1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24#include <linux/init.h>
25#include <linux/kd.h>
26#include <linux/kernel.h>
27#include <linux/kernel_read_file.h>
28#include <linux/tracehook.h>
29#include <linux/errno.h>
30#include <linux/sched/signal.h>
31#include <linux/sched/task.h>
32#include <linux/lsm_hooks.h>
33#include <linux/xattr.h>
34#include <linux/capability.h>
35#include <linux/unistd.h>
36#include <linux/mm.h>
37#include <linux/mman.h>
38#include <linux/slab.h>
39#include <linux/pagemap.h>
40#include <linux/proc_fs.h>
41#include <linux/swap.h>
42#include <linux/spinlock.h>
43#include <linux/syscalls.h>
44#include <linux/dcache.h>
45#include <linux/file.h>
46#include <linux/fdtable.h>
47#include <linux/namei.h>
48#include <linux/mount.h>
49#include <linux/fs_context.h>
50#include <linux/fs_parser.h>
51#include <linux/netfilter_ipv4.h>
52#include <linux/netfilter_ipv6.h>
53#include <linux/tty.h>
54#include <net/icmp.h>
55#include <net/ip.h>
56#include <net/tcp.h>
57#include <net/inet_connection_sock.h>
58#include <net/net_namespace.h>
59#include <net/netlabel.h>
60#include <linux/uaccess.h>
61#include <asm/ioctls.h>
62#include <linux/atomic.h>
63#include <linux/bitops.h>
64#include <linux/interrupt.h>
65#include <linux/netdevice.h>
66#include <net/netlink.h>
67#include <linux/tcp.h>
68#include <linux/udp.h>
69#include <linux/dccp.h>
70#include <linux/sctp.h>
71#include <net/sctp/structs.h>
72#include <linux/quota.h>
73#include <linux/un.h>
74#include <net/af_unix.h>
75#include <linux/parser.h>
76#include <linux/nfs_mount.h>
77#include <net/ipv6.h>
78#include <linux/hugetlb.h>
79#include <linux/personality.h>
80#include <linux/audit.h>
81#include <linux/string.h>
82#include <linux/mutex.h>
83#include <linux/posix-timers.h>
84#include <linux/syslog.h>
85#include <linux/user_namespace.h>
86#include <linux/export.h>
87#include <linux/msg.h>
88#include <linux/shm.h>
89#include <linux/bpf.h>
90#include <linux/kernfs.h>
91#include <linux/stringhash.h>
92#include <uapi/linux/mount.h>
93#include <linux/fsnotify.h>
94#include <linux/fanotify.h>
95
96#include "avc.h"
97#include "objsec.h"
98#include "netif.h"
99#include "netnode.h"
100#include "netport.h"
101#include "ibpkey.h"
102#include "xfrm.h"
103#include "netlabel.h"
104#include "audit.h"
105#include "avc_ss.h"
106
107struct selinux_state selinux_state;
108
109
110static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
111
112#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
113static int selinux_enforcing_boot __initdata;
114
115static int __init enforcing_setup(char *str)
116{
117 unsigned long enforcing;
118 if (!kstrtoul(str, 0, &enforcing))
119 selinux_enforcing_boot = enforcing ? 1 : 0;
120 return 1;
121}
122__setup("enforcing=", enforcing_setup);
123#else
124#define selinux_enforcing_boot 1
125#endif
126
127int selinux_enabled_boot __initdata = 1;
128#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
129static int __init selinux_enabled_setup(char *str)
130{
131 unsigned long enabled;
132 if (!kstrtoul(str, 0, &enabled))
133 selinux_enabled_boot = enabled ? 1 : 0;
134 return 1;
135}
136__setup("selinux=", selinux_enabled_setup);
137#endif
138
139static unsigned int selinux_checkreqprot_boot =
140 CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE;
141
142static int __init checkreqprot_setup(char *str)
143{
144 unsigned long checkreqprot;
145
146 if (!kstrtoul(str, 0, &checkreqprot)) {
147 selinux_checkreqprot_boot = checkreqprot ? 1 : 0;
148 if (checkreqprot)
149 pr_warn("SELinux: checkreqprot set to 1 via kernel parameter. This is deprecated and will be rejected in a future kernel release.\n");
150 }
151 return 1;
152}
153__setup("checkreqprot=", checkreqprot_setup);
154
155
156
157
158
159
160
161
162
163
164
165
166static int selinux_secmark_enabled(void)
167{
168 return (selinux_policycap_alwaysnetwork() ||
169 atomic_read(&selinux_secmark_refcount));
170}
171
172
173
174
175
176
177
178
179
180
181
182static int selinux_peerlbl_enabled(void)
183{
184 return (selinux_policycap_alwaysnetwork() ||
185 netlbl_enabled() || selinux_xfrm_enabled());
186}
187
188static int selinux_netcache_avc_callback(u32 event)
189{
190 if (event == AVC_CALLBACK_RESET) {
191 sel_netif_flush();
192 sel_netnode_flush();
193 sel_netport_flush();
194 synchronize_net();
195 }
196 return 0;
197}
198
199static int selinux_lsm_notifier_avc_callback(u32 event)
200{
201 if (event == AVC_CALLBACK_RESET) {
202 sel_ib_pkey_flush();
203 call_blocking_lsm_notifier(LSM_POLICY_CHANGE, NULL);
204 }
205
206 return 0;
207}
208
209
210
211
212static void cred_init_security(void)
213{
214 struct cred *cred = (struct cred *) current->real_cred;
215 struct task_security_struct *tsec;
216
217 tsec = selinux_cred(cred);
218 tsec->osid = tsec->sid = SECINITSID_KERNEL;
219}
220
221
222
223
224static inline u32 cred_sid(const struct cred *cred)
225{
226 const struct task_security_struct *tsec;
227
228 tsec = selinux_cred(cred);
229 return tsec->sid;
230}
231
232
233
234
235static inline u32 task_sid_subj(const struct task_struct *task)
236{
237 u32 sid;
238
239 rcu_read_lock();
240 sid = cred_sid(rcu_dereference(task->cred));
241 rcu_read_unlock();
242 return sid;
243}
244
245
246
247
248static inline u32 task_sid_obj(const struct task_struct *task)
249{
250 u32 sid;
251
252 rcu_read_lock();
253 sid = cred_sid(__task_cred(task));
254 rcu_read_unlock();
255 return sid;
256}
257
258
259
260
261static inline u32 task_sid_binder(const struct task_struct *task)
262{
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278 return task_sid_obj(task);
279}
280
281static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
282
283
284
285
286
287
288
289static int __inode_security_revalidate(struct inode *inode,
290 struct dentry *dentry,
291 bool may_sleep)
292{
293 struct inode_security_struct *isec = selinux_inode(inode);
294
295 might_sleep_if(may_sleep);
296
297 if (selinux_initialized(&selinux_state) &&
298 isec->initialized != LABEL_INITIALIZED) {
299 if (!may_sleep)
300 return -ECHILD;
301
302
303
304
305
306
307 inode_doinit_with_dentry(inode, dentry);
308 }
309 return 0;
310}
311
312static struct inode_security_struct *inode_security_novalidate(struct inode *inode)
313{
314 return selinux_inode(inode);
315}
316
317static struct inode_security_struct *inode_security_rcu(struct inode *inode, bool rcu)
318{
319 int error;
320
321 error = __inode_security_revalidate(inode, NULL, !rcu);
322 if (error)
323 return ERR_PTR(error);
324 return selinux_inode(inode);
325}
326
327
328
329
330static struct inode_security_struct *inode_security(struct inode *inode)
331{
332 __inode_security_revalidate(inode, NULL, true);
333 return selinux_inode(inode);
334}
335
336static struct inode_security_struct *backing_inode_security_novalidate(struct dentry *dentry)
337{
338 struct inode *inode = d_backing_inode(dentry);
339
340 return selinux_inode(inode);
341}
342
343
344
345
346static struct inode_security_struct *backing_inode_security(struct dentry *dentry)
347{
348 struct inode *inode = d_backing_inode(dentry);
349
350 __inode_security_revalidate(inode, dentry, true);
351 return selinux_inode(inode);
352}
353
354static void inode_free_security(struct inode *inode)
355{
356 struct inode_security_struct *isec = selinux_inode(inode);
357 struct superblock_security_struct *sbsec;
358
359 if (!isec)
360 return;
361 sbsec = selinux_superblock(inode->i_sb);
362
363
364
365
366
367
368
369
370
371
372 if (!list_empty_careful(&isec->list)) {
373 spin_lock(&sbsec->isec_lock);
374 list_del_init(&isec->list);
375 spin_unlock(&sbsec->isec_lock);
376 }
377}
378
379struct selinux_mnt_opts {
380 const char *fscontext, *context, *rootcontext, *defcontext;
381};
382
383static void selinux_free_mnt_opts(void *mnt_opts)
384{
385 struct selinux_mnt_opts *opts = mnt_opts;
386 kfree(opts->fscontext);
387 kfree(opts->context);
388 kfree(opts->rootcontext);
389 kfree(opts->defcontext);
390 kfree(opts);
391}
392
393enum {
394 Opt_error = -1,
395 Opt_context = 0,
396 Opt_defcontext = 1,
397 Opt_fscontext = 2,
398 Opt_rootcontext = 3,
399 Opt_seclabel = 4,
400};
401
402#define A(s, has_arg) {#s, sizeof(#s) - 1, Opt_##s, has_arg}
403static struct {
404 const char *name;
405 int len;
406 int opt;
407 bool has_arg;
408} tokens[] = {
409 A(context, true),
410 A(fscontext, true),
411 A(defcontext, true),
412 A(rootcontext, true),
413 A(seclabel, false),
414};
415#undef A
416
417static int match_opt_prefix(char *s, int l, char **arg)
418{
419 int i;
420
421 for (i = 0; i < ARRAY_SIZE(tokens); i++) {
422 size_t len = tokens[i].len;
423 if (len > l || memcmp(s, tokens[i].name, len))
424 continue;
425 if (tokens[i].has_arg) {
426 if (len == l || s[len] != '=')
427 continue;
428 *arg = s + len + 1;
429 } else if (len != l)
430 continue;
431 return tokens[i].opt;
432 }
433 return Opt_error;
434}
435
436#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
437
438static int may_context_mount_sb_relabel(u32 sid,
439 struct superblock_security_struct *sbsec,
440 const struct cred *cred)
441{
442 const struct task_security_struct *tsec = selinux_cred(cred);
443 int rc;
444
445 rc = avc_has_perm(&selinux_state,
446 tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
447 FILESYSTEM__RELABELFROM, NULL);
448 if (rc)
449 return rc;
450
451 rc = avc_has_perm(&selinux_state,
452 tsec->sid, sid, SECCLASS_FILESYSTEM,
453 FILESYSTEM__RELABELTO, NULL);
454 return rc;
455}
456
457static int may_context_mount_inode_relabel(u32 sid,
458 struct superblock_security_struct *sbsec,
459 const struct cred *cred)
460{
461 const struct task_security_struct *tsec = selinux_cred(cred);
462 int rc;
463 rc = avc_has_perm(&selinux_state,
464 tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
465 FILESYSTEM__RELABELFROM, NULL);
466 if (rc)
467 return rc;
468
469 rc = avc_has_perm(&selinux_state,
470 sid, sbsec->sid, SECCLASS_FILESYSTEM,
471 FILESYSTEM__ASSOCIATE, NULL);
472 return rc;
473}
474
475static int selinux_is_genfs_special_handling(struct super_block *sb)
476{
477
478 return !strcmp(sb->s_type->name, "sysfs") ||
479 !strcmp(sb->s_type->name, "pstore") ||
480 !strcmp(sb->s_type->name, "debugfs") ||
481 !strcmp(sb->s_type->name, "tracefs") ||
482 !strcmp(sb->s_type->name, "rootfs") ||
483 (selinux_policycap_cgroupseclabel() &&
484 (!strcmp(sb->s_type->name, "cgroup") ||
485 !strcmp(sb->s_type->name, "cgroup2")));
486}
487
488static int selinux_is_sblabel_mnt(struct super_block *sb)
489{
490 struct superblock_security_struct *sbsec = selinux_superblock(sb);
491
492
493
494
495
496 BUILD_BUG_ON(SECURITY_FS_USE_MAX != 7);
497
498 switch (sbsec->behavior) {
499 case SECURITY_FS_USE_XATTR:
500 case SECURITY_FS_USE_TRANS:
501 case SECURITY_FS_USE_TASK:
502 case SECURITY_FS_USE_NATIVE:
503 return 1;
504
505 case SECURITY_FS_USE_GENFS:
506 return selinux_is_genfs_special_handling(sb);
507
508
509 case SECURITY_FS_USE_MNTPOINT:
510 case SECURITY_FS_USE_NONE:
511 default:
512 return 0;
513 }
514}
515
516static int sb_check_xattr_support(struct super_block *sb)
517{
518 struct superblock_security_struct *sbsec = sb->s_security;
519 struct dentry *root = sb->s_root;
520 struct inode *root_inode = d_backing_inode(root);
521 u32 sid;
522 int rc;
523
524
525
526
527
528
529
530
531 if (!(root_inode->i_opflags & IOP_XATTR)) {
532 pr_warn("SELinux: (dev %s, type %s) has no xattr support\n",
533 sb->s_id, sb->s_type->name);
534 goto fallback;
535 }
536
537 rc = __vfs_getxattr(root, root_inode, XATTR_NAME_SELINUX, NULL, 0);
538 if (rc < 0 && rc != -ENODATA) {
539 if (rc == -EOPNOTSUPP) {
540 pr_warn("SELinux: (dev %s, type %s) has no security xattr handler\n",
541 sb->s_id, sb->s_type->name);
542 goto fallback;
543 } else {
544 pr_warn("SELinux: (dev %s, type %s) getxattr errno %d\n",
545 sb->s_id, sb->s_type->name, -rc);
546 return rc;
547 }
548 }
549 return 0;
550
551fallback:
552
553 rc = security_genfs_sid(&selinux_state, sb->s_type->name, "/",
554 SECCLASS_DIR, &sid);
555 if (rc)
556 return -EOPNOTSUPP;
557
558 pr_warn("SELinux: (dev %s, type %s) falling back to genfs\n",
559 sb->s_id, sb->s_type->name);
560 sbsec->behavior = SECURITY_FS_USE_GENFS;
561 sbsec->sid = sid;
562 return 0;
563}
564
565static int sb_finish_set_opts(struct super_block *sb)
566{
567 struct superblock_security_struct *sbsec = selinux_superblock(sb);
568 struct dentry *root = sb->s_root;
569 struct inode *root_inode = d_backing_inode(root);
570 int rc = 0;
571
572 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
573 rc = sb_check_xattr_support(sb);
574 if (rc)
575 return rc;
576 }
577
578 sbsec->flags |= SE_SBINITIALIZED;
579
580
581
582
583
584
585 if (selinux_is_sblabel_mnt(sb))
586 sbsec->flags |= SBLABEL_MNT;
587 else
588 sbsec->flags &= ~SBLABEL_MNT;
589
590
591 rc = inode_doinit_with_dentry(root_inode, root);
592
593
594
595
596
597 spin_lock(&sbsec->isec_lock);
598 while (!list_empty(&sbsec->isec_head)) {
599 struct inode_security_struct *isec =
600 list_first_entry(&sbsec->isec_head,
601 struct inode_security_struct, list);
602 struct inode *inode = isec->inode;
603 list_del_init(&isec->list);
604 spin_unlock(&sbsec->isec_lock);
605 inode = igrab(inode);
606 if (inode) {
607 if (!IS_PRIVATE(inode))
608 inode_doinit_with_dentry(inode, NULL);
609 iput(inode);
610 }
611 spin_lock(&sbsec->isec_lock);
612 }
613 spin_unlock(&sbsec->isec_lock);
614 return rc;
615}
616
617static int bad_option(struct superblock_security_struct *sbsec, char flag,
618 u32 old_sid, u32 new_sid)
619{
620 char mnt_flags = sbsec->flags & SE_MNTMASK;
621
622
623 if (sbsec->flags & SE_SBINITIALIZED)
624 if (!(sbsec->flags & flag) ||
625 (old_sid != new_sid))
626 return 1;
627
628
629
630
631 if (!(sbsec->flags & SE_SBINITIALIZED))
632 if (mnt_flags & flag)
633 return 1;
634 return 0;
635}
636
637static int parse_sid(struct super_block *sb, const char *s, u32 *sid)
638{
639 int rc = security_context_str_to_sid(&selinux_state, s,
640 sid, GFP_KERNEL);
641 if (rc)
642 pr_warn("SELinux: security_context_str_to_sid"
643 "(%s) failed for (dev %s, type %s) errno=%d\n",
644 s, sb->s_id, sb->s_type->name, rc);
645 return rc;
646}
647
648
649
650
651
652static int selinux_set_mnt_opts(struct super_block *sb,
653 void *mnt_opts,
654 unsigned long kern_flags,
655 unsigned long *set_kern_flags)
656{
657 const struct cred *cred = current_cred();
658 struct superblock_security_struct *sbsec = selinux_superblock(sb);
659 struct dentry *root = sb->s_root;
660 struct selinux_mnt_opts *opts = mnt_opts;
661 struct inode_security_struct *root_isec;
662 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
663 u32 defcontext_sid = 0;
664 int rc = 0;
665
666 mutex_lock(&sbsec->lock);
667
668 if (!selinux_initialized(&selinux_state)) {
669 if (!opts) {
670
671
672
673 goto out;
674 }
675 rc = -EINVAL;
676 pr_warn("SELinux: Unable to set superblock options "
677 "before the security server is initialized\n");
678 goto out;
679 }
680 if (kern_flags && !set_kern_flags) {
681
682
683 rc = -EINVAL;
684 goto out;
685 }
686
687
688
689
690
691
692
693
694
695
696
697
698 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
699 && !opts)
700 goto out;
701
702 root_isec = backing_inode_security_novalidate(root);
703
704
705
706
707
708
709 if (opts) {
710 if (opts->fscontext) {
711 rc = parse_sid(sb, opts->fscontext, &fscontext_sid);
712 if (rc)
713 goto out;
714 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
715 fscontext_sid))
716 goto out_double_mount;
717 sbsec->flags |= FSCONTEXT_MNT;
718 }
719 if (opts->context) {
720 rc = parse_sid(sb, opts->context, &context_sid);
721 if (rc)
722 goto out;
723 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
724 context_sid))
725 goto out_double_mount;
726 sbsec->flags |= CONTEXT_MNT;
727 }
728 if (opts->rootcontext) {
729 rc = parse_sid(sb, opts->rootcontext, &rootcontext_sid);
730 if (rc)
731 goto out;
732 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
733 rootcontext_sid))
734 goto out_double_mount;
735 sbsec->flags |= ROOTCONTEXT_MNT;
736 }
737 if (opts->defcontext) {
738 rc = parse_sid(sb, opts->defcontext, &defcontext_sid);
739 if (rc)
740 goto out;
741 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
742 defcontext_sid))
743 goto out_double_mount;
744 sbsec->flags |= DEFCONTEXT_MNT;
745 }
746 }
747
748 if (sbsec->flags & SE_SBINITIALIZED) {
749
750 if ((sbsec->flags & SE_MNTMASK) && !opts)
751 goto out_double_mount;
752 rc = 0;
753 goto out;
754 }
755
756 if (strcmp(sb->s_type->name, "proc") == 0)
757 sbsec->flags |= SE_SBPROC | SE_SBGENFS;
758
759 if (!strcmp(sb->s_type->name, "debugfs") ||
760 !strcmp(sb->s_type->name, "tracefs") ||
761 !strcmp(sb->s_type->name, "binder") ||
762 !strcmp(sb->s_type->name, "bpf") ||
763 !strcmp(sb->s_type->name, "pstore"))
764 sbsec->flags |= SE_SBGENFS;
765
766 if (!strcmp(sb->s_type->name, "sysfs") ||
767 !strcmp(sb->s_type->name, "cgroup") ||
768 !strcmp(sb->s_type->name, "cgroup2"))
769 sbsec->flags |= SE_SBGENFS | SE_SBGENFS_XATTR;
770
771 if (!sbsec->behavior) {
772
773
774
775
776 rc = security_fs_use(&selinux_state, sb);
777 if (rc) {
778 pr_warn("%s: security_fs_use(%s) returned %d\n",
779 __func__, sb->s_type->name, rc);
780 goto out;
781 }
782 }
783
784
785
786
787
788
789 if (sb->s_user_ns != &init_user_ns &&
790 strcmp(sb->s_type->name, "tmpfs") &&
791 strcmp(sb->s_type->name, "ramfs") &&
792 strcmp(sb->s_type->name, "devpts") &&
793 strcmp(sb->s_type->name, "overlay")) {
794 if (context_sid || fscontext_sid || rootcontext_sid ||
795 defcontext_sid) {
796 rc = -EACCES;
797 goto out;
798 }
799 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
800 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
801 rc = security_transition_sid(&selinux_state,
802 current_sid(),
803 current_sid(),
804 SECCLASS_FILE, NULL,
805 &sbsec->mntpoint_sid);
806 if (rc)
807 goto out;
808 }
809 goto out_set_opts;
810 }
811
812
813 if (fscontext_sid) {
814 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
815 if (rc)
816 goto out;
817
818 sbsec->sid = fscontext_sid;
819 }
820
821
822
823
824
825
826 if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !context_sid) {
827 sbsec->behavior = SECURITY_FS_USE_NATIVE;
828 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
829 }
830
831 if (context_sid) {
832 if (!fscontext_sid) {
833 rc = may_context_mount_sb_relabel(context_sid, sbsec,
834 cred);
835 if (rc)
836 goto out;
837 sbsec->sid = context_sid;
838 } else {
839 rc = may_context_mount_inode_relabel(context_sid, sbsec,
840 cred);
841 if (rc)
842 goto out;
843 }
844 if (!rootcontext_sid)
845 rootcontext_sid = context_sid;
846
847 sbsec->mntpoint_sid = context_sid;
848 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
849 }
850
851 if (rootcontext_sid) {
852 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
853 cred);
854 if (rc)
855 goto out;
856
857 root_isec->sid = rootcontext_sid;
858 root_isec->initialized = LABEL_INITIALIZED;
859 }
860
861 if (defcontext_sid) {
862 if (sbsec->behavior != SECURITY_FS_USE_XATTR &&
