 tsec = new_creds->security;
3504
3505 selinux_inode_getsecid(d_inode(src), &sid);
3506 tsec->create_sid = sid;
3507 *new = new_creds;
3508 return 0;
3509}
3510
3511static int selinux_inode_copy_up_xattr(const char *name)
3512{
3513
3514
3515
3516
3517 if (strcmp(name, XATTR_NAME_SELINUX) == 0)
3518 return 1;
3519
3520
3521
3522
3523 return -EOPNOTSUPP;
3524}
3525
3526
3527
3528static int selinux_revalidate_file_permission(struct file *file, int mask)
3529{
3530 const struct cred *cred = current_cred();
3531 struct inode *inode = file_inode(file);
3532
3533
3534 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
3535 mask |= MAY_APPEND;
3536
3537 return file_has_perm(cred, file,
3538 file_mask_to_av(inode->i_mode, mask));
3539}
3540
3541static int selinux_file_permission(struct file *file, int mask)
3542{
3543 struct inode *inode = file_inode(file);
3544 struct file_security_struct *fsec = file->f_security;
3545 struct inode_security_struct *isec;
3546 u32 sid = current_sid();
3547
3548 if (!mask)
3549
3550 return 0;
3551
3552 isec = inode_security(inode);
3553 if (sid == fsec->sid && fsec->isid == isec->sid &&
3554 fsec->pseqno == avc_policy_seqno(&selinux_state))
3555
3556 return 0;
3557
3558 return selinux_revalidate_file_permission(file, mask);
3559}
3560
3561static int selinux_file_alloc_security(struct file *file)
3562{
3563 return file_alloc_security(file);
3564}
3565
3566static void selinux_file_free_security(struct file *file)
3567{
3568 file_free_security(file);
3569}
3570
3571
3572
3573
3574
3575static int ioctl_has_perm(const struct cred *cred, struct file *file,
3576 u32 requested, u16 cmd)
3577{
3578 struct common_audit_data ad;
3579 struct file_security_struct *fsec = file->f_security;
3580 struct inode *inode = file_inode(file);
3581 struct inode_security_struct *isec;
3582 struct lsm_ioctlop_audit ioctl;
3583 u32 ssid = cred_sid(cred);
3584 int rc;
3585 u8 driver = cmd >> 8;
3586 u8 xperm = cmd & 0xff;
3587
3588 ad.type = LSM_AUDIT_DATA_IOCTL_OP;
3589 ad.u.op = &ioctl;
3590 ad.u.op->cmd = cmd;
3591 ad.u.op->path = file->f_path;
3592
3593 if (ssid != fsec->sid) {
3594 rc = avc_has_perm(&selinux_state,
3595 ssid, fsec->sid,
3596 SECCLASS_FD,
3597 FD__USE,
3598 &ad);
3599 if (rc)
3600 goto out;
3601 }
3602
3603 if (unlikely(IS_PRIVATE(inode)))
3604 return 0;
3605
3606 isec = inode_security(inode);
3607 rc = avc_has_extended_perms(&selinux_state,
3608 ssid, isec->sid, isec->sclass,
3609 requested, driver, xperm, &ad);
3610out:
3611 return rc;
3612}
3613
3614static int selinux_file_ioctl(struct file *file, unsigned int cmd,
3615 unsigned long arg)
3616{
3617 const struct cred *cred = current_cred();
3618 int error = 0;
3619
3620 switch (cmd) {
3621 case FIONREAD:
3622
3623 case FIBMAP:
3624
3625 case FIGETBSZ:
3626
3627 case FS_IOC_GETFLAGS:
3628
3629 case FS_IOC_GETVERSION:
3630 error = file_has_perm(cred, file, FILE__GETATTR);
3631 break;
3632
3633 case FS_IOC_SETFLAGS:
3634
3635 case FS_IOC_SETVERSION:
3636 error = file_has_perm(cred, file, FILE__SETATTR);
3637 break;
3638
3639
3640 case FIONBIO:
3641
3642 case FIOASYNC:
3643 error = file_has_perm(cred, file, 0);
3644 break;
3645
3646 case KDSKBENT:
3647 case KDSKBSENT:
3648 error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG,
3649 SECURITY_CAP_AUDIT, true);
3650 break;
3651
3652
3653
3654
3655 default:
3656 error = ioctl_has_perm(cred, file, FILE__IOCTL, (u16) cmd);
3657 }
3658 return error;
3659}
3660
3661static int default_noexec;
3662
3663static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
3664{
3665 const struct cred *cred = current_cred();
3666 u32 sid = cred_sid(cred);
3667 int rc = 0;
3668
3669 if (default_noexec &&
3670 (prot & PROT_EXEC) && (!file || IS_PRIVATE(file_inode(file)) ||
3671 (!shared && (prot & PROT_WRITE)))) {
3672
3673
3674
3675
3676
3677 rc = avc_has_perm(&selinux_state,
3678 sid, sid, SECCLASS_PROCESS,
3679 PROCESS__EXECMEM, NULL);
3680 if (rc)
3681 goto error;
3682 }
3683
3684 if (file) {
3685
3686 u32 av = FILE__READ;
3687
3688
3689 if (shared && (prot & PROT_WRITE))
3690 av |= FILE__WRITE;
3691
3692 if (prot & PROT_EXEC)
3693 av |= FILE__EXECUTE;
3694
3695 return file_has_perm(cred, file, av);
3696 }
3697
3698error:
3699 return rc;
3700}
3701
3702static int selinux_mmap_addr(unsigned long addr)
3703{
3704 int rc = 0;
3705
3706 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
3707 u32 sid = current_sid();
3708 rc = avc_has_perm(&selinux_state,
3709 sid, sid, SECCLASS_MEMPROTECT,
3710 MEMPROTECT__MMAP_ZERO, NULL);
3711 }
3712
3713 return rc;
3714}
3715
3716static int selinux_mmap_file(struct file *file, unsigned long reqprot,
3717 unsigned long prot, unsigned long flags)
3718{
3719 struct common_audit_data ad;
3720 int rc;
3721
3722 if (file) {
3723 ad.type = LSM_AUDIT_DATA_FILE;
3724 ad.u.file = file;
3725 rc = inode_has_perm(current_cred(), file_inode(file),
3726 FILE__MAP, &ad);
3727 if (rc)
3728 return rc;
3729 }
3730
3731 if (selinux_state.checkreqprot)
3732 prot = reqprot;
3733
3734 return file_map_prot_check(file, prot,
3735 (flags & MAP_TYPE) == MAP_SHARED);
3736}
3737
3738static int selinux_file_mprotect(struct vm_area_struct *vma,
3739 unsigned long reqprot,
3740 unsigned long prot)
3741{
3742 const struct cred *cred = current_cred();
3743 u32 sid = cred_sid(cred);
3744
3745 if (selinux_state.checkreqprot)
3746 prot = reqprot;
3747
3748 if (default_noexec &&
3749 (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3750 int rc = 0;
3751 if (vma->vm_start >= vma->vm_mm->start_brk &&
3752 vma->vm_end <= vma->vm_mm->brk) {
3753 rc = avc_has_perm(&selinux_state,
3754 sid, sid, SECCLASS_PROCESS,
3755 PROCESS__EXECHEAP, NULL);
3756 } else if (!vma->vm_file &&
3757 ((vma->vm_start <= vma->vm_mm->start_stack &&
3758 vma->vm_end >= vma->vm_mm->start_stack) ||
3759 vma_is_stack_for_current(vma))) {
3760 rc = avc_has_perm(&selinux_state,
3761 sid, sid, SECCLASS_PROCESS,
3762 PROCESS__EXECSTACK, NULL);
3763 } else if (vma->vm_file && vma->anon_vma) {
3764
3765
3766
3767
3768
3769
3770
3771 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3772 }
3773 if (rc)
3774 return rc;
3775 }
3776
3777 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3778}
3779
3780static int selinux_file_lock(struct file *file, unsigned int cmd)
3781{
3782 const struct cred *cred = current_cred();
3783
3784 return file_has_perm(cred, file, FILE__LOCK);
3785}
3786
3787static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3788 unsigned long arg)
3789{
3790 const struct cred *cred = current_cred();
3791 int err = 0;
3792
3793 switch (cmd) {
3794 case F_SETFL:
3795 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3796 err = file_has_perm(cred, file, FILE__WRITE);
3797 break;
3798 }
3799
3800 case F_SETOWN:
3801 case F_SETSIG:
3802 case F_GETFL:
3803 case F_GETOWN:
3804 case F_GETSIG:
3805 case F_GETOWNER_UIDS:
3806
3807 err = file_has_perm(cred, file, 0);
3808 break;
3809 case F_GETLK:
3810 case F_SETLK:
3811 case F_SETLKW:
3812 case F_OFD_GETLK:
3813 case F_OFD_SETLK:
3814 case F_OFD_SETLKW:
3815#if BITS_PER_LONG == 32
3816 case F_GETLK64:
3817 case F_SETLK64:
3818 case F_SETLKW64:
3819#endif
3820 err = file_has_perm(cred, file, FILE__LOCK);
3821 break;
3822 }
3823
3824 return err;
3825}
3826
3827static void selinux_file_set_fowner(struct file *file)
3828{
3829 struct file_security_struct *fsec;
3830
3831 fsec = file->f_security;
3832 fsec->fown_sid = current_sid();
3833}
3834
3835static int selinux_file_send_sigiotask(struct task_struct *tsk,
3836 struct fown_struct *fown, int signum)
3837{
3838 struct file *file;
3839 u32 sid = task_sid(tsk);
3840 u32 perm;
3841 struct file_security_struct *fsec;
3842
3843
3844 file = container_of(fown, struct file, f_owner);
3845
3846 fsec = file->f_security;
3847
3848 if (!signum)
3849 perm = signal_to_av(SIGIO);
3850 else
3851 perm = signal_to_av(signum);
3852
3853 return avc_has_perm(&selinux_state,
3854 fsec->fown_sid, sid,
3855 SECCLASS_PROCESS, perm, NULL);
3856}
3857
3858static int selinux_file_receive(struct file *file)
3859{
3860 const struct cred *cred = current_cred();
3861
3862 return file_has_perm(cred, file, file_to_av(file));
3863}
3864
3865static int selinux_file_open(struct file *file, const struct cred *cred)
3866{
3867 struct file_security_struct *fsec;
3868 struct inode_security_struct *isec;
3869
3870 fsec = file->f_security;
3871 isec = inode_security(file_inode(file));
3872
3873
3874
3875
3876
3877
3878
3879 fsec->isid = isec->sid;
3880 fsec->pseqno = avc_policy_seqno(&selinux_state);
3881
3882
3883
3884
3885
3886
3887
3888
3889 return file_path_has_perm(cred, file, open_file_to_av(file));
3890}
3891
3892
3893
3894static int selinux_task_alloc(struct task_struct *task,
3895 unsigned long clone_flags)
3896{
3897 u32 sid = current_sid();
3898
3899 return avc_has_perm(&selinux_state,
3900 sid, sid, SECCLASS_PROCESS, PROCESS__FORK, NULL);
3901}
3902
3903
3904
3905
3906static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp)
3907{
3908 struct task_security_struct *tsec;
3909
3910 tsec = kzalloc(sizeof(struct task_security_struct), gfp);
3911 if (!tsec)
3912 return -ENOMEM;
3913
3914 cred->security = tsec;
3915 return 0;
3916}
3917
3918
3919
3920
3921static void selinux_cred_free(struct cred *cred)
3922{
3923 struct task_security_struct *tsec = cred->security;
3924
3925
3926
3927
3928
3929 BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE);
3930 cred->security = (void *) 0x7UL;
3931 kfree(tsec);
3932}
3933
3934
3935
3936
3937static int selinux_cred_prepare(struct cred *new, const struct cred *old,
3938 gfp_t gfp)
3939{
3940 const struct task_security_struct *old_tsec;
3941 struct task_security_struct *tsec;
3942
3943 old_tsec = old->security;
3944
3945 tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp);
3946 if (!tsec)
3947 return -ENOMEM;
3948
3949 new->security = tsec;
3950 return 0;
3951}
3952
3953
3954
3955
3956static void selinux_cred_transfer(struct cred *new, const struct cred *old)
3957{
3958 const struct task_security_struct *old_tsec = old->security;
3959 struct task_security_struct *tsec = new->security;
3960
3961 *tsec = *old_tsec;
3962}
3963
3964static void selinux_cred_getsecid(const struct cred *c, u32 *secid)
3965{
3966 *secid = cred_sid(c);
3967}
3968
3969
3970
3971
3972
3973static int selinux_kernel_act_as(struct cred *new, u32 secid)
3974{
3975 struct task_security_struct *tsec = new->security;
3976 u32 sid = current_sid();
3977 int ret;
3978
3979 ret = avc_has_perm(&selinux_state,
3980 sid, secid,
3981 SECCLASS_KERNEL_SERVICE,
3982 KERNEL_SERVICE__USE_AS_OVERRIDE,
3983 NULL);
3984 if (ret == 0) {
3985 tsec->sid = secid;
3986 tsec->create_sid = 0;
3987 tsec->keycreate_sid = 0;
3988 tsec->sockcreate_sid = 0;
3989 }
3990 return ret;
3991}
3992
3993
3994
3995
3996
3997static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3998{
3999 struct inode_security_struct *isec = inode_security(inode);
4000 struct task_security_struct *tsec = new->security;
4001 u32 sid = current_sid();
4002 int ret;
4003
4004 ret = avc_has_perm(&selinux_state,
4005 sid, isec->sid,
4006 SECCLASS_KERNEL_SERVICE,
4007 KERNEL_SERVICE__CREATE_FILES_AS,
4008 NULL);
4009
4010 if (ret == 0)
4011 tsec->create_sid = isec->sid;
4012 return ret;
4013}
4014
4015static int selinux_kernel_module_request(char *kmod_name)
4016{
4017 struct common_audit_data ad;
4018
4019 ad.type = LSM_AUDIT_DATA_KMOD;
4020 ad.u.kmod_name = kmod_name;
4021
4022 return avc_has_perm(&selinux_state,
4023 current_sid(), SECINITSID_KERNEL, SECCLASS_SYSTEM,
4024 SYSTEM__MODULE_REQUEST, &ad);
4025}
4026
4027static int selinux_kernel_module_from_file(struct file *file)
4028{
4029 struct common_audit_data ad;
4030 struct inode_security_struct *isec;
4031 struct file_security_struct *fsec;
4032 u32 sid = current_sid();
4033 int rc;
4034
4035
4036 if (file == NULL)
4037 return avc_has_perm(&selinux_state,
4038 sid, sid, SECCLASS_SYSTEM,
4039 SYSTEM__MODULE_LOAD, NULL);
4040
4041
4042
4043 ad.type = LSM_AUDIT_DATA_FILE;