863 sbsec->behavior != SECURITY_FS_USE_NATIVE) {
864 rc = -EINVAL;
865 pr_warn("SELinux: defcontext option is "
866 "invalid for this filesystem type\n");
867 goto out;
868 }
869
870 if (defcontext_sid != sbsec->def_sid) {
871 rc = may_context_mount_inode_relabel(defcontext_sid,
872 sbsec, cred);
873 if (rc)
874 goto out;
875 }
876
877 sbsec->def_sid = defcontext_sid;
878 }
879
880out_set_opts:
881 rc = sb_finish_set_opts(sb);
882out:
883 mutex_unlock(&sbsec->lock);
884 return rc;
885out_double_mount:
886 rc = -EINVAL;
887 pr_warn("SELinux: mount invalid. Same superblock, different "
888 "security settings for (dev %s, type %s)\n", sb->s_id,
889 sb->s_type->name);
890 goto out;
891}
892
893static int selinux_cmp_sb_context(const struct super_block *oldsb,
894 const struct super_block *newsb)
895{
896 struct superblock_security_struct *old = selinux_superblock(oldsb);
897 struct superblock_security_struct *new = selinux_superblock(newsb);
898 char oldflags = old->flags & SE_MNTMASK;
899 char newflags = new->flags & SE_MNTMASK;
900
901 if (oldflags != newflags)
902 goto mismatch;
903 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid)
904 goto mismatch;
905 if ((oldflags & CONTEXT_MNT) && old->mntpoint_sid != new->mntpoint_sid)
906 goto mismatch;
907 if ((oldflags & DEFCONTEXT_MNT) && old->def_sid != new->def_sid)
908 goto mismatch;
909 if (oldflags & ROOTCONTEXT_MNT) {
910 struct inode_security_struct *oldroot = backing_inode_security(oldsb->s_root);
911 struct inode_security_struct *newroot = backing_inode_security(newsb->s_root);
912 if (oldroot->sid != newroot->sid)
913 goto mismatch;
914 }
915 return 0;
916mismatch:
917 pr_warn("SELinux: mount invalid. Same superblock, "
918 "different security settings for (dev %s, "
919 "type %s)\n", newsb->s_id, newsb->s_type->name);
920 return -EBUSY;
921}
922
923static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
924 struct super_block *newsb,
925 unsigned long kern_flags,
926 unsigned long *set_kern_flags)
927{
928 int rc = 0;
929 const struct superblock_security_struct *oldsbsec =
930 selinux_superblock(oldsb);
931 struct superblock_security_struct *newsbsec = selinux_superblock(newsb);
932
933 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
934 int set_context = (oldsbsec->flags & CONTEXT_MNT);
935 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
936
937
938
939
940
941 if (!selinux_initialized(&selinux_state))
942 return 0;
943
944
945
946
947
948 if (kern_flags && !set_kern_flags)
949 return -EINVAL;
950
951
952 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
953
954
955 if (newsbsec->flags & SE_SBINITIALIZED) {
956 if ((kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context)
957 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
958 return selinux_cmp_sb_context(oldsb, newsb);
959 }
960
961 mutex_lock(&newsbsec->lock);
962
963 newsbsec->flags = oldsbsec->flags;
964
965 newsbsec->sid = oldsbsec->sid;
966 newsbsec->def_sid = oldsbsec->def_sid;
967 newsbsec->behavior = oldsbsec->behavior;
968
969 if (newsbsec->behavior == SECURITY_FS_USE_NATIVE &&
970 !(kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context) {
971 rc = security_fs_use(&selinux_state, newsb);
972 if (rc)
973 goto out;
974 }
975
976 if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !set_context) {
977 newsbsec->behavior = SECURITY_FS_USE_NATIVE;
978 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
979 }
980
981 if (set_context) {
982 u32 sid = oldsbsec->mntpoint_sid;
983
984 if (!set_fscontext)
985 newsbsec->sid = sid;
986 if (!set_rootcontext) {
987 struct inode_security_struct *newisec = backing_inode_security(newsb->s_root);
988 newisec->sid = sid;
989 }
990 newsbsec->mntpoint_sid = sid;
991 }
992 if (set_rootcontext) {
993 const struct inode_security_struct *oldisec = backing_inode_security(oldsb->s_root);
994 struct inode_security_struct *newisec = backing_inode_security(newsb->s_root);
995
996 newisec->sid = oldisec->sid;
997 }
998
999 sb_finish_set_opts(newsb);
1000out:
1001 mutex_unlock(&newsbsec->lock);
1002 return rc;
1003}
1004
1005static int selinux_add_opt(int token, const char *s, void **mnt_opts)
1006{
1007 struct selinux_mnt_opts *opts = *mnt_opts;
1008
1009 if (token == Opt_seclabel)
1010 return 0;
1011
1012 if (!opts) {
1013 opts = kzalloc(sizeof(struct selinux_mnt_opts), GFP_KERNEL);
1014 if (!opts)
1015 return -ENOMEM;
1016 *mnt_opts = opts;
1017 }
1018 if (!s)
1019 return -ENOMEM;
1020 switch (token) {
1021 case Opt_context:
1022 if (opts->context || opts->defcontext)
1023 goto Einval;
1024 opts->context = s;
1025 break;
1026 case Opt_fscontext:
1027 if (opts->fscontext)
1028 goto Einval;
1029 opts->fscontext = s;
1030 break;
1031 case Opt_rootcontext:
1032 if (opts->rootcontext)
1033 goto Einval;
1034 opts->rootcontext = s;
1035 break;
1036 case Opt_defcontext:
1037 if (opts->context || opts->defcontext)
1038 goto Einval;
1039 opts->defcontext = s;
1040 break;
1041 }
1042 return 0;
1043Einval:
1044 pr_warn(SEL_MOUNT_FAIL_MSG);
1045 return -EINVAL;
1046}
1047
1048static int selinux_add_mnt_opt(const char *option, const char *val, int len,
1049 void **mnt_opts)
1050{
1051 int token = Opt_error;
1052 int rc, i;
1053
1054 for (i = 0; i < ARRAY_SIZE(tokens); i++) {
1055 if (strcmp(option, tokens[i].name) == 0) {
1056 token = tokens[i].opt;
1057 break;
1058 }
1059 }
1060
1061 if (token == Opt_error)
1062 return -EINVAL;
1063
1064 if (token != Opt_seclabel) {
1065 val = kmemdup_nul(val, len, GFP_KERNEL);
1066 if (!val) {
1067 rc = -ENOMEM;
1068 goto free_opt;
1069 }
1070 }
1071 rc = selinux_add_opt(token, val, mnt_opts);
1072 if (unlikely(rc)) {
1073 kfree(val);
1074 goto free_opt;
1075 }
1076 return rc;
1077
1078free_opt:
1079 if (*mnt_opts) {
1080 selinux_free_mnt_opts(*mnt_opts);
1081 *mnt_opts = NULL;
1082 }
1083 return rc;
1084}
1085
1086static int show_sid(struct seq_file *m, u32 sid)
1087{
1088 char *context = NULL;
1089 u32 len;
1090 int rc;
1091
1092 rc = security_sid_to_context(&selinux_state, sid,
1093 &context, &len);
1094 if (!rc) {
1095 bool has_comma = context && strchr(context, ',');
1096
1097 seq_putc(m, '=');
1098 if (has_comma)
1099 seq_putc(m, '\"');
1100 seq_escape(m, context, "\"\n\\");
1101 if (has_comma)
1102 seq_putc(m, '\"');
1103 }
1104 kfree(context);
1105 return rc;
1106}
1107
1108static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
1109{
1110 struct superblock_security_struct *sbsec = selinux_superblock(sb);
1111 int rc;
1112
1113 if (!(sbsec->flags & SE_SBINITIALIZED))
1114 return 0;
1115
1116 if (!selinux_initialized(&selinux_state))
1117 return 0;
1118
1119 if (sbsec->flags & FSCONTEXT_MNT) {
1120 seq_putc(m, ',');
1121 seq_puts(m, FSCONTEXT_STR);
1122 rc = show_sid(m, sbsec->sid);
1123 if (rc)
1124 return rc;
1125 }
1126 if (sbsec->flags & CONTEXT_MNT) {
1127 seq_putc(m, ',');
1128 seq_puts(m, CONTEXT_STR);
1129 rc = show_sid(m, sbsec->mntpoint_sid);
1130 if (rc)
1131 return rc;
1132 }
1133 if (sbsec->flags & DEFCONTEXT_MNT) {
1134 seq_putc(m, ',');
1135 seq_puts(m, DEFCONTEXT_STR);
1136 rc = show_sid(m, sbsec->def_sid);
1137 if (rc)
1138 return rc;
1139 }
1140 if (sbsec->flags & ROOTCONTEXT_MNT) {
1141 struct dentry *root = sb->s_root;
1142 struct inode_security_struct *isec = backing_inode_security(root);
1143 seq_putc(m, ',');
1144 seq_puts(m, ROOTCONTEXT_STR);
1145 rc = show_sid(m, isec->sid);
1146 if (rc)
1147 return rc;
1148 }
1149 if (sbsec->flags & SBLABEL_MNT) {
1150 seq_putc(m, ',');
1151 seq_puts(m, SECLABEL_STR);
1152 }
1153 return 0;
1154}
1155
1156static inline u16 inode_mode_to_security_class(umode_t mode)
1157{
1158 switch (mode & S_IFMT) {
1159 case S_IFSOCK:
1160 return SECCLASS_SOCK_FILE;
1161 case S_IFLNK:
1162 return SECCLASS_LNK_FILE;
1163 case S_IFREG:
1164 return SECCLASS_FILE;
1165 case S_IFBLK:
1166 return SECCLASS_BLK_FILE;
1167 case S_IFDIR:
1168 return SECCLASS_DIR;
1169 case S_IFCHR:
1170 return SECCLASS_CHR_FILE;
1171 case S_IFIFO:
1172 return SECCLASS_FIFO_FILE;
1173
1174 }
1175
1176 return SECCLASS_FILE;
1177}
1178
1179static inline int default_protocol_stream(int protocol)
1180{
1181 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP ||
1182 protocol == IPPROTO_MPTCP);
1183}
1184
1185static inline int default_protocol_dgram(int protocol)
1186{
1187 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
1188}
1189
1190static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1191{
1192 int extsockclass = selinux_policycap_extsockclass();
1193
1194 switch (family) {
1195 case PF_UNIX:
1196 switch (type) {
1197 case SOCK_STREAM:
1198 case SOCK_SEQPACKET:
1199 return SECCLASS_UNIX_STREAM_SOCKET;
1200 case SOCK_DGRAM:
1201 case SOCK_RAW:
1202 return SECCLASS_UNIX_DGRAM_SOCKET;
1203 }
1204 break;
1205 case PF_INET:
1206 case PF_INET6:
1207 switch (type) {
1208 case SOCK_STREAM:
1209 case SOCK_SEQPACKET:
1210 if (default_protocol_stream(protocol))
1211 return SECCLASS_TCP_SOCKET;
1212 else if (extsockclass && protocol == IPPROTO_SCTP)
1213 return SECCLASS_SCTP_SOCKET;
1214 else
1215 return SECCLASS_RAWIP_SOCKET;
1216 case SOCK_DGRAM:
1217 if (default_protocol_dgram(protocol))
1218 return SECCLASS_UDP_SOCKET;
1219 else if (extsockclass && (protocol == IPPROTO_ICMP ||
1220 protocol == IPPROTO_ICMPV6))
1221 return SECCLASS_ICMP_SOCKET;
1222 else
1223 return SECCLASS_RAWIP_SOCKET;
1224 case SOCK_DCCP:
1225 return SECCLASS_DCCP_SOCKET;
1226 default:
1227 return SECCLASS_RAWIP_SOCKET;
1228 }
1229 break;
1230 case PF_NETLINK:
1231 switch (protocol) {
1232 case NETLINK_ROUTE:
1233 return SECCLASS_NETLINK_ROUTE_SOCKET;
1234 case NETLINK_SOCK_DIAG:
1235 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1236 case NETLINK_NFLOG:
1237 return SECCLASS_NETLINK_NFLOG_SOCKET;
1238 case NETLINK_XFRM:
1239 return SECCLASS_NETLINK_XFRM_SOCKET;
1240 case NETLINK_SELINUX:
1241 return SECCLASS_NETLINK_SELINUX_SOCKET;
1242 case NETLINK_ISCSI:
1243 return SECCLASS_NETLINK_ISCSI_SOCKET;
1244 case NETLINK_AUDIT:
1245 return SECCLASS_NETLINK_AUDIT_SOCKET;
1246 case NETLINK_FIB_LOOKUP:
1247 return SECCLASS_NETLINK_FIB_LOOKUP_SOCKET;
1248 case NETLINK_CONNECTOR:
1249 return SECCLASS_NETLINK_CONNECTOR_SOCKET;
1250 case NETLINK_NETFILTER:
1251 return SECCLASS_NETLINK_NETFILTER_SOCKET;
1252 case NETLINK_DNRTMSG:
1253 return SECCLASS_NETLINK_DNRT_SOCKET;
1254 case NETLINK_KOBJECT_UEVENT:
1255 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1256 case NETLINK_GENERIC:
1257 return SECCLASS_NETLINK_GENERIC_SOCKET;
1258 case NETLINK_SCSITRANSPORT:
1259 return SECCLASS_NETLINK_SCSITRANSPORT_SOCKET;
1260 case NETLINK_RDMA:
1261 return SECCLASS_NETLINK_RDMA_SOCKET;
1262 case NETLINK_CRYPTO:
1263 return SECCLASS_NETLINK_CRYPTO_SOCKET;
1264 default:
1265 return SECCLASS_NETLINK_SOCKET;
1266 }
1267 case PF_PACKET:
1268 return SECCLASS_PACKET_SOCKET;
1269 case PF_KEY:
1270 return SECCLASS_KEY_SOCKET;
1271 case PF_APPLETALK:
1272 return SECCLASS_APPLETALK_SOCKET;
1273 }
1274
1275 if (extsockclass) {
1276 switch (family) {
1277 case PF_AX25:
1278 return SECCLASS_AX25_SOCKET;
1279 case PF_IPX:
1280 return SECCLASS_IPX_SOCKET;
1281 case PF_NETROM:
1282 return SECCLASS_NETROM_SOCKET;
1283 case PF_ATMPVC:
1284 return SECCLASS_ATMPVC_SOCKET;
1285 case PF_X25:
1286 return SECCLASS_X25_SOCKET;
1287 case PF_ROSE:
1288 return SECCLASS_ROSE_SOCKET;
1289 case PF_DECnet:
1290 return SECCLASS_DECNET_SOCKET;
1291 case PF_ATMSVC:
1292 return SECCLASS_ATMSVC_SOCKET;
1293 case PF_RDS:
1294 return SECCLASS_RDS_SOCKET;
1295 case PF_IRDA:
1296 return SECCLASS_IRDA_SOCKET;
1297 case PF_PPPOX:
1298 return SECCLASS_PPPOX_SOCKET;
1299 case PF_LLC:
1300 return SECCLASS_LLC_SOCKET;
1301 case PF_CAN:
1302 return SECCLASS_CAN_SOCKET;
1303 case PF_TIPC:
1304 return SECCLASS_TIPC_SOCKET;
1305 case PF_BLUETOOTH:
1306 return SECCLASS_BLUETOOTH_SOCKET;
1307 case PF_IUCV:
1308 return SECCLASS_IUCV_SOCKET;
1309 case PF_RXRPC:
1310 return SECCLASS_RXRPC_SOCKET;
1311 case PF_ISDN:
1312 return SECCLASS_ISDN_SOCKET;
1313 case PF_PHONET:
1314 return SECCLASS_PHONET_SOCKET;
1315 case PF_IEEE802154:
1316 return SECCLASS_IEEE802154_SOCKET;
1317 case PF_CAIF:
1318 return SECCLASS_CAIF_SOCKET;
1319 case PF_ALG:
1320 return SECCLASS_ALG_SOCKET;
1321 case PF_NFC:
1322 return SECCLASS_NFC_SOCKET;
1323 case PF_VSOCK:
1324 return SECCLASS_VSOCK_SOCKET;
1325 case PF_KCM:
1326 return SECCLASS_KCM_SOCKET;
1327 case PF_QIPCRTR:
1328 return SECCLASS_QIPCRTR_SOCKET;
1329 case PF_SMC:
1330 return SECCLASS_SMC_SOCKET;
1331 case PF_XDP:
1332 return SECCLASS_XDP_SOCKET;
1333#if PF_MAX > 45
1334#error New address family defined, please update this function.
1335#endif
1336 }
1337 }
1338
1339 return SECCLASS_SOCKET;
1340}
1341
1342static int selinux_genfs_get_sid(struct dentry *dentry,
1343 u16 tclass,
1344 u16 flags,
1345 u32 *sid)
1346{
1347 int rc;
1348 struct super_block *sb = dentry->d_sb;
1349 char *buffer, *path;
1350
1351 buffer = (char *)__get_free_page(GFP_KERNEL);
1352 if (!buffer)
1353 return -ENOMEM;
1354
1355 path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
1356 if (IS_ERR(path))
1357 rc = PTR_ERR(path);
1358 else {
1359 if (flags & SE_SBPROC) {
1360
1361
1362
1363 while (path[1] >= '0' && path[1] <= '9') {
1364 path[1] = '/';
1365 path++;
1366 }
1367 }
1368 rc = security_genfs_sid(&selinux_state, sb->s_type->name,
1369 path, tclass, sid);
1370 if (rc == -ENOENT) {
1371
1372 *sid = SECINITSID_UNLABELED;
1373 rc = 0;
1374 }
1375 }
1376 free_page((unsigned long)buffer);
1377 return rc;
1378}
1379
1380static int inode_doinit_use_xattr(struct inode *inode, struct dentry *dentry,
1381 u32 def_sid, u32 *sid)
1382{
1383#define INITCONTEXTLEN 255
1384 char *context;
1385 unsigned int len;
1386 int rc;
1387
1388 len = INITCONTEXTLEN;
1389 context = kmalloc(len + 1, GFP_NOFS);
1390 if (!context)
1391 return -ENOMEM;
1392
1393 context[len] = '\0';
1394 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len);
1395 if (rc == -ERANGE) {
1396 kfree(context);
1397
1398
1399 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, NULL, 0);
1400 if (rc < 0)
1401 return rc;
1402
1403 len = rc;
1404 context = kmalloc(len + 1, GFP_NOFS);
1405 if (!context)
1406 return -ENOMEM;
1407
1408 context[len] = '\0';
1409 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX,
1410 context, len);
1411 }
1412 if (rc < 0) {
1413 kfree(context);
1414 if (rc != -ENODATA) {
1415 pr_warn("SELinux: %s: getxattr returned %d for dev=%s ino=%ld\n",
1416 __func__, -rc, inode->i_sb->s_id, inode->i_ino);
1417 return rc;
1418 }
1419 *sid = def_sid;
1420 return 0;
1421 }
1422
1423 rc = security_context_to_sid_default(&selinux_state, context, rc, sid,
1424 def_sid, GFP_NOFS);
1425 if (rc) {
1426 char *dev = inode->i_sb->s_id;
1427 unsigned long ino = inode->i_ino;
1428
1429 if (rc == -EINVAL) {
1430 pr_notice_ratelimited("SELinux: inode=%lu on dev=%s was found to have an invalid context=%s. This indicates you may need to relabel the inode or the filesystem in question.\n",
1431 ino, dev, context);
1432 } else {
1433 pr_warn("SELinux: %s: context_to_sid(%s) returned %d for dev=%s ino=%ld\n",
1434 __func__, context, -rc, dev, ino);
1435 }
1436 }
1437 kfree(context);
1438 return 0;
1439}
1440
1441
1442static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1443{
1444 struct superblock_security_struct *sbsec = NULL;
1445 struct inode_security_struct *isec = selinux_inode(inode);
1446 u32 task_sid, sid = 0;
1447 u16 sclass;
1448 struct dentry *dentry;
1449 int rc = 0;
1450
1451 if (isec->initialized == LABEL_INITIALIZED)
1452 return 0;
1453
1454 spin_lock(&isec->lock);
1455 if (isec->initialized == LABEL_INITIALIZED)
1456 goto out_unlock;
1457
1458 if (isec->sclass == SECCLASS_FILE)
1459 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1460
1461 sbsec = selinux_superblock(inode->i_sb);
1462 if (!(sbsec->flags & SE_SBINITIALIZED)) {
1463
1464
1465
1466 spin_lock(&sbsec->isec_lock);
1467 if (list_empty(&isec->list))
1468 list_add(&isec->list, &sbsec->isec_head);
1469 spin_unlock(&sbsec->isec_lock);
1470 goto out_unlock;
1471 }
1472
1473 sclass = isec->sclass;
1474 task_sid = isec->task_sid;
1475 sid = isec->sid;
1476 isec->initialized = LABEL_PENDING;
1477 spin_unlock(&isec->lock);
1478
1479 switch (sbsec->behavior) {
1480 case SECURITY_FS_USE_NATIVE:
1481 break;
1482 case SECURITY_FS_USE_XATTR:
1483 if (!(inode->i_opflags & IOP_XATTR)) {
1484 sid = sbsec->def_sid;
1485 break;
1486 }
1487
1488
1489 if (opt_dentry) {
1490
1491 dentry = dget(opt_dentry);
1492 } else {
1493
1494
1495
1496
1497
1498
1499 dentry = d_find_alias(inode);
1500 if (!dentry)
1501 dentry = d_find_any_alias(inode);
1502 }
1503 if (!dentry) {
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513 goto out_invalid;
1514 }
1515
1516 rc = inode_doinit_use_xattr(inode, dentry, sbsec->def_sid,
1517 &sid);
1518 dput(dentry);
1519 if (rc)
1520 goto out;
1521 break;
1522 case SECURITY_FS_USE_TASK:
1523 sid = task_sid;
1524 break;
1525 case SECURITY_FS_USE_TRANS:
1526
1527 sid = sbsec->sid;
1528
1529
1530 rc = security_transition_sid(&selinux_state, task_sid, sid,
1531 sclass, NULL, &sid);
1532 if (rc)
1533 goto out;
1534 break;
1535 case SECURITY_FS_USE_MNTPOINT:
1536 sid = sbsec->mntpoint_sid;
1537 break;
1538 default:
1539
1540 sid = sbsec->sid;
1541
1542 if ((sbsec->flags & SE_SBGENFS) &&
1543 (!S_ISLNK(inode->i_mode) ||
1544 selinux_policycap_genfs_seclabel_symlinks())) {
1545
1546
1547 if (opt_dentry) {
1548
1549
1550 dentry = dget(opt_dentry);
1551 } else {
1552
1553
1554
1555
1556 dentry = d_find_alias(inode);
1557 if (!dentry)
1558 dentry = d_find_any_alias(inode);
1559 }
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569 if (!dentry)
1570 goto out_invalid;
1571 rc = selinux_genfs_get_sid(dentry, sclass,
1572 sbsec->flags, &sid);
1573 if (rc) {
1574 dput(dentry);
1575 goto out;
1576 }
1577
1578 if ((sbsec->flags & SE_SBGENFS_XATTR) &&
1579 (inode->i_opflags & IOP_XATTR)) {
1580 rc = inode_doinit_use_xattr(inode, dentry,
1581 sid, &sid);
1582 if (rc) {
1583 dput(dentry);
1584 goto out;
1585 }
1586 }
1587 dput(dentry);
1588 }
1589 break;
1590 }
1591
1592out:
1593 spin_lock(&isec->lock);
1594 if (isec->initialized == LABEL_PENDING) {
1595 if (rc) {
1596 isec->initialized = LABEL_INVALID;
1597 goto out_unlock;
1598 }
1599 isec->initialized = LABEL_INITIALIZED;
1600 isec->sid = sid;
1601 }
1602
1603out_unlock:
1604 spin_unlock(&isec->lock);
1605 return rc;
1606
1607out_invalid:
1608 spin_lock(&isec->lock);
1609 if (isec->initialized == LABEL_PENDING) {
1610 isec->initialized = LABEL_INVALID;
1611 isec->sid = sid;
1612 }
1613 spin_unlock(&isec->lock);
1614 return 0;
1615}
1616
1617
1618static inline u32 signal_to_av(int sig)
1619{
1620 u32 perm = 0;
1621
1622 switch (sig) {
1623 case SIGCHLD:
1624
1625 perm = PROCESS__SIGCHLD;
1626 break;
1627 case SIGKILL:
1628
1629 perm = PROCESS__SIGKILL;
1630 break;
1631 case SIGSTOP:
1632
1633 perm = PROCESS__SIGSTOP;
1634 break;
1635 default:
1636
1637 perm = PROCESS__SIGNAL;
1638 break;
1639 }
1640
1641 return perm;
1642}
1643
1644#if CAP_LAST_CAP > 63
1645#error Fix SELinux to handle capabilities > 63.