4044 ad.u.file = file;
4045
4046 fsec = file->f_security;
4047 if (sid != fsec->sid) {
4048 rc = avc_has_perm(&selinux_state,
4049 sid, fsec->sid, SECCLASS_FD, FD__USE, &ad);
4050 if (rc)
4051 return rc;
4052 }
4053
4054 isec = inode_security(file_inode(file));
4055 return avc_has_perm(&selinux_state,
4056 sid, isec->sid, SECCLASS_SYSTEM,
4057 SYSTEM__MODULE_LOAD, &ad);
4058}
4059
4060static int selinux_kernel_read_file(struct file *file,
4061 enum kernel_read_file_id id)
4062{
4063 int rc = 0;
4064
4065 switch (id) {
4066 case READING_MODULE:
4067 rc = selinux_kernel_module_from_file(file);
4068 break;
4069 default:
4070 break;
4071 }
4072
4073 return rc;
4074}
4075
4076static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
4077{
4078 return avc_has_perm(&selinux_state,
4079 current_sid(), task_sid(p), SECCLASS_PROCESS,
4080 PROCESS__SETPGID, NULL);
4081}
4082
4083static int selinux_task_getpgid(struct task_struct *p)
4084{
4085 return avc_has_perm(&selinux_state,
4086 current_sid(), task_sid(p), SECCLASS_PROCESS,
4087 PROCESS__GETPGID, NULL);
4088}
4089
4090static int selinux_task_getsid(struct task_struct *p)
4091{
4092 return avc_has_perm(&selinux_state,
4093 current_sid(), task_sid(p), SECCLASS_PROCESS,
4094 PROCESS__GETSESSION, NULL);
4095}
4096
4097static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
4098{
4099 *secid = task_sid(p);
4100}
4101
4102static int selinux_task_setnice(struct task_struct *p, int nice)
4103{
4104 return avc_has_perm(&selinux_state,
4105 current_sid(), task_sid(p), SECCLASS_PROCESS,
4106 PROCESS__SETSCHED, NULL);
4107}
4108
4109static int selinux_task_setioprio(struct task_struct *p, int ioprio)
4110{
4111 return avc_has_perm(&selinux_state,
4112 current_sid(), task_sid(p), SECCLASS_PROCESS,
4113 PROCESS__SETSCHED, NULL);
4114}
4115
4116static int selinux_task_getioprio(struct task_struct *p)
4117{
4118 return avc_has_perm(&selinux_state,
4119 current_sid(), task_sid(p), SECCLASS_PROCESS,
4120 PROCESS__GETSCHED, NULL);
4121}
4122
4123static int selinux_task_prlimit(const struct cred *cred, const struct cred *tcred,
4124 unsigned int flags)
4125{
4126 u32 av = 0;
4127
4128 if (!flags)
4129 return 0;
4130 if (flags & LSM_PRLIMIT_WRITE)
4131 av |= PROCESS__SETRLIMIT;
4132 if (flags & LSM_PRLIMIT_READ)
4133 av |= PROCESS__GETRLIMIT;
4134 return avc_has_perm(&selinux_state,
4135 cred_sid(cred), cred_sid(tcred),
4136 SECCLASS_PROCESS, av, NULL);
4137}
4138
4139static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
4140 struct rlimit *new_rlim)
4141{
4142 struct rlimit *old_rlim = p->signal->rlim + resource;
4143
4144
4145
4146
4147
4148 if (old_rlim->rlim_max != new_rlim->rlim_max)
4149 return avc_has_perm(&selinux_state,
4150 current_sid(), task_sid(p),
4151 SECCLASS_PROCESS, PROCESS__SETRLIMIT, NULL);
4152
4153 return 0;
4154}
4155
4156static int selinux_task_setscheduler(struct task_struct *p)
4157{
4158 return avc_has_perm(&selinux_state,
4159 current_sid(), task_sid(p), SECCLASS_PROCESS,
4160 PROCESS__SETSCHED, NULL);
4161}
4162
4163static int selinux_task_getscheduler(struct task_struct *p)
4164{
4165 return avc_has_perm(&selinux_state,
4166 current_sid(), task_sid(p), SECCLASS_PROCESS,
4167 PROCESS__GETSCHED, NULL);
4168}
4169
4170static int selinux_task_movememory(struct task_struct *p)
4171{
4172 return avc_has_perm(&selinux_state,
4173 current_sid(), task_sid(p), SECCLASS_PROCESS,
4174 PROCESS__SETSCHED, NULL);
4175}
4176
4177static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
4178 int sig, const struct cred *cred)
4179{
4180 u32 secid;
4181 u32 perm;
4182
4183 if (!sig)
4184 perm = PROCESS__SIGNULL;
4185 else
4186 perm = signal_to_av(sig);
4187 if (!cred)
4188 secid = current_sid();
4189 else
4190 secid = cred_sid(cred);
4191 return avc_has_perm(&selinux_state,
4192 secid, task_sid(p), SECCLASS_PROCESS, perm, NULL);
4193}
4194
4195static void selinux_task_to_inode(struct task_struct *p,
4196 struct inode *inode)
4197{
4198 struct inode_security_struct *isec = inode->i_security;
4199 u32 sid = task_sid(p);
4200
4201 spin_lock(&isec->lock);
4202 isec->sclass = inode_mode_to_security_class(inode->i_mode);
4203 isec->sid = sid;
4204 isec->initialized = LABEL_INITIALIZED;
4205 spin_unlock(&isec->lock);
4206}
4207
4208
4209static int selinux_parse_skb_ipv4(struct sk_buff *skb,
4210 struct common_audit_data *ad, u8 *proto)
4211{
4212 int offset, ihlen, ret = -EINVAL;
4213 struct iphdr _iph, *ih;
4214
4215 offset = skb_network_offset(skb);
4216 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
4217 if (ih == NULL)
4218 goto out;
4219
4220 ihlen = ih->ihl * 4;
4221 if (ihlen < sizeof(_iph))
4222 goto out;
4223
4224 ad->u.net->v4info.saddr = ih->saddr;
4225 ad->u.net->v4info.daddr = ih->daddr;
4226 ret = 0;
4227
4228 if (proto)
4229 *proto = ih->protocol;
4230
4231 switch (ih->protocol) {
4232 case IPPROTO_TCP: {
4233 struct tcphdr _tcph, *th;
4234
4235 if (ntohs(ih->frag_off) & IP_OFFSET)
4236 break;
4237
4238 offset += ihlen;
4239 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
4240 if (th == NULL)
4241 break;
4242
4243 ad->u.net->sport = th->source;
4244 ad->u.net->dport = th->dest;
4245 break;
4246 }
4247
4248 case IPPROTO_UDP: {
4249 struct udphdr _udph, *uh;
4250
4251 if (ntohs(ih->frag_off) & IP_OFFSET)
4252 break;
4253
4254 offset += ihlen;
4255 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
4256 if (uh == NULL)
4257 break;
4258
4259 ad->u.net->sport = uh->source;
4260 ad->u.net->dport = uh->dest;
4261 break;
4262 }
4263
4264 case IPPROTO_DCCP: {
4265 struct dccp_hdr _dccph, *dh;
4266
4267 if (ntohs(ih->frag_off) & IP_OFFSET)
4268 break;
4269
4270 offset += ihlen;
4271 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
4272 if (dh == NULL)
4273 break;
4274
4275 ad->u.net->sport = dh->dccph_sport;
4276 ad->u.net->dport = dh->dccph_dport;
4277 break;
4278 }
4279
4280#if IS_ENABLED(CONFIG_IP_SCTP)
4281 case IPPROTO_SCTP: {
4282 struct sctphdr _sctph, *sh;
4283
4284 if (ntohs(ih->frag_off) & IP_OFFSET)
4285 break;
4286
4287 offset += ihlen;
4288 sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);
4289 if (sh == NULL)
4290 break;
4291
4292 ad->u.net->sport = sh->source;
4293 ad->u.net->dport = sh->dest;
4294 break;
4295 }
4296#endif
4297 default:
4298 break;
4299 }
4300out:
4301 return ret;
4302}
4303
4304#if IS_ENABLED(CONFIG_IPV6)
4305
4306
4307static int selinux_parse_skb_ipv6(struct sk_buff *skb,
4308 struct common_audit_data *ad, u8 *proto)
4309{
4310 u8 nexthdr;
4311 int ret = -EINVAL, offset;
4312 struct ipv6hdr _ipv6h, *ip6;
4313 __be16 frag_off;
4314
4315 offset = skb_network_offset(skb);
4316 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
4317 if (ip6 == NULL)
4318 goto out;
4319
4320 ad->u.net->v6info.saddr = ip6->saddr;
4321 ad->u.net->v6info.daddr = ip6->daddr;
4322 ret = 0;
4323
4324 nexthdr = ip6->nexthdr;
4325 offset += sizeof(_ipv6h);
4326 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
4327 if (offset < 0)
4328 goto out;
4329
4330 if (proto)
4331 *proto = nexthdr;
4332
4333 switch (nexthdr) {
4334 case IPPROTO_TCP: {
4335 struct tcphdr _tcph, *th;
4336
4337 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
4338 if (th == NULL)
4339 break;
4340
4341 ad->u.net->sport = th->source;
4342 ad->u.net->dport = th->dest;
4343 break;
4344 }
4345
4346 case IPPROTO_UDP: {
4347 struct udphdr _udph, *uh;
4348
4349 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
4350 if (uh == NULL)
4351 break;
4352
4353 ad->u.net->sport = uh->source;
4354 ad->u.net->dport = uh->dest;
4355 break;
4356 }
4357
4358 case IPPROTO_DCCP: {
4359 struct dccp_hdr _dccph, *dh;
4360
4361 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
4362 if (dh == NULL)
4363 break;
4364
4365 ad->u.net->sport = dh->dccph_sport;
4366 ad->u.net->dport = dh->dccph_dport;
4367 break;
4368 }
4369
4370#if IS_ENABLED(CONFIG_IP_SCTP)
4371 case IPPROTO_SCTP: {
4372 struct sctphdr _sctph, *sh;
4373
4374 sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);
4375 if (sh == NULL)
4376 break;
4377
4378 ad->u.net->sport = sh->source;
4379 ad->u.net->dport = sh->dest;
4380 break;
4381 }
4382#endif
4383
4384 default:
4385 break;
4386 }
4387out:
4388 return ret;
4389}
4390
4391#endif
4392
4393static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
4394 char **_addrp, int src, u8 *proto)
4395{
4396 char *addrp;
4397 int ret;
4398
4399 switch (ad->u.net->family) {
4400 case PF_INET:
4401 ret = selinux_parse_skb_ipv4(skb, ad, proto);
4402 if (ret)
4403 goto parse_error;
4404 addrp = (char *)(src ? &ad->u.net->v4info.saddr :
4405 &ad->u.net->v4info.daddr);
4406 goto okay;
4407
4408#if IS_ENABLED(CONFIG_IPV6)
4409 case PF_INET6:
4410 ret = selinux_parse_skb_ipv6(skb, ad, proto);
4411 if (ret)
4412 goto parse_error;
4413 addrp = (char *)(src ? &ad->u.net->v6info.saddr :
4414 &ad->u.net->v6info.daddr);
4415 goto okay;
4416#endif
4417 default:
4418 addrp = NULL;
4419 goto okay;
4420 }
4421
4422parse_error:
4423 printk(KERN_WARNING
4424 "SELinux: failure in selinux_parse_skb(),"
4425 " unable to parse packet\n");
4426 return ret;
4427
4428okay:
4429 if (_addrp)
4430 *_addrp = addrp;
4431 return 0;
4432}
4433
4434
4435
4436
4437
4438
4439
4440
4441
4442
4443
4444
4445
4446
4447
4448
4449static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
4450{
4451 int err;
4452 u32 xfrm_sid;
4453 u32 nlbl_sid;
4454 u32 nlbl_type;
4455
4456 err = selinux_xfrm_skb_sid(skb, &xfrm_sid);
4457 if (unlikely(err))
4458 return -EACCES;
4459 err = selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
4460 if (unlikely(err))
4461 return -EACCES;
4462
4463 err = security_net_peersid_resolve(&selinux_state, nlbl_sid,
4464 nlbl_type, xfrm_sid, sid);
4465 if (unlikely(err)) {
4466 printk(KERN_WARNING
4467 "SELinux: failure in selinux_skb_peerlbl_sid(),"
4468 " unable to determine packet's peer label\n");
4469 return -EACCES;
4470 }
4471
4472 return 0;
4473}
4474
4475
4476
4477
4478
4479
4480
4481
4482
4483
4484
4485
4486
4487static int selinux_conn_sid(u32 sk_sid, u32 skb_sid, u32 *conn_sid)
4488{
4489 int err = 0;
4490
4491 if (skb_sid != SECSID_NULL)
4492 err = security_sid_mls_copy(&selinux_state, sk_sid, skb_sid,
4493 conn_sid);
4494 else
4495 *conn_sid = sk_sid;
4496
4497 return err;
4498}
4499
4500
4501
4502static int socket_sockcreate_sid(const struct task_security_struct *tsec,
4503 u16 secclass, u32 *socksid)
4504{
4505 if (tsec->sockcreate_sid > SECSID_NULL) {
4506 *socksid = tsec->sockcreate_sid;
4507 return 0;
4508 }
4509
4510 return security_transition_sid(&selinux_state, tsec->sid, tsec->sid,
4511 secclass, NULL, socksid);
4512}
4513
4514static int sock_has_perm(struct sock *sk, u32 perms)
4515{
4516 struct sk_security_struct *sksec = sk->sk_security;
4517 struct common_audit_data ad;
4518 struct lsm_network_audit net = {0,};
4519
4520 if (sksec->sid == SECINITSID_KERNEL)
4521 return 0;
4522
4523 ad.type = LSM_AUDIT_DATA_NET;
4524 ad.u.net = &net;
4525 ad.u.net->sk = sk;
4526
4527 return avc_has_perm(&selinux_state,
4528 current_sid(), sksec->sid, sksec->sclass, perms,
4529 &ad);
4530}
4531
4532static int selinux_socket_create(int family, int type,
4533 int protocol, int kern)
4534{
4535 const struct task_security_struct *tsec = current_security();
4536 u32 newsid;
4537 u16 secclass;
4538 int rc;
4539
4540 if (kern)
4541 return 0;
4542
4543 secclass = socket_type_to_security_class(family, type, protocol);
4544 rc = socket_sockcreate_sid(tsec, secclass, &newsid);
4545 if (rc)
4546 return rc;
4547
4548 return avc_has_perm(&selinux_state,
4549 tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
4550}
4551
4552static int selinux_socket_post_create(struct socket *sock, int family,
4553 int type, int protocol, int kern)
4554{
4555 const struct task_security_struct *tsec = current_security();
4556 struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(sock));
4557 struct sk_security_struct *sksec;
4558 u16 sclass = socket_type_to_security_class(family, type, protocol);