1646#endif
1647
1648
1649static int cred_has_capability(const struct cred *cred,
1650 int cap, unsigned int opts, bool initns)
1651{
1652 struct common_audit_data ad;
1653 struct av_decision avd;
1654 u16 sclass;
1655 u32 sid = cred_sid(cred);
1656 u32 av = CAP_TO_MASK(cap);
1657 int rc;
1658
1659 ad.type = LSM_AUDIT_DATA_CAP;
1660 ad.u.cap = cap;
1661
1662 switch (CAP_TO_INDEX(cap)) {
1663 case 0:
1664 sclass = initns ? SECCLASS_CAPABILITY : SECCLASS_CAP_USERNS;
1665 break;
1666 case 1:
1667 sclass = initns ? SECCLASS_CAPABILITY2 : SECCLASS_CAP2_USERNS;
1668 break;
1669 default:
1670 pr_err("SELinux: out of range capability %d\n", cap);
1671 BUG();
1672 return -EINVAL;
1673 }
1674
1675 rc = avc_has_perm_noaudit(&selinux_state,
1676 sid, sid, sclass, av, 0, &avd);
1677 if (!(opts & CAP_OPT_NOAUDIT)) {
1678 int rc2 = avc_audit(&selinux_state,
1679 sid, sid, sclass, av, &avd, rc, &ad);
1680 if (rc2)
1681 return rc2;
1682 }
1683 return rc;
1684}
1685
1686
1687
1688
1689static int inode_has_perm(const struct cred *cred,
1690 struct inode *inode,
1691 u32 perms,
1692 struct common_audit_data *adp)
1693{
1694 struct inode_security_struct *isec;
1695 u32 sid;
1696
1697 validate_creds(cred);
1698
1699 if (unlikely(IS_PRIVATE(inode)))
1700 return 0;
1701
1702 sid = cred_sid(cred);
1703 isec = selinux_inode(inode);
1704
1705 return avc_has_perm(&selinux_state,
1706 sid, isec->sid, isec->sclass, perms, adp);
1707}
1708
1709
1710
1711
1712static inline int dentry_has_perm(const struct cred *cred,
1713 struct dentry *dentry,
1714 u32 av)
1715{
1716 struct inode *inode = d_backing_inode(dentry);
1717 struct common_audit_data ad;
1718
1719 ad.type = LSM_AUDIT_DATA_DENTRY;
1720 ad.u.dentry = dentry;
1721 __inode_security_revalidate(inode, dentry, true);
1722 return inode_has_perm(cred, inode, av, &ad);
1723}
1724
1725
1726
1727
1728static inline int path_has_perm(const struct cred *cred,
1729 const struct path *path,
1730 u32 av)
1731{
1732 struct inode *inode = d_backing_inode(path->dentry);
1733 struct common_audit_data ad;
1734
1735 ad.type = LSM_AUDIT_DATA_PATH;
1736 ad.u.path = *path;
1737 __inode_security_revalidate(inode, path->dentry, true);
1738 return inode_has_perm(cred, inode, av, &ad);
1739}
1740
1741
1742static inline int file_path_has_perm(const struct cred *cred,
1743 struct file *file,
1744 u32 av)
1745{
1746 struct common_audit_data ad;
1747
1748 ad.type = LSM_AUDIT_DATA_FILE;
1749 ad.u.file = file;
1750 return inode_has_perm(cred, file_inode(file), av, &ad);
1751}
1752
1753#ifdef CONFIG_BPF_SYSCALL
1754static int bpf_fd_pass(struct file *file, u32 sid);
1755#endif
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765static int file_has_perm(const struct cred *cred,
1766 struct file *file,
1767 u32 av)
1768{
1769 struct file_security_struct *fsec = selinux_file(file);
1770 struct inode *inode = file_inode(file);
1771 struct common_audit_data ad;
1772 u32 sid = cred_sid(cred);
1773 int rc;
1774
1775 ad.type = LSM_AUDIT_DATA_FILE;
1776 ad.u.file = file;
1777
1778 if (sid != fsec->sid) {
1779 rc = avc_has_perm(&selinux_state,
1780 sid, fsec->sid,
1781 SECCLASS_FD,
1782 FD__USE,
1783 &ad);
1784 if (rc)
1785 goto out;
1786 }
1787
1788#ifdef CONFIG_BPF_SYSCALL
1789 rc = bpf_fd_pass(file, cred_sid(cred));
1790 if (rc)
1791 return rc;
1792#endif
1793
1794
1795 rc = 0;
1796 if (av)
1797 rc = inode_has_perm(cred, inode, av, &ad);
1798
1799out:
1800 return rc;
1801}
1802
1803
1804
1805
1806static int
1807selinux_determine_inode_label(const struct task_security_struct *tsec,
1808 struct inode *dir,
1809 const struct qstr *name, u16 tclass,
1810 u32 *_new_isid)
1811{
1812 const struct superblock_security_struct *sbsec =
1813 selinux_superblock(dir->i_sb);
1814
1815 if ((sbsec->flags & SE_SBINITIALIZED) &&
1816 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) {
1817 *_new_isid = sbsec->mntpoint_sid;
1818 } else if ((sbsec->flags & SBLABEL_MNT) &&
1819 tsec->create_sid) {
1820 *_new_isid = tsec->create_sid;
1821 } else {
1822 const struct inode_security_struct *dsec = inode_security(dir);
1823 return security_transition_sid(&selinux_state, tsec->sid,
1824 dsec->sid, tclass,
1825 name, _new_isid);
1826 }
1827
1828 return 0;
1829}
1830
1831
1832static int may_create(struct inode *dir,
1833 struct dentry *dentry,
1834 u16 tclass)
1835{
1836 const struct task_security_struct *tsec = selinux_cred(current_cred());
1837 struct inode_security_struct *dsec;
1838 struct superblock_security_struct *sbsec;
1839 u32 sid, newsid;
1840 struct common_audit_data ad;
1841 int rc;
1842
1843 dsec = inode_security(dir);
1844 sbsec = selinux_superblock(dir->i_sb);
1845
1846 sid = tsec->sid;
1847
1848 ad.type = LSM_AUDIT_DATA_DENTRY;
1849 ad.u.dentry = dentry;
1850
1851 rc = avc_has_perm(&selinux_state,
1852 sid, dsec->sid, SECCLASS_DIR,
1853 DIR__ADD_NAME | DIR__SEARCH,
1854 &ad);
1855 if (rc)
1856 return rc;
1857
1858 rc = selinux_determine_inode_label(tsec, dir, &dentry->d_name, tclass,
1859 &newsid);
1860 if (rc)
1861 return rc;
1862
1863 rc = avc_has_perm(&selinux_state,
1864 sid, newsid, tclass, FILE__CREATE, &ad);
1865 if (rc)
1866 return rc;
1867
1868 return avc_has_perm(&selinux_state,
1869 newsid, sbsec->sid,
1870 SECCLASS_FILESYSTEM,
1871 FILESYSTEM__ASSOCIATE, &ad);
1872}
1873
1874#define MAY_LINK 0
1875#define MAY_UNLINK 1
1876#define MAY_RMDIR 2
1877
1878
1879static int may_link(struct inode *dir,
1880 struct dentry *dentry,
1881 int kind)
1882
1883{
1884 struct inode_security_struct *dsec, *isec;
1885 struct common_audit_data ad;
1886 u32 sid = current_sid();
1887 u32 av;
1888 int rc;
1889
1890 dsec = inode_security(dir);
1891 isec = backing_inode_security(dentry);
1892
1893 ad.type = LSM_AUDIT_DATA_DENTRY;
1894 ad.u.dentry = dentry;
1895
1896 av = DIR__SEARCH;
1897 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1898 rc = avc_has_perm(&selinux_state,
1899 sid, dsec->sid, SECCLASS_DIR, av, &ad);
1900 if (rc)
1901 return rc;
1902
1903 switch (kind) {
1904 case MAY_LINK:
1905 av = FILE__LINK;
1906 break;
1907 case MAY_UNLINK:
1908 av = FILE__UNLINK;
1909 break;
1910 case MAY_RMDIR:
1911 av = DIR__RMDIR;
1912 break;
1913 default:
1914 pr_warn("SELinux: %s: unrecognized kind %d\n",
1915 __func__, kind);
1916 return 0;
1917 }
1918
1919 rc = avc_has_perm(&selinux_state,
1920 sid, isec->sid, isec->sclass, av, &ad);
1921 return rc;
1922}
1923
1924static inline int may_rename(struct inode *old_dir,
1925 struct dentry *old_dentry,
1926 struct inode *new_dir,
1927 struct dentry *new_dentry)
1928{
1929 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1930 struct common_audit_data ad;
1931 u32 sid = current_sid();
1932 u32 av;
1933 int old_is_dir, new_is_dir;
1934 int rc;
1935
1936 old_dsec = inode_security(old_dir);
1937 old_isec = backing_inode_security(old_dentry);
1938 old_is_dir = d_is_dir(old_dentry);
1939 new_dsec = inode_security(new_dir);
1940
1941 ad.type = LSM_AUDIT_DATA_DENTRY;
1942
1943 ad.u.dentry = old_dentry;
1944 rc = avc_has_perm(&selinux_state,
1945 sid, old_dsec->sid, SECCLASS_DIR,
1946 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1947 if (rc)
1948 return rc;
1949 rc = avc_has_perm(&selinux_state,
1950 sid, old_isec->sid,
1951 old_isec->sclass, FILE__RENAME, &ad);
1952 if (rc)
1953 return rc;
1954 if (old_is_dir && new_dir != old_dir) {
1955 rc = avc_has_perm(&selinux_state,
1956 sid, old_isec->sid,
1957 old_isec->sclass, DIR__REPARENT, &ad);
1958 if (rc)
1959 return rc;
1960 }
1961
1962 ad.u.dentry = new_dentry;
1963 av = DIR__ADD_NAME | DIR__SEARCH;
1964 if (d_is_positive(new_dentry))
1965 av |= DIR__REMOVE_NAME;
1966 rc = avc_has_perm(&selinux_state,
1967 sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1968 if (rc)
1969 return rc;
1970 if (d_is_positive(new_dentry)) {
1971 new_isec = backing_inode_security(new_dentry);
1972 new_is_dir = d_is_dir(new_dentry);
1973 rc = avc_has_perm(&selinux_state,
1974 sid, new_isec->sid,
1975 new_isec->sclass,
1976 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1977 if (rc)
1978 return rc;
1979 }
1980
1981 return 0;
1982}
1983
1984
1985static int superblock_has_perm(const struct cred *cred,
1986 struct super_block *sb,
1987 u32 perms,
1988 struct common_audit_data *ad)
1989{
1990 struct superblock_security_struct *sbsec;
1991 u32 sid = cred_sid(cred);
1992
1993 sbsec = selinux_superblock(sb);
1994 return avc_has_perm(&selinux_state,
1995 sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
1996}
1997
1998
1999static inline u32 file_mask_to_av(int mode, int mask)
2000{
2001 u32 av = 0;
2002
2003 if (!S_ISDIR(mode)) {
2004 if (mask & MAY_EXEC)
2005 av |= FILE__EXECUTE;
2006 if (mask & MAY_READ)
2007 av |= FILE__READ;
2008
2009 if (mask & MAY_APPEND)
2010 av |= FILE__APPEND;
2011 else if (mask & MAY_WRITE)
2012 av |= FILE__WRITE;
2013
2014 } else {
2015 if (mask & MAY_EXEC)
2016 av |= DIR__SEARCH;
2017 if (mask & MAY_WRITE)
2018 av |= DIR__WRITE;
2019 if (mask & MAY_READ)
2020 av |= DIR__READ;
2021 }
2022
2023 return av;
2024}
2025
2026
2027static inline u32 file_to_av(struct file *file)
2028{
2029 u32 av = 0;
2030
2031 if (file->f_mode & FMODE_READ)
2032 av |= FILE__READ;
2033 if (file->f_mode & FMODE_WRITE) {
2034 if (file->f_flags & O_APPEND)
2035 av |= FILE__APPEND;
2036 else
2037 av |= FILE__WRITE;
2038 }
2039 if (!av) {
2040
2041
2042
2043 av = FILE__IOCTL;
2044 }
2045
2046 return av;
2047}
2048
2049
2050
2051
2052
2053static inline u32 open_file_to_av(struct file *file)
2054{
2055 u32 av = file_to_av(file);
2056 struct inode *inode = file_inode(file);
2057
2058 if (selinux_policycap_openperm() &&
2059 inode->i_sb->s_magic != SOCKFS_MAGIC)
2060 av |= FILE__OPEN;
2061
2062 return av;
2063}
2064
2065
2066
2067static int selinux_binder_set_context_mgr(struct task_struct *mgr)
2068{
2069 return avc_has_perm(&selinux_state,
2070 current_sid(), task_sid_binder(mgr), SECCLASS_BINDER,
2071 BINDER__SET_CONTEXT_MGR, NULL);
2072}
2073
2074static int selinux_binder_transaction(struct task_struct *from,
2075 struct task_struct *to)
2076{
2077 u32 mysid = current_sid();
2078 u32 fromsid = task_sid_binder(from);
2079 int rc;
2080
2081 if (mysid != fromsid) {
2082 rc = avc_has_perm(&selinux_state,
2083 mysid, fromsid, SECCLASS_BINDER,
2084 BINDER__IMPERSONATE, NULL);
2085 if (rc)
2086 return rc;
2087 }
2088
2089 return avc_has_perm(&selinux_state, fromsid, task_sid_binder(to),
2090 SECCLASS_BINDER, BINDER__CALL, NULL);
2091}
2092
2093static int selinux_binder_transfer_binder(struct task_struct *from,
2094 struct task_struct *to)
2095{
2096 return avc_has_perm(&selinux_state,
2097 task_sid_binder(from), task_sid_binder(to),
2098 SECCLASS_BINDER, BINDER__TRANSFER,
2099 NULL);
2100}
2101
2102static int selinux_binder_transfer_file(struct task_struct *from,
2103 struct task_struct *to,
2104 struct file *file)
2105{
2106 u32 sid = task_sid_binder(to);
2107 struct file_security_struct *fsec = selinux_file(file);
2108 struct dentry *dentry = file->f_path.dentry;
2109 struct inode_security_struct *isec;
2110 struct common_audit_data ad;
2111 int rc;
2112
2113 ad.type = LSM_AUDIT_DATA_PATH;
2114 ad.u.path = file->f_path;
2115
2116 if (sid != fsec->sid) {
2117 rc = avc_has_perm(&selinux_state,
2118 sid, fsec->sid,
2119 SECCLASS_FD,
2120 FD__USE,
2121 &ad);
2122 if (rc)
2123 return rc;
2124 }
2125
2126#ifdef CONFIG_BPF_SYSCALL
2127 rc = bpf_fd_pass(file, sid);
2128 if (rc)
2129 return rc;
2130#endif
2131
2132 if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2133 return 0;
2134
2135 isec = backing_inode_security(dentry);
2136 return avc_has_perm(&selinux_state,
2137 sid, isec->sid, isec->sclass, file_to_av(file),
2138 &ad);
2139}
2140
2141static int selinux_ptrace_access_check(struct task_struct *child,
2142 unsigned int mode)
2143{
2144 u32 sid = current_sid();
2145 u32 csid = task_sid_obj(child);
2146
2147 if (mode & PTRACE_MODE_READ)
2148 return avc_has_perm(&selinux_state,
2149 sid, csid, SECCLASS_FILE, FILE__READ, NULL);
2150
2151 return avc_has_perm(&selinux_state,
2152 sid, csid, SECCLASS_PROCESS, PROCESS__PTRACE, NULL);
2153}
2154
2155static int selinux_ptrace_traceme(struct task_struct *parent)
2156{
2157 return avc_has_perm(&selinux_state,
2158 task_sid_subj(parent), task_sid_obj(current),
2159 SECCLASS_PROCESS, PROCESS__PTRACE, NULL);
2160}
2161
2162static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
2163 kernel_cap_t *inheritable, kernel_cap_t *permitted)
2164{
2165 return avc_has_perm(&selinux_state,
2166 current_sid(), task_sid_obj(target), SECCLASS_PROCESS,
2167 PROCESS__GETCAP, NULL);
2168}
2169
2170static int selinux_capset(struct cred *new, const struct cred *old,
2171 const kernel_cap_t *effective,
2172 const kernel_cap_t *inheritable,
2173 const kernel_cap_t *permitted)
2174{
2175 return avc_has_perm(&selinux_state,
2176 cred_sid(old), cred_sid(new), SECCLASS_PROCESS,
2177 PROCESS__SETCAP, NULL);
2178}
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
2191 int cap, unsigned int opts)
2192{
2193 return cred_has_capability(cred, cap, opts, ns == &init_user_ns);
2194}
2195
2196static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
2197{
2198 const struct cred *cred = current_cred();
2199 int rc = 0;
2200
2201 if (!sb)
2202 return 0;
2203
2204 switch (cmds) {
2205 case Q_SYNC:
2206 case Q_QUOTAON:
2207 case Q_QUOTAOFF:
2208 case Q_SETINFO:
2209 case Q_SETQUOTA:
2210 case Q_XQUOTAOFF:
2211 case Q_XQUOTAON:
2212 case Q_XSETQLIM:
2213 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
2214 break;
2215 case Q_GETFMT:
2216 case Q_GETINFO:
2217 case Q_GETQUOTA:
2218 case Q_XGETQUOTA:
2219 case Q_XGETQSTAT:
2220 case Q_XGETQSTATV:
2221 case Q_XGETNEXTQUOTA:
2222 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
2223 break;
2224 default:
2225 rc = 0;
2226 break;
2227 }
2228 return rc;
2229}
2230
2231static int selinux_quota_on(struct dentry *dentry)
2232{
2233 const struct cred *cred = current_cred();
2234
2235 return dentry_has_perm(cred, dentry, FILE__QUOTAON);
2236}
2237
2238static int selinux_syslog(int type)
2239{
2240 switch (type) {
2241 case SYSLOG_ACTION_READ_ALL:
2242 case SYSLOG_ACTION_SIZE_BUFFER:
2243 return avc_has_perm(&selinux_state,
2244 current_sid(), SECINITSID_KERNEL,
2245 SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, NULL);
2246 case SYSLOG_ACTION_CONSOLE_OFF:
2247 case SYSLOG_ACTION_CONSOLE_ON:
2248
2249 case SYSLOG_ACTION_CONSOLE_LEVEL:
2250 return avc_has_perm(&selinux_state,
2251 current_sid(), SECINITSID_KERNEL,
2252 SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE,
2253 NULL);
2254 }
2255
2256 return avc_has_perm(&selinux_state,
2257 current_sid(), SECINITSID_KERNEL,
2258 SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, NULL);
2259}
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
2270{
2271 int rc, cap_sys_admin = 0;
2272
2273 rc = cred_has_capability(current_cred(), CAP_SYS_ADMIN,
2274 CAP_OPT_NOAUDIT, true);
2275 if (rc == 0)
2276 cap_sys_admin = 1;
2277
2278 return cap_sys_admin;
2279}
2280
2281
2282
2283static u32 ptrace_parent_sid(void)
2284{
2285 u32 sid = 0;
2286 struct task_struct *tracer;
2287
2288 rcu_read_lock();
2289 tracer = ptrace_parent(current);
2290 if (tracer)
2291 sid = task_sid_obj(tracer);
2292 rcu_read_unlock();
2293
2294 return sid;
2295}
2296
2297static int check_nnp_nosuid(const struct linux_binprm *bprm,
2298 const struct task_security_struct *old_tsec,
2299 const struct task_security_struct *new_tsec)
2300{
2301 int nnp = (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS);
2302 int nosuid = !mnt_may_suid(bprm->file->f_path.mnt);
2303 int rc;
2304 u32 av;
2305
2306 if (!nnp && !nosuid)
2307 return 0;
2308
2309 if (new_tsec->sid == old_tsec->sid)
2310 return 0;
2311
2312
2313
2314
2315
2316
2317
2318 if (selinux_policycap_nnp_nosuid_transition()) {
2319 av = 0;
2320 if (nnp)
2321 av |= PROCESS2__NNP_TRANSITION;
2322 if (nosuid)
2323 av |= PROCESS2__NOSUID_TRANSITION;
2324 rc = avc_has_perm(&selinux_state,
2325 old_tsec->sid, new_tsec->sid,
2326 SECCLASS_PROCESS2, av, NULL);
2327 if (!rc)
2328 return 0;
2329 }
2330
2331
2332
2333
2334
2335
2336 rc = security_bounded_transition(&selinux_state, old_tsec->sid,
2337 new_tsec->sid);
2338 if (!rc)
2339 return 0;
2340
2341
2342
2343
2344
2345
2346 if (nnp)
2347 return -EPERM;
2348 return -EACCES;
2349}
2350
2351static int selinux_bprm_creds_for_exec(struct linux_binprm *bprm)
2352{
2353 const struct task_security_struct *old_tsec;
2354 struct task_security_struct *new_tsec;
2355 struct inode_security_struct *isec;
2356 struct common_audit_data ad;
2357 struct inode *inode = file_inode(bprm->file);
2358 int rc;
2359
2360
2361
2362
2363 old_tsec = selinux_cred(current_cred());
2364 new_tsec = selinux_cred(bprm->cred);
2365 isec = inode_security(inode);
2366
2367
2368 new_tsec->sid = old_tsec->sid;
2369 new_tsec->osid = old_tsec->sid;
2370
2371
2372 new_tsec->create_sid = 0;
2373 new_tsec->keycreate_sid = 0;
2374 new_tsec->sockcreate_sid = 0;
2375
2376 if (old_tsec->exec_sid) {
2377 new_tsec->sid = old_tsec->exec_sid;
2378
2379 new_tsec->exec_sid = 0;
2380
2381
2382 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec);
2383 if (rc)
2384 return rc;
2385 } else {
2386
2387 rc = security_transition_sid(&selinux_state, old_tsec->sid,
2388 isec->sid, SECCLASS_PROCESS, NULL,
2389 &new_tsec->sid);
2390 if (rc)
2391 return rc;
2392
2393
2394
2395
2396
2397 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec);
2398 if (rc)
2399 new_tsec->sid = old_tsec->sid;
2400 }
2401
2402 ad.type = LSM_AUDIT_DATA_FILE;
2403 ad.u.file = bprm->file;
2404
2405 if (new_tsec->sid == old_tsec->sid) {
2406 rc = avc_has_perm(&selinux_state,
2407 old_tsec->sid, isec->sid,
2408 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2409 if (rc)
2410 return rc;
2411 } else {
2412
2413 rc = avc_has_perm(&selinux_state,
2414 old_tsec->sid, new_tsec->sid,
2415 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2416 if (rc)
2417 return rc;
2418
2419 rc = avc_has_perm(&selinux_state,
2420 new_tsec->sid, isec->sid,
2421 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2422 if (rc)
2423 return rc;
2424
2425
2426 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2427 rc = avc_has_perm(&selinux_state,
2428 old_tsec->sid, new_tsec->sid,
2429 SECCLASS_PROCESS, PROCESS__SHARE,
2430 NULL);
2431 if (rc)
2432 return -EPERM;
2433 }
2434
2435
2436
2437 if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
2438 u32 ptsid = ptrace_parent_sid();
2439 if (ptsid != 0) {
2440 rc = avc_has_perm(&selinux_state,
2441 ptsid, new_tsec->sid,
2442 SECCLASS_PROCESS,
2443 PROCESS__PTRACE, NULL);
2444 if (rc)
2445 return -EPERM;
2446 }
2447 }
2448
2449
2450 bprm->per_clear |= PER_CLEAR_ON_SETID;
2451
2452
2453
2454
2455 rc = avc_has_perm(&selinux_state,
2456 old_tsec->sid, new_tsec->sid,
2457 SECCLASS_PROCESS, PROCESS__NOATSECURE,
2458 NULL);
2459 bprm->secureexec |= !!rc;
2460 }
2461
2462 return 0;
2463}
2464
2465static int match_file(const void *p, struct file *file, unsigned fd)
2466{
2467 return file_has_perm(p, file, file_to_av(file)) ? fd + 1 : 0;
2468}
2469
2470
2471static inline void flush_unauthorized_files(const struct cred *cred,
2472 struct files_struct *files)
2473{
2474 struct file *file, *devnull = NULL;
2475 struct tty_struct *tty;
2476 int drop_tty = 0;
2477 unsigned n;
2478
2479 tty = get_current_tty();
2480 if (tty) {
2481 spin_lock(&tty->files_lock);
2482 if (!list_empty(&tty->tty_files)) {
2483 struct tty_file_private *file_priv;
2484
2485
2486
2487
2488
2489
2490 file_priv = list_first_entry(&tty->tty_files,
2491 struct tty_file_private, list);
2492 file = file_priv->file;
2493 if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))
2494 drop_tty = 1;
2495 }
2496 spin_unlock(&tty->files_lock);
2497 tty_kref_put(tty);
2498 }
2499
2500 if (drop_tty)
2501 no_tty();
2502
2503
2504 n = iterate_fd(files, 0, match_file, cred);
2505 if (!n)
2506 return;
2507
2508 devnull = dentry_open(&selinux_null, O_RDWR, cred);
2509 if (IS_ERR(devnull))
2510 devnull = NULL;
2511
2512 do {
2513 replace_fd(n - 1, devnull, 0);
2514 } while ((n = iterate_fd(files, n, match_file, cred)) != 0);
2515 if (devnull)
2516 fput(devnull);
2517}
2518
2519
2520
2521
2522static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2523{
2524 struct task_security_struct *new_tsec;
2525 struct rlimit *rlim, *initrlim;
2526 int rc, i;
2527
2528 new_tsec = selinux_cred(bprm->cred);
2529 if (new_tsec->sid == new_tsec->osid)