4559 u32 sid = SECINITSID_KERNEL;
4560 int err = 0;
4561
4562 if (!kern) {
4563 err = socket_sockcreate_sid(tsec, sclass, &sid);
4564 if (err)
4565 return err;
4566 }
4567
4568 isec->sclass = sclass;
4569 isec->sid = sid;
4570 isec->initialized = LABEL_INITIALIZED;
4571
4572 if (sock->sk) {
4573 sksec = sock->sk->sk_security;
4574 sksec->sclass = sclass;
4575 sksec->sid = sid;
4576
4577 if (sksec->sclass == SECCLASS_SCTP_SOCKET)
4578 sksec->sctp_assoc_state = SCTP_ASSOC_UNSET;
4579
4580 err = selinux_netlbl_socket_post_create(sock->sk, family);
4581 }
4582
4583 return err;
4584}
4585
4586static int selinux_socket_socketpair(struct socket *socka,
4587 struct socket *sockb)
4588{
4589 struct sk_security_struct *sksec_a = socka->sk->sk_security;
4590 struct sk_security_struct *sksec_b = sockb->sk->sk_security;
4591
4592 sksec_a->peer_sid = sksec_b->sid;
4593 sksec_b->peer_sid = sksec_a->sid;
4594
4595 return 0;
4596}
4597
4598
4599
4600
4601
4602static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
4603{
4604 struct sock *sk = sock->sk;
4605 struct sk_security_struct *sksec = sk->sk_security;
4606 u16 family;
4607 int err;
4608
4609 err = sock_has_perm(sk, SOCKET__BIND);
4610 if (err)
4611 goto out;
4612
4613
4614 family = sk->sk_family;
4615 if (family == PF_INET || family == PF_INET6) {
4616 char *addrp;
4617 struct common_audit_data ad;
4618 struct lsm_network_audit net = {0,};
4619 struct sockaddr_in *addr4 = NULL;
4620 struct sockaddr_in6 *addr6 = NULL;
4621 u16 family_sa = address->sa_family;
4622 unsigned short snum;
4623 u32 sid, node_perm;
4624
4625
4626
4627
4628
4629
4630
4631 switch (family_sa) {
4632 case AF_UNSPEC:
4633 case AF_INET:
4634 if (addrlen < sizeof(struct sockaddr_in))
4635 return -EINVAL;
4636 addr4 = (struct sockaddr_in *)address;
4637 if (family_sa == AF_UNSPEC) {
4638
4639
4640
4641 if (addr4->sin_addr.s_addr != htonl(INADDR_ANY))
4642 goto err_af;
4643 family_sa = AF_INET;
4644 }
4645 snum = ntohs(addr4->sin_port);
4646 addrp = (char *)&addr4->sin_addr.s_addr;
4647 break;
4648 case AF_INET6:
4649 if (addrlen < SIN6_LEN_RFC2133)
4650 return -EINVAL;
4651 addr6 = (struct sockaddr_in6 *)address;
4652 snum = ntohs(addr6->sin6_port);
4653 addrp = (char *)&addr6->sin6_addr.s6_addr;
4654 break;
4655 default:
4656 goto err_af;
4657 }
4658
4659 ad.type = LSM_AUDIT_DATA_NET;
4660 ad.u.net = &net;
4661 ad.u.net->sport = htons(snum);
4662 ad.u.net->family = family_sa;
4663
4664 if (snum) {
4665 int low, high;
4666
4667 inet_get_local_port_range(sock_net(sk), &low, &high);
4668
4669 if (snum < max(inet_prot_sock(sock_net(sk)), low) ||
4670 snum > high) {
4671 err = sel_netport_sid(sk->sk_protocol,
4672 snum, &sid);
4673 if (err)
4674 goto out;
4675 err = avc_has_perm(&selinux_state,
4676 sksec->sid, sid,
4677 sksec->sclass,
4678 SOCKET__NAME_BIND, &ad);
4679 if (err)
4680 goto out;
4681 }
4682 }
4683
4684 switch (sksec->sclass) {
4685 case SECCLASS_TCP_SOCKET:
4686 node_perm = TCP_SOCKET__NODE_BIND;
4687 break;
4688
4689 case SECCLASS_UDP_SOCKET:
4690 node_perm = UDP_SOCKET__NODE_BIND;
4691 break;
4692
4693 case SECCLASS_DCCP_SOCKET:
4694 node_perm = DCCP_SOCKET__NODE_BIND;
4695 break;
4696
4697 case SECCLASS_SCTP_SOCKET:
4698 node_perm = SCTP_SOCKET__NODE_BIND;
4699 break;
4700
4701 default:
4702 node_perm = RAWIP_SOCKET__NODE_BIND;
4703 break;
4704 }
4705
4706 err = sel_netnode_sid(addrp, family_sa, &sid);
4707 if (err)
4708 goto out;
4709
4710 if (family_sa == AF_INET)
4711 ad.u.net->v4info.saddr = addr4->sin_addr.s_addr;
4712 else
4713 ad.u.net->v6info.saddr = addr6->sin6_addr;
4714
4715 err = avc_has_perm(&selinux_state,
4716 sksec->sid, sid,
4717 sksec->sclass, node_perm, &ad);
4718 if (err)
4719 goto out;
4720 }
4721out:
4722 return err;
4723err_af:
4724
4725 if (sksec->sclass == SECCLASS_SCTP_SOCKET)
4726 return -EINVAL;
4727 return -EAFNOSUPPORT;
4728}
4729
4730
4731
4732
4733static int selinux_socket_connect_helper(struct socket *sock,
4734 struct sockaddr *address, int addrlen)
4735{
4736 struct sock *sk = sock->sk;
4737 struct sk_security_struct *sksec = sk->sk_security;
4738 int err;
4739
4740 err = sock_has_perm(sk, SOCKET__CONNECT);
4741 if (err)
4742 return err;
4743
4744
4745
4746
4747
4748 if (sksec->sclass == SECCLASS_TCP_SOCKET ||
4749 sksec->sclass == SECCLASS_DCCP_SOCKET ||
4750 sksec->sclass == SECCLASS_SCTP_SOCKET) {
4751 struct common_audit_data ad;
4752 struct lsm_network_audit net = {0,};
4753 struct sockaddr_in *addr4 = NULL;
4754 struct sockaddr_in6 *addr6 = NULL;
4755 unsigned short snum;
4756 u32 sid, perm;
4757
4758
4759
4760
4761
4762
4763 switch (address->sa_family) {
4764 case AF_INET:
4765 addr4 = (struct sockaddr_in *)address;
4766 if (addrlen < sizeof(struct sockaddr_in))
4767 return -EINVAL;
4768 snum = ntohs(addr4->sin_port);
4769 break;
4770 case AF_INET6:
4771 addr6 = (struct sockaddr_in6 *)address;
4772 if (addrlen < SIN6_LEN_RFC2133)
4773 return -EINVAL;
4774 snum = ntohs(addr6->sin6_port);
4775 break;
4776 default:
4777
4778
4779
4780 if (sksec->sclass == SECCLASS_SCTP_SOCKET)
4781 return -EINVAL;
4782 else
4783 return -EAFNOSUPPORT;
4784 }
4785
4786 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
4787 if (err)
4788 return err;
4789
4790 switch (sksec->sclass) {
4791 case SECCLASS_TCP_SOCKET:
4792 perm = TCP_SOCKET__NAME_CONNECT;
4793 break;
4794 case SECCLASS_DCCP_SOCKET:
4795 perm = DCCP_SOCKET__NAME_CONNECT;
4796 break;
4797 case SECCLASS_SCTP_SOCKET:
4798 perm = SCTP_SOCKET__NAME_CONNECT;
4799 break;
4800 }
4801
4802 ad.type = LSM_AUDIT_DATA_NET;
4803 ad.u.net = &net;
4804 ad.u.net->dport = htons(snum);
4805 ad.u.net->family = address->sa_family;
4806 err = avc_has_perm(&selinux_state,
4807 sksec->sid, sid, sksec->sclass, perm, &ad);
4808 if (err)
4809 return err;
4810 }
4811
4812 return 0;
4813}
4814
4815
4816static int selinux_socket_connect(struct socket *sock,
4817 struct sockaddr *address, int addrlen)
4818{
4819 int err;
4820 struct sock *sk = sock->sk;
4821
4822 err = selinux_socket_connect_helper(sock, address, addrlen);
4823 if (err)
4824 return err;
4825
4826 return selinux_netlbl_socket_connect(sk, address);
4827}
4828
4829static int selinux_socket_listen(struct socket *sock, int backlog)
4830{
4831 return sock_has_perm(sock->sk, SOCKET__LISTEN);
4832}
4833
4834static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
4835{
4836 int err;
4837 struct inode_security_struct *isec;
4838 struct inode_security_struct *newisec;
4839 u16 sclass;
4840 u32 sid;
4841
4842 err = sock_has_perm(sock->sk, SOCKET__ACCEPT);
4843 if (err)
4844 return err;
4845
4846 isec = inode_security_novalidate(SOCK_INODE(sock));
4847 spin_lock(&isec->lock);
4848 sclass = isec->sclass;
4849 sid = isec->sid;
4850 spin_unlock(&isec->lock);
4851
4852 newisec = inode_security_novalidate(SOCK_INODE(newsock));
4853 newisec->sclass = sclass;
4854 newisec->sid = sid;
4855 newisec->initialized = LABEL_INITIALIZED;
4856
4857 return 0;
4858}
4859
4860static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
4861 int size)
4862{
4863 return sock_has_perm(sock->sk, SOCKET__WRITE);
4864}
4865
4866static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
4867 int size, int flags)
4868{
4869 return sock_has_perm(sock->sk, SOCKET__READ);
4870}
4871
4872static int selinux_socket_getsockname(struct socket *sock)
4873{
4874 return sock_has_perm(sock->sk, SOCKET__GETATTR);
4875}
4876
4877static int selinux_socket_getpeername(struct socket *sock)
4878{
4879 return sock_has_perm(sock->sk, SOCKET__GETATTR);
4880}
4881
4882static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
4883{
4884 int err;
4885
4886 err = sock_has_perm(sock->sk, SOCKET__SETOPT);
4887 if (err)
4888 return err;
4889
4890 return selinux_netlbl_socket_setsockopt(sock, level, optname);
4891}
4892
4893static int selinux_socket_getsockopt(struct socket *sock, int level,
4894 int optname)
4895{
4896 return sock_has_perm(sock->sk, SOCKET__GETOPT);
4897}
4898
4899static int selinux_socket_shutdown(struct socket *sock, int how)
4900{
4901 return sock_has_perm(sock->sk, SOCKET__SHUTDOWN);
4902}
4903
4904static int selinux_socket_unix_stream_connect(struct sock *sock,
4905 struct sock *other,
4906 struct sock *newsk)
4907{
4908 struct sk_security_struct *sksec_sock = sock->sk_security;
4909 struct sk_security_struct *sksec_other = other->sk_security;
4910 struct sk_security_struct *sksec_new = newsk->sk_security;
4911 struct common_audit_data ad;
4912 struct lsm_network_audit net = {0,};
4913 int err;
4914
4915 ad.type = LSM_AUDIT_DATA_NET;
4916 ad.u.net = &net;
4917 ad.u.net->sk = other;
4918
4919 err = avc_has_perm(&selinux_state,
4920 sksec_sock->sid, sksec_other->sid,
4921 sksec_other->sclass,
4922 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
4923 if (err)
4924 return err;
4925
4926
4927 sksec_new->peer_sid = sksec_sock->sid;
4928 err = security_sid_mls_copy(&selinux_state, sksec_other->sid,
4929 sksec_sock->sid, &sksec_new->sid);
4930 if (err)
4931 return err;
4932
4933
4934 sksec_sock->peer_sid = sksec_new->sid;
4935
4936 return 0;
4937}
4938
4939static int selinux_socket_unix_may_send(struct socket *sock,
4940 struct socket *other)
4941{
4942 struct sk_security_struct *ssec = sock->sk->sk_security;
4943 struct sk_security_struct *osec = other->sk->sk_security;
4944 struct common_audit_data ad;
4945 struct lsm_network_audit net = {0,};
4946
4947 ad.type = LSM_AUDIT_DATA_NET;
4948 ad.u.net = &net;
4949 ad.u.net->sk = other->sk;
4950
4951 return avc_has_perm(&selinux_state,
4952 ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
4953 &ad);
4954}
4955
4956static int selinux_inet_sys_rcv_skb(struct net *ns, int ifindex,
4957 char *addrp, u16 family, u32 peer_sid,
4958 struct common_audit_data *ad)
4959{
4960 int err;
4961 u32 if_sid;
4962 u32 node_sid;
4963
4964 err = sel_netif_sid(ns, ifindex, &if_sid);
4965 if (err)
4966 return err;
4967 err = avc_has_perm(&selinux_state,
4968 peer_sid, if_sid,
4969 SECCLASS_NETIF, NETIF__INGRESS, ad);
4970 if (err)
4971 return err;
4972
4973 err = sel_netnode_sid(addrp, family, &node_sid);
4974 if (err)
4975 return err;
4976 return avc_has_perm(&selinux_state,
4977 peer_sid, node_sid,
4978 SECCLASS_NODE, NODE__RECVFROM, ad);
4979}
4980
4981static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4982 u16 family)
4983{
4984 int err = 0;
4985 struct sk_security_struct *sksec = sk->sk_security;
4986 u32 sk_sid = sksec->sid;
4987 struct common_audit_data ad;
4988 struct lsm_network_audit net = {0,};
4989 char *addrp;
4990
4991 ad.type = LSM_AUDIT_DATA_NET;
4992 ad.u.net = &net;
4993 ad.u.net->netif = skb->skb_iif;
4994 ad.u.net->family = family;
4995 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4996 if (err)
4997 return err;
4998
4999 if (selinux_secmark_enabled()) {
5000 err = avc_has_perm(&selinux_state,
5001 sk_sid, skb->secmark, SECCLASS_PACKET,
5002 PACKET__RECV, &ad);
5003 if (err)
5004 return err;
5005 }
5006
5007 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
5008 if (err)
5009 return err;
5010 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
5011
5012 return err;
5013}
5014
5015static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
5016{
5017 int err;
5018 struct sk_security_struct *sksec = sk->sk_security;
5019 u16 family = sk->sk_family;
5020 u32 sk_sid = sksec->sid;
5021 struct common_audit_data ad;
5022 struct lsm_network_audit net = {0,};
5023 char *addrp;
5024 u8 secmark_active;
5025 u8 peerlbl_active;
5026
5027 if (family != PF_INET && family != PF_INET6)
5028 return 0;
5029
5030
5031 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
5032 family = PF_INET;
5033
5034
5035
5036
5037
5038 if (!selinux_policycap_netpeer())
5039 return selinux_sock_rcv_skb_compat(sk, skb, family);
5040
5041 secmark_active = selinux_secmark_enabled();
5042 peerlbl_active = selinux_peerlbl_enabled();
5043 if (!secmark_active && !peerlbl_active)
5044 return 0;
5045
5046 ad.type = LSM_AUDIT_DATA_NET;
5047 ad.u.net = &net;
5048 ad.u.net->netif = skb->skb_iif;
5049 ad.u.net->family = family;
5050 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
5051 if (err)
5052 return err;
5053
5054 if (peerlbl_active) {
5055 u32 peer_sid;
5056
5057 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
5058 if (err)
5059 return err;
5060 err = selinux_inet_sys_rcv_skb(sock_net(sk), skb->skb_iif,
5061 addrp, family, peer_sid, &ad);
5062 if (err) {
5063 selinux_netlbl_err(skb, family, err, 0);
5064 return err;
5065 }
5066 err = avc_has_perm(&selinux_state,
5067 sk_sid, peer_sid, SECCLASS_PEER,
5068 PEER__RECV, &ad);
5069 if (err) {
5070 selinux_netlbl_err(skb, family, err, 0);
5071 return err;
5072 }
5073 }
5074
5075 if (secmark_active) {
5076 err = avc_has_perm(&selinux_state,
5077 sk_sid, skb->secmark, SECCLASS_PACKET,
5078 PACKET__RECV, &ad);
5079 if (err)
5080 return err;
5081 }
5082
5083 return err;
5084}
5085
5086static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
5087 int __user *optlen, unsigned len)
5088{
5089 int err = 0;
5090 char *scontext;
5091 u32 scontext_len;
5092 struct sk_security_struct *sksec = sock->sk->sk_security;
5093 u32 peer_sid = SECSID_NULL;
5094
5095 if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
5096 sksec->sclass == SECCLASS_TCP_SOCKET ||
5097 sksec->sclass == SECCLASS_SCTP_SOCKET)
5098 peer_sid = sksec->peer_sid;
5099 if (peer_sid == SECSID_NULL)
5100 return -ENOPROTOOPT;
5101
5102 err = security_sid_to_context(&selinux_state, peer_sid, &scontext,
5103 &scontext_len);
5104 if (err)
5105 return err;
5106
5107 if (scontext_len > len) {
5108 err = -ERANGE;
5109 goto out_len;
5110 }
5111
5112 if (copy_to_user(optval, scontext, scontext_len))
5113 err = -EFAULT;
5114
5115out_len:
5116 if (put_user(scontext_len, optlen))
5117 err = -EFAULT;
5118 kfree(scontext);
5119 return err;
5120}
5121
5122static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
5123{
5124 u32 peer_secid = SECSID_NULL;
5125 u16 family;
5126 struct inode_security_struct *isec;
5127
5128 if (skb && skb->protocol == htons(ETH_P_IP))
5129 family = PF_INET;
5130 else if (skb && skb->protocol == htons(ETH_P_IPV6))
5131 family = PF_INET6;
5132 else if (sock)
5133 family = sock->sk->sk_family;
5134 else
5135 goto out;
5136
5137 if (sock && family == PF_UNIX) {
5138 isec = inode_security_novalidate(SOCK_INODE(sock));
5139 peer_secid = isec->sid;
5140 } else if (skb)
5141 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
5142
5143out:
5144 *secid = peer_secid;
5145 if (peer_secid == SECSID_NULL)
5146 return -EINVAL;
5147 return 0;
5148}
5149
5150static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
5151{
5152 struct sk_security_struct *sksec;
5153
5154 sksec = kzalloc(sizeof(*sksec), priority);
5155 if (!sksec)
5156 return -ENOMEM;
5157
5158 sksec->peer_sid = SECINITSID_UNLABELED;
5159 sksec->sid = SECINITSID_UNLABELED;
5160 sksec->sclass = SECCLASS_SOCKET;
5161 selinux_netlbl_sk_security_reset(sksec);
5162 sk->sk_security = sksec;
5163
5164 return 0;
5165}
5166
5167static void selinux_sk_free_security(struct sock *sk)
5168{
5169 struct sk_security_struct *sksec = sk->sk_security;
5170
5171 sk->sk_security = NULL;
5172 selinux_netlbl_sk_security_free(sksec);
5173 kfree(sksec);
5174}
5175
5176static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
5177{
5178 struct sk_security_struct *sksec = sk->sk_security;
5179 struct sk_security_struct *newsksec = newsk->sk_security;
5180
5181 newsksec->sid = sksec->sid;
5182 newsksec->peer_sid = sksec->peer_sid;
5183 newsksec->sclass = sksec->sclass;
5184
5185 selinux_netlbl_sk_security_reset(newsksec);
5186}
5187
5188static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
5189{
5190 if (!sk)
5191 *secid = SECINITSID_ANY_SOCKET;
5192 else {
5193 struct sk_security_struct *sksec = sk->sk_security;
5194
5195 *secid = sksec->sid;
5196 }
5197}
5198
5199static void selinux_sock_graft(struct sock *sk, struct socket *parent)
5200{
5201 struct inode_security_struct *isec =
5202 inode_security_novalidate(SOCK_INODE(parent));
5203 struct sk_security_struct *sksec = sk->sk_security;
5204
5205 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
5206 sk->sk_family == PF_UNIX)
5207 isec->sid = sksec->sid;
5208 sksec->sclass = isec->sclass;
5209}
5210
5211
5212
5213
5214
5215static int selinux_sctp_assoc_request(struct sctp_endpoint *ep,
5216 struct sk_buff *skb)
5217{
5218 struct sk_security_struct *sksec = ep->base.sk->sk_security;
5219 struct common_audit_data ad;
5220 struct lsm_network_audit net = {0,};
5221 u8 peerlbl_active;
5222 u32 peer_sid = SECINITSID_UNLABELED;
5223 u32 conn_sid;
5224 int err = 0;
5225
5226 if (!selinux_policycap_extsockclass())
5227 return 0;
5228
5229 peerlbl_active = selinux_peerlbl_enabled();
5230
5231 if (peerlbl_active) {
5232
5233
5234
5235 err = selinux_skb_peerlbl_sid(skb, ep->base.sk->sk_family,
5236 &peer_sid);
5237 if (err)
5238 return err;
5239
5240 if (peer_sid == SECSID_NULL)
5241 peer_sid = SECINITSID_UNLABELED;
5242 }
5243
5244 if (sksec->sctp_assoc_state == SCTP_ASSOC_UNSET) {
5245 sksec->sctp_assoc_state = SCTP_ASSOC_SET;
5246
5247
5248
5249
5250
5251
5252 sksec->peer_sid = peer_sid;
5253 } else if (sksec->peer_sid != peer_sid) {
5254
5255
5256
5257 ad.type = LSM_AUDIT_DATA_NET;
5258 ad.u.net = &net;
5259 ad.u.net->sk = ep->base.sk;
5260 err = avc_has_perm(&selinux_state,
5261 sksec->peer_sid, peer_sid, sksec->sclass,
5262 SCTP_SOCKET__ASSOCIATION, &ad);
5263 if (err)
5264 return err;
5265 }
5266
5267
5268
5269
5270
5271
5272
5273 err = selinux_conn_sid(sksec->sid, peer_sid, &conn_sid);
5274 if (err)
5275 return err;
5276
5277 ep->secid = conn_sid;
5278 ep->peer_secid = peer_sid;
5279
5280
5281 return selinux_netlbl_sctp_assoc_request(ep, skb);
5282}
5283
5284
5285
5286
5287static int selinux_sctp_bind_connect(struct sock *sk, int optname,
5288 struct sockaddr *address,
5289 int addrlen)
5290{
5291 int len, err = 0, walk_size = 0;
5292 void *addr_buf;
5293 struct sockaddr *addr;
5294 struct socket *sock;
5295
5296 if (!selinux_policycap_extsockclass())
5297 return 0;
5298
5299
5300 sock = sk->sk_socket;
5301 addr_buf = address;
5302
5303 while (walk_size < addrlen) {
5304 addr = addr_buf;
5305 switch (addr->sa_family) {
5306 case AF_UNSPEC:
5307 case AF_INET:
5308 len = sizeof(struct sockaddr_in);
5309 break;
5310 case AF_INET6:
5311 len = sizeof(struct sockaddr_in6);
5312 break;
5313 default:
5314 return -EINVAL;
5315 }
5316
5317 err = -EINVAL;
5318 switch (optname) {
5319
5320 case SCTP_PRIMARY_ADDR:
5321 case SCTP_SET_PEER_PRIMARY_ADDR:
5322 case SCTP_SOCKOPT_BINDX_ADD:
5323 err = selinux_socket_bind(sock, addr, len);
5324 break;
5325
5326 case SCTP_SOCKOPT_CONNECTX:
5327 case SCTP_PARAM_SET_PRIMARY:
5328 case SCTP_PARAM_ADD_IP:
5329 case SCTP_SENDMSG_CONNECT:
5330 err = selinux_socket_connect_helper(sock, addr, len);
5331 if (err)
5332 return err;
5333
5334
5335
5336
5337
5338
5339
5340
5341
5342
5343
5344
5345 err = selinux_netlbl_socket_connect_locked(sk, addr);
5346 break;
5347 }
5348
5349 if (err)
5350 return err;
5351
5352 addr_buf += len;
5353 walk_size += len;
5354 }
5355
5356 return 0;
5357}
5358
5359
5360static void selinux_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk,
5361 struct sock *newsk)
5362{
5363 struct sk_security_struct *sksec = sk->sk_security;
5364 struct sk_security_struct *newsksec = newsk->sk_security;
5365
5366
5367
5368
5369 if (!selinux_policycap_extsockclass())
5370 return selinux_sk_clone_security(sk, newsk);
5371
5372 newsksec->sid = ep->secid;
5373 newsksec->peer_sid = ep->peer_secid;
5374 newsksec->sclass = sksec->sclass;
5375 selinux_netlbl_sctp_sk_clone(sk, newsk);
5376}
5377
5378static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
5379 struct request_sock *req)
5380{
5381 struct sk_security_struct *sksec = sk->sk_security;
5382 int err;
5383 u16 family = req->rsk_ops->family;
5384 u32 connsid;
5385 u32 peersid;
5386
5387 err = selinux_skb_peerlbl_sid(skb, family, &peersid);
5388 if (err)
5389 return err;
5390 err = selinux_conn_sid(sksec->sid, peersid, &connsid);
5391 if (err)
5392 return err;
5393 req->secid = connsid;
5394 req->peer_secid = peersid;
5395
5396 return selinux_netlbl_inet_conn_request(req, family);
5397}
5398
5399static void selinux_inet_csk_clone(struct sock *newsk,
5400 const struct request_sock *req)
5401{
5402 struct sk_security_struct *newsksec = newsk->sk_security;
5403
5404 newsksec->sid = req->secid;
5405 newsksec->peer_sid = req->peer_secid;
5406
5407
5408
5409
5410
5411
5412
5413 selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
5414}
5415
5416static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
5417{
5418 u16 family = sk->sk_family;
5419 struct sk_security_struct *sksec = sk->sk_security;
5420
5421
5422 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
5423 family = PF_INET;
5424
5425 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
5426}
5427
5428static int selinux_secmark_relabel_packet(u32 sid)
5429{
5430 const struct task_security_struct *__tsec;
5431 u32 tsid;
5432
5433 __tsec = current_security();
5434 tsid = __tsec->sid;
5435
5436 return avc_has_perm(&selinux_state,
5437 tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO,
5438 NULL);
5439}
5440
5441static void selinux_secmark_refcount_inc(void)
5442{
5443 atomic_inc(&selinux_secmark_refcount);
5444}
5445
5446static void selinux_secmark_refcount_dec(void)
5447{
5448 atomic_dec(&selinux_secmark_refcount);
5449}
5450
5451static void selinux_req_classify_flow(const struct request_sock *req,
5452 struct flowi *fl)
5453{
5454 fl->flowi_secid = req->secid;
5455}
5456
5457static int selinux_tun_dev_alloc_security(void **security)
5458{
5459 struct tun_security_struct *tunsec;
5460
5461 tunsec = kzalloc(sizeof(*tunsec), GFP_KERNEL);
5462 if (!tunsec)
5463 return -ENOMEM;
5464 tunsec->sid = current_sid();
5465
5466 *security = tunsec;
5467 return 0;
5468}
5469
5470static void selinux_tun_dev_free_security(void *security)
5471{
5472 kfree(security);
5473}
5474
5475static int selinux_tun_dev_create(void)
5476{
5477 u32 sid = current_sid();
5478
5479
5480
5481
5482
5483
5484
5485
5486 return avc_has_perm(&selinux_state,
5487 sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
5488 NULL);
5489}
5490
5491static int selinux_tun_dev_attach_queue(void *security)
5492{
5493 struct tun_security_struct *tunsec = security;
5494
5495 return avc_has_perm(&selinux_state,
5496 current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET,
5497 TUN_SOCKET__ATTACH_QUEUE, NULL);
5498}
5499
5500static int selinux_tun_dev_attach(struct sock *sk, void *security)
5501{
5502 struct tun_security_struct *tunsec = security;
5503 struct sk_security_struct *sksec = sk->sk_security;
5504
5505
5506
5507
5508
5509
5510
5511
5512 sksec->sid = tunsec->sid;
5513 sksec->sclass = SECCLASS_TUN_SOCKET;
5514
5515 return 0;
5516}
5517
5518static int selinux_tun_dev_open(void *security)
5519{
5520 struct tun_security_struct *tunsec = security;
5521 u32 sid = current_sid();
5522 int err;
5523
5524 err = avc_has_perm(&selinux_state,
5525 sid, tunsec->sid, SECCLASS_TUN_SOCKET,
5526 TUN_SOCKET__RELABELFROM, NULL);
5527 if (err)
5528 return err;
5529 err = avc_has_perm(&selinux_state,
5530 sid, sid, SECCLASS_TUN_SOCKET,
5531 TUN_SOCKET__RELABELTO, NULL);
5532 if (err)
5533 return err;
5534 tunsec->sid = sid;
5535
5536 return 0;
5537}
5538
5539static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
5540{
5541 int err = 0;
5542 u32 perm;
5543 struct nlmsghdr *nlh;
5544 struct sk_security_struct *sksec = sk->sk_security;
5545
5546 if (skb->len < NLMSG_HDRLEN) {
5547 err = -EINVAL;
5548 goto out;
5549 }
5550 nlh = nlmsg_hdr(skb);
5551
5552 err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);
5553 if (err) {
5554 if (err == -EINVAL) {
5555 pr_warn_ratelimited("SELinux: unrecognized netlink"
5556 " message: protocol=%hu nlmsg_type=%hu sclass=%s"
5557 " pig=%d comm=%s\n",
5558 sk->sk_protocol, nlh->nlmsg_type,
5559 secclass_map[sksec->sclass - 1].name,
5560 task_pid_nr(current), current->comm);