2530 return;
2531
2532
2533 flush_unauthorized_files(bprm->cred, current->files);
2534
2535
2536 current->pdeath_signal = 0;
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548 rc = avc_has_perm(&selinux_state,
2549 new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2550 PROCESS__RLIMITINH, NULL);
2551 if (rc) {
2552
2553 task_lock(current);
2554 for (i = 0; i < RLIM_NLIMITS; i++) {
2555 rlim = current->signal->rlim + i;
2556 initrlim = init_task.signal->rlim + i;
2557 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2558 }
2559 task_unlock(current);
2560 if (IS_ENABLED(CONFIG_POSIX_TIMERS))
2561 update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
2562 }
2563}
2564
2565
2566
2567
2568
2569static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2570{
2571 const struct task_security_struct *tsec = selinux_cred(current_cred());
2572 u32 osid, sid;
2573 int rc;
2574
2575 osid = tsec->osid;
2576 sid = tsec->sid;
2577
2578 if (sid == osid)
2579 return;
2580
2581
2582
2583
2584
2585
2586
2587
2588 rc = avc_has_perm(&selinux_state,
2589 osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2590 if (rc) {
2591 clear_itimer();
2592
2593 spin_lock_irq(¤t->sighand->siglock);
2594 if (!fatal_signal_pending(current)) {
2595 flush_sigqueue(¤t->pending);
2596 flush_sigqueue(¤t->signal->shared_pending);
2597 flush_signal_handlers(current, 1);
2598 sigemptyset(¤t->blocked);
2599 recalc_sigpending();
2600 }
2601 spin_unlock_irq(¤t->sighand->siglock);
2602 }
2603
2604
2605
2606 read_lock(&tasklist_lock);
2607 __wake_up_parent(current, current->real_parent);
2608 read_unlock(&tasklist_lock);
2609}
2610
2611
2612
2613static int selinux_sb_alloc_security(struct super_block *sb)
2614{
2615 struct superblock_security_struct *sbsec = selinux_superblock(sb);
2616
2617 mutex_init(&sbsec->lock);
2618 INIT_LIST_HEAD(&sbsec->isec_head);
2619 spin_lock_init(&sbsec->isec_lock);
2620 sbsec->sid = SECINITSID_UNLABELED;
2621 sbsec->def_sid = SECINITSID_FILE;
2622 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
2623
2624 return 0;
2625}
2626
2627static inline int opt_len(const char *s)
2628{
2629 bool open_quote = false;
2630 int len;
2631 char c;
2632
2633 for (len = 0; (c = s[len]) != '\0'; len++) {
2634 if (c == '"')
2635 open_quote = !open_quote;
2636 if (c == ',' && !open_quote)
2637 break;
2638 }
2639 return len;
2640}
2641
2642static int selinux_sb_eat_lsm_opts(char *options, void **mnt_opts)
2643{
2644 char *from = options;
2645 char *to = options;
2646 bool first = true;
2647 int rc;
2648
2649 while (1) {
2650 int len = opt_len(from);
2651 int token;
2652 char *arg = NULL;
2653
2654 token = match_opt_prefix(from, len, &arg);
2655
2656 if (token != Opt_error) {
2657 char *p, *q;
2658
2659
2660 if (arg) {
2661 for (p = q = arg; p < from + len; p++) {
2662 char c = *p;
2663 if (c != '"')
2664 *q++ = c;
2665 }
2666 arg = kmemdup_nul(arg, q - arg, GFP_KERNEL);
2667 if (!arg) {
2668 rc = -ENOMEM;
2669 goto free_opt;
2670 }
2671 }
2672 rc = selinux_add_opt(token, arg, mnt_opts);
2673 if (unlikely(rc)) {
2674 kfree(arg);
2675 goto free_opt;
2676 }
2677 } else {
2678 if (!first) {
2679 from--;
2680 len++;
2681 }
2682 if (to != from)
2683 memmove(to, from, len);
2684 to += len;
2685 first = false;
2686 }
2687 if (!from[len])
2688 break;
2689 from += len + 1;
2690 }
2691 *to = '\0';
2692 return 0;
2693
2694free_opt:
2695 if (*mnt_opts) {
2696 selinux_free_mnt_opts(*mnt_opts);
2697 *mnt_opts = NULL;
2698 }
2699 return rc;
2700}
2701
2702static int selinux_sb_mnt_opts_compat(struct super_block *sb, void *mnt_opts)
2703{
2704 struct selinux_mnt_opts *opts = mnt_opts;
2705 struct superblock_security_struct *sbsec = sb->s_security;
2706 u32 sid;
2707 int rc;
2708
2709
2710
2711
2712
2713 if (!(sbsec->flags & SE_SBINITIALIZED))
2714 return opts ? 1 : 0;
2715
2716
2717
2718
2719
2720 if (!opts)
2721 return (sbsec->flags & SE_MNTMASK) ? 1 : 0;
2722
2723 if (opts->fscontext) {
2724 rc = parse_sid(sb, opts->fscontext, &sid);
2725 if (rc)
2726 return 1;
2727 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
2728 return 1;
2729 }
2730 if (opts->context) {
2731 rc = parse_sid(sb, opts->context, &sid);
2732 if (rc)
2733 return 1;
2734 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
2735 return 1;
2736 }
2737 if (opts->rootcontext) {
2738 struct inode_security_struct *root_isec;
2739
2740 root_isec = backing_inode_security(sb->s_root);
2741 rc = parse_sid(sb, opts->rootcontext, &sid);
2742 if (rc)
2743 return 1;
2744 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
2745 return 1;
2746 }
2747 if (opts->defcontext) {
2748 rc = parse_sid(sb, opts->defcontext, &sid);
2749 if (rc)
2750 return 1;
2751 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
2752 return 1;
2753 }
2754 return 0;
2755}
2756
2757static int selinux_sb_remount(struct super_block *sb, void *mnt_opts)
2758{
2759 struct selinux_mnt_opts *opts = mnt_opts;
2760 struct superblock_security_struct *sbsec = selinux_superblock(sb);
2761 u32 sid;
2762 int rc;
2763
2764 if (!(sbsec->flags & SE_SBINITIALIZED))
2765 return 0;
2766
2767 if (!opts)
2768 return 0;
2769
2770 if (opts->fscontext) {
2771 rc = parse_sid(sb, opts->fscontext, &sid);
2772 if (rc)
2773 return rc;
2774 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
2775 goto out_bad_option;
2776 }
2777 if (opts->context) {
2778 rc = parse_sid(sb, opts->context, &sid);
2779 if (rc)
2780 return rc;
2781 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
2782 goto out_bad_option;
2783 }
2784 if (opts->rootcontext) {
2785 struct inode_security_struct *root_isec;
2786 root_isec = backing_inode_security(sb->s_root);
2787 rc = parse_sid(sb, opts->rootcontext, &sid);
2788 if (rc)
2789 return rc;
2790 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
2791 goto out_bad_option;
2792 }
2793 if (opts->defcontext) {
2794 rc = parse_sid(sb, opts->defcontext, &sid);
2795 if (rc)
2796 return rc;
2797 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
2798 goto out_bad_option;
2799 }
2800 return 0;
2801
2802out_bad_option:
2803 pr_warn("SELinux: unable to change security options "
2804 "during remount (dev %s, type=%s)\n", sb->s_id,
2805 sb->s_type->name);
2806 return -EINVAL;
2807}
2808
2809static int selinux_sb_kern_mount(struct super_block *sb)
2810{
2811 const struct cred *cred = current_cred();
2812 struct common_audit_data ad;
2813
2814 ad.type = LSM_AUDIT_DATA_DENTRY;
2815 ad.u.dentry = sb->s_root;
2816 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2817}
2818
2819static int selinux_sb_statfs(struct dentry *dentry)
2820{
2821 const struct cred *cred = current_cred();
2822 struct common_audit_data ad;
2823
2824 ad.type = LSM_AUDIT_DATA_DENTRY;
2825 ad.u.dentry = dentry->d_sb->s_root;
2826 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2827}
2828
2829static int selinux_mount(const char *dev_name,
2830 const struct path *path,
2831 const char *type,
2832 unsigned long flags,
2833 void *data)
2834{
2835 const struct cred *cred = current_cred();
2836
2837 if (flags & MS_REMOUNT)
2838 return superblock_has_perm(cred, path->dentry->d_sb,
2839 FILESYSTEM__REMOUNT, NULL);
2840 else
2841 return path_has_perm(cred, path, FILE__MOUNTON);
2842}
2843
2844static int selinux_move_mount(const struct path *from_path,
2845 const struct path *to_path)
2846{
2847 const struct cred *cred = current_cred();
2848
2849 return path_has_perm(cred, to_path, FILE__MOUNTON);
2850}
2851
2852static int selinux_umount(struct vfsmount *mnt, int flags)
2853{
2854 const struct cred *cred = current_cred();
2855
2856 return superblock_has_perm(cred, mnt->mnt_sb,
2857 FILESYSTEM__UNMOUNT, NULL);
2858}
2859
2860static int selinux_fs_context_dup(struct fs_context *fc,
2861 struct fs_context *src_fc)
2862{
2863 const struct selinux_mnt_opts *src = src_fc->security;
2864 struct selinux_mnt_opts *opts;
2865
2866 if (!src)
2867 return 0;
2868
2869 fc->security = kzalloc(sizeof(struct selinux_mnt_opts), GFP_KERNEL);
2870 if (!fc->security)
2871 return -ENOMEM;
2872
2873 opts = fc->security;
2874
2875 if (src->fscontext) {
2876 opts->fscontext = kstrdup(src->fscontext, GFP_KERNEL);
2877 if (!opts->fscontext)
2878 return -ENOMEM;
2879 }
2880 if (src->context) {
2881 opts->context = kstrdup(src->context, GFP_KERNEL);
2882 if (!opts->context)
2883 return -ENOMEM;
2884 }
2885 if (src->rootcontext) {
2886 opts->rootcontext = kstrdup(src->rootcontext, GFP_KERNEL);
2887 if (!opts->rootcontext)
2888 return -ENOMEM;
2889 }
2890 if (src->defcontext) {
2891 opts->defcontext = kstrdup(src->defcontext, GFP_KERNEL);
2892 if (!opts->defcontext)
2893 return -ENOMEM;
2894 }
2895 return 0;
2896}
2897
2898static const struct fs_parameter_spec selinux_fs_parameters[] = {
2899 fsparam_string(CONTEXT_STR, Opt_context),
2900 fsparam_string(DEFCONTEXT_STR, Opt_defcontext),
2901 fsparam_string(FSCONTEXT_STR, Opt_fscontext),
2902 fsparam_string(ROOTCONTEXT_STR, Opt_rootcontext),
2903 fsparam_flag (SECLABEL_STR, Opt_seclabel),
2904 {}
2905};
2906
2907static int selinux_fs_context_parse_param(struct fs_context *fc,
2908 struct fs_parameter *param)
2909{
2910 struct fs_parse_result result;
2911 int opt, rc;
2912
2913 opt = fs_parse(fc, selinux_fs_parameters, param, &result);
2914 if (opt < 0)
2915 return opt;
2916
2917 rc = selinux_add_opt(opt, param->string, &fc->security);
2918 if (!rc) {
2919 param->string = NULL;
2920 rc = 1;
2921 }
2922 return rc;
2923}
2924
2925
2926
2927static int selinux_inode_alloc_security(struct inode *inode)
2928{
2929 struct inode_security_struct *isec = selinux_inode(inode);
2930 u32 sid = current_sid();
2931
2932 spin_lock_init(&isec->lock);
2933 INIT_LIST_HEAD(&isec->list);
2934 isec->inode = inode;
2935 isec->sid = SECINITSID_UNLABELED;
2936 isec->sclass = SECCLASS_FILE;
2937 isec->task_sid = sid;
2938 isec->initialized = LABEL_INVALID;
2939
2940 return 0;
2941}
2942
2943static void selinux_inode_free_security(struct inode *inode)
2944{
2945 inode_free_security(inode);
2946}
2947
2948static int selinux_dentry_init_security(struct dentry *dentry, int mode,
2949 const struct qstr *name, void **ctx,
2950 u32 *ctxlen)
2951{
2952 u32 newsid;
2953 int rc;
2954
2955 rc = selinux_determine_inode_label(selinux_cred(current_cred()),
2956 d_inode(dentry->d_parent), name,
2957 inode_mode_to_security_class(mode),
2958 &newsid);
2959 if (rc)
2960 return rc;
2961
2962 return security_sid_to_context(&selinux_state, newsid, (char **)ctx,
2963 ctxlen);
2964}
2965
2966static int selinux_dentry_create_files_as(struct dentry *dentry, int mode,
2967 struct qstr *name,
2968 const struct cred *old,
2969 struct cred *new)
2970{
2971 u32 newsid;
2972 int rc;
2973 struct task_security_struct *tsec;
2974
2975 rc = selinux_determine_inode_label(selinux_cred(old),
2976 d_inode(dentry->d_parent), name,
2977 inode_mode_to_security_class(mode),
2978 &newsid);
2979 if (rc)
2980 return rc;
2981
2982 tsec = selinux_cred(new);
2983 tsec->create_sid = newsid;
2984 return 0;
2985}
2986
2987static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2988 const struct qstr *qstr,
2989 const char **name,
2990 void **value, size_t *len)
2991{
2992 const struct task_security_struct *tsec = selinux_cred(current_cred());
2993 struct superblock_security_struct *sbsec;
2994 u32 newsid, clen;
2995 int rc;
2996 char *context;
2997
2998 sbsec = selinux_superblock(dir->i_sb);
2999
3000 newsid = tsec->create_sid;
3001
3002 rc = selinux_determine_inode_label(tsec, dir, qstr,
3003 inode_mode_to_security_class(inode->i_mode),
3004 &newsid);
3005 if (rc)
3006 return rc;
3007
3008
3009 if (sbsec->flags & SE_SBINITIALIZED) {
3010 struct inode_security_struct *isec = selinux_inode(inode);
3011 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3012 isec->sid = newsid;
3013 isec->initialized = LABEL_INITIALIZED;
3014 }
3015
3016 if (!selinux_initialized(&selinux_state) ||
3017 !(sbsec->flags & SBLABEL_MNT))
3018 return -EOPNOTSUPP;
3019
3020 if (name)
3021 *name = XATTR_SELINUX_SUFFIX;
3022
3023 if (value && len) {
3024 rc = security_sid_to_context_force(&selinux_state, newsid,
3025 &context, &clen);
3026 if (rc)
3027 return rc;
3028 *value = context;
3029 *len = clen;
3030 }
3031
3032 return 0;
3033}
3034
3035static int selinux_inode_init_security_anon(struct inode *inode,
3036 const struct qstr *name,
3037 const struct inode *context_inode)
3038{
3039 const struct task_security_struct *tsec = selinux_cred(current_cred());
3040 struct common_audit_data ad;
3041 struct inode_security_struct *isec;
3042 int rc;
3043
3044 if (unlikely(!selinux_initialized(&selinux_state)))
3045 return 0;
3046
3047 isec = selinux_inode(inode);
3048
3049
3050
3051
3052
3053
3054
3055 if (context_inode) {
3056 struct inode_security_struct *context_isec =
3057 selinux_inode(context_inode);
3058 if (context_isec->initialized != LABEL_INITIALIZED) {
3059 pr_err("SELinux: context_inode is not initialized");
3060 return -EACCES;
3061 }
3062
3063 isec->sclass = context_isec->sclass;
3064 isec->sid = context_isec->sid;
3065 } else {
3066 isec->sclass = SECCLASS_ANON_INODE;
3067 rc = security_transition_sid(
3068 &selinux_state, tsec->sid, tsec->sid,
3069 isec->sclass, name, &isec->sid);
3070 if (rc)
3071 return rc;
3072 }
3073
3074 isec->initialized = LABEL_INITIALIZED;
3075
3076
3077
3078
3079
3080 ad.type = LSM_AUDIT_DATA_INODE;
3081 ad.u.inode = inode;
3082
3083 return avc_has_perm(&selinux_state,
3084 tsec->sid,
3085 isec->sid,
3086 isec->sclass,
3087 FILE__CREATE,
3088 &ad);
3089}
3090
3091static int selinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
3092{
3093 return may_create(dir, dentry, SECCLASS_FILE);
3094}
3095
3096static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
3097{
3098 return may_link(dir, old_dentry, MAY_LINK);
3099}
3100
3101static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
3102{
3103 return may_link(dir, dentry, MAY_UNLINK);
3104}
3105
3106static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
3107{
3108 return may_create(dir, dentry, SECCLASS_LNK_FILE);
3109}
3110
3111static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask)
3112{
3113 return may_create(dir, dentry, SECCLASS_DIR);
3114}
3115
3116static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
3117{
3118 return may_link(dir, dentry, MAY_RMDIR);
3119}
3120
3121static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
3122{
3123 return may_create(dir, dentry, inode_mode_to_security_class(mode));
3124}
3125
3126static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
3127 struct inode *new_inode, struct dentry *new_dentry)
3128{
3129 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
3130}
3131
3132static int selinux_inode_readlink(struct dentry *dentry)
3133{
3134 const struct cred *cred = current_cred();
3135
3136 return dentry_has_perm(cred, dentry, FILE__READ);
3137}
3138
3139static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
3140 bool rcu)
3141{
3142 const struct cred *cred = current_cred();
3143 struct common_audit_data ad;
3144 struct inode_security_struct *isec;
3145 u32 sid;
3146
3147 validate_creds(cred);
3148
3149 ad.type = LSM_AUDIT_DATA_DENTRY;
3150 ad.u.dentry = dentry;
3151 sid = cred_sid(cred);
3152 isec = inode_security_rcu(inode, rcu);
3153 if (IS_ERR(isec))
3154 return PTR_ERR(isec);
3155
3156 return avc_has_perm(&selinux_state,
3157 sid, isec->sid, isec->sclass, FILE__READ, &ad);
3158}
3159
3160static noinline int audit_inode_permission(struct inode *inode,
3161 u32 perms, u32 audited, u32 denied,
3162 int result)
3163{
3164 struct common_audit_data ad;
3165 struct inode_security_struct *isec = selinux_inode(inode);
3166
3167 ad.type = LSM_AUDIT_DATA_INODE;
3168 ad.u.inode = inode;
3169
3170 return slow_avc_audit(&selinux_state,
3171 current_sid(), isec->sid, isec->sclass, perms,
3172 audited, denied, result, &ad);
3173}
3174
3175static int selinux_inode_permission(struct inode *inode, int mask)
3176{
3177 const struct cred *cred = current_cred();
3178 u32 perms;
3179 bool from_access;
3180 bool no_block = mask & MAY_NOT_BLOCK;
3181 struct inode_security_struct *isec;
3182 u32 sid;
3183 struct av_decision avd;
3184 int rc, rc2;
3185 u32 audited, denied;
3186
3187 from_access = mask & MAY_ACCESS;
3188 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
3189
3190
3191 if (!mask)
3192 return 0;
3193
3194 validate_creds(cred);
3195
3196 if (unlikely(IS_PRIVATE(inode)))
3197 return 0;
3198
3199 perms = file_mask_to_av(inode->i_mode, mask);
3200
3201 sid = cred_sid(cred);
3202 isec = inode_security_rcu(inode, no_block);
3203 if (IS_ERR(isec))
3204 return PTR_ERR(isec);
3205
3206 rc = avc_has_perm_noaudit(&selinux_state,
3207 sid, isec->sid, isec->sclass, perms, 0,
3208 &avd);
3209 audited = avc_audit_required(perms, &avd, rc,
3210 from_access ? FILE__AUDIT_ACCESS : 0,
3211 &denied);
3212 if (likely(!audited))
3213 return rc;
3214
3215 rc2 = audit_inode_permission(inode, perms, audited, denied, rc);
3216 if (rc2)
3217 return rc2;
3218 return rc;
3219}
3220
3221static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
3222{
3223 const struct cred *cred = current_cred();
3224 struct inode *inode = d_backing_inode(dentry);
3225 unsigned int ia_valid = iattr->ia_valid;
3226 __u32 av = FILE__WRITE;
3227
3228
3229 if (ia_valid & ATTR_FORCE) {
3230 ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE |
3231 ATTR_FORCE);
3232 if (!ia_valid)
3233 return 0;
3234 }
3235
3236 if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
3237 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
3238 return dentry_has_perm(cred, dentry, FILE__SETATTR);
3239
3240 if (selinux_policycap_openperm() &&
3241 inode->i_sb->s_magic != SOCKFS_MAGIC &&
3242 (ia_valid & ATTR_SIZE) &&
3243 !(ia_valid & ATTR_FILE))
3244 av |= FILE__OPEN;
3245
3246 return dentry_has_perm(cred, dentry, av);
3247}
3248
3249static int selinux_inode_getattr(const struct path *path)
3250{
3251 return path_has_perm(current_cred(), path, FILE__GETATTR);
3252}
3253
3254static bool has_cap_mac_admin(bool audit)
3255{
3256 const struct cred *cred = current_cred();
3257 unsigned int opts = audit ? CAP_OPT_NONE : CAP_OPT_NOAUDIT;
3258
3259 if (cap_capable(cred, &init_user_ns, CAP_MAC_ADMIN, opts))
3260 return false;
3261 if (cred_has_capability(cred, CAP_MAC_ADMIN, opts, true))
3262 return false;
3263 return true;
3264}
3265
3266static int selinux_inode_setxattr(struct user_namespace *mnt_userns,
3267 struct dentry *dentry, const char *name,
3268 const void *value, size_t size, int flags)
3269{
3270 struct inode *inode = d_backing_inode(dentry);
3271 struct inode_security_struct *isec;
3272 struct superblock_security_struct *sbsec;
3273 struct common_audit_data ad;
3274 u32 newsid, sid = current_sid();
3275 int rc = 0;
3276
3277 if (strcmp(name, XATTR_NAME_SELINUX)) {
3278 rc = cap_inode_setxattr(dentry, name, value, size, flags);
3279 if (rc)
3280 return rc;
3281
3282
3283
3284 return dentry_has_perm(current_cred(), dentry, FILE__SETATTR);
3285 }
3286
3287 if (!selinux_initialized(&selinux_state))
3288 return (inode_owner_or_capable(mnt_userns, inode) ? 0 : -EPERM);
3289
3290 sbsec = selinux_superblock(inode->i_sb);
3291 if (!(sbsec->flags & SBLABEL_MNT))
3292 return -EOPNOTSUPP;
3293
3294 if (!inode_owner_or_capable(mnt_userns, inode))
3295 return -EPERM;
3296
3297 ad.type = LSM_AUDIT_DATA_DENTRY;
3298 ad.u.dentry = dentry;
3299
3300 isec = backing_inode_security(dentry);
3301 rc = avc_has_perm(&selinux_state,
3302 sid, isec->sid, isec->sclass,
3303 FILE__RELABELFROM, &ad);
3304 if (rc)
3305 return rc;
3306
3307 rc = security_context_to_sid(&selinux_state, value, size, &newsid,
3308 GFP_KERNEL);
3309 if (rc == -EINVAL) {
3310 if (!has_cap_mac_admin(true)) {
3311 struct audit_buffer *ab;
3312 size_t audit_size;
3313
3314
3315
3316 if (value) {
3317 const char *str = value;
3318
3319 if (str[size - 1] == '\0')
3320 audit_size = size - 1;
3321 else
3322 audit_size = size;
3323 } else {
3324 audit_size = 0;
3325 }
3326 ab = audit_log_start(audit_context(),
3327 GFP_ATOMIC, AUDIT_SELINUX_ERR);
3328 audit_log_format(ab, "op=setxattr invalid_context=");
3329 audit_log_n_untrustedstring(ab, value, audit_size);
3330 audit_log_end(ab);
3331
3332 return rc;
3333 }
3334 rc = security_context_to_sid_force(&selinux_state, value,
3335 size, &newsid);
3336 }
3337 if (rc)
3338 return rc;
3339
3340 rc = avc_has_perm(&selinux_state,
3341 sid, newsid, isec->sclass,