5561 if (!enforcing_enabled(&selinux_state) ||
5562 security_get_allow_unknown(&selinux_state))
5563 err = 0;
5564 }
5565
5566
5567 if (err == -ENOENT)
5568 err = 0;
5569 goto out;
5570 }
5571
5572 err = sock_has_perm(sk, perm);
5573out:
5574 return err;
5575}
5576
5577#ifdef CONFIG_NETFILTER
5578
5579static unsigned int selinux_ip_forward(struct sk_buff *skb,
5580 const struct net_device *indev,
5581 u16 family)
5582{
5583 int err;
5584 char *addrp;
5585 u32 peer_sid;
5586 struct common_audit_data ad;
5587 struct lsm_network_audit net = {0,};
5588 u8 secmark_active;
5589 u8 netlbl_active;
5590 u8 peerlbl_active;
5591
5592 if (!selinux_policycap_netpeer())
5593 return NF_ACCEPT;
5594
5595 secmark_active = selinux_secmark_enabled();
5596 netlbl_active = netlbl_enabled();
5597 peerlbl_active = selinux_peerlbl_enabled();
5598 if (!secmark_active && !peerlbl_active)
5599 return NF_ACCEPT;
5600
5601 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
5602 return NF_DROP;
5603
5604 ad.type = LSM_AUDIT_DATA_NET;
5605 ad.u.net = &net;
5606 ad.u.net->netif = indev->ifindex;
5607 ad.u.net->family = family;
5608 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
5609 return NF_DROP;
5610
5611 if (peerlbl_active) {
5612 err = selinux_inet_sys_rcv_skb(dev_net(indev), indev->ifindex,
5613 addrp, family, peer_sid, &ad);
5614 if (err) {
5615 selinux_netlbl_err(skb, family, err, 1);
5616 return NF_DROP;
5617 }
5618 }
5619
5620 if (secmark_active)
5621 if (avc_has_perm(&selinux_state,
5622 peer_sid, skb->secmark,
5623 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
5624 return NF_DROP;
5625
5626 if (netlbl_active)
5627
5628
5629
5630
5631 if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
5632 return NF_DROP;
5633
5634 return NF_ACCEPT;
5635}
5636
5637static unsigned int selinux_ipv4_forward(void *priv,
5638 struct sk_buff *skb,
5639 const struct nf_hook_state *state)
5640{
5641 return selinux_ip_forward(skb, state->in, PF_INET);
5642}
5643
5644#if IS_ENABLED(CONFIG_IPV6)
5645static unsigned int selinux_ipv6_forward(void *priv,
5646 struct sk_buff *skb,
5647 const struct nf_hook_state *state)
5648{
5649 return selinux_ip_forward(skb, state->in, PF_INET6);
5650}
5651#endif
5652
5653static unsigned int selinux_ip_output(struct sk_buff *skb,
5654 u16 family)
5655{
5656 struct sock *sk;
5657 u32 sid;
5658
5659 if (!netlbl_enabled())
5660 return NF_ACCEPT;
5661
5662
5663
5664
5665 sk = skb->sk;
5666 if (sk) {
5667 struct sk_security_struct *sksec;
5668
5669 if (sk_listener(sk))
5670
5671
5672
5673
5674
5675
5676
5677
5678
5679
5680
5681
5682 return NF_ACCEPT;
5683
5684
5685 sksec = sk->sk_security;
5686 sid = sksec->sid;
5687 } else
5688 sid = SECINITSID_KERNEL;
5689 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
5690 return NF_DROP;
5691
5692 return NF_ACCEPT;
5693}
5694
5695static unsigned int selinux_ipv4_output(void *priv,
5696 struct sk_buff *skb,
5697 const struct nf_hook_state *state)
5698{
5699 return selinux_ip_output(skb, PF_INET);
5700}
5701
5702#if IS_ENABLED(CONFIG_IPV6)
5703static unsigned int selinux_ipv6_output(void *priv,
5704 struct sk_buff *skb,
5705 const struct nf_hook_state *state)
5706{
5707 return selinux_ip_output(skb, PF_INET6);
5708}
5709#endif
5710
5711static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
5712 int ifindex,
5713 u16 family)
5714{
5715 struct sock *sk = skb_to_full_sk(skb);
5716 struct sk_security_struct *sksec;
5717 struct common_audit_data ad;
5718 struct lsm_network_audit net = {0,};
5719 char *addrp;
5720 u8 proto;
5721
5722 if (sk == NULL)
5723 return NF_ACCEPT;
5724 sksec = sk->sk_security;
5725
5726 ad.type = LSM_AUDIT_DATA_NET;
5727 ad.u.net = &net;
5728 ad.u.net->netif = ifindex;
5729 ad.u.net->family = family;
5730 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
5731 return NF_DROP;
5732
5733 if (selinux_secmark_enabled())
5734 if (avc_has_perm(&selinux_state,
5735 sksec->sid, skb->secmark,
5736 SECCLASS_PACKET, PACKET__SEND, &ad))
5737 return NF_DROP_ERR(-ECONNREFUSED);
5738
5739 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
5740 return NF_DROP_ERR(-ECONNREFUSED);
5741
5742 return NF_ACCEPT;
5743}
5744
5745static unsigned int selinux_ip_postroute(struct sk_buff *skb,
5746 const struct net_device *outdev,
5747 u16 family)
5748{
5749 u32 secmark_perm;
5750 u32 peer_sid;
5751 int ifindex = outdev->ifindex;
5752 struct sock *sk;
5753 struct common_audit_data ad;
5754 struct lsm_network_audit net = {0,};
5755 char *addrp;
5756 u8 secmark_active;
5757 u8 peerlbl_active;
5758
5759
5760
5761
5762
5763 if (!selinux_policycap_netpeer())
5764 return selinux_ip_postroute_compat(skb, ifindex, family);
5765
5766 secmark_active = selinux_secmark_enabled();
5767 peerlbl_active = selinux_peerlbl_enabled();
5768 if (!secmark_active && !peerlbl_active)
5769 return NF_ACCEPT;
5770
5771 sk = skb_to_full_sk(skb);
5772
5773#ifdef CONFIG_XFRM
5774
5775
5776
5777
5778
5779
5780
5781
5782
5783
5784
5785 if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL &&
5786 !(sk && sk_listener(sk)))
5787 return NF_ACCEPT;
5788#endif
5789
5790 if (sk == NULL) {
5791
5792
5793
5794
5795 if (skb->skb_iif) {
5796 secmark_perm = PACKET__FORWARD_OUT;
5797 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
5798 return NF_DROP;
5799 } else {
5800 secmark_perm = PACKET__SEND;
5801 peer_sid = SECINITSID_KERNEL;
5802 }
5803 } else if (sk_listener(sk)) {
5804
5805
5806
5807
5808
5809
5810
5811
5812
5813 u32 skb_sid;
5814 struct sk_security_struct *sksec;
5815
5816 sksec = sk->sk_security;
5817 if (selinux_skb_peerlbl_sid(skb, family, &skb_sid))
5818 return NF_DROP;
5819
5820
5821
5822
5823
5824
5825 if (skb_sid == SECSID_NULL) {
5826 switch (family) {
5827 case PF_INET:
5828 if (IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED)
5829 return NF_ACCEPT;
5830 break;
5831 case PF_INET6:
5832 if (IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED)
5833 return NF_ACCEPT;
5834 break;
5835 default:
5836 return NF_DROP_ERR(-ECONNREFUSED);
5837 }
5838 }
5839 if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid))
5840 return NF_DROP;
5841 secmark_perm = PACKET__SEND;
5842 } else {
5843
5844
5845 struct sk_security_struct *sksec = sk->sk_security;
5846 peer_sid = sksec->sid;
5847 secmark_perm = PACKET__SEND;
5848 }
5849
5850 ad.type = LSM_AUDIT_DATA_NET;
5851 ad.u.net = &net;
5852 ad.u.net->netif = ifindex;
5853 ad.u.net->family = family;
5854 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
5855 return NF_DROP;
5856
5857 if (secmark_active)
5858 if (avc_has_perm(&selinux_state,
5859 peer_sid, skb->secmark,
5860 SECCLASS_PACKET, secmark_perm, &ad))
5861 return NF_DROP_ERR(-ECONNREFUSED);
5862
5863 if (peerlbl_active) {
5864 u32 if_sid;
5865 u32 node_sid;
5866
5867 if (sel_netif_sid(dev_net(outdev), ifindex, &if_sid))
5868 return NF_DROP;
5869 if (avc_has_perm(&selinux_state,
5870 peer_sid, if_sid,
5871 SECCLASS_NETIF, NETIF__EGRESS, &ad))
5872 return NF_DROP_ERR(-ECONNREFUSED);
5873
5874 if (sel_netnode_sid(addrp, family, &node_sid))
5875 return NF_DROP;
5876 if (avc_has_perm(&selinux_state,
5877 peer_sid, node_sid,
5878 SECCLASS_NODE, NODE__SENDTO, &ad))
5879 return NF_DROP_ERR(-ECONNREFUSED);
5880 }
5881
5882 return NF_ACCEPT;
5883}
5884
5885static unsigned int selinux_ipv4_postroute(void *priv,
5886 struct sk_buff *skb,
5887 const struct nf_hook_state *state)
5888{
5889 return selinux_ip_postroute(skb, state->out, PF_INET);
5890}
5891
5892#if IS_ENABLED(CONFIG_IPV6)
5893static unsigned int selinux_ipv6_postroute(void *priv,
5894 struct sk_buff *skb,
5895 const struct nf_hook_state *state)
5896{
5897 return selinux_ip_postroute(skb, state->out, PF_INET6);
5898}
5899#endif
5900
5901#endif
5902
5903static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
5904{
5905 return selinux_nlmsg_perm(sk, skb);
5906}
5907
5908static int ipc_alloc_security(struct kern_ipc_perm *perm,
5909 u16 sclass)
5910{
5911 struct ipc_security_struct *isec;
5912
5913 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
5914 if (!isec)
5915 return -ENOMEM;
5916
5917 isec->sclass = sclass;
5918 isec->sid = current_sid();
5919 perm->security = isec;
5920
5921 return 0;
5922}
5923
5924static void ipc_free_security(struct kern_ipc_perm *perm)
5925{
5926 struct ipc_security_struct *isec = perm->security;
5927 perm->security = NULL;
5928 kfree(isec);
5929}
5930
5931static int msg_msg_alloc_security(struct msg_msg *msg)
5932{
5933 struct msg_security_struct *msec;
5934
5935 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
5936 if (!msec)
5937 return -ENOMEM;
5938
5939 msec->sid = SECINITSID_UNLABELED;
5940 msg->security = msec;
5941
5942 return 0;
5943}
5944
5945static void msg_msg_free_security(struct msg_msg *msg)
5946{
5947 struct msg_security_struct *msec = msg->security;
5948
5949 msg->security = NULL;
5950 kfree(msec);
5951}
5952
5953static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
5954 u32 perms)
5955{
5956 struct ipc_security_struct *isec;
5957 struct common_audit_data ad;
5958 u32 sid = current_sid();
5959
5960 isec = ipc_perms->security;
5961
5962 ad.type = LSM_AUDIT_DATA_IPC;
5963 ad.u.ipc_id = ipc_perms->key;
5964
5965 return avc_has_perm(&selinux_state,
5966 sid, isec->sid, isec->sclass, perms, &ad);
5967}
5968
5969static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
5970{
5971 return msg_msg_alloc_security(msg);
5972}
5973
5974static void selinux_msg_msg_free_security(struct msg_msg *msg)
5975{
5976 msg_msg_free_security(msg);
5977}
5978
5979
5980static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq)
5981{
5982 struct ipc_security_struct *isec;
5983 struct common_audit_data ad;
5984 u32 sid = current_sid();
5985 int rc;
5986
5987 rc = ipc_alloc_security(msq, SECCLASS_MSGQ);
5988 if (rc)
5989 return rc;
5990
5991 isec = msq->security;
5992
5993 ad.type = LSM_AUDIT_DATA_IPC;
5994 ad.u.ipc_id = msq->key;
5995
5996 rc = avc_has_perm(&selinux_state,
5997 sid, isec->sid, SECCLASS_MSGQ,
5998 MSGQ__CREATE, &ad);
5999 if (rc) {
6000 ipc_free_security(msq);
6001 return rc;
6002 }
6003 return 0;
6004}
6005
6006static void selinux_msg_queue_free_security(struct kern_ipc_perm *msq)
6007{
6008 ipc_free_security(msq);
6009}
6010
6011static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg)
6012{
6013 struct ipc_security_struct *isec;
6014 struct common_audit_data ad;
6015 u32 sid = current_sid();
6016
6017 isec = msq->security;
6018
6019 ad.type = LSM_AUDIT_DATA_IPC;
6020 ad.u.ipc_id = msq->key;
6021
6022 return avc_has_perm(&selinux_state,
6023 sid, isec->sid, SECCLASS_MSGQ,
6024 MSGQ__ASSOCIATE, &ad);
6025}
6026
6027static int selinux_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd)
6028{
6029 int err;
6030 int perms;
6031
6032 switch (cmd) {
6033 case IPC_INFO:
6034 case MSG_INFO:
6035
6036 return avc_has_perm(&selinux_state,
6037 current_sid(), SECINITSID_KERNEL,
6038 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
6039 case IPC_STAT:
6040 case MSG_STAT:
6041 case MSG_STAT_ANY:
6042 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
6043 break;
6044 case IPC_SET:
6045 perms = MSGQ__SETATTR;
6046 break;
6047 case IPC_RMID:
6048 perms = MSGQ__DESTROY;
6049 break;
6050 default:
6051 return 0;
6052 }
6053
6054 err = ipc_has_perm(msq, perms);
6055 return err;
6056}
6057
6058static int selinux_msg_queue_msgsnd(struct kern_ipc_perm *msq, struct msg_msg *msg, int msqflg)
6059{
6060 struct ipc_security_struct *isec;
6061 struct msg_security_struct *msec;
6062 struct common_audit_data ad;
6063 u32 sid = current_sid();
6064 int rc;
6065
6066 isec = msq->security;
6067 msec = msg->security;
6068
6069
6070
6071
6072 if (msec->sid == SECINITSID_UNLABELED) {
6073
6074
6075
6076
6077 rc = security_transition_sid(&selinux_state, sid, isec->sid,
6078 SECCLASS_MSG, NULL, &msec->sid);
6079 if (rc)
6080 return rc;
6081 }
6082
6083 ad.type = LSM_AUDIT_DATA_IPC;
6084 ad.u.ipc_id = msq->key;
6085
6086
6087 rc = avc_has_perm(&selinux_state,
6088 sid, isec->sid, SECCLASS_MSGQ,