3342 FILE__RELABELTO, &ad);
3343 if (rc)
3344 return rc;
3345
3346 rc = security_validate_transition(&selinux_state, isec->sid, newsid,
3347 sid, isec->sclass);
3348 if (rc)
3349 return rc;
3350
3351 return avc_has_perm(&selinux_state,
3352 newsid,
3353 sbsec->sid,
3354 SECCLASS_FILESYSTEM,
3355 FILESYSTEM__ASSOCIATE,
3356 &ad);
3357}
3358
3359static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
3360 const void *value, size_t size,
3361 int flags)
3362{
3363 struct inode *inode = d_backing_inode(dentry);
3364 struct inode_security_struct *isec;
3365 u32 newsid;
3366 int rc;
3367
3368 if (strcmp(name, XATTR_NAME_SELINUX)) {
3369
3370 return;
3371 }
3372
3373 if (!selinux_initialized(&selinux_state)) {
3374
3375
3376
3377
3378
3379 return;
3380 }
3381
3382 rc = security_context_to_sid_force(&selinux_state, value, size,
3383 &newsid);
3384 if (rc) {
3385 pr_err("SELinux: unable to map context to SID"
3386 "for (%s, %lu), rc=%d\n",
3387 inode->i_sb->s_id, inode->i_ino, -rc);
3388 return;
3389 }
3390
3391 isec = backing_inode_security(dentry);
3392 spin_lock(&isec->lock);
3393 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3394 isec->sid = newsid;
3395 isec->initialized = LABEL_INITIALIZED;
3396 spin_unlock(&isec->lock);
3397
3398 return;
3399}
3400
3401static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
3402{
3403 const struct cred *cred = current_cred();
3404
3405 return dentry_has_perm(cred, dentry, FILE__GETATTR);
3406}
3407
3408static int selinux_inode_listxattr(struct dentry *dentry)
3409{
3410 const struct cred *cred = current_cred();
3411
3412 return dentry_has_perm(cred, dentry, FILE__GETATTR);
3413}
3414
3415static int selinux_inode_removexattr(struct user_namespace *mnt_userns,
3416 struct dentry *dentry, const char *name)
3417{
3418 if (strcmp(name, XATTR_NAME_SELINUX)) {
3419 int rc = cap_inode_removexattr(mnt_userns, dentry, name);
3420 if (rc)
3421 return rc;
3422
3423
3424
3425 return dentry_has_perm(current_cred(), dentry, FILE__SETATTR);
3426 }
3427
3428 if (!selinux_initialized(&selinux_state))
3429 return 0;
3430
3431
3432
3433 return -EACCES;
3434}
3435
3436static int selinux_path_notify(const struct path *path, u64 mask,
3437 unsigned int obj_type)
3438{
3439 int ret;
3440 u32 perm;
3441
3442 struct common_audit_data ad;
3443
3444 ad.type = LSM_AUDIT_DATA_PATH;
3445 ad.u.path = *path;
3446
3447
3448
3449
3450
3451 switch (obj_type) {
3452 case FSNOTIFY_OBJ_TYPE_VFSMOUNT:
3453 perm = FILE__WATCH_MOUNT;
3454 break;
3455 case FSNOTIFY_OBJ_TYPE_SB:
3456 perm = FILE__WATCH_SB;
3457 ret = superblock_has_perm(current_cred(), path->dentry->d_sb,
3458 FILESYSTEM__WATCH, &ad);
3459 if (ret)
3460 return ret;
3461 break;
3462 case FSNOTIFY_OBJ_TYPE_INODE:
3463 perm = FILE__WATCH;
3464 break;
3465 default:
3466 return -EINVAL;
3467 }
3468
3469
3470 if (mask & (ALL_FSNOTIFY_PERM_EVENTS))
3471 perm |= FILE__WATCH_WITH_PERM;
3472
3473
3474 if (mask & (FS_ACCESS | FS_ACCESS_PERM | FS_CLOSE_NOWRITE))
3475 perm |= FILE__WATCH_READS;
3476
3477 return path_has_perm(current_cred(), path, perm);
3478}
3479
3480
3481
3482
3483
3484
3485static int selinux_inode_getsecurity(struct user_namespace *mnt_userns,
3486 struct inode *inode, const char *name,
3487 void **buffer, bool alloc)
3488{
3489 u32 size;
3490 int error;
3491 char *context = NULL;
3492 struct inode_security_struct *isec;
3493
3494
3495
3496
3497
3498 if (!selinux_initialized(&selinux_state) ||
3499 strcmp(name, XATTR_SELINUX_SUFFIX))
3500 return -EOPNOTSUPP;
3501
3502
3503
3504
3505
3506
3507
3508
3509
3510
3511 isec = inode_security(inode);
3512 if (has_cap_mac_admin(false))
3513 error = security_sid_to_context_force(&selinux_state,
3514 isec->sid, &context,
3515 &size);
3516 else
3517 error = security_sid_to_context(&selinux_state, isec->sid,
3518 &context, &size);
3519 if (error)
3520 return error;
3521 error = size;
3522 if (alloc) {
3523 *buffer = context;
3524 goto out_nofree;
3525 }
3526 kfree(context);
3527out_nofree:
3528 return error;
3529}
3530
3531static int selinux_inode_setsecurity(struct inode *inode, const char *name,
3532 const void *value, size_t size, int flags)
3533{
3534 struct inode_security_struct *isec = inode_security_novalidate(inode);
3535 struct superblock_security_struct *sbsec;
3536 u32 newsid;
3537 int rc;
3538
3539 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3540 return -EOPNOTSUPP;
3541
3542 sbsec = selinux_superblock(inode->i_sb);
3543 if (!(sbsec->flags & SBLABEL_MNT))
3544 return -EOPNOTSUPP;
3545
3546 if (!value || !size)
3547 return -EACCES;
3548
3549 rc = security_context_to_sid(&selinux_state, value, size, &newsid,
3550 GFP_KERNEL);
3551 if (rc)
3552 return rc;
3553
3554 spin_lock(&isec->lock);
3555 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3556 isec->sid = newsid;
3557 isec->initialized = LABEL_INITIALIZED;
3558 spin_unlock(&isec->lock);
3559 return 0;
3560}
3561
3562static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
3563{
3564 const int len = sizeof(XATTR_NAME_SELINUX);
3565
3566 if (!selinux_initialized(&selinux_state))
3567 return 0;
3568
3569 if (buffer && len <= buffer_size)
3570 memcpy(buffer, XATTR_NAME_SELINUX, len);
3571 return len;
3572}
3573
3574static void selinux_inode_getsecid(struct inode *inode, u32 *secid)
3575{
3576 struct inode_security_struct *isec = inode_security_novalidate(inode);
3577 *secid = isec->sid;
3578}
3579
3580static int selinux_inode_copy_up(struct dentry *src, struct cred **new)
3581{
3582 u32 sid;
3583 struct task_security_struct *tsec;
3584 struct cred *new_creds = *new;
3585
3586 if (new_creds == NULL) {
3587 new_creds = prepare_creds();
3588 if (!new_creds)
3589 return -ENOMEM;
3590 }
3591
3592 tsec = selinux_cred(new_creds);
3593
3594 selinux_inode_getsecid(d_inode(src), &sid);
3595 tsec->create_sid = sid;
3596 *new = new_creds;
3597 return 0;
3598}
3599
3600static int selinux_inode_copy_up_xattr(const char *name)
3601{
3602
3603
3604
3605
3606 if (strcmp(name, XATTR_NAME_SELINUX) == 0)
3607 return 1;
3608
3609
3610
3611
3612 return -EOPNOTSUPP;
3613}
3614
3615
3616
3617static int selinux_kernfs_init_security(struct kernfs_node *kn_dir,
3618 struct kernfs_node *kn)
3619{
3620 const struct task_security_struct *tsec = selinux_cred(current_cred());
3621 u32 parent_sid, newsid, clen;
3622 int rc;
3623 char *context;
3624
3625 rc = kernfs_xattr_get(kn_dir, XATTR_NAME_SELINUX, NULL, 0);
3626 if (rc == -ENODATA)
3627 return 0;
3628 else if (rc < 0)
3629 return rc;
3630
3631 clen = (u32)rc;
3632 context = kmalloc(clen, GFP_KERNEL);
3633 if (!context)
3634 return -ENOMEM;
3635
3636 rc = kernfs_xattr_get(kn_dir, XATTR_NAME_SELINUX, context, clen);
3637 if (rc < 0) {
3638 kfree(context);
3639 return rc;
3640 }
3641
3642 rc = security_context_to_sid(&selinux_state, context, clen, &parent_sid,
3643 GFP_KERNEL);
3644 kfree(context);
3645 if (rc)
3646 return rc;
3647
3648 if (tsec->create_sid) {
3649 newsid = tsec->create_sid;
3650 } else {
3651 u16 secclass = inode_mode_to_security_class(kn->mode);
3652 struct qstr q;
3653
3654 q.name = kn->name;
3655 q.hash_len = hashlen_string(kn_dir, kn->name);
3656
3657 rc = security_transition_sid(&selinux_state, tsec->sid,
3658 parent_sid, secclass, &q,
3659 &newsid);
3660 if (rc)
3661 return rc;
3662 }
3663
3664 rc = security_sid_to_context_force(&selinux_state, newsid,
3665 &context, &clen);
3666 if (rc)
3667 return rc;
3668
3669 rc = kernfs_xattr_set(kn, XATTR_NAME_SELINUX, context, clen,
3670 XATTR_CREATE);
3671 kfree(context);
3672 return rc;
3673}
3674
3675
3676
3677
3678static int selinux_revalidate_file_permission(struct file *file, int mask)
3679{
3680 const struct cred *cred = current_cred();
3681 struct inode *inode = file_inode(file);
3682
3683
3684 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
3685 mask |= MAY_APPEND;
3686
3687 return file_has_perm(cred, file,
3688 file_mask_to_av(inode->i_mode, mask));
3689}
3690
3691static int selinux_file_permission(struct file *file, int mask)
3692{
3693 struct inode *inode = file_inode(file);
3694 struct file_security_struct *fsec = selinux_file(file);
3695 struct inode_security_struct *isec;
3696 u32 sid = current_sid();
3697
3698 if (!mask)
3699
3700 return 0;
3701
3702 isec = inode_security(inode);
3703 if (sid == fsec->sid && fsec->isid == isec->sid &&
3704 fsec->pseqno == avc_policy_seqno(&selinux_state))
3705
3706 return 0;
3707
3708 return selinux_revalidate_file_permission(file, mask);
3709}
3710
3711static int selinux_file_alloc_security(struct file *file)
3712{
3713 struct file_security_struct *fsec = selinux_file(file);
3714 u32 sid = current_sid();
3715
3716 fsec->sid = sid;
3717 fsec->fown_sid = sid;
3718
3719 return 0;
3720}
3721
3722
3723
3724
3725
3726static int ioctl_has_perm(const struct cred *cred, struct file *file,
3727 u32 requested, u16 cmd)
3728{
3729 struct common_audit_data ad;
3730 struct file_security_struct *fsec = selinux_file(file);
3731 struct inode *inode = file_inode(file);
3732 struct inode_security_struct *isec;
3733 struct lsm_ioctlop_audit ioctl;
3734 u32 ssid = cred_sid(cred);
3735 int rc;
3736 u8 driver = cmd >> 8;
3737 u8 xperm = cmd & 0xff;
3738
3739 ad.type = LSM_AUDIT_DATA_IOCTL_OP;
3740 ad.u.op = &ioctl;
3741 ad.u.op->cmd = cmd;
3742 ad.u.op->path = file->f_path;
3743
3744 if (ssid != fsec->sid) {
3745 rc = avc_has_perm(&selinux_state,
3746 ssid, fsec->sid,
3747 SECCLASS_FD,
3748 FD__USE,
3749 &ad);
3750 if (rc)
3751 goto out;
3752 }
3753
3754 if (unlikely(IS_PRIVATE(inode)))
3755 return 0;
3756
3757 isec = inode_security(inode);
3758 rc = avc_has_extended_perms(&selinux_state,
3759 ssid, isec->sid, isec->sclass,
3760 requested, driver, xperm, &ad);
3761out:
3762 return rc;
3763}
3764
3765static int selinux_file_ioctl(struct file *file, unsigned int cmd,
3766 unsigned long arg)
3767{
3768 const struct cred *cred = current_cred();
3769 int error = 0;
3770
3771 switch (cmd) {
3772 case FIONREAD:
3773 case FIBMAP:
3774 case FIGETBSZ:
3775 case FS_IOC_GETFLAGS:
3776 case FS_IOC_GETVERSION:
3777 error = file_has_perm(cred, file, FILE__GETATTR);
3778 break;
3779
3780 case FS_IOC_SETFLAGS:
3781 case FS_IOC_SETVERSION:
3782 error = file_has_perm(cred, file, FILE__SETATTR);
3783 break;
3784
3785
3786 case FIONBIO:
3787 case FIOASYNC:
3788 error = file_has_perm(cred, file, 0);
3789 break;
3790
3791 case KDSKBENT:
3792 case KDSKBSENT:
3793 error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG,
3794 CAP_OPT_NONE, true);
3795 break;
3796
3797
3798
3799
3800 default:
3801 error = ioctl_has_perm(cred, file, FILE__IOCTL, (u16) cmd);
3802 }
3803 return error;
3804}
3805
3806static int default_noexec __ro_after_init;
3807
3808static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
3809{
3810 const struct cred *cred = current_cred();
3811 u32 sid = cred_sid(cred);
3812 int rc = 0;
3813
3814 if (default_noexec &&
3815 (prot & PROT_EXEC) && (!file || IS_PRIVATE(file_inode(file)) ||
3816 (!shared && (prot & PROT_WRITE)))) {
3817
3818
3819
3820
3821
3822 rc = avc_has_perm(&selinux_state,
3823 sid, sid, SECCLASS_PROCESS,
3824 PROCESS__EXECMEM, NULL);
3825 if (rc)
3826 goto error;
3827 }
3828
3829 if (file) {
3830
3831 u32 av = FILE__READ;
3832
3833
3834 if (shared && (prot & PROT_WRITE))
3835 av |= FILE__WRITE;
3836
3837 if (prot & PROT_EXEC)
3838 av |= FILE__EXECUTE;
3839
3840 return file_has_perm(cred, file, av);
3841 }
3842
3843error:
3844 return rc;
3845}
3846
3847static int selinux_mmap_addr(unsigned long addr)
3848{
3849 int rc = 0;
3850
3851 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
3852 u32 sid = current_sid();
3853 rc = avc_has_perm(&selinux_state,
3854 sid, sid, SECCLASS_MEMPROTECT,
3855 MEMPROTECT__MMAP_ZERO, NULL);
3856 }
3857
3858 return rc;
3859}
3860
3861static int selinux_mmap_file(struct file *file, unsigned long reqprot,
3862 unsigned long prot, unsigned long flags)
3863{
3864 struct common_audit_data ad;
3865 int rc;
3866
3867 if (file) {
3868 ad.type = LSM_AUDIT_DATA_FILE;
3869 ad.u.file = file;
3870 rc = inode_has_perm(current_cred(), file_inode(file),
3871 FILE__MAP, &ad);
3872 if (rc)
3873 return rc;
3874 }
3875
3876 if (checkreqprot_get(&selinux_state))
3877 prot = reqprot;
3878
3879 return file_map_prot_check(file, prot,
3880 (flags & MAP_TYPE) == MAP_SHARED);
3881}
3882
3883static int selinux_file_mprotect(struct vm_area_struct *vma,
3884 unsigned long reqprot,
3885 unsigned long prot)
3886{
3887 const struct cred *cred = current_cred();
3888 u32 sid = cred_sid(cred);
3889
3890 if (checkreqprot_get(&selinux_state))
3891 prot = reqprot;
3892
3893 if (default_noexec &&
3894 (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3895 int rc = 0;
3896 if (vma->vm_start >= vma->vm_mm->start_brk &&
3897 vma->vm_end <= vma->vm_mm->brk) {
3898 rc = avc_has_perm(&selinux_state,
3899 sid, sid, SECCLASS_PROCESS,
3900 PROCESS__EXECHEAP, NULL);
3901 } else if (!vma->vm_file &&
3902 ((vma->vm_start <= vma->vm_mm->start_stack &&
3903 vma->vm_end >= vma->vm_mm->start_stack) ||
3904 vma_is_stack_for_current(vma))) {
3905 rc = avc_has_perm(&selinux_state,
3906 sid, sid, SECCLASS_PROCESS,
3907 PROCESS__EXECSTACK, NULL);
3908 } else if (vma->vm_file && vma->anon_vma) {
3909
3910
3911
3912
3913
3914
3915
3916 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3917 }
3918 if (rc)
3919 return rc;
3920 }
3921
3922 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3923}
3924
3925static int selinux_file_lock(struct file *file, unsigned int cmd)
3926{
3927 const struct cred *cred = current_cred();
3928
3929 return file_has_perm(cred, file, FILE__LOCK);
3930}
3931
3932static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3933 unsigned long arg)
3934{
3935 const struct cred *cred = current_cred();
3936 int err = 0;
3937
3938 switch (cmd) {
3939 case F_SETFL:
3940 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3941 err = file_has_perm(cred, file, FILE__WRITE);
3942 break;
3943 }
3944 fallthrough;
3945 case F_SETOWN:
3946 case F_SETSIG:
3947 case F_GETFL:
3948 case F_GETOWN:
3949 case F_GETSIG:
3950 case F_GETOWNER_UIDS:
3951
3952 err = file_has_perm(cred, file, 0);
3953 break;
3954 case F_GETLK:
3955 case F_SETLK:
3956 case F_SETLKW:
3957 case F_OFD_GETLK:
3958 case F_OFD_SETLK:
3959 case F_OFD_SETLKW:
3960#if BITS_PER_LONG == 32
3961 case F_GETLK64:
3962 case F_SETLK64:
3963 case F_SETLKW64:
3964#endif
3965 err = file_has_perm(cred, file, FILE__LOCK);
3966 break;
3967 }
3968
3969 return err;
3970}
3971
3972static void selinux_file_set_fowner(struct file *file)
3973{
3974 struct file_security_struct *fsec;
3975
3976 fsec = selinux_file(file);
3977 fsec->fown_sid = current_sid();
3978}
3979
3980static int selinux_file_send_sigiotask(struct task_struct *tsk,
3981 struct fown_struct *fown, int signum)
3982{
3983 struct file *file;
3984 u32 sid = task_sid_obj(tsk);
3985 u32 perm;
3986 struct file_security_struct *fsec;
3987
3988
3989 file = container_of(fown, struct file, f_owner);
3990
3991 fsec = selinux_file(file);
3992
3993 if (!signum)
3994 perm = signal_to_av(SIGIO);
3995 else
3996 perm = signal_to_av(signum);
3997
3998 return avc_has_perm(&selinux_state,
3999 fsec->fown_sid, sid,
4000 SECCLASS_PROCESS, perm, NULL);
4001}
4002
4003static int selinux_file_receive(struct file *file)
4004{
4005 const struct cred *cred = current_cred();
4006
4007 return file_has_perm(cred, file, file_to_av(file));
4008}
4009
4010static int selinux_file_open(struct file *file)
4011{
4012 struct file_security_struct *fsec;
4013 struct inode_security_struct *isec;
4014
4015 fsec = selinux_file(file);
4016 isec = inode_security(file_inode(file));
4017
4018
4019
4020
4021
4022
4023
4024 fsec->isid = isec->sid;
4025 fsec->pseqno = avc_policy_seqno(&selinux_state);
4026
4027
4028
4029
4030
4031
4032
4033
4034 return file_path_has_perm(file->f_cred, file, open_file_to_av(file));
4035}
4036
4037
4038
4039static int selinux_task_alloc(struct task_struct *task,
4040 unsigned long clone_flags)
4041{
4042 u32 sid = current_sid();
4043
4044 return avc_has_perm(&selinux_state,
4045 sid, sid, SECCLASS_PROCESS, PROCESS__FORK, NULL);
4046}
4047
4048
4049
4050
4051static int selinux_cred_prepare(struct cred *new, const struct cred *old,
4052 gfp_t gfp)
4053{
4054 const struct task_security_struct *old_tsec = selinux_cred(old);
4055 struct task_security_struct *tsec = selinux_cred(new);
4056
4057 *tsec = *old_tsec;
4058 return 0;
4059}
4060
4061
4062
4063
4064static void selinux_cred_transfer(struct cred *new, const struct cred *old)
4065{
4066 const struct task_security_struct *old_tsec = selinux_cred(old);
4067 struct task_security_struct *tsec = selinux_cred(new);
4068
4069 *tsec = *old_tsec;
4070}
4071
4072static void selinux_cred_getsecid(const struct cred *c, u32 *secid)
4073{
4074 *secid = cred_sid(c);
4075}
4076
4077
4078
4079
4080
4081static int selinux_kernel_act_as(struct cred *new, u32 secid)
4082{
4083 struct task_security_struct *tsec = selinux_cred(new);
4084 u32 sid = current_sid();
4085 int ret;
4086
4087 ret = avc_has_perm(&selinux_state,
4088 sid, secid,
4089 SECCLASS_KERNEL_SERVICE,
4090 KERNEL_SERVICE__USE_AS_OVERRIDE,
4091 NULL);
4092 if (ret == 0) {
4093 tsec->sid = secid;
4094 tsec->create_sid = 0;
4095 tsec->keycreate_sid = 0;
4096 tsec->sockcreate_sid = 0;
4097 }
4098 return ret;
4099}
4100
4101
4102
4103
4104
4105static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
4106{
4107 struct inode_security_struct *isec = inode_security(inode);
4108 struct task_security_struct *tsec = selinux_cred(new);
4109 u32 sid = current_sid();
4110 int ret;
4111
4112 ret = avc_has_perm(&selinux_state,
4113 sid, isec->sid,
4114 SECCLASS_KERNEL_SERVICE,
4115 KERNEL_SERVICE__CREATE_FILES_AS,
4116 NULL);
4117
4118 if (ret == 0)
4119 tsec->create_sid = isec->sid;
4120 return ret;
4121}
4122
4123static int selinux_kernel_module_request(char *kmod_name)
4124{
4125 struct common_audit_data ad;
4126
4127 ad.type = LSM_AUDIT_DATA_KMOD;
4128 ad.u.kmod_name = kmod_name;
4129
4130 return avc_has_perm(&selinux_state,
4131 current_sid(), SECINITSID_KERNEL, SECCLASS_SYSTEM,
4132 SYSTEM__MODULE_REQUEST, &ad);
4133}
4134
4135static int selinux_kernel_module_from_file(struct file *file)
4136{
4137 struct common_audit_data ad;
4138 struct inode_security_struct *isec;
4139 struct file_security_struct *fsec;
4140 u32 sid = current_sid();
4141 int rc;
4142
4143
4144 if (file == NULL)
4145 return avc_has_perm(&selinux_state,
4146 sid, sid, SECCLASS_SYSTEM,
4147 SYSTEM__MODULE_LOAD, NULL);
4148
4149
4150
4151 ad.type = LSM_AUDIT_DATA_FILE;
4152 ad.u.file = file;
4153
4154 fsec = selinux_file(file);
4155 if (sid != fsec->sid) {
4156 rc = avc_has_perm(&selinux_state,
4157 sid, fsec->sid, SECCLASS_FD, FD__USE, &ad);
4158 if (rc)
4159 return rc;
4160 }
4161
4162 isec = inode_security(file_inode(file));
4163 return avc_has_perm(&selinux_state,
4164 sid, isec->sid, SECCLASS_SYSTEM,
4165 SYSTEM__MODULE_LOAD, &ad);
4166}
4167
4168static int selinux_kernel_read_file(struct file *file,
4169 enum kernel_read_file_id id,
4170 bool contents)
4171{
4172 int rc = 0;
4173
4174 switch (id) {
4175 case READING_MODULE:
4176 rc = selinux_kernel_module_from_file(contents ? file : NULL);
4177 break;
4178 default:
4179 break;
4180 }
4181
4182 return rc;
4183}
4184
4185static int selinux_kernel_load_data(enum kernel_load_data_id id, bool contents)
4186{
4187 int rc = 0;
4188
4189 switch (id) {
4190 case LOADING_MODULE:
4191 rc = selinux_kernel_module_from_file(NULL);
4192 break;
4193 default:
4194 break;
4195 }
4196
4197 return rc;
4198}
4199
4200static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
4201{
4202 return avc_has_perm(&selinux_state,
4203 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4204 PROCESS__SETPGID, NULL);
4205}
4206
4207static int selinux_task_getpgid(struct task_struct *p)
4208{
4209 return avc_has_perm(&selinux_state,
4210 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4211 PROCESS__GETPGID, NULL);
4212}
4213
4214static int selinux_task_getsid(struct task_struct *p)
4215{
4216 return avc_has_perm(&selinux_state,
4217 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4218 PROCESS__GETSESSION, NULL);
4219}
4220
4221static void selinux_task_getsecid_subj(struct task_struct *p, u32 *secid)
4222{
4223 *secid = task_sid_subj(p);
4224}
4225
4226static void selinux_task_getsecid_obj(struct task_struct *p, u32 *secid)
4227{
4228 *secid = task_sid_obj(p);
4229}
4230
4231static int selinux_task_setnice(struct task_struct *p, int nice)
4232{
4233 return avc_has_perm(&selinux_state,
4234 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4235 PROCESS__SETSCHED, NULL);
4236}
4237
4238static int selinux_task_setioprio(struct task_struct *p, int ioprio)
4239{
4240 return avc_has_perm(&selinux_state,
4241 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4242 PROCESS__SETSCHED, NULL);
4243}
4244
4245static int selinux_task_getioprio(struct task_struct *p)
4246{
4247 return avc_has_perm(&selinux_state,
4248 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4249 PROCESS__GETSCHED, NULL);
4250}
4251
4252static int selinux_task_prlimit(const struct cred *cred, const struct cred *tcred,
4253 unsigned int flags)
4254{
4255 u32 av = 0;
4256
4257 if (!flags)
4258 return 0;
4259 if (flags & LSM_PRLIMIT_WRITE)
4260 av |= PROCESS__SETRLIMIT;
4261 if (flags & LSM_PRLIMIT_READ)
4262 av |= PROCESS__GETRLIMIT;
4263 return avc_has_perm(&selinux_state,
4264 cred_sid(cred), cred_sid(tcred),
4265 SECCLASS_PROCESS, av, NULL);
4266}
4267
4268static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
4269 struct rlimit *new_rlim)
4270{
4271 struct rlimit *old_rlim = p->signal->rlim + resource;
4272
4273
4274
4275
4276
4277 if (old_rlim->rlim_max != new_rlim->rlim_max)
4278 return avc_has_perm(&selinux_state,
4279 current_sid(), task_sid_obj(p),
4280 SECCLASS_PROCESS, PROCESS__SETRLIMIT, NULL);
4281
4282 return 0;
4283}
4284
4285static int selinux_task_setscheduler(struct task_struct *p)
4286{
4287 return avc_has_perm(&selinux_state,
4288 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4289 PROCESS__SETSCHED, NULL);
4290}
4291
4292static int selinux_task_getscheduler(struct task_struct *p)
4293{
4294 return avc_has_perm(&selinux_state,
4295 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4296 PROCESS__GETSCHED, NULL);
4297}
4298
4299static int selinux_task_movememory(struct task_struct *p)
4300{
4301 return avc_has_perm(&selinux_state,
4302 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4303 PROCESS__SETSCHED, NULL);
4304}
4305
4306static int selinux_task_kill(struct task_struct *p, struct kernel_siginfo *info,
4307 int sig, const struct cred *cred)
4308{
4309 u32 secid;
4310 u32 perm;
4311
4312 if (!sig)
4313 perm = PROCESS__SIGNULL;
4314 else
4315 perm = signal_to_av(sig);
4316 if (!cred)
4317 secid = current_sid();
4318 else
4319 secid = cred_sid(cred);
4320 return avc_has_perm(&selinux_state,
4321 secid, task_sid_obj(p), SECCLASS_PROCESS, perm, NULL);
4322}
4323
4324static void selinux_task_to_inode(struct task_struct *p,
4325 struct inode *inode)
4326{
4327 struct inode_security_struct *isec = selinux_inode(inode);
4328 u32 sid = task_sid_obj(p);
4329
4330 spin_lock(&isec->lock);
4331 isec->sclass = inode_mode_to_security_class(inode->i_mode);
4332 isec->sid = sid;
4333 isec->initialized = LABEL_INITIALIZED;
4334 spin_unlock(&isec->lock);
4335}
4336
4337
4338static int selinux_parse_skb_ipv4(struct sk_buff *skb,
4339 struct common_audit_data *ad, u8 *proto)
4340{
4341 int offset, ihlen, ret = -EINVAL;
4342 struct iphdr _iph, *ih;
4343
4344 offset = skb_network_offset(skb);
4345 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
4346 if (ih == NULL)
4347 goto out;
4348
4349 ihlen = ih->ihl * 4;
4350 if (ihlen < sizeof(_iph))
4351 goto out;
4352
4353 ad->u.net->v4info.saddr = ih->saddr;
4354 ad->u.net->v4info.daddr = ih->daddr;
4355 ret = 0;
4356
4357 if (proto)
4358 *proto = ih->protocol;
4359
4360 switch (ih->protocol) {
4361 case IPPROTO_TCP: {
4362 struct tcphdr _tcph, *th;
4363
4364 if (ntohs(ih->frag_off) & IP_OFFSET)
4365 break;
4366
4367 offset += ihlen;
4368 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
4369 if (th == NULL)
4370 break;
4371
4372 ad->u.net->sport = th->source;
4373 ad->u.net->dport = th->dest;
4374 break;
4375 }
4376
4377 case IPPROTO_UDP: {
4378 struct udphdr _udph, *uh;
4379
4380 if (ntohs(ih->frag_off) & IP_OFFSET)
4381 break;
4382
4383 offset += ihlen;
4384 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
4385 if (uh == NULL)
4386 break;
4387
4388 ad->u.net->sport = uh->source;
4389 ad->u.net->dport = uh->dest;
4390 break;
4391 }
4392
4393 case IPPROTO_DCCP: {
4394 struct dccp_hdr _dccph, *dh;
4395
4396 if (ntohs(ih->frag_off) & IP_OFFSET)
4397 break;
4398
4399 offset += ihlen;
4400 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
4401 if (dh == NULL)
4402 break;
4403
4404 ad->u.net->sport = dh->dccph_sport;
4405 ad->u.net->dport = dh->dccph_dport;
4406 break;
4407 }
4408
4409#if IS_ENABLED(CONFIG_IP_SCTP)
4410 case IPPROTO_SCTP: {
4411 struct sctphdr _sctph, *sh;
4412
4413 if (ntohs(ih->frag_off) & IP_OFFSET)
4414 break;
4415
4416 offset += ihlen;
4417 sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);
4418 if (sh == NULL)
4419 break;
4420
4421 ad->u.net->sport = sh->source;
4422 ad->u.net->dport = sh->dest;
4423 break;
4424 }
4425#endif
4426 default:
4427 break;
4428 }
4429out:
4430 return ret;
4431}
4432
4433#if IS_ENABLED(CONFIG_IPV6)
4434
4435
4436static int selinux_parse_skb_ipv6(struct sk_buff *skb,
4437 struct common_audit_data *ad, u8 *proto)
4438{
4439 u8 nexthdr;
4440 int ret = -EINVAL, offset;
4441 struct ipv6hdr _ipv6h, *ip6;
4442 __be16 frag_off;
4443
4444 offset = skb_network_offset(skb);
4445 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
4446 if (ip6 == NULL)
4447 goto out;
4448
4449 ad->u.net->v6info.saddr = ip6->saddr;
4450 ad->u.net->v6info.daddr = ip6->daddr;
4451 ret = 0;
4452
4453 nexthdr = ip6->nexthdr;
4454 offset += sizeof(_ipv6h);
4455 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
4456 if (offset < 0)
4457 goto out;
4458
4459 if (proto)
4460 *proto = nexthdr;
4461
4462 switch (nexthdr) {
4463 case IPPROTO_TCP: {
4464 struct tcphdr _tcph, *th;
4465
4466 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
4467 if (th == NULL)
4468 break;
4469
4470 ad->u.net->sport = th->source;
4471 ad->u.net->dport = th->dest;
4472 break;
4473 }
4474
4475 case IPPROTO_UDP: {
4476 struct udphdr _udph, *uh;
4477
4478 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
4479 if (uh == NULL)
4480 break;
4481
4482 ad->u.net->sport = uh->source;
4483 ad->u.net->dport = uh->dest;
4484 break;
4485 }
4486
4487 case IPPROTO_DCCP: {
4488 struct dccp_hdr _dccph, *dh;
4489
4490 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
4491 if (dh == NULL)
4492 break;
4493
4494 ad->u.net->sport = dh->dccph_sport;
4495 ad->u.net->dport = dh->dccph_dport;
4496 break;
4497 }
4498
4499#if IS_ENABLED(CONFIG_IP_SCTP)
4500 case IPPROTO_SCTP: {
4501 struct sctphdr _sctph, *sh;
4502
4503 sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);
4504 if (sh == NULL)
4505 break;
4506
4507 ad->u.net->sport = sh->source;
4508 ad->u.net->dport = sh->dest;
4509 break;
4510 }
4511#endif
4512
4513 default:
4514 break;
4515 }
4516out:
4517 return ret;
4518}
4519
4520#endif
4521
4522static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
4523 char **_addrp, int src, u8 *proto)
4524{
4525 char *addrp;
4526 int ret;
4527
4528 switch (ad->u.net->family) {
4529 case PF_INET:
4530 ret = selinux_parse_skb_ipv4(skb, ad, proto);
4531 if (ret)
4532 goto parse_error;
4533 addrp = (char *)(src ? &ad->u.net->v4info.saddr :
4534 &ad->u.net->v4info.daddr);
4535 goto okay;
4536
4537#if IS_ENABLED(CONFIG_IPV6)
4538 case PF_INET6:
4539 ret = selinux_parse_skb_ipv6(skb, ad, proto);
4540 if (ret)
4541 goto parse_error;
4542 addrp = (char *)(src ? &ad->u.net->v6info.saddr :
4543 &ad->u.net->v6info.daddr);
4544 goto okay;
4545#endif
4546 default:
4547 addrp = NULL;
4548 goto okay;
4549 }
4550
4551parse_error:
4552 pr_warn(
4553 "SELinux: failure in selinux_parse_skb(),"
4554 " unable to parse packet\n");
4555 return ret;
4556
4557okay:
4558 if (_addrp)
4559 *_addrp = addrp;
4560 return 0;
4561}
4562
4563
4564
4565
4566
4567
4568
4569
4570
4571
4572
4573
4574
4575
4576
4577
4578static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
4579{
4580 int err;
4581 u32 xfrm_sid;
4582 u32 nlbl_sid;
4583 u32 nlbl_type;
4584
4585 err = selinux_xfrm_skb_sid(skb, &xfrm_sid);
4586 if (unlikely(err))
4587 return -EACCES;
4588 err = selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
4589 if (unlikely(err))
4590 return -EACCES;
4591
4592 err = security_net_peersid_resolve(&selinux_state, nlbl_sid,
4593 nlbl_type, xfrm_sid, sid);
4594 if (unlikely(err)) {
4595 pr_warn(
4596 "SELinux: failure in selinux_skb_peerlbl_sid(),"
4597 " unable to determine packet's peer label\n");
4598 return -EACCES;
4599 }
4600
4601 return 0;
4602}
4603
4604
4605
4606
4607
4608
4609
4610
4611
4612
4613
4614
4615
4616static int selinux_conn_sid(u32 sk_sid, u32 skb_sid, u32 *conn_sid)
4617{
4618 int err = 0;
4619
4620 if (skb_sid != SECSID_NULL)
4621 err = security_sid_mls_copy(&selinux_state, sk_sid, skb_sid,
4622 conn_sid);
4623 else
4624 *conn_sid = sk_sid;
4625
4626 return err;
4627}
4628
4629
4630
4631static int socket_sockcreate_sid(const struct task_security_struct *tsec,
4632 u16 secclass, u32 *socksid)
4633{
4634 if (tsec->sockcreate_sid > SECSID_NULL) {
4635 *socksid = tsec->sockcreate_sid;
4636 return 0;
4637 }
4638
4639 return security_transition_sid(&selinux_state, tsec->sid, tsec->sid,
4640 secclass, NULL, socksid);
4641}
4642
4643static int sock_has_perm(struct sock *sk, u32 perms)
4644{
4645 struct sk_security_struct *sksec = sk->sk_security;
4646 struct common_audit_data ad;
4647 struct lsm_network_audit net = {0,};
4648
4649 if (sksec->sid == SECINITSID_KERNEL)
4650 return 0;
4651
4652 ad.type = LSM_AUDIT_DATA_NET;
4653 ad.u.net = &net;
4654 ad.u.net->sk = sk;
4655
4656 return avc_has_perm(&selinux_state,
4657 current_sid(), sksec->sid, sksec->sclass, perms,
4658 &ad);
4659}
4660
4661static int selinux_socket_create(int family, int type,
4662 int protocol, int kern)
4663{
4664 const struct task_security_struct *tsec = selinux_cred(current_cred());
4665 u32 newsid;
4666 u16 secclass;
4667 int rc;
4668
4669 if (kern)
4670 return 0;
4671
4672 secclass = socket_type_to_security_class(family, type, protocol);
4673 rc = socket_sockcreate_sid(tsec, secclass, &newsid);
4674 if (rc)
4675 return rc;
4676
4677 return avc_has_perm(&selinux_state,
4678 tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
4679}
4680
4681static int selinux_socket_post_create(struct socket *sock, int family,
4682 int type, int protocol, int kern)
4683{
4684 const struct task_security_struct *tsec = selinux_cred(current_cred());
4685 struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(sock));
4686 struct sk_security_struct *sksec;
4687 u16 sclass = socket_type_to_security_class(family, type, protocol);
4688 u32 sid = SECINITSID_KERNEL;
4689 int err = 0;
4690
4691 if (!kern) {
4692 err = socket_sockcreate_sid(tsec, sclass, &sid);
4693 if (err)
4694 return err;
4695 }
4696
4697 isec->sclass = sclass;
4698 isec->sid = sid;
4699 isec->initialized = LABEL_INITIALIZED;
4700
4701 if (sock->sk) {
4702 sksec = sock->sk->sk_security;
4703 sksec->sclass = sclass;
4704 sksec->sid = sid;
4705
4706 if (sksec->sclass == SECCLASS_SCTP_SOCKET)
4707 sksec->sctp_assoc_state = SCTP_ASSOC_UNSET;
4708
4709 err = selinux_netlbl_socket_post_create(sock->sk, family);
4710 }
4711
4712 return err;
4713}
4714
4715static int selinux_socket_socketpair(struct socket *socka,
4716 struct socket *sockb)
4717{
4718 struct sk_security_struct *sksec_a = socka->sk->sk_security;
4719 struct sk_security_struct *sksec_b = sockb->sk->sk_security;
4720
4721 sksec_a->peer_sid = sksec_b->sid;
4722 sksec_b->peer_sid = sksec_a->sid;
4723
4724 return 0;
4725}
4726
4727
4728
4729
4730
4731static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
4732{
4733 struct sock *sk = sock->sk;
4734 struct sk_security_struct *sksec = sk->sk_security;
4735 u16 family;
4736 int err;
4737
4738 err = sock_has_perm(sk, SOCKET__BIND);
4739 if (err)
4740 goto out;
4741
4742
4743 family = sk->sk_family;
4744 if (family == PF_INET || family == PF_INET6) {
4745 char *addrp;
4746 struct common_audit_data ad;
4747 struct lsm_network_audit net = {0,};
4748 struct sockaddr_in *addr4 = NULL;
4749 struct sockaddr_in6 *addr6 = NULL;
4750 u16 family_sa;
4751 unsigned short snum;
4752 u32 sid, node_perm;
4753
4754
4755
4756
4757
4758
4759
4760 if (addrlen < offsetofend(struct sockaddr, sa_family))
4761 return -EINVAL;
4762 family_sa = address->sa_family;
4763 switch (family_sa) {
4764 case AF_UNSPEC:
4765 case AF_INET:
4766 if (addrlen < sizeof(struct sockaddr_in))
4767 return -EINVAL;
4768 addr4 = (struct sockaddr_in *)address;
4769 if (family_sa == AF_UNSPEC) {
4770
4771
4772
4773 if (addr4->sin_addr.s_addr != htonl(INADDR_ANY))
4774 goto err_af;
4775 family_sa = AF_INET;
4776 }
4777 snum = ntohs(addr4->sin_port);
4778 addrp = (char *)&addr4->sin_addr.s_addr;
4779 break;
4780 case AF_INET6:
4781 if (addrlen < SIN6_LEN_RFC2133)
4782 return -EINVAL;
4783 addr6 = (struct sockaddr_in6 *)address;
4784 snum = ntohs(addr6->sin6_port);
4785 addrp = (char *)&addr6->sin6_addr.s6_addr;
4786 break;
4787 default:
4788 goto err_af;
4789 }
4790
4791 ad.type = LSM_AUDIT_DATA_NET;
4792 ad.u.net = &net;
4793 ad.u.net->sport = htons(snum);
4794 ad.u.net->family = family_sa;
4795
4796 if (snum) {
4797 int low, high;
4798
4799 inet_get_local_port_range(sock_net(sk), &low, &high);
4800
4801 if (inet_port_requires_bind_service(sock_net(sk), snum) ||
4802 snum < low || snum > high) {
4803 err = sel_netport_sid(sk->sk_protocol,
4804 snum, &sid);
4805 if (err)
4806 goto out;
4807 err = avc_has_perm(&selinux_state,
4808 sksec->sid, sid,
4809 sksec->sclass,
4810 SOCKET__NAME_BIND, &ad);
4811 if (err)
4812 goto out;
4813 }
4814 }
4815
4816 switch (sksec->sclass) {
4817 case SECCLASS_TCP_SOCKET:
4818 node_perm = TCP_SOCKET__NODE_BIND;
4819 break;
4820
4821 case SECCLASS_UDP_SOCKET:
4822 node_perm = UDP_SOCKET__NODE_BIND;
4823 break;
4824
4825 case SECCLASS_DCCP_SOCKET:
4826 node_perm = DCCP_SOCKET__NODE_BIND;
4827 break;
4828
4829 case SECCLASS_SCTP_SOCKET:
4830 node_perm = SCTP_SOCKET__NODE_BIND;
4831 break;
4832
4833 default:
4834 node_perm = RAWIP_SOCKET__NODE_BIND;
4835 break;
4836 }
4837
4838 err = sel_netnode_sid(addrp, family_sa, &sid);
4839 if (err)
4840 goto out;
4841
4842 if (family_sa == AF_INET)
4843 ad.u.net->v4info.saddr = addr4->sin_addr.s_addr;
4844 else
4845 ad.u.net->v6info.saddr = addr6->sin6_addr;
4846
4847 err = avc_has_perm(&selinux_state,
4848 sksec->sid, sid,
4849 sksec->sclass, node_perm, &ad);
4850 if (err)
4851 goto out;
4852 }
4853out:
4854 return err;
4855err_af:
4856
4857 if (sksec->sclass == SECCLASS_SCTP_SOCKET)
4858 return -EINVAL;
4859 return -EAFNOSUPPORT;
4860}
4861
4862
4863
4864
4865static int selinux_socket_connect_helper(struct socket *sock,
4866 struct sockaddr *address, int addrlen)
4867{
4868 struct sock *sk = sock->sk;
4869 struct sk_security_struct *sksec = sk->sk_security;
4870 int err;
4871
4872 err = sock_has_perm(sk, SOCKET__CONNECT);
4873 if (err)
4874 return err;
4875 if (addrlen < offsetofend(struct sockaddr, sa_family))
4876 return -EINVAL;
4877
4878
4879
4880
4881 if (address->sa_family == AF_UNSPEC)
4882 return 0;
4883
4884
4885
4886
4887
4888 if (sksec->sclass == SECCLASS_TCP_SOCKET ||
4889 sksec->sclass == SECCLASS_DCCP_SOCKET ||
4890 sksec->sclass == SECCLASS_SCTP_SOCKET) {
4891 struct common_audit_data ad;
4892 struct lsm_network_audit net = {0,};
4893 struct sockaddr_in *addr4 = NULL;
4894 struct sockaddr_in6 *addr6 = NULL;
4895 unsigned short snum;
4896 u32 sid, perm;
4897
4898
4899
4900
4901
4902
4903 switch (address->sa_family) {
4904 case AF_INET:
4905 addr4 = (struct sockaddr_in *)address;
4906 if (addrlen < sizeof(struct sockaddr_in))
4907 return -EINVAL;
4908 snum = ntohs(addr4->sin_port);
4909 break;
4910 case AF_INET6:
4911 addr6 = (struct sockaddr_in6 *)address;
4912 if (addrlen < SIN6_LEN_RFC2133)
4913 return -EINVAL;
4914 snum = ntohs(addr6->sin6_port);
4915 break;
4916 default:
4917
4918
4919
4920 if (sksec->sclass == SECCLASS_SCTP_SOCKET)
4921 return -EINVAL;
4922 else
4923 return -EAFNOSUPPORT;
4924 }
4925
4926 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
4927 if (err)
4928 return err;
4929
4930 switch (sksec->sclass) {
4931 case SECCLASS_TCP_SOCKET:
4932 perm = TCP_SOCKET__NAME_CONNECT;
4933 break;
4934 case SECCLASS_DCCP_SOCKET:
4935 perm = DCCP_SOCKET__NAME_CONNECT;
4936 break;
4937 case SECCLASS_SCTP_SOCKET:
4938 perm = SCTP_SOCKET__NAME_CONNECT;
4939 break;
4940 }
4941
4942 ad.type = LSM_AUDIT_DATA_NET;
4943 ad.u.net = &net;
4944 ad.u.net->dport = htons(snum);
4945 ad.u.net->family = address->sa_family;
4946 err = avc_has_perm(&selinux_state,
4947 sksec->sid, sid, sksec->sclass, perm, &ad);
4948 if (err)
4949 return err;
4950 }
4951
4952 return 0;
4953}
4954
4955
4956static int selinux_socket_connect(struct socket *sock,
4957 struct sockaddr *address, int addrlen)
4958{
4959 int err;
4960 struct sock *sk = sock->sk;
4961
4962 err = selinux_socket_connect_helper(sock, address, addrlen);
4963 if (err)
4964 return err;
4965
4966 return selinux_netlbl_socket_connect(sk, address);
4967}
4968
4969static int selinux_socket_listen(struct socket *sock, int backlog)
4970{
4971 return sock_has_perm(sock->sk, SOCKET__LISTEN);
4972}
4973
4974static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
4975{
4976 int err;
4977 struct inode_security_struct *isec;
4978 struct inode_security_struct *newisec;
4979 u16 sclass;
4980 u32 sid;
4981
4982 err = sock_has_perm(sock->sk, SOCKET__ACCEPT);
4983 if (err)
4984 return err;
4985
4986 isec = inode_security_novalidate(SOCK_INODE(sock));
4987 spin_lock(&isec->lock);
4988 sclass = isec->sclass;
4989 sid = isec->sid;
4990 spin_unlock(&isec->lock);
4991
4992 newisec = inode_security_novalidate(SOCK_INODE(newsock));
4993 newisec->sclass = sclass;
4994 newisec->sid = sid;
4995 newisec->initialized = LABEL_INITIALIZED;
4996
4997 return 0;
4998}
4999
5000static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
5001 int size)
5002{
5003 return sock_has_perm(sock->sk, SOCKET__WRITE);
5004}
5005
5006static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
5007 int size, int flags)
5008{
5009 return sock_has_perm(sock->sk, SOCKET__READ);
5010}
5011
5012static int selinux_socket_getsockname(struct socket *sock)
5013{
5014 return sock_has_perm(sock->sk, SOCKET__GETATTR);
5015}
5016
5017static int selinux_socket_getpeername(struct socket *sock)
5018{
5019 return sock_has_perm(sock->sk, SOCKET__GETATTR);
5020}
5021
5022static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
5023{
5024 int err;
5025
5026 err = sock_has_perm(sock->sk, SOCKET__SETOPT);
5027 if (err)
5028 return err;
5029
5030 return selinux_netlbl_socket_setsockopt(sock, level, optname);
5031}
5032
5033static int selinux_socket_getsockopt(struct socket *sock, int level,
5034 int optname)
5035{
5036 return sock_has_perm(sock->sk, SOCKET__GETOPT);
5037}
5038
5039static int selinux_socket_shutdown(struct socket *sock, int how)
5040{
5041 return sock_has_perm(sock->sk, SOCKET__SHUTDOWN);
5042}
5043
5044static int selinux_socket_unix_stream_connect(struct sock *sock,
5045 struct sock *other,
5046 struct sock *newsk)
5047{
5048 struct sk_security_struct *sksec_sock = sock->sk_security;
5049 struct sk_security_struct *sksec_other = other->sk_security;
5050 struct sk_security_struct *sksec_new = newsk->sk_security;
5051 struct common_audit_data ad;
5052 struct lsm_network_audit net = {0,};
5053 int err;
5054
5055 ad.type = LSM_AUDIT_DATA_NET;
5056 ad.u.net = &net;
5057 ad.u.net->sk = other;
5058
5059 err = avc_has_perm(&selinux_state,
5060 sksec_sock->sid, sksec_other->sid,
5061 sksec_other->sclass,
5062 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
5063 if (err)
5064 return err;
5065
5066
5067 sksec_new->peer_sid = sksec_sock->sid;
5068 err = security_sid_mls_copy(&selinux_state, sksec_other->sid,
5069 sksec_sock->sid, &sksec_new->sid);
5070 if (err)
5071 return err;
5072
5073
5074 sksec_sock->peer_sid = sksec_new->sid;
5075
5076 return 0;
5077}
5078
5079static int selinux_socket_unix_may_send(struct socket *sock,
5080 struct socket *other)
5081{
5082 struct sk_security_struct *ssec = sock->sk->sk_security;
5083 struct sk_security_struct *osec = other->sk->sk_security;
5084 struct common_audit_data ad;
5085 struct lsm_network_audit net = {0,};
5086
5087 ad.type = LSM_AUDIT_DATA_NET;
5088 ad.u.net = &net;
5089 ad.u.net->sk = other->sk;