6089 MSGQ__WRITE, &ad);
6090 if (!rc)
6091
6092 rc = avc_has_perm(&selinux_state,
6093 sid, msec->sid, SECCLASS_MSG,
6094 MSG__SEND, &ad);
6095 if (!rc)
6096
6097 rc = avc_has_perm(&selinux_state,
6098 msec->sid, isec->sid, SECCLASS_MSGQ,
6099 MSGQ__ENQUEUE, &ad);
6100
6101 return rc;
6102}
6103
6104static int selinux_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg,
6105 struct task_struct *target,
6106 long type, int mode)
6107{
6108 struct ipc_security_struct *isec;
6109 struct msg_security_struct *msec;
6110 struct common_audit_data ad;
6111 u32 sid = task_sid(target);
6112 int rc;
6113
6114 isec = msq->security;
6115 msec = msg->security;
6116
6117 ad.type = LSM_AUDIT_DATA_IPC;
6118 ad.u.ipc_id = msq->key;
6119
6120 rc = avc_has_perm(&selinux_state,
6121 sid, isec->sid,
6122 SECCLASS_MSGQ, MSGQ__READ, &ad);
6123 if (!rc)
6124 rc = avc_has_perm(&selinux_state,
6125 sid, msec->sid,
6126 SECCLASS_MSG, MSG__RECEIVE, &ad);
6127 return rc;
6128}
6129
6130
6131static int selinux_shm_alloc_security(struct kern_ipc_perm *shp)
6132{
6133 struct ipc_security_struct *isec;
6134 struct common_audit_data ad;
6135 u32 sid = current_sid();
6136 int rc;
6137
6138 rc = ipc_alloc_security(shp, SECCLASS_SHM);
6139 if (rc)
6140 return rc;
6141
6142 isec = shp->security;
6143
6144 ad.type = LSM_AUDIT_DATA_IPC;
6145 ad.u.ipc_id = shp->key;
6146
6147 rc = avc_has_perm(&selinux_state,
6148 sid, isec->sid, SECCLASS_SHM,
6149 SHM__CREATE, &ad);
6150 if (rc) {
6151 ipc_free_security(shp);
6152 return rc;
6153 }
6154 return 0;
6155}
6156
6157static void selinux_shm_free_security(struct kern_ipc_perm *shp)
6158{
6159 ipc_free_security(shp);
6160}
6161
6162static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg)
6163{
6164 struct ipc_security_struct *isec;
6165 struct common_audit_data ad;
6166 u32 sid = current_sid();
6167
6168 isec = shp->security;
6169
6170 ad.type = LSM_AUDIT_DATA_IPC;
6171 ad.u.ipc_id = shp->key;
6172
6173 return avc_has_perm(&selinux_state,
6174 sid, isec->sid, SECCLASS_SHM,
6175 SHM__ASSOCIATE, &ad);
6176}
6177
6178
6179static int selinux_shm_shmctl(struct kern_ipc_perm *shp, int cmd)
6180{
6181 int perms;
6182 int err;
6183
6184 switch (cmd) {
6185 case IPC_INFO:
6186 case SHM_INFO:
6187
6188 return avc_has_perm(&selinux_state,
6189 current_sid(), SECINITSID_KERNEL,
6190 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
6191 case IPC_STAT:
6192 case SHM_STAT:
6193 case SHM_STAT_ANY:
6194 perms = SHM__GETATTR | SHM__ASSOCIATE;
6195 break;
6196 case IPC_SET:
6197 perms = SHM__SETATTR;
6198 break;
6199 case SHM_LOCK:
6200 case SHM_UNLOCK:
6201 perms = SHM__LOCK;
6202 break;
6203 case IPC_RMID:
6204 perms = SHM__DESTROY;
6205 break;
6206 default:
6207 return 0;
6208 }
6209
6210 err = ipc_has_perm(shp, perms);
6211 return err;
6212}
6213
6214static int selinux_shm_shmat(struct kern_ipc_perm *shp,
6215 char __user *shmaddr, int shmflg)
6216{
6217 u32 perms;
6218
6219 if (shmflg & SHM_RDONLY)
6220 perms = SHM__READ;
6221 else
6222 perms = SHM__READ | SHM__WRITE;
6223
6224 return ipc_has_perm(shp, perms);
6225}
6226
6227
6228static int selinux_sem_alloc_security(struct kern_ipc_perm *sma)
6229{
6230 struct ipc_security_struct *isec;
6231 struct common_audit_data ad;
6232 u32 sid = current_sid();
6233 int rc;
6234
6235 rc = ipc_alloc_security(sma, SECCLASS_SEM);
6236 if (rc)
6237 return rc;
6238
6239 isec = sma->security;
6240
6241 ad.type = LSM_AUDIT_DATA_IPC;
6242 ad.u.ipc_id = sma->key;
6243
6244 rc = avc_has_perm(&selinux_state,
6245 sid, isec->sid, SECCLASS_SEM,
6246 SEM__CREATE, &ad);
6247 if (rc) {
6248 ipc_free_security(sma);
6249 return rc;
6250 }
6251 return 0;
6252}
6253
6254static void selinux_sem_free_security(struct kern_ipc_perm *sma)
6255{
6256 ipc_free_security(sma);
6257}
6258
6259static int selinux_sem_associate(struct kern_ipc_perm *sma, int semflg)
6260{
6261 struct ipc_security_struct *isec;
6262 struct common_audit_data ad;
6263 u32 sid = current_sid();
6264
6265 isec = sma->security;
6266
6267 ad.type = LSM_AUDIT_DATA_IPC;
6268 ad.u.ipc_id = sma->key;
6269
6270 return avc_has_perm(&selinux_state,
6271 sid, isec->sid, SECCLASS_SEM,
6272 SEM__ASSOCIATE, &ad);
6273}
6274
6275
6276static int selinux_sem_semctl(struct kern_ipc_perm *sma, int cmd)
6277{
6278 int err;
6279 u32 perms;
6280
6281 switch (cmd) {
6282 case IPC_INFO:
6283 case SEM_INFO:
6284
6285 return avc_has_perm(&selinux_state,
6286 current_sid(), SECINITSID_KERNEL,
6287 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
6288 case GETPID:
6289 case GETNCNT:
6290 case GETZCNT:
6291 perms = SEM__GETATTR;
6292 break;
6293 case GETVAL:
6294 case GETALL:
6295 perms = SEM__READ;
6296 break;
6297 case SETVAL:
6298 case SETALL:
6299 perms = SEM__WRITE;
6300 break;
6301 case IPC_RMID:
6302 perms = SEM__DESTROY;
6303 break;
6304 case IPC_SET:
6305 perms = SEM__SETATTR;
6306 break;
6307 case IPC_STAT:
6308 case SEM_STAT:
6309 case SEM_STAT_ANY:
6310 perms = SEM__GETATTR | SEM__ASSOCIATE;
6311 break;
6312 default:
6313 return 0;
6314 }
6315
6316 err = ipc_has_perm(sma, perms);
6317 return err;
6318}
6319
6320static int selinux_sem_semop(struct kern_ipc_perm *sma,
6321 struct sembuf *sops, unsigned nsops, int alter)
6322{
6323 u32 perms;
6324
6325 if (alter)
6326 perms = SEM__READ | SEM__WRITE;
6327 else
6328 perms = SEM__READ;
6329
6330 return ipc_has_perm(sma, perms);
6331}
6332
6333static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
6334{
6335 u32 av = 0;
6336
6337 av = 0;
6338 if (flag & S_IRUGO)
6339 av |= IPC__UNIX_READ;
6340 if (flag & S_IWUGO)
6341 av |= IPC__UNIX_WRITE;
6342
6343 if (av == 0)
6344 return 0;
6345
6346 return ipc_has_perm(ipcp, av);
6347}
6348
6349static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
6350{
6351 struct ipc_security_struct *isec = ipcp->security;
6352 *secid = isec->sid;
6353}
6354
6355static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
6356{
6357 if (inode)
6358 inode_doinit_with_dentry(inode, dentry);
6359}
6360
6361static int selinux_getprocattr(struct task_struct *p,
6362 char *name, char **value)
6363{
6364 const struct task_security_struct *__tsec;
6365 u32 sid;
6366 int error;
6367 unsigned len;
6368
6369 rcu_read_lock();
6370 __tsec = __task_cred(p)->security;
6371
6372 if (current != p) {
6373 error = avc_has_perm(&selinux_state,
6374 current_sid(), __tsec->sid,
6375 SECCLASS_PROCESS, PROCESS__GETATTR, NULL);
6376 if (error)
6377 goto bad;
6378 }
6379
6380 if (!strcmp(name, "current"))
6381 sid = __tsec->sid;
6382 else if (!strcmp(name, "prev"))
6383 sid = __tsec->osid;
6384 else if (!strcmp(name, "exec"))
6385 sid = __tsec->exec_sid;
6386 else if (!strcmp(name, "fscreate"))
6387 sid = __tsec->create_sid;
6388 else if (!strcmp(name, "keycreate"))
6389 sid = __tsec->keycreate_sid;
6390 else if (!strcmp(name, "sockcreate"))
6391 sid = __tsec->sockcreate_sid;
6392 else {
6393 error = -EINVAL;
6394 goto bad;
6395 }
6396 rcu_read_unlock();
6397
6398 if (!sid)
6399 return 0;
6400
6401 error = security_sid_to_context(&selinux_state, sid, value, &len);
6402 if (error)
6403 return error;
6404 return len;
6405
6406bad:
6407 rcu_read_unlock();
6408 return error;
6409}
6410
6411static int selinux_setprocattr(const char *name, void *value, size_t size)
6412{
6413 struct task_security_struct *tsec;
6414 struct cred *new;
6415 u32 mysid = current_sid(), sid = 0, ptsid;
6416 int error;
6417 char *str = value;
6418
6419
6420
6421
6422 if (!strcmp(name, "exec"))
6423 error = avc_has_perm(&selinux_state,
6424 mysid, mysid, SECCLASS_PROCESS,
6425 PROCESS__SETEXEC, NULL);
6426 else if (!strcmp(name, "fscreate"))
6427 error = avc_has_perm(&selinux_state,
6428 mysid, mysid, SECCLASS_PROCESS,
6429 PROCESS__SETFSCREATE, NULL);
6430 else if (!strcmp(name, "keycreate"))
6431 error = avc_has_perm(&selinux_state,
6432 mysid, mysid, SECCLASS_PROCESS,
6433 PROCESS__SETKEYCREATE, NULL);
6434 else if (!strcmp(name, "sockcreate"))
6435 error = avc_has_perm(&selinux_state,
6436 mysid, mysid, SECCLASS_PROCESS,
6437 PROCESS__SETSOCKCREATE, NULL);
6438 else if (!strcmp(name, "current"))
6439 error = avc_has_perm(&selinux_state,
6440 mysid, mysid, SECCLASS_PROCESS,
6441 PROCESS__SETCURRENT, NULL);
6442 else
6443 error = -EINVAL;
6444 if (error)
6445 return error;
6446
6447
6448 if (size && str[0] && str[0] != '\n') {
6449 if (str[size-1] == '\n') {
6450 str[size-1] = 0;
6451 size--;
6452 }
6453 error = security_context_to_sid(&selinux_state, value, size,
6454 &sid, GFP_KERNEL);
6455 if (error == -EINVAL && !strcmp(name, "fscreate")) {
6456 if (!has_cap_mac_admin(true)) {
6457 struct audit_buffer *ab;
6458 size_t audit_size;
6459
6460
6461
6462 if (str[size - 1] == '\0')
6463 audit_size = size - 1;
6464 else
6465 audit_size = size;
6466 ab = audit_log_start(audit_context(),
6467 GFP_ATOMIC,
6468 AUDIT_SELINUX_ERR);
6469 audit_log_format(ab, "op=fscreate invalid_context=");
6470 audit_log_n_untrustedstring(ab, value, audit_size);
6471 audit_log_end(ab);
6472
6473 return error;
6474 }
6475 error = security_context_to_sid_force(
6476 &selinux_state,
6477 value, size, &sid);
6478 }
6479 if (error)
6480 return error;
6481 }
6482
6483 new = prepare_creds();
6484 if (!new)
6485 return -ENOMEM;
6486
6487
6488
6489
6490
6491
6492
6493 tsec = new->security;
6494 if (!strcmp(name, "exec")) {
6495 tsec->exec_sid = sid;
6496 } else if (!strcmp(name, "fscreate")) {
6497 tsec->create_sid = sid;
6498 } else if (!strcmp(name, "keycreate")) {
6499 error = avc_has_perm(&selinux_state,
6500 mysid, sid, SECCLASS_KEY, KEY__CREATE,
6501 NULL);
6502 if (error)
6503 goto abort_change;
6504 tsec->keycreate_sid = sid;
6505 } else if (!strcmp(name, "sockcreate")) {
6506 tsec->sockcreate_sid = sid;
6507 } else if (!strcmp(name, "current")) {
6508 error = -EINVAL;
6509 if (sid == 0)
6510 goto abort_change;
6511
6512
6513 error = -EPERM;
6514 if (!current_is_single_threaded()) {
6515 error = security_bounded_transition(&selinux_state,
6516 tsec->sid, sid);
6517 if (error)
6518 goto abort_change;
6519 }
6520
6521
6522 error = avc_has_perm(&selinux_state,
6523 tsec->sid, sid, SECCLASS_PROCESS,
6524 PROCESS__DYNTRANSITION, NULL);
6525 if (error)
6526 goto abort_change;
6527
6528
6529
6530 ptsid = ptrace_parent_sid();
6531 if (ptsid != 0) {
6532 error = avc_has_perm(&selinux_state,
6533 ptsid, sid, SECCLASS_PROCESS,
6534 PROCESS__PTRACE, NULL);
6535 if (error)
6536 goto abort_change;
6537 }
6538
6539 tsec->sid = sid;
6540 } else {
6541 error = -EINVAL;
6542 goto abort_change;
6543 }
6544
6545 commit_creds(new);
6546 return size;
6547
6548abort_change:
6549 abort_creds(new);
6550 return error;
6551}
6552
6553static int selinux_ismaclabel(const char *name)
6554{
6555 return (strcmp(name, XATTR_SELINUX_SUFFIX) == 0);
6556}
6557
6558static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
6559{
6560 return security_sid_to_context(&selinux_state, secid,
6561 secdata, seclen);
6562}
6563
6564static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
6565{
6566 return security_context_to_sid(&selinux_state, secdata, seclen,
6567 secid, GFP_KERNEL);
6568}
6569
6570static void selinux_release_secctx(char *secdata, u32 seclen)
6571{
6572 kfree(secdata);
6573}
6574
6575static void selinux_inode_invalidate_secctx(struct inode *inode)
6576{
6577 struct inode_security_struct *isec = inode->i_security;
6578
6579 spin_lock(&isec->lock);
6580 isec->initialized = LABEL_INVALID;
6581 spin_unlock(&isec->lock);
6582}
6583
6584
6585
6586
6587static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
6588{
6589 return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0);
6590}
6591
6592
6593
6594
6595static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
6596{
6597 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
6598}
6599
6600static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
6601{
6602 int len = 0;
6603 len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,
6604 ctx, true);
6605 if (len < 0)
6606 return len;
6607 *ctxlen = len;
6608 return 0;