5090
5091 return avc_has_perm(&selinux_state,
5092 ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
5093 &ad);
5094}
5095
5096static int selinux_inet_sys_rcv_skb(struct net *ns, int ifindex,
5097 char *addrp, u16 family, u32 peer_sid,
5098 struct common_audit_data *ad)
5099{
5100 int err;
5101 u32 if_sid;
5102 u32 node_sid;
5103
5104 err = sel_netif_sid(ns, ifindex, &if_sid);
5105 if (err)
5106 return err;
5107 err = avc_has_perm(&selinux_state,
5108 peer_sid, if_sid,
5109 SECCLASS_NETIF, NETIF__INGRESS, ad);
5110 if (err)
5111 return err;
5112
5113 err = sel_netnode_sid(addrp, family, &node_sid);
5114 if (err)
5115 return err;
5116 return avc_has_perm(&selinux_state,
5117 peer_sid, node_sid,
5118 SECCLASS_NODE, NODE__RECVFROM, ad);
5119}
5120
5121static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
5122 u16 family)
5123{
5124 int err = 0;
5125 struct sk_security_struct *sksec = sk->sk_security;
5126 u32 sk_sid = sksec->sid;
5127 struct common_audit_data ad;
5128 struct lsm_network_audit net = {0,};
5129 char *addrp;
5130
5131 ad.type = LSM_AUDIT_DATA_NET;
5132 ad.u.net = &net;
5133 ad.u.net->netif = skb->skb_iif;
5134 ad.u.net->family = family;
5135 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
5136 if (err)
5137 return err;
5138
5139 if (selinux_secmark_enabled()) {
5140 err = avc_has_perm(&selinux_state,
5141 sk_sid, skb->secmark, SECCLASS_PACKET,
5142 PACKET__RECV, &ad);
5143 if (err)
5144 return err;
5145 }
5146
5147 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
5148 if (err)
5149 return err;
5150 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
5151
5152 return err;
5153}
5154
5155static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
5156{
5157 int err;
5158 struct sk_security_struct *sksec = sk->sk_security;
5159 u16 family = sk->sk_family;
5160 u32 sk_sid = sksec->sid;
5161 struct common_audit_data ad;
5162 struct lsm_network_audit net = {0,};
5163 char *addrp;
5164 u8 secmark_active;
5165 u8 peerlbl_active;
5166
5167 if (family != PF_INET && family != PF_INET6)
5168 return 0;
5169
5170
5171 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
5172 family = PF_INET;
5173
5174
5175
5176
5177
5178 if (!selinux_policycap_netpeer())
5179 return selinux_sock_rcv_skb_compat(sk, skb, family);
5180
5181 secmark_active = selinux_secmark_enabled();
5182 peerlbl_active = selinux_peerlbl_enabled();
5183 if (!secmark_active && !peerlbl_active)
5184 return 0;
5185
5186 ad.type = LSM_AUDIT_DATA_NET;
5187 ad.u.net = &net;
5188 ad.u.net->netif = skb->skb_iif;
5189 ad.u.net->family = family;
5190 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
5191 if (err)
5192 return err;
5193
5194 if (peerlbl_active) {
5195 u32 peer_sid;
5196
5197 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
5198 if (err)
5199 return err;
5200 err = selinux_inet_sys_rcv_skb(sock_net(sk), skb->skb_iif,
5201 addrp, family, peer_sid, &ad);
5202 if (err) {
5203 selinux_netlbl_err(skb, family, err, 0);
5204 return err;
5205 }
5206 err = avc_has_perm(&selinux_state,
5207 sk_sid, peer_sid, SECCLASS_PEER,
5208 PEER__RECV, &ad);
5209 if (err) {
5210 selinux_netlbl_err(skb, family, err, 0);
5211 return err;
5212 }
5213 }
5214
5215 if (secmark_active) {
5216 err = avc_has_perm(&selinux_state,
5217 sk_sid, skb->secmark, SECCLASS_PACKET,
5218 PACKET__RECV, &ad);
5219 if (err)
5220 return err;
5221 }
5222
5223 return err;
5224}
5225
5226static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
5227 int __user *optlen, unsigned len)
5228{
5229 int err = 0;
5230 char *scontext;
5231 u32 scontext_len;
5232 struct sk_security_struct *sksec = sock->sk->sk_security;
5233 u32 peer_sid = SECSID_NULL;
5234
5235 if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
5236 sksec->sclass == SECCLASS_TCP_SOCKET ||
5237 sksec->sclass == SECCLASS_SCTP_SOCKET)
5238 peer_sid = sksec->peer_sid;
5239 if (peer_sid == SECSID_NULL)
5240 return -ENOPROTOOPT;
5241
5242 err = security_sid_to_context(&selinux_state, peer_sid, &scontext,
5243 &scontext_len);
5244 if (err)
5245 return err;
5246
5247 if (scontext_len > len) {
5248 err = -ERANGE;
5249 goto out_len;
5250 }
5251
5252 if (copy_to_user(optval, scontext, scontext_len))
5253 err = -EFAULT;
5254
5255out_len:
5256 if (put_user(scontext_len, optlen))
5257 err = -EFAULT;
5258 kfree(scontext);
5259 return err;
5260}
5261
5262static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
5263{
5264 u32 peer_secid = SECSID_NULL;
5265 u16 family;
5266 struct inode_security_struct *isec;
5267
5268 if (skb && skb->protocol == htons(ETH_P_IP))
5269 family = PF_INET;
5270 else if (skb && skb->protocol == htons(ETH_P_IPV6))
5271 family = PF_INET6;
5272 else if (sock)
5273 family = sock->sk->sk_family;
5274 else
5275 goto out;
5276
5277 if (sock && family == PF_UNIX) {
5278 isec = inode_security_novalidate(SOCK_INODE(sock));
5279 peer_secid = isec->sid;
5280 } else if (skb)
5281 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
5282
5283out:
5284 *secid = peer_secid;
5285 if (peer_secid == SECSID_NULL)
5286 return -EINVAL;
5287 return 0;
5288}
5289
5290static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
5291{
5292 struct sk_security_struct *sksec;
5293
5294 sksec = kzalloc(sizeof(*sksec), priority);
5295 if (!sksec)
5296 return -ENOMEM;
5297
5298 sksec->peer_sid = SECINITSID_UNLABELED;
5299 sksec->sid = SECINITSID_UNLABELED;
5300 sksec->sclass = SECCLASS_SOCKET;
5301 selinux_netlbl_sk_security_reset(sksec);
5302 sk->sk_security = sksec;
5303
5304 return 0;
5305}
5306
5307static void selinux_sk_free_security(struct sock *sk)
5308{
5309 struct sk_security_struct *sksec = sk->sk_security;
5310
5311 sk->sk_security = NULL;
5312 selinux_netlbl_sk_security_free(sksec);
5313 kfree(sksec);
5314}
5315
5316static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
5317{
5318 struct sk_security_struct *sksec = sk->sk_security;
5319 struct sk_security_struct *newsksec = newsk->sk_security;
5320
5321 newsksec->sid = sksec->sid;
5322 newsksec->peer_sid = sksec->peer_sid;
5323 newsksec->sclass = sksec->sclass;
5324
5325 selinux_netlbl_sk_security_reset(newsksec);
5326}
5327
5328static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
5329{
5330 if (!sk)
5331 *secid = SECINITSID_ANY_SOCKET;
5332 else {
5333 struct sk_security_struct *sksec = sk->sk_security;
5334
5335 *secid = sksec->sid;
5336 }
5337}
5338
5339static void selinux_sock_graft(struct sock *sk, struct socket *parent)
5340{
5341 struct inode_security_struct *isec =
5342 inode_security_novalidate(SOCK_INODE(parent));
5343 struct sk_security_struct *sksec = sk->sk_security;
5344
5345 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
5346 sk->sk_family == PF_UNIX)
5347 isec->sid = sksec->sid;
5348 sksec->sclass = isec->sclass;
5349}
5350
5351
5352
5353
5354
5355static int selinux_sctp_assoc_request(struct sctp_endpoint *ep,
5356 struct sk_buff *skb)
5357{
5358 struct sk_security_struct *sksec = ep->base.sk->sk_security;
5359 struct common_audit_data ad;
5360 struct lsm_network_audit net = {0,};
5361 u8 peerlbl_active;
5362 u32 peer_sid = SECINITSID_UNLABELED;
5363 u32 conn_sid;
5364 int err = 0;
5365
5366 if (!selinux_policycap_extsockclass())
5367 return 0;
5368
5369 peerlbl_active = selinux_peerlbl_enabled();
5370
5371 if (peerlbl_active) {
5372
5373
5374
5375 err = selinux_skb_peerlbl_sid(skb, ep->base.sk->sk_family,
5376 &peer_sid);
5377 if (err)
5378 return err;
5379
5380 if (peer_sid == SECSID_NULL)
5381 peer_sid = SECINITSID_UNLABELED;
5382 }
5383
5384 if (sksec->sctp_assoc_state == SCTP_ASSOC_UNSET) {
5385 sksec->sctp_assoc_state = SCTP_ASSOC_SET;
5386
5387
5388
5389
5390
5391
5392 sksec->peer_sid = peer_sid;
5393 } else if (sksec->peer_sid != peer_sid) {
5394
5395
5396
5397 ad.type = LSM_AUDIT_DATA_NET;
5398 ad.u.net = &net;
5399 ad.u.net->sk = ep->base.sk;
5400 err = avc_has_perm(&selinux_state,
5401 sksec->peer_sid, peer_sid, sksec->sclass,
5402 SCTP_SOCKET__ASSOCIATION, &ad);
5403 if (err)
5404 return err;
5405 }
5406
5407
5408
5409
5410
5411
5412
5413 err = selinux_conn_sid(sksec->sid, peer_sid, &conn_sid);
5414 if (err)
5415 return err;
5416
5417 ep->secid = conn_sid;
5418 ep->peer_secid = peer_sid;
5419
5420
5421 return selinux_netlbl_sctp_assoc_request(ep, skb);
5422}
5423
5424
5425
5426
5427static int selinux_sctp_bind_connect(struct sock *sk, int optname,
5428 struct sockaddr *address,
5429 int addrlen)
5430{
5431 int len, err = 0, walk_size = 0;
5432 void *addr_buf;
5433 struct sockaddr *addr;
5434 struct socket *sock;
5435
5436 if (!selinux_policycap_extsockclass())
5437 return 0;
5438
5439
5440 sock = sk->sk_socket;
5441 addr_buf = address;
5442
5443 while (walk_size < addrlen) {
5444 if (walk_size + sizeof(sa_family_t) > addrlen)
5445 return -EINVAL;
5446
5447 addr = addr_buf;
5448 switch (addr->sa_family) {
5449 case AF_UNSPEC:
5450 case AF_INET:
5451 len = sizeof(struct sockaddr_in);
5452 break;
5453 case AF_INET6:
5454 len = sizeof(struct sockaddr_in6);
5455 break;
5456 default:
5457 return -EINVAL;
5458 }
5459
5460 if (walk_size + len > addrlen)
5461 return -EINVAL;
5462
5463 err = -EINVAL;
5464 switch (optname) {
5465
5466 case SCTP_PRIMARY_ADDR:
5467 case SCTP_SET_PEER_PRIMARY_ADDR:
5468 case SCTP_SOCKOPT_BINDX_ADD:
5469 err = selinux_socket_bind(sock, addr, len);
5470 break;
5471
5472 case SCTP_SOCKOPT_CONNECTX:
5473 case SCTP_PARAM_SET_PRIMARY:
5474 case SCTP_PARAM_ADD_IP:
5475 case SCTP_SENDMSG_CONNECT:
5476 err = selinux_socket_connect_helper(sock, addr, len);
5477 if (err)
5478 return err;
5479
5480
5481
5482
5483
5484
5485
5486
5487
5488
5489
5490
5491 err = selinux_netlbl_socket_connect_locked(sk, addr);
5492 break;
5493 }
5494
5495 if (err)
5496 return err;
5497
5498 addr_buf += len;
5499 walk_size += len;
5500 }
5501
5502 return 0;
5503}
5504
5505
5506static void selinux_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk,
5507 struct sock *newsk)
5508{
5509 struct sk_security_struct *sksec = sk->sk_security;
5510 struct sk_security_struct *newsksec = newsk->sk_security;
5511
5512
5513
5514
5515 if (!selinux_policycap_extsockclass())
5516 return selinux_sk_clone_security(sk, newsk);
5517
5518 newsksec->sid = ep->secid;
5519 newsksec->peer_sid = ep->peer_secid;
5520 newsksec->sclass = sksec->sclass;
5521 selinux_netlbl_sctp_sk_clone(sk, newsk);
5522}
5523
5524static int selinux_inet_conn_request(const struct sock *sk, struct sk_buff *skb,
5525 struct request_sock *req)
5526{
5527 struct sk_security_struct *sksec = sk->sk_security;
5528 int err;
5529 u16 family = req->rsk_ops->family;
5530 u32 connsid;
5531 u32 peersid;
5532
5533 err = selinux_skb_peerlbl_sid(skb, family, &peersid);
5534 if (err)
5535 return err;
5536 err = selinux_conn_sid(sksec->sid, peersid, &connsid);
5537 if (err)
5538 return err;
5539 req->secid = connsid;
5540 req->peer_secid = peersid;
5541
5542 return selinux_netlbl_inet_conn_request(req, family);
5543}
5544
5545static void selinux_inet_csk_clone(struct sock *newsk,
5546 const struct request_sock *req)
5547{
5548 struct sk_security_struct *newsksec = newsk->sk_security;
5549
5550 newsksec->sid = req->secid;
5551 newsksec->peer_sid = req->peer_secid;
5552
5553
5554
5555
5556
5557
5558
5559 selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
5560}
5561
5562static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
5563{
5564 u16 family = sk->sk_family;
5565 struct sk_security_struct *sksec = sk->sk_security;
5566
5567
5568 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
5569 family = PF_INET;
5570
5571 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
5572}
5573
5574static int selinux_secmark_relabel_packet(u32 sid)
5575{
5576 const struct task_security_struct *__tsec;
5577 u32 tsid;
5578
5579 __tsec = selinux_cred(current_cred());
5580 tsid = __tsec->sid;
5581
5582 return avc_has_perm(&selinux_state,
5583 tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO,
5584 NULL);
5585}
5586
5587static void selinux_secmark_refcount_inc(void)
5588{
5589 atomic_inc(&selinux_secmark_refcount);
5590}
5591
5592static void selinux_secmark_refcount_dec(void)
5593{
5594 atomic_dec(&selinux_secmark_refcount);
5595}
5596
5597static void selinux_req_classify_flow(const struct request_sock *req,
5598 struct flowi_common *flic)
5599{
5600 flic->flowic_secid = req->secid;
5601}
5602
5603static int selinux_tun_dev_alloc_security(void **security)
5604{
5605 struct tun_security_struct *tunsec;
5606
5607 tunsec = kzalloc(sizeof(*tunsec), GFP_KERNEL);
5608 if (!tunsec)
5609 return -ENOMEM;
5610 tunsec->sid = current_sid();
5611
5612 *security = tunsec;
5613 return 0;
5614}
5615
5616static void selinux_tun_dev_free_security(void *security)
5617{
5618 kfree(security);
5619}
5620
5621static int selinux_tun_dev_create(void)
5622{
5623 u32 sid = current_sid();
5624
5625
5626
5627
5628
5629
5630
5631
5632 return avc_has_perm(&selinux_state,
5633 sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
5634 NULL);
5635}
5636
5637static int selinux_tun_dev_attach_queue(void *security)
5638{
5639 struct tun_security_struct *tunsec = security;
5640
5641 return avc_has_perm(&selinux_state,
5642 current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET,
5643 TUN_SOCKET__ATTACH_QUEUE, NULL);
5644}
5645
5646static int selinux_tun_dev_attach(struct sock *sk, void *security)
5647{
5648 struct tun_security_struct *tunsec = security;
5649 struct sk_security_struct *sksec = sk->sk_security;
5650
5651
5652
5653
5654
5655
5656
5657
5658 sksec->sid = tunsec->sid;
5659 sksec->sclass = SECCLASS_TUN_SOCKET;
5660
5661 return 0;
5662}
5663
5664static int selinux_tun_dev_open(void *security)
5665{
5666 struct tun_security_struct *tunsec = security;
5667 u32 sid = current_sid();
5668 int err;
5669
5670 err = avc_has_perm(&selinux_state,
5671 sid, tunsec->sid, SECCLASS_TUN_SOCKET,
5672 TUN_SOCKET__RELABELFROM, NULL);
5673 if (err)
5674 return err;
5675 err = avc_has_perm(&selinux_state,
5676 sid, sid, SECCLASS_TUN_SOCKET,
5677 TUN_SOCKET__RELABELTO, NULL);
5678 if (err)
5679 return err;
5680 tunsec->sid = sid;
5681
5682 return 0;
5683}
5684
5685#ifdef CONFIG_NETFILTER
5686
5687static unsigned int selinux_ip_forward(struct sk_buff *skb,
5688 const struct net_device *indev,
5689 u16 family)
5690{
5691 int err;
5692 char *addrp;
5693 u32 peer_sid;
5694 struct common_audit_data ad;
5695 struct lsm_network_audit net = {0,};
5696 u8 secmark_active;
5697 u8 netlbl_active;
5698 u8 peerlbl_active;
5699
5700 if (!selinux_policycap_netpeer())
5701 return NF_ACCEPT;
5702
5703 secmark_active = selinux_secmark_enabled();
5704 netlbl_active = netlbl_enabled();
5705 peerlbl_active = selinux_peerlbl_enabled();
5706 if (!secmark_active && !peerlbl_active)
5707 return NF_ACCEPT;
5708
5709 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
5710 return NF_DROP;
5711
5712 ad.type = LSM_AUDIT_DATA_NET;
5713 ad.u.net = &net;
5714 ad.u.net->netif = indev->ifindex;
5715 ad.u.net->family = family;
5716 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
5717 return NF_DROP;
5718
5719 if (peerlbl_active) {
5720 err = selinux_inet_sys_rcv_skb(dev_net(indev), indev->ifindex,
5721 addrp, family, peer_sid, &ad);
5722 if (err) {
5723 selinux_netlbl_err(skb, family, err, 1);
5724 return NF_DROP;
5725 }
5726 }
5727
5728 if (secmark_active)
5729 if (avc_has_perm(&selinux_state,
5730 peer_sid, skb->secmark,
5731 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
5732 return NF_DROP;
5733
5734 if (netlbl_active)
5735
5736
5737
5738
5739 if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
5740 return NF_DROP;
5741
5742 return NF_ACCEPT;
5743}
5744
5745static unsigned int selinux_ipv4_forward(void *priv,
5746 struct sk_buff *skb,
5747 const struct nf_hook_state *state)
5748{
5749 return selinux_ip_forward(skb, state->in, PF_INET);
5750}
5751
5752#if IS_ENABLED(CONFIG_IPV6)
5753static unsigned int selinux_ipv6_forward(void *priv,
5754 struct sk_buff *skb,
5755 const struct nf_hook_state *state)
5756{
5757 return selinux_ip_forward(skb, state->in, PF_INET6);
5758}
5759#endif
5760
5761static unsigned int selinux_ip_output(struct sk_buff *skb,
5762 u16 family)
5763{
5764 struct sock *sk;
5765 u32 sid;
5766
5767 if (!netlbl_enabled())
5768 return NF_ACCEPT;
5769
5770
5771
5772
5773 sk = skb->sk;
5774 if (sk) {
5775 struct sk_security_struct *sksec;
5776
5777 if (sk_listener(sk))
5778
5779
5780
5781
5782
5783
5784
5785
5786
5787
5788
5789
5790 return NF_ACCEPT;
5791
5792
5793 sksec = sk->sk_security;
5794 sid = sksec->sid;
5795 } else
5796 sid = SECINITSID_KERNEL;
5797 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
5798 return NF_DROP;
5799
5800 return NF_ACCEPT;
5801}
5802
5803static unsigned int selinux_ipv4_output(void *priv,
5804 struct sk_buff *skb,
5805 const struct nf_hook_state *state)
5806{
5807 return selinux_ip_output(skb, PF_INET);
5808}
5809
5810#if IS_ENABLED(CONFIG_IPV6)
5811static unsigned int selinux_ipv6_output(void *priv,
5812 struct sk_buff *skb,
5813 const struct nf_hook_state *state)
5814{
5815 return selinux_ip_output(skb, PF_INET6);
5816}
5817#endif
5818
5819static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
5820 int ifindex,
5821 u16 family)
5822{
5823 struct sock *sk = skb_to_full_sk(skb);
5824 struct sk_security_struct *sksec;
5825 struct common_audit_data ad;
5826 struct lsm_network_audit net = {0,};
5827 char *addrp;
5828 u8 proto;
5829
5830 if (sk == NULL)
5831 return NF_ACCEPT;
5832 sksec = sk->sk_security;
5833
5834 ad.type = LSM_AUDIT_DATA_NET;
5835 ad.u.net = &net;
5836 ad.u.net->netif = ifindex;
5837 ad.u.net->family = family;
5838 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
5839 return NF_DROP;
5840
5841 if (selinux_secmark_enabled())
5842 if (avc_has_perm(&selinux_state,
5843 sksec->sid, skb->secmark,
5844 SECCLASS_PACKET, PACKET__SEND, &ad))
5845 return NF_DROP_ERR(-ECONNREFUSED);
5846
5847 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
5848 return NF_DROP_ERR(-ECONNREFUSED);
5849
5850 return NF_ACCEPT;
5851}
5852
5853static unsigned int selinux_ip_postroute(struct sk_buff *skb,
5854 const struct net_device *outdev,
5855 u16 family)
5856{
5857 u32 secmark_perm;
5858 u32 peer_sid;
5859 int ifindex = outdev->ifindex;
5860 struct sock *sk;
5861 struct common_audit_data ad;
5862 struct lsm_network_audit net = {0,};
5863 char *addrp;
5864 u8 secmark_active;
5865 u8 peerlbl_active;
5866
5867
5868
5869
5870
5871 if (!selinux_policycap_netpeer())
5872 return selinux_ip_postroute_compat(skb, ifindex, family);
5873
5874 secmark_active = selinux_secmark_enabled();
5875 peerlbl_active = selinux_peerlbl_enabled();
5876 if (!secmark_active && !peerlbl_active)
5877 return NF_ACCEPT;
5878
5879 sk = skb_to_full_sk(skb);
5880
5881#ifdef CONFIG_XFRM
5882
5883
5884
5885
5886
5887
5888
5889
5890
5891
5892
5893 if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL &&
5894 !(sk && sk_listener(sk)))
5895 return NF_ACCEPT;
5896#endif
5897
5898 if (sk == NULL) {
5899
5900
5901
5902
5903 if (skb->skb_iif) {
5904 secmark_perm = PACKET__FORWARD_OUT;
5905 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
5906 return NF_DROP;
5907 } else {
5908 secmark_perm = PACKET__SEND;
5909 peer_sid = SECINITSID_KERNEL;
5910 }
5911 } else if (sk_listener(sk)) {
5912
5913
5914
5915
5916
5917
5918
5919
5920
5921 u32 skb_sid;
5922 struct sk_security_struct *sksec;
5923
5924 sksec = sk->sk_security;
5925 if (selinux_skb_peerlbl_sid(skb, family, &skb_sid))
5926 return NF_DROP;
5927
5928
5929
5930
5931
5932
5933 if (skb_sid == SECSID_NULL) {
5934 switch (family) {
5935 case PF_INET:
5936 if (IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED)
5937 return NF_ACCEPT;
5938 break;
5939 case PF_INET6:
5940 if (IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED)
5941 return NF_ACCEPT;
5942 break;
5943 default:
5944 return NF_DROP_ERR(-ECONNREFUSED);
5945 }
5946 }
5947 if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid))
5948 return NF_DROP;
5949 secmark_perm = PACKET__SEND;
5950 } else {
5951
5952
5953 struct sk_security_struct *sksec = sk->sk_security;
5954 peer_sid = sksec->sid;
5955 secmark_perm = PACKET__SEND;
5956 }
5957
5958 ad.type = LSM_AUDIT_DATA_NET;
5959 ad.u.net = &net;
5960 ad.u.net->netif = ifindex;
5961 ad.u.net->family = family;
5962 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
5963 return NF_DROP;
5964
5965 if (secmark_active)
5966 if (avc_has_perm(&selinux_state,
5967 peer_sid, skb->secmark,