6609}
6610#ifdef CONFIG_KEYS
6611
6612static int selinux_key_alloc(struct key *k, const struct cred *cred,
6613 unsigned long flags)
6614{
6615 const struct task_security_struct *tsec;
6616 struct key_security_struct *ksec;
6617
6618 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
6619 if (!ksec)
6620 return -ENOMEM;
6621
6622 tsec = cred->security;
6623 if (tsec->keycreate_sid)
6624 ksec->sid = tsec->keycreate_sid;
6625 else
6626 ksec->sid = tsec->sid;
6627
6628 k->security = ksec;
6629 return 0;
6630}
6631
6632static void selinux_key_free(struct key *k)
6633{
6634 struct key_security_struct *ksec = k->security;
6635
6636 k->security = NULL;
6637 kfree(ksec);
6638}
6639
6640static int selinux_key_permission(key_ref_t key_ref,
6641 const struct cred *cred,
6642 unsigned perm)
6643{
6644 struct key *key;
6645 struct key_security_struct *ksec;
6646 u32 sid;
6647
6648
6649
6650
6651 if (perm == 0)
6652 return 0;
6653
6654 sid = cred_sid(cred);
6655
6656 key = key_ref_to_ptr(key_ref);
6657 ksec = key->security;
6658
6659 return avc_has_perm(&selinux_state,
6660 sid, ksec->sid, SECCLASS_KEY, perm, NULL);
6661}
6662
6663static int selinux_key_getsecurity(struct key *key, char **_buffer)
6664{
6665 struct key_security_struct *ksec = key->security;
6666 char *context = NULL;
6667 unsigned len;
6668 int rc;
6669
6670 rc = security_sid_to_context(&selinux_state, ksec->sid,
6671 &context, &len);
6672 if (!rc)
6673 rc = len;
6674 *_buffer = context;
6675 return rc;
6676}
6677#endif
6678
6679#ifdef CONFIG_SECURITY_INFINIBAND
6680static int selinux_ib_pkey_access(void *ib_sec, u64 subnet_prefix, u16 pkey_val)
6681{
6682 struct common_audit_data ad;
6683 int err;
6684 u32 sid = 0;
6685 struct ib_security_struct *sec = ib_sec;
6686 struct lsm_ibpkey_audit ibpkey;
6687
6688 err = sel_ib_pkey_sid(subnet_prefix, pkey_val, &sid);
6689 if (err)
6690 return err;
6691
6692 ad.type = LSM_AUDIT_DATA_IBPKEY;
6693 ibpkey.subnet_prefix = subnet_prefix;
6694 ibpkey.pkey = pkey_val;
6695 ad.u.ibpkey = &ibpkey;
6696 return avc_has_perm(&selinux_state,
6697 sec->sid, sid,
6698 SECCLASS_INFINIBAND_PKEY,
6699 INFINIBAND_PKEY__ACCESS, &ad);
6700}
6701
6702static int selinux_ib_endport_manage_subnet(void *ib_sec, const char *dev_name,
6703 u8 port_num)
6704{
6705 struct common_audit_data ad;
6706 int err;
6707 u32 sid = 0;
6708 struct ib_security_struct *sec = ib_sec;
6709 struct lsm_ibendport_audit ibendport;
6710
6711 err = security_ib_endport_sid(&selinux_state, dev_name, port_num,
6712 &sid);
6713
6714 if (err)
6715 return err;
6716
6717 ad.type = LSM_AUDIT_DATA_IBENDPORT;
6718 strncpy(ibendport.dev_name, dev_name, sizeof(ibendport.dev_name));
6719 ibendport.port = port_num;
6720 ad.u.ibendport = &ibendport;
6721 return avc_has_perm(&selinux_state,
6722 sec->sid, sid,
6723 SECCLASS_INFINIBAND_ENDPORT,
6724 INFINIBAND_ENDPORT__MANAGE_SUBNET, &ad);
6725}
6726
6727static int selinux_ib_alloc_security(void **ib_sec)
6728{
6729 struct ib_security_struct *sec;
6730
6731 sec = kzalloc(sizeof(*sec), GFP_KERNEL);
6732 if (!sec)
6733 return -ENOMEM;
6734 sec->sid = current_sid();
6735
6736 *ib_sec = sec;
6737 return 0;
6738}
6739
6740static void selinux_ib_free_security(void *ib_sec)
6741{
6742 kfree(ib_sec);
6743}
6744#endif
6745
6746#ifdef CONFIG_BPF_SYSCALL
6747static int selinux_bpf(int cmd, union bpf_attr *attr,
6748 unsigned int size)
6749{
6750 u32 sid = current_sid();
6751 int ret;
6752
6753 switch (cmd) {
6754 case BPF_MAP_CREATE:
6755 ret = avc_has_perm(&selinux_state,
6756 sid, sid, SECCLASS_BPF, BPF__MAP_CREATE,
6757 NULL);
6758 break;
6759 case BPF_PROG_LOAD:
6760 ret = avc_has_perm(&selinux_state,
6761 sid, sid, SECCLASS_BPF, BPF__PROG_LOAD,
6762 NULL);
6763 break;
6764 default:
6765 ret = 0;
6766 break;
6767 }
6768
6769 return ret;
6770}
6771
6772static u32 bpf_map_fmode_to_av(fmode_t fmode)
6773{
6774 u32 av = 0;
6775
6776 if (fmode & FMODE_READ)
6777 av |= BPF__MAP_READ;
6778 if (fmode & FMODE_WRITE)
6779 av |= BPF__MAP_WRITE;
6780 return av;
6781}
6782
6783
6784
6785
6786
6787
6788
6789
6790
6791static int bpf_fd_pass(struct file *file, u32 sid)
6792{
6793 struct bpf_security_struct *bpfsec;
6794 struct bpf_prog *prog;
6795 struct bpf_map *map;
6796 int ret;
6797
6798 if (file->f_op == &bpf_map_fops) {
6799 map = file->private_data;
6800 bpfsec = map->security;
6801 ret = avc_has_perm(&selinux_state,
6802 sid, bpfsec->sid, SECCLASS_BPF,
6803 bpf_map_fmode_to_av(file->f_mode), NULL);
6804 if (ret)
6805 return ret;
6806 } else if (file->f_op == &bpf_prog_fops) {
6807 prog = file->private_data;
6808 bpfsec = prog->aux->security;
6809 ret = avc_has_perm(&selinux_state,
6810 sid, bpfsec->sid, SECCLASS_BPF,
6811 BPF__PROG_RUN, NULL);
6812 if (ret)
6813 return ret;
6814 }
6815 return 0;
6816}
6817
6818static int selinux_bpf_map(struct bpf_map *map, fmode_t fmode)
6819{
6820 u32 sid = current_sid();
6821 struct bpf_security_struct *bpfsec;
6822
6823 bpfsec = map->security;
6824 return avc_has_perm(&selinux_state,
6825 sid, bpfsec->sid, SECCLASS_BPF,
6826 bpf_map_fmode_to_av(fmode), NULL);
6827}
6828
6829static int selinux_bpf_prog(struct bpf_prog *prog)
6830{
6831 u32 sid = current_sid();
6832 struct bpf_security_struct *bpfsec;
6833
6834 bpfsec = prog->aux->security;
6835 return avc_has_perm(&selinux_state,
6836 sid, bpfsec->sid, SECCLASS_BPF,
6837 BPF__PROG_RUN, NULL);
6838}
6839
6840static int selinux_bpf_map_alloc(struct bpf_map *map)
6841{
6842 struct bpf_security_struct *bpfsec;
6843
6844 bpfsec = kzalloc(sizeof(*bpfsec), GFP_KERNEL);
6845 if (!bpfsec)
6846 return -ENOMEM;
6847
6848 bpfsec->sid = current_sid();
6849 map->security = bpfsec;
6850
6851 return 0;
6852}
6853
6854static void selinux_bpf_map_free(struct bpf_map *map)
6855{
6856 struct bpf_security_struct *bpfsec = map->security;
6857
6858 map->security = NULL;
6859 kfree(bpfsec);
6860}
6861
6862static int selinux_bpf_prog_alloc(struct bpf_prog_aux *aux)
6863{
6864 struct bpf_security_struct *bpfsec;
6865
6866 bpfsec = kzalloc(sizeof(*bpfsec), GFP_KERNEL);
6867 if (!bpfsec)
6868 return -ENOMEM;
6869
6870 bpfsec->sid = current_sid();
6871 aux->security = bpfsec;
6872
6873 return 0;
6874}
6875
6876static void selinux_bpf_prog_free(struct bpf_prog_aux *aux)
6877{
6878 struct bpf_security_struct *bpfsec = aux->security;
6879
6880 aux->security = NULL;
6881 kfree(bpfsec);
6882}
6883#endif
6884
6885static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
6886 LSM_HOOK_INIT(binder_set_context_mgr, selinux_binder_set_context_mgr),
6887 LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction),
6888 LSM_HOOK_INIT(binder_transfer_binder, selinux_binder_transfer_binder),
6889 LSM_HOOK_INIT(binder_transfer_file, selinux_binder_transfer_file),
6890
6891 LSM_HOOK_INIT(ptrace_access_check, selinux_ptrace_access_check),
6892 LSM_HOOK_INIT(ptrace_traceme, selinux_ptrace_traceme),
6893 LSM_HOOK_INIT(capget, selinux_capget),
6894 LSM_HOOK_INIT(capset, selinux_capset),
6895 LSM_HOOK_INIT(capable, selinux_capable),
6896 LSM_HOOK_INIT(quotactl, selinux_quotactl),
6897 LSM_HOOK_INIT(quota_on, selinux_quota_on),
6898 LSM_HOOK_INIT(syslog, selinux_syslog),
6899 LSM_HOOK_INIT(vm_enough_memory, selinux_vm_enough_memory),
6900
6901 LSM_HOOK_INIT(netlink_send, selinux_netlink_send),
6902
6903 LSM_HOOK_INIT(bprm_set_creds, selinux_bprm_set_creds),
6904 LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds),
6905 LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds),
6906
6907 LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security),
6908 LSM_HOOK_INIT(sb_free_security, selinux_sb_free_security),
6909 LSM_HOOK_INIT(sb_copy_data, selinux_sb_copy_data),
6910 LSM_HOOK_INIT(sb_remount, selinux_sb_remount),
6911 LSM_HOOK_INIT(sb_kern_mount, selinux_sb_kern_mount),
6912 LSM_HOOK_INIT(sb_show_options, selinux_sb_show_options),
6913 LSM_HOOK_INIT(sb_statfs, selinux_sb_statfs),
6914 LSM_HOOK_INIT(sb_mount, selinux_mount),
6915 LSM_HOOK_INIT(sb_umount, selinux_umount),
6916 LSM_HOOK_INIT(sb_set_mnt_opts, selinux_set_mnt_opts),
6917 LSM_HOOK_INIT(sb_clone_mnt_opts, selinux_sb_clone_mnt_opts),
6918 LSM_HOOK_INIT(sb_parse_opts_str, selinux_parse_opts_str),
6919
6920 LSM_HOOK_INIT(dentry_init_security, selinux_dentry_init_security),
6921 LSM_HOOK_INIT(dentry_create_files_as, selinux_dentry_create_files_as),
6922
6923 LSM_HOOK_INIT(inode_alloc_security, selinux_inode_alloc_security),
6924 LSM_HOOK_INIT(inode_free_security, selinux_inode_free_security),
6925 LSM_HOOK_INIT(inode_init_security, selinux_inode_init_security),
6926 LSM_HOOK_INIT(inode_create, selinux_inode_create),
6927 LSM_HOOK_INIT(inode_link, selinux_inode_link),
6928 LSM_HOOK_INIT(inode_unlink, selinux_inode_unlink),
6929 LSM_HOOK_INIT(inode_symlink, selinux_inode_symlink),
6930 LSM_HOOK_INIT(inode_mkdir, selinux_inode_mkdir),
6931 LSM_HOOK_INIT(inode_rmdir, selinux_inode_rmdir),
6932 LSM_HOOK_INIT(inode_mknod, selinux_inode_mknod),
6933 LSM_HOOK_INIT(inode_rename, selinux_inode_rename),
6934 LSM_HOOK_INIT(inode_readlink, selinux_inode_readlink),
6935 LSM_HOOK_INIT(inode_follow_link, selinux_inode_follow_link),
6936 LSM_HOOK_INIT(inode_permission, selinux_inode_permission),
6937 LSM_HOOK_INIT(inode_setattr, selinux_inode_setattr),
6938 LSM_HOOK_INIT(inode_getattr, selinux_inode_getattr),
6939 LSM_HOOK_INIT(inode_setxattr, selinux_inode_setxattr),
6940 LSM_HOOK_INIT(inode_post_setxattr, selinux_inode_post_setxattr),
6941 LSM_HOOK_INIT(inode_getxattr, selinux_inode_getxattr),
6942 LSM_HOOK_INIT(inode_listxattr, selinux_inode_listxattr),
6943 LSM_HOOK_INIT(inode_removexattr, selinux_inode_removexattr),
6944 LSM_HOOK_INIT(inode_getsecurity, selinux_inode_getsecurity),
6945 LSM_HOOK_INIT(inode_setsecurity, selinux_inode_setsecurity),
6946 LSM_HOOK_INIT(inode_listsecurity, selinux_inode_listsecurity),
6947 LSM_HOOK_INIT(inode_getsecid, selinux_inode_getsecid),
6948 LSM_HOOK_INIT(inode_copy_up, selinux_inode_copy_up),
6949 LSM_HOOK_INIT(inode_copy_up_xattr, selinux_inode_copy_up_xattr),
6950
6951 LSM_HOOK_INIT(file_permission, selinux_file_permission),
6952 LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security),
6953 LSM_HOOK_INIT(file_free_security, selinux_file_free_security),
6954 LSM_HOOK_INIT(file_ioctl, selinux_file_ioctl),
6955 LSM_HOOK_INIT(mmap_file, selinux_mmap_file),
6956 LSM_HOOK_INIT(mmap_addr, selinux_mmap_addr),
6957 LSM_HOOK_INIT(file_mprotect, selinux_file_mprotect),
6958 LSM_HOOK_INIT(file_lock, selinux_file_lock),
6959 LSM_HOOK_INIT(file_fcntl, selinux_file_fcntl),
6960 LSM_HOOK_INIT(file_set_fowner, selinux_file_set_fowner),
6961 LSM_HOOK_INIT(file_send_sigiotask, selinux_file_send_sigiotask),
6962 LSM_HOOK_INIT(file_receive, selinux_file_receive),
6963
6964 LSM_HOOK_INIT(file_open, selinux_file_open),
6965
6966 LSM_HOOK_INIT(task_alloc, selinux_task_alloc),
6967 LSM_HOOK_INIT(cred_alloc_blank, selinux_cred_alloc_blank),
6968 LSM_HOOK_INIT(cred_free, selinux_cred_free),
6969 LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare),
6970 LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer),
6971 LSM_HOOK_INIT(cred_getsecid, selinux_cred_getsecid),
6972 LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as),
6973 LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as),
6974 LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request),
6975 LSM_HOOK_INIT(kernel_read_file, selinux_kernel_read_file),
6976 LSM_HOOK_INIT(task_setpgid, selinux_task_setpgid),
6977 LSM_HOOK_INIT(task_getpgid, selinux_task_getpgid),
6978 LSM_HOOK_INIT(task_getsid, selinux_task_getsid),
6979 LSM_HOOK_INIT(task_getsecid, selinux_task_getsecid),
6980 LSM_HOOK_INIT(task_setnice, selinux_task_setnice),
6981 LSM_HOOK_INIT(task_setioprio, selinux_task_setioprio),
6982 LSM_HOOK_INIT(task_getioprio, selinux_task_getioprio),
6983 LSM_HOOK_INIT(task_prlimit, selinux_task_prlimit),
6984 LSM_HOOK_INIT(task_setrlimit, selinux_task_setrlimit),
6985 LSM_HOOK_INIT(task_setscheduler, selinux_task_setscheduler),
6986 LSM_HOOK_INIT(task_getscheduler, selinux_task_getscheduler),
6987 LSM_HOOK_INIT(task_movememory, selinux_task_movememory),
6988 LSM_HOOK_INIT(task_kill, selinux_task_kill),
6989 LSM_HOOK_INIT(task_to_inode, selinux_task_to_inode),
6990
6991 LSM_HOOK_INIT(ipc_permission, selinux_ipc_permission),
6992 LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid),
6993
6994 LSM_HOOK_INIT(msg_msg_alloc_security, selinux_msg_msg_alloc_security),
6995 LSM_HOOK_INIT(msg_msg_free_security, selinux_msg_msg_free_security),
6996
6997 LSM_HOOK_INIT(msg_queue_alloc_security,
6998 selinux_msg_queue_alloc_security),
6999 LSM_HOOK_INIT(msg_queue_free_security, selinux_msg_queue_free_security),
7000 LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate),
7001 LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl),
7002 LSM_HOOK_INIT(msg_queue_msgsnd, selinux_msg_queue_msgsnd),
7003 LSM_HOOK_INIT(msg_queue_msgrcv, selinux_msg_queue_msgrcv),
7004
7005 LSM_HOOK_INIT(shm_alloc_security, selinux_shm_alloc_security),
7006 LSM_HOOK_INIT(shm_free_security, selinux_shm_free_security),
7007 LSM_HOOK_INIT(shm_associate, selinux_shm_associate),
7008 LSM_HOOK_INIT(shm_shmctl, selinux_shm_shmctl),
7009 LSM_HOOK_INIT(shm_shmat, selinux_shm_shmat),
7010
7011 LSM_HOOK_INIT(sem_alloc_security, selinux_sem_alloc_security),
7012 LSM_HOOK_INIT(sem_free_security, selinux_sem_free_security),
7013 LSM_HOOK_INIT(sem_associate, selinux_sem_associate),
7014 LSM_HOOK_INIT(sem_semctl, selinux_sem_semctl),
7015 LSM_HOOK_INIT(sem_semop, selinux_sem_semop),
7016
7017 LSM_HOOK_INIT(d_instantiate, selinux_d_instantiate),
7018
7019 LSM_HOOK_INIT(getprocattr, selinux_getprocattr),
7020 LSM_HOOK_INIT(setprocattr, selinux_setprocattr),
7021
7022 LSM_HOOK_INIT(ismaclabel, selinux_ismaclabel),
7023 LSM_HOOK_INIT(secid_to_secctx, selinux_secid_to_secctx),
7024 LSM_HOOK_INIT(secctx_to_secid, selinux_secctx_to_secid),
7025 LSM_HOOK_INIT(release_secctx, selinux_release_secctx),
7026 LSM_HOOK_INIT(inode_invalidate_secctx, selinux_inode_invalidate_secctx),
7027 LSM_HOOK_INIT(inode_notifysecctx, selinux_inode_notifysecctx),
7028 LSM_HOOK_INIT(inode_setsecctx, selinux_inode_setsecctx),
7029 LSM_HOOK_INIT(inode_getsecctx, selinux_inode_getsecctx),
7030
7031 LSM_HOOK_INIT(unix_stream_connect, selinux_socket_unix_stream_connect),
7032 LSM_HOOK_INIT(unix_may_send, selinux_socket_unix_may_send),
7033
7034 LSM_HOOK_INIT(socket_create, selinux_socket_create),
7035 LSM_HOOK_INIT(socket_post_create, selinux_socket_post_create),
7036 LSM_HOOK_INIT(socket_socketpair, selinux_socket_socketpair),
7037 LSM_HOOK_INIT(socket_bind, selinux_socket_bind),
7038 LSM_HOOK_INIT(socket_connect, selinux_socket_connect),
7039 LSM_HOOK_INIT(socket_listen, selinux_socket_listen),
7040 LSM_HOOK_INIT(socket_accept, selinux_socket_accept),
7041 LSM_HOOK_INIT(socket_sendmsg, selinux_socket_sendmsg),
7042 LSM_HOOK_INIT(socket_recvmsg, selinux_socket_recvmsg),
7043 LSM_HOOK_INIT(socket_getsockname, selinux_socket_getsockname),
7044 LSM_HOOK_INIT(socket_getpeername, selinux_socket_getpeername),
7045 LSM_HOOK_INIT(socket_getsockopt, selinux_socket_getsockopt),
7046 LSM_HOOK_INIT(socket_setsockopt, selinux_socket_setsockopt),
7047 LSM_HOOK_INIT(socket_shutdown, selinux_socket_shutdown),
7048 LSM_HOOK_INIT(socket_sock_rcv_skb, selinux_socket_sock_rcv_skb),
7049 LSM_HOOK_INIT(socket_getpeersec_stream,
7050 selinux_socket_getpeersec_stream),
7051 LSM_HOOK_INIT(socket_getpeersec_dgram, selinux_socket_getpeersec_dgram),
7052 LSM_HOOK_INIT(sk_alloc_security, selinux_sk_alloc_security),
7053 LSM_HOOK_INIT(sk_free_security, selinux_sk_free_security),
7054 LSM_HOOK_INIT(sk_clone_security, selinux_sk_clone_security),
7055 LSM_HOOK_INIT(sk_getsecid, selinux_sk_getsecid),
7056 LSM_HOOK_INIT(sock_graft, selinux_sock_graft),
7057 LSM_HOOK_INIT(sctp_assoc_request, selinux_sctp_assoc_request),
7058 LSM_HOOK_INIT(sctp_sk_clone, selinux_sctp_sk_clone),
7059 LSM_HOOK_INIT(sctp_bind_connect, selinux_sctp_bind_connect),
7060 LSM_HOOK_INIT(inet_conn_request, selinux_inet_conn_request),
7061 LSM_HOOK_INIT(inet_csk_clone, selinux_inet_csk_clone),
7062 LSM_HOOK_INIT(inet_conn_established, selinux_inet_conn_established),
7063 LSM_HOOK_INIT(secmark_relabel_packet, selinux_secmark_relabel_packet),
7064 LSM_HOOK_INIT(secmark_refcount_inc, selinux_secmark_refcount_inc),
7065 LSM_HOOK_INIT(secmark_refcount_dec, selinux_secmark_refcount_dec),
7066 LSM_HOOK_INIT(req_classify_flow, selinux_req_classify_flow),
7067 LSM_HOOK_INIT(tun_dev_alloc_security, selinux_tun_dev_alloc_security),
7068 LSM_HOOK_INIT(tun_dev_free_security, selinux_tun_dev_free_security),
7069 LSM_HOOK_INIT(tun_dev_create, selinux_tun_dev_create),
7070 LSM_HOOK_INIT(tun_dev_attach_queue, selinux_tun_dev_attach_queue),
7071 LSM_HOOK_INIT(tun_dev_attach, selinux_tun_dev_attach),
7072 LSM_HOOK_INIT(tun_dev_open, selinux_tun_dev_open),
7073#ifdef CONFIG_SECURITY_INFINIBAND
7074 LSM_HOOK_INIT(ib_pkey_access, selinux_ib_pkey_access),
7075 LSM_HOOK_INIT(ib_endport_manage_subnet,
7076 selinux_ib_endport_manage_subnet),
7077 LSM_HOOK_INIT(ib_alloc_security, selinux_ib_alloc_security),
7078 LSM_HOOK_INIT(ib_free_security, selinux_ib_free_security),
7079#endif
7080#ifdef CONFIG_SECURITY_NETWORK_XFRM
7081 LSM_HOOK_INIT(xfrm_policy_alloc_security, selinux_xfrm_policy_alloc),
7082 LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone),
7083 LSM_HOOK_INIT(xfrm_policy_free_security, selinux_xfrm_policy_free),
7084 LSM_HOOK_INIT(xfrm_policy_delete_security, selinux_xfrm_policy_delete),
7085 LSM_HOOK_INIT(xfrm_state_alloc, selinux_xfrm_state_alloc),
7086 LSM_HOOK_INIT(xfrm_state_alloc_acquire,
7087 selinux_xfrm_state_alloc_acquire),
7088 LSM_HOOK_INIT(xfrm_state_free_security, selinux_xfrm_state_free),
7089 LSM_HOOK_INIT(xfrm_state_delete_security, selinux_xfrm_state_delete),
7090 LSM_HOOK_INIT(xfrm_policy_lookup, selinux_xfrm_policy_lookup),
7091 LSM_HOOK_INIT(xfrm_state_pol_flow_match,
7092 selinux_xfrm_state_pol_flow_match),
7093 LSM_HOOK_INIT(xfrm_decode_session, selinux_xfrm_decode_session),
7094#endif
7095
7096#ifdef CONFIG_KEYS
7097 LSM_HOOK_INIT(key_alloc, selinux_key_alloc),
7098 LSM_HOOK_INIT(key_free, selinux_key_free),
7099 LSM_HOOK_INIT(key_permission, selinux_key_permission),
7100 LSM_HOOK_INIT(key_getsecurity, selinux_key_getsecurity),
7101#endif
7102
7103#ifdef CONFIG_AUDIT
7104 LSM_HOOK_INIT(audit_rule_init, selinux_audit_rule_init),
7105 LSM_HOOK_INIT(audit_rule_known, selinux_audit_rule_known),
7106 LSM_HOOK_INIT(audit_rule_match, selinux_audit_rule_match),
7107 LSM_HOOK_INIT(audit_rule_free, selinux_audit_rule_free),
7108#endif
7109
7110#ifdef CONFIG_BPF_SYSCALL
7111 LSM_HOOK_INIT(bpf, selinux_bpf),
7112 LSM_HOOK_INIT(bpf_map, selinux_bpf_map),
7113 LSM_HOOK_INIT(bpf_prog, selinux_bpf_prog),
7114 LSM_HOOK_INIT(bpf_map_alloc_security, selinux_bpf_map_alloc),
7115 LSM_HOOK_INIT(bpf_prog_alloc_security, selinux_bpf_prog_alloc),
7116 LSM_HOOK_INIT(bpf_map_free_security, selinux_bpf_map_free),
7117 LSM_HOOK_INIT(bpf_prog_free_security, selinux_bpf_prog_free),
7118#endif
7119};
7120
7121static __init int selinux_init(void)
7122{
7123 if (!security_module_enable("selinux")) {
7124 selinux_enabled = 0;
7125 return 0;
7126 }
7127
7128 if (!selinux_enabled) {
7129 printk(KERN_INFO "SELinux: Disabled at boot.\n");
7130 return 0;
7131 }
7132
7133 printk(KERN_INFO "SELinux: Initializing.\n");
7134
7135 memset(&selinux_state, 0, sizeof(selinux_state));
7136 enforcing_set(&selinux_state, selinux_enforcing_boot);
7137 selinux_state.checkreqprot = selinux_checkreqprot_boot;
7138 selinux_ss_init(&selinux_state.ss);
7139 selinux_avc_init(&selinux_state.avc);
7140
7141
7142 cred_init_security();
7143
7144 default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
7145
7146 sel_inode_cache = kmem_cache_create("selinux_inode_security",
7147 sizeof(struct inode_security_struct),
7148 0, SLAB_PANIC, NULL);
7149 file_security_cache = kmem_cache_create("selinux_file_security",
7150 sizeof(struct file_security_struct),
7151 0, SLAB_PANIC, NULL);
7152 avc_init();
7153
7154 avtab_cache_init();
7155
7156 ebitmap_cache_init();
7157
7158 hashtab_cache_init();
7159
7160 security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux");
7161
7162 if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET))
7163 panic("SELinux: Unable to register AVC netcache callback\n");
7164
7165 if (avc_add_callback(selinux_lsm_notifier_avc_callback, AVC_CALLBACK_RESET))
7166 panic("SELinux: Unable to register AVC LSM notifier callback\n");
7167
7168 if (selinux_enforcing_boot)
7169 printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
7170 else
7171 printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
7172
7173 return 0;
7174}
7175
7176static void delayed_superblock_init(struct super_block *sb, void *unused)
7177{
7178 superblock_doinit(sb, NULL);
7179}
7180
7181void selinux_complete_init(void)
7182{
7183 printk(KERN_DEBUG "SELinux: Completing initialization.\n");
7184
7185
7186 printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
7187 iterate_supers(delayed_superblock_init, NULL);
7188}
7189
7190
7191
7192security_initcall(selinux_init);
7193
7194#if defined(CONFIG_NETFILTER)
7195
7196static const struct nf_hook_ops selinux_nf_ops[] = {
7197 {
7198 .hook = selinux_ipv4_postroute,
7199 .pf = NFPROTO_IPV4,
7200 .hooknum = NF_INET_POST_ROUTING,
7201 .priority = NF_IP_PRI_SELINUX_LAST,
7202 },
7203 {
7204 .hook = selinux_ipv4_forward,
7205 .pf = NFPROTO_IPV4,
7206 .hooknum = NF_INET_FORWARD,
7207 .priority = NF_IP_PRI_SELINUX_FIRST,
7208 },
7209 {
7210 .hook = selinux_ipv4_output,
7211 .pf = NFPROTO_IPV4,
7212 .hooknum = NF_INET_LOCAL_OUT,
7213 .priority = NF_IP_PRI_SELINUX_FIRST,
7214 },
7215#if IS_ENABLED(CONFIG_IPV6)
7216 {
7217 .hook = selinux_ipv6_postroute,
7218 .pf = NFPROTO_IPV6,
7219 .hooknum = NF_INET_POST_ROUTING,
7220 .priority = NF_IP6_PRI_SELINUX_LAST,
7221 },
7222 {
7223 .hook = selinux_ipv6_forward,
7224 .pf = NFPROTO_IPV6,
7225 .hooknum = NF_INET_FORWARD,
7226 .priority = NF_IP6_PRI_SELINUX_FIRST,
7227 },
7228 {
7229 .hook = selinux_ipv6_output,
7230 .pf = NFPROTO_IPV6,
7231 .hooknum = NF_INET_LOCAL_OUT,
7232 .priority = NF_IP6_PRI_SELINUX_FIRST,
7233 },
7234#endif
7235};
7236
7237static int __net_init selinux_nf_register(struct net *net)
7238{
7239 return nf_register_net_hooks(net, selinux_nf_ops,
7240 ARRAY_SIZE(selinux_nf_ops));
7241}
7242
7243static void __net_exit selinux_nf_unregister(struct net *net)
7244{
7245 nf_unregister_net_hooks(net, selinux_nf_ops,
7246 ARRAY_SIZE(selinux_nf_ops));
7247}
7248
7249static struct pernet_operations selinux_net_ops = {
7250 .init = selinux_nf_register,
7251 .exit = selinux_nf_unregister,
7252};
7253
7254static int __init selinux_nf_ip_init(void)
7255{
7256 int err;
7257
7258 if (!selinux_enabled)
7259 return 0;
7260
7261 printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
7262
7263 err = register_pernet_subsys(&selinux_net_ops);
7264 if (err)
7265 panic("SELinux: register_pernet_subsys: error %d\n", err);
7266
7267 return 0;
7268}
7269__initcall(selinux_nf_ip_init);
7270
7271#ifdef CONFIG_SECURITY_SELINUX_DISABLE
7272static void selinux_nf_ip_exit(void)
7273{
7274 printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
7275
7276 unregister_pernet_subsys(&selinux_net_ops);
7277}
7278#endif
7279
7280#else
7281
7282#ifdef CONFIG_SECURITY_SELINUX_DISABLE
7283#define selinux_nf_ip_exit()
7284#endif
7285
7286#endif
7287
7288#ifdef CONFIG_SECURITY_SELINUX_DISABLE
7289int selinux_disable(struct selinux_state *state)
7290{
7291 if (state->initialized) {
7292
7293 return -EINVAL;
7294 }
7295
7296 if (state->disabled) {
7297
7298 return -EINVAL;
7299 }
7300
7301 state->disabled = 1;
7302
7303 printk(KERN_INFO "SELinux: Disabled at runtime.\n");
7304
7305 selinux_enabled = 0;
7306
7307 security_delete_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks));
7308
7309
7310 avc_disable();
7311
7312
7313 selinux_nf_ip_exit();
7314
7315
7316 exit_sel_fs();
7317
7318 return 0;
7319}
7320#endif
7321