5968 SECCLASS_PACKET, secmark_perm, &ad))
5969 return NF_DROP_ERR(-ECONNREFUSED);
5970
5971 if (peerlbl_active) {
5972 u32 if_sid;
5973 u32 node_sid;
5974
5975 if (sel_netif_sid(dev_net(outdev), ifindex, &if_sid))
5976 return NF_DROP;
5977 if (avc_has_perm(&selinux_state,
5978 peer_sid, if_sid,
5979 SECCLASS_NETIF, NETIF__EGRESS, &ad))
5980 return NF_DROP_ERR(-ECONNREFUSED);
5981
5982 if (sel_netnode_sid(addrp, family, &node_sid))
5983 return NF_DROP;
5984 if (avc_has_perm(&selinux_state,
5985 peer_sid, node_sid,
5986 SECCLASS_NODE, NODE__SENDTO, &ad))
5987 return NF_DROP_ERR(-ECONNREFUSED);
5988 }
5989
5990 return NF_ACCEPT;
5991}
5992
5993static unsigned int selinux_ipv4_postroute(void *priv,
5994 struct sk_buff *skb,
5995 const struct nf_hook_state *state)
5996{
5997 return selinux_ip_postroute(skb, state->out, PF_INET);
5998}
5999
6000#if IS_ENABLED(CONFIG_IPV6)
6001static unsigned int selinux_ipv6_postroute(void *priv,
6002 struct sk_buff *skb,
6003 const struct nf_hook_state *state)
6004{
6005 return selinux_ip_postroute(skb, state->out, PF_INET6);
6006}
6007#endif
6008
6009#endif
6010
6011static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
6012{
6013 int rc = 0;
6014 unsigned int msg_len;
6015 unsigned int data_len = skb->len;
6016 unsigned char *data = skb->data;
6017 struct nlmsghdr *nlh;
6018 struct sk_security_struct *sksec = sk->sk_security;
6019 u16 sclass = sksec->sclass;
6020 u32 perm;
6021
6022 while (data_len >= nlmsg_total_size(0)) {
6023 nlh = (struct nlmsghdr *)data;
6024
6025
6026
6027
6028
6029
6030
6031 if (nlh->nlmsg_len < NLMSG_HDRLEN || nlh->nlmsg_len > data_len)
6032 return 0;
6033
6034 rc = selinux_nlmsg_lookup(sclass, nlh->nlmsg_type, &perm);
6035 if (rc == 0) {
6036 rc = sock_has_perm(sk, perm);
6037 if (rc)
6038 return rc;
6039 } else if (rc == -EINVAL) {
6040
6041 pr_warn_ratelimited("SELinux: unrecognized netlink"
6042 " message: protocol=%hu nlmsg_type=%hu sclass=%s"
6043 " pid=%d comm=%s\n",
6044 sk->sk_protocol, nlh->nlmsg_type,
6045 secclass_map[sclass - 1].name,
6046 task_pid_nr(current), current->comm);
6047 if (enforcing_enabled(&selinux_state) &&
6048 !security_get_allow_unknown(&selinux_state))
6049 return rc;
6050 rc = 0;
6051 } else if (rc == -ENOENT) {
6052
6053 rc = 0;
6054 } else {
6055 return rc;
6056 }
6057
6058
6059 msg_len = NLMSG_ALIGN(nlh->nlmsg_len);
6060 if (msg_len >= data_len)
6061 return 0;
6062 data_len -= msg_len;
6063 data += msg_len;
6064 }
6065
6066 return rc;
6067}
6068
6069static void ipc_init_security(struct ipc_security_struct *isec, u16 sclass)
6070{
6071 isec->sclass = sclass;
6072 isec->sid = current_sid();
6073}
6074
6075static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
6076 u32 perms)
6077{
6078 struct ipc_security_struct *isec;
6079 struct common_audit_data ad;
6080 u32 sid = current_sid();
6081
6082 isec = selinux_ipc(ipc_perms);
6083
6084 ad.type = LSM_AUDIT_DATA_IPC;
6085 ad.u.ipc_id = ipc_perms->key;
6086
6087 return avc_has_perm(&selinux_state,
6088 sid, isec->sid, isec->sclass, perms, &ad);
6089}
6090
6091static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
6092{
6093 struct msg_security_struct *msec;
6094
6095 msec = selinux_msg_msg(msg);
6096 msec->sid = SECINITSID_UNLABELED;
6097
6098 return 0;
6099}
6100
6101
6102static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq)
6103{
6104 struct ipc_security_struct *isec;
6105 struct common_audit_data ad;
6106 u32 sid = current_sid();
6107 int rc;
6108
6109 isec = selinux_ipc(msq);
6110 ipc_init_security(isec, SECCLASS_MSGQ);
6111
6112 ad.type = LSM_AUDIT_DATA_IPC;
6113 ad.u.ipc_id = msq->key;
6114
6115 rc = avc_has_perm(&selinux_state,
6116 sid, isec->sid, SECCLASS_MSGQ,
6117 MSGQ__CREATE, &ad);
6118 return rc;
6119}
6120
6121static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg)
6122{
6123 struct ipc_security_struct *isec;
6124 struct common_audit_data ad;
6125 u32 sid = current_sid();
6126
6127 isec = selinux_ipc(msq);
6128
6129 ad.type = LSM_AUDIT_DATA_IPC;
6130 ad.u.ipc_id = msq->key;
6131
6132 return avc_has_perm(&selinux_state,
6133 sid, isec->sid, SECCLASS_MSGQ,
6134 MSGQ__ASSOCIATE, &ad);
6135}
6136
6137static int selinux_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd)
6138{
6139 int err;
6140 int perms;
6141
6142 switch (cmd) {
6143 case IPC_INFO:
6144 case MSG_INFO:
6145
6146 return avc_has_perm(&selinux_state,
6147 current_sid(), SECINITSID_KERNEL,
6148 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
6149 case IPC_STAT:
6150 case MSG_STAT:
6151 case MSG_STAT_ANY:
6152 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
6153 break;
6154 case IPC_SET:
6155 perms = MSGQ__SETATTR;
6156 break;
6157 case IPC_RMID:
6158 perms = MSGQ__DESTROY;
6159 break;
6160 default:
6161 return 0;
6162 }
6163
6164 err = ipc_has_perm(msq, perms);
6165 return err;
6166}
6167
6168static int selinux_msg_queue_msgsnd(struct kern_ipc_perm *msq, struct msg_msg *msg, int msqflg)
6169{
6170 struct ipc_security_struct *isec;
6171 struct msg_security_struct *msec;
6172 struct common_audit_data ad;
6173 u32 sid = current_sid();
6174 int rc;
6175
6176 isec = selinux_ipc(msq);
6177 msec = selinux_msg_msg(msg);
6178
6179
6180
6181
6182 if (msec->sid == SECINITSID_UNLABELED) {
6183
6184
6185
6186
6187 rc = security_transition_sid(&selinux_state, sid, isec->sid,
6188 SECCLASS_MSG, NULL, &msec->sid);
6189 if (rc)
6190 return rc;
6191 }
6192
6193 ad.type = LSM_AUDIT_DATA_IPC;
6194 ad.u.ipc_id = msq->key;
6195
6196
6197 rc = avc_has_perm(&selinux_state,
6198 sid, isec->sid, SECCLASS_MSGQ,
6199 MSGQ__WRITE, &ad);
6200 if (!rc)
6201
6202 rc = avc_has_perm(&selinux_state,
6203 sid, msec->sid, SECCLASS_MSG,
6204 MSG__SEND, &ad);
6205 if (!rc)
6206
6207 rc = avc_has_perm(&selinux_state,
6208 msec->sid, isec->sid, SECCLASS_MSGQ,
6209 MSGQ__ENQUEUE, &ad);
6210
6211 return rc;
6212}
6213
6214static int selinux_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg,
6215 struct task_struct *target,
6216 long type, int mode)
6217{
6218 struct ipc_security_struct *isec;
6219 struct msg_security_struct *msec;
6220 struct common_audit_data ad;
6221 u32 sid = task_sid_subj(target);
6222 int rc;
6223
6224 isec = selinux_ipc(msq);
6225 msec = selinux_msg_msg(msg);
6226
6227 ad.type = LSM_AUDIT_DATA_IPC;
6228 ad.u.ipc_id = msq->key;
6229
6230 rc = avc_has_perm(&selinux_state,
6231 sid, isec->sid,
6232 SECCLASS_MSGQ, MSGQ__READ, &ad);
6233 if (!rc)
6234 rc = avc_has_perm(&selinux_state,
6235 sid, msec->sid,
6236 SECCLASS_MSG, MSG__RECEIVE, &ad);
6237 return rc;
6238}
6239
6240
6241static int selinux_shm_alloc_security(struct kern_ipc_perm *shp)
6242{
6243 struct ipc_security_struct *isec;
6244 struct common_audit_data ad;
6245 u32 sid = current_sid();
6246 int rc;
6247
6248 isec = selinux_ipc(shp);
6249 ipc_init_security(isec, SECCLASS_SHM);
6250
6251 ad.type = LSM_AUDIT_DATA_IPC;
6252 ad.u.ipc_id = shp->key;
6253
6254 rc = avc_has_perm(&selinux_state,
6255 sid, isec->sid, SECCLASS_SHM,
6256 SHM__CREATE, &ad);
6257 return rc;
6258}
6259
6260static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg)
6261{
6262 struct ipc_security_struct *isec;
6263 struct common_audit_data ad;
6264 u32 sid = current_sid();
6265
6266 isec = selinux_ipc(shp);
6267
6268 ad.type = LSM_AUDIT_DATA_IPC;
6269 ad.u.ipc_id = shp->key;
6270
6271 return avc_has_perm(&selinux_state,
6272 sid, isec->sid, SECCLASS_SHM,
6273 SHM__ASSOCIATE, &ad);
6274}
6275
6276
6277static int selinux_shm_shmctl(struct kern_ipc_perm *shp, int cmd)
6278{
6279 int perms;
6280 int err;
6281
6282 switch (cmd) {
6283 case IPC_INFO:
6284 case SHM_INFO:
6285
6286 return avc_has_perm(&selinux_state,
6287 current_sid(), SECINITSID_KERNEL,
6288 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
6289 case IPC_STAT:
6290 case SHM_STAT:
6291 case SHM_STAT_ANY:
6292 perms = SHM__GETATTR | SHM__ASSOCIATE;
6293 break;
6294 case IPC_SET:
6295 perms = SHM__SETATTR;
6296 break;
6297 case SHM_LOCK:
6298 case SHM_UNLOCK:
6299 perms = SHM__LOCK;
6300 break;
6301 case IPC_RMID:
6302 perms = SHM__DESTROY;
6303 break;
6304 default:
6305 return 0;
6306 }
6307
6308 err = ipc_has_perm(shp, perms);
6309 return err;
6310}
6311
6312static int selinux_shm_shmat(struct kern_ipc_perm *shp,
6313 char __user *shmaddr, int shmflg)
6314{
6315 u32 perms;
6316
6317 if (shmflg & SHM_RDONLY)
6318 perms = SHM__READ;
6319 else
6320 perms = SHM__READ | SHM__WRITE;
6321
6322 return ipc_has_perm(shp, perms);
6323}
6324
6325
6326static int selinux_sem_alloc_security(struct kern_ipc_perm *sma)
6327{
6328 struct ipc_security_struct *isec;
6329 struct common_audit_data ad;
6330 u32 sid = current_sid();
6331 int rc;
6332
6333 isec = selinux_ipc(sma);
6334 ipc_init_security(isec, SECCLASS_SEM);
6335
6336 ad.type = LSM_AUDIT_DATA_IPC;
6337 ad.u.ipc_id = sma->key;
6338
6339 rc = avc_has_perm(&selinux_state,
6340 sid, isec->sid, SECCLASS_SEM,
6341 SEM__CREATE, &ad);
6342 return rc;
6343}
6344
6345static int selinux_sem_associate(struct kern_ipc_perm *sma, int semflg)
6346{
6347 struct ipc_security_struct *isec;
6348 struct common_audit_data ad;
6349 u32 sid = current_sid();
6350
6351 isec = selinux_ipc(sma);
6352
6353 ad.type = LSM_AUDIT_DATA_IPC;
6354 ad.u.ipc_id = sma->key;
6355
6356 return avc_has_perm(&selinux_state,
6357 sid, isec->sid, SECCLASS_SEM,
6358 SEM__ASSOCIATE, &ad);
6359}
6360
6361
6362static int selinux_sem_semctl(struct kern_ipc_perm *sma, int cmd)
6363{
6364 int err;
6365 u32 perms;
6366
6367 switch (cmd) {
6368 case IPC_INFO:
6369 case SEM_INFO:
6370
6371 return avc_has_perm(&selinux_state,
6372 current_sid(), SECINITSID_KERNEL,
6373 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
6374 case GETPID:
6375 case GETNCNT:
6376 case GETZCNT:
6377 perms = SEM__GETATTR;
6378 break;
6379 case GETVAL:
6380 case GETALL:
6381 perms = SEM__READ;
6382 break;
6383 case SETVAL:
6384 case SETALL:
6385 perms = SEM__WRITE;
6386 break;
6387 case IPC_RMID:
6388 perms = SEM__DESTROY;
6389 break;
6390 case IPC_SET:
6391 perms = SEM__SETATTR;
6392 break;
6393 case IPC_STAT:
6394 case SEM_STAT:
6395 case SEM_STAT_ANY:
6396 perms = SEM__GETATTR | SEM__ASSOCIATE;
6397 break;
6398 default:
6399 return 0;
6400 }
6401
6402 err = ipc_has_perm(sma, perms);
6403 return err;
6404}
6405
6406static int selinux_sem_semop(struct kern_ipc_perm *sma,
6407 struct sembuf *sops, unsigned nsops, int alter)
6408{
6409 u32 perms;
6410
6411 if (alter)
6412 perms = SEM__READ | SEM__WRITE;
6413 else
6414 perms = SEM__READ;
6415
6416 return ipc_has_perm(sma, perms);
6417}
6418
6419static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
6420{
6421 u32 av = 0;
6422
6423 av = 0;
6424 if (flag & S_IRUGO)
6425 av |= IPC__UNIX_READ;
6426 if (flag & S_IWUGO)
6427 av |= IPC__UNIX_WRITE;
6428
6429 if (av == 0)
6430 return 0;
6431
6432 return ipc_has_perm(ipcp, av);
6433}
6434
6435static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
6436{
6437 struct ipc_security_struct *isec = selinux_ipc(ipcp);
6438 *secid = isec->sid;
6439}
6440
6441static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
6442{
6443 if (inode)
6444 inode_doinit_with_dentry(inode, dentry);
6445}
6446
6447static int selinux_getprocattr(struct task_struct *p,
6448 char *name, char **value)
6449{
6450 const struct task_security_struct *__tsec;
6451 u32 sid;
6452 int error;
6453 unsigned len;
6454
6455 rcu_read_lock();
6456 __tsec = selinux_cred(__task_cred(p));
6457
6458 if (current != p) {
6459 error = avc_has_perm(&selinux_state,
6460 current_sid(), __tsec->sid,
6461 SECCLASS_PROCESS, PROCESS__GETATTR, NULL);
6462 if (error)
6463 goto bad;
6464 }
6465
6466 if (!strcmp(name, "current"))
6467 sid = __tsec->sid;
6468 else if (!strcmp(name, "prev"))
6469 sid = __tsec->osid;
6470 else if (!strcmp(name, "exec"))
6471 sid = __tsec->exec_sid;
6472 else if (!strcmp(name, "fscreate"))
6473 sid = __tsec->create_sid;
6474 else if (!strcmp(name, "keycreate"))
6475 sid = __tsec->keycreate_sid;
6476 else if (!strcmp(name, "sockcreate"))
6477 sid = __tsec->sockcreate_sid;
6478 else {
6479 error = -EINVAL;
6480 goto bad;
6481 }
6482 rcu_read_unlock();
6483
6484 if (!sid)
6485 return 0;
6486
6487 error = security_sid_to_context(&selinux_state, sid, value, &len);
6488 if (error)
6489 return error;
6490 return len;
6491
6492bad:
6493 rcu_read_unlock();
6494 return error;
6495}
6496
6497static int selinux_setprocattr(const char *name, void *value, size_t size)
6498{
6499 struct task_security_struct *tsec;
6500 struct cred *new;
6501 u32 mysid = current_sid(), sid = 0, ptsid;
6502 int error;
6503 char *str = value;
6504
6505
6506
6507
6508 if (!strcmp(name, "exec"))
6509 error = avc_has_perm(&selinux_state,
6510 mysid, mysid, SECCLASS_PROCESS,
6511 PROCESS__SETEXEC, NULL);
6512 else if (!strcmp(name, "fscreate"))
6513 error = avc_has_perm(&selinux_state,
6514 mysid, mysid, SECCLASS_PROCESS,
6515 PROCESS__SETFSCREATE, NULL);
6516 else if (!strcmp(name, "keycreate"))
6517 error = avc_has_perm(&selinux_state,
6518 mysid, mysid, SECCLASS_PROCESS,
6519 PROCESS__SETKEYCREATE, NULL);
6520 else if (!strcmp(name, "sockcreate"))
6521 error = avc_has_perm(&selinux_state,
6522 mysid, mysid, SECCLASS_PROCESS,
6523 PROCESS__SETSOCKCREATE, NULL);
6524 else if (!strcmp(name, "current"))
6525 error = avc_has_perm(&selinux_state,
6526 mysid, mysid, SECCLASS_PROCESS,
6527 PROCESS__SETCURRENT, NULL);
6528 else
6529 error = -EINVAL;
6530 if (error)
6531 return error;
6532
6533
6534 if (size && str[0] && str[0] != '\n') {
6535 if (str[size-1] == '\n') {
6536 str[size-1] = 0;
6537 size--;
6538 }
6539 error = security_context_to_sid(&selinux_state, value, size,
6540 &sid, GFP_KERNEL);
6541 if (error == -EINVAL && !strcmp(name, "fscreate")) {
6542 if (!has_cap_mac_admin(true)) {
6543 struct audit_buffer *ab;
6544 size_t audit_size;
6545
6546
6547
6548 if (str[size - 1] == '\0')
6549 audit_size = size - 1;
6550 else
6551 audit_size = size;
6552 ab = audit_log_start(audit_context(),
6553 GFP_ATOMIC,
6554 AUDIT_SELINUX_ERR);
6555 audit_log_format(ab, "op=fscreate invalid_context=");
6556 audit_log_n_untrustedstring(ab, value, audit_size);
6557 audit_log_end(ab);
6558
6559 return error;
6560 }
6561 error = security_context_to_sid_force(
6562 &selinux_state,
6563 value, size, &sid);
6564 }
6565 if (error)
6566 return error;
6567 }
6568
6569 new = prepare_creds();
6570 if (!new)
6571 return -ENOMEM;
6572
6573
6574
6575
6576
6577
6578
6579 tsec = selinux_cred(new);
6580 if (!strcmp(name, "exec")) {
6581 tsec->exec_sid = sid;
6582 } else if (!strcmp(name, "fscreate")) {
6583 tsec->create_sid = sid;
6584 } else if (!strcmp(name, "keycreate")) {
6585 if (sid) {
6586 error = avc_has_perm(&selinux_state, mysid, sid,
6587 SECCLASS_KEY, KEY__CREATE, NULL);
6588 if (error)
6589 goto abort_change;
6590 }
6591 tsec->keycreate_sid = sid;
6592 } else if (!strcmp(name, "sockcreate")) {
6593 tsec->sockcreate_sid = sid;
6594 } else if (!strcmp(name, "current")) {
6595 error = -EINVAL;
6596 if (sid == 0)
6597 goto abort_change;
6598
6599
6600 error = -EPERM;
6601 if (!current_is_single_threaded()) {
6602 error = security_bounded_transition(&selinux_state,
6603 tsec->sid, sid);
6604 if (error)
6605 goto abort_change;
6606 }
6607
6608
6609 error = avc_has_perm(&selinux_state,
6610 tsec->sid, sid, SECCLASS_PROCESS,
6611 PROCESS__DYNTRANSITION, NULL);
6612 if (error)
6613 goto abort_change;
6614
6615
6616
6617 ptsid = ptrace_parent_sid();
6618 if (ptsid != 0) {
6619 error = avc_has_perm(&selinux_state,
6620 ptsid, sid, SECCLASS_PROCESS,
6621 PROCESS__PTRACE, NULL);
6622 if (error)
6623 goto abort_change;
6624 }
6625
6626 tsec->sid = sid;
6627 } else {
6628 error = -EINVAL;
6629 goto abort_change;
6630 }
6631
6632 commit_creds(new);
6633 return size;
6634
6635abort_change:
6636 abort_creds(new);
6637 return error;
6638}
6639
6640static int selinux_ismaclabel(const char *name)
6641{
6642 return (strcmp(name, XATTR_SELINUX_SUFFIX) == 0);
6643}
6644
6645static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
6646{
6647 return security_sid_to_context(&selinux_state, secid,
6648 secdata, seclen);
6649}
6650
6651static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
6652{
6653 return security_context_to_sid(&selinux_state, secdata, seclen,
6654 secid, GFP_KERNEL);
6655}
6656
6657static void selinux_release_secctx(char *secdata, u32 seclen)
6658{
6659 kfree(secdata);
6660}
6661
6662static void selinux_inode_invalidate_secctx(struct inode *inode)
6663{
6664 struct inode_security_struct *isec = selinux_inode(inode);
6665
6666 spin_lock(&isec->lock);
6667 isec->initialized = LABEL_INVALID;
6668 spin_unlock(&isec->lock);
6669}
6670
6671
6672
6673
6674static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
6675{
6676 int rc = selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX,
6677 ctx, ctxlen, 0);
6678
6679 return rc == -EOPNOTSUPP ? 0 : rc;
6680}
6681
6682
6683
6684
6685static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
6686{
6687 return __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_SELINUX,
6688 ctx, ctxlen, 0);
6689}
6690
6691static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
6692{
6693 int len = 0;
6694 len = selinux_inode_getsecurity(&init_user_ns, inode,
6695 XATTR_SELINUX_SUFFIX, ctx, true);
6696 if (len < 0)
6697 return len;
6698 *ctxlen = len;
6699 return 0;
6700}
6701#ifdef CONFIG_KEYS
6702
6703static int selinux_key_alloc(struct key *k, const struct cred *cred,
6704 unsigned long flags)
6705{
6706 const struct task_security_struct *tsec;
6707 struct key_security_struct *ksec;
6708
6709 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
6710 if (!ksec)
6711 return -ENOMEM;
6712
6713 tsec = selinux_cred(cred);
6714 if (tsec->keycreate_sid)
6715 ksec->sid = tsec->keycreate_sid;
6716 else
6717 ksec->sid = tsec->sid;
6718
6719 k->security = ksec;
6720 return 0;
6721}
6722
6723static void selinux_key_free(struct key *k)
6724{
6725 struct key_security_struct *ksec = k->security;
6726
6727 k->security = NULL;
6728 kfree(ksec);
6729}
6730
6731static int selinux_key_permission(key_ref_t key_ref,
6732 const struct cred *cred,
6733 enum key_need_perm need_perm)
6734{
6735 struct key *key;
6736 struct key_security_struct *ksec;
6737 u32 perm, sid;
6738
6739 switch (need_perm) {
6740 case KEY_NEED_VIEW:
6741 perm = KEY__VIEW;
6742 break;
6743 case KEY_NEED_READ:
6744 perm = KEY__READ;
6745 break;
6746 case KEY_NEED_WRITE:
6747 perm = KEY__WRITE;
6748 break;
6749 case KEY_NEED_SEARCH:
6750 perm = KEY__SEARCH;
6751 break;
6752 case KEY_NEED_LINK:
6753 perm = KEY__LINK;
6754 break;
6755 case KEY_NEED_SETATTR:
6756 perm = KEY__SETATTR;
6757 break;
6758 case KEY_NEED_UNLINK:
6759 case KEY_SYSADMIN_OVERRIDE:
6760 case KEY_AUTHTOKEN_OVERRIDE:
6761 case KEY_DEFER_PERM_CHECK:
6762 return 0;
6763 default:
6764 WARN_ON(1);
6765 return -EPERM;
6766
6767 }
6768
6769 sid = cred_sid(cred);
6770 key = key_ref_to_ptr(key_ref);
6771 ksec = key->security;
6772
6773 return avc_has_perm(&selinux_state,
6774 sid, ksec->sid, SECCLASS_KEY, perm, NULL);
6775}
6776
6777static int selinux_key_getsecurity(struct key *key, char **_buffer)
6778{
6779 struct key_security_struct *ksec = key->security;
6780 char *context = NULL;
6781 unsigned len;
6782 int rc;
6783
6784 rc = security_sid_to_context(&selinux_state, ksec->sid,
6785 &context, &len);
6786 if (!rc)
6787 rc = len;
6788 *_buffer = context;
6789 return rc;
6790}
6791
6792#ifdef CONFIG_KEY_NOTIFICATIONS
6793static int selinux_watch_key(struct key *key)
6794{
6795 struct key_security_struct *ksec = key->security;
6796 u32 sid = current_sid();
6797
6798 return avc_has_perm(&selinux_state,
6799 sid, ksec->sid, SECCLASS_KEY, KEY__VIEW, NULL);
6800}
6801#endif
6802#endif
6803
6804#ifdef CONFIG_SECURITY_INFINIBAND
6805static int selinux_ib_pkey_access(void *ib_sec, u64 subnet_prefix, u16 pkey_val)
6806{
6807 struct common_audit_data ad;
6808 int err;
6809 u32 sid = 0;
6810 struct ib_security_struct *sec = ib_sec;
6811 struct lsm_ibpkey_audit ibpkey;
6812
6813 err = sel_ib_pkey_sid(subnet_prefix, pkey_val, &sid);
6814 if (err)
6815 return err;
6816
6817 ad.type = LSM_AUDIT_DATA_IBPKEY;
6818 ibpkey.subnet_prefix = subnet_prefix;
6819 ibpkey.pkey = pkey_val;
6820 ad.u.ibpkey = &ibpkey;
6821 return avc_has_perm(&selinux_state,
6822 sec->sid, sid,
6823 SECCLASS_INFINIBAND_PKEY,
6824 INFINIBAND_PKEY__ACCESS, &ad);
6825}
6826
6827static int selinux_ib_endport_manage_subnet(void *ib_sec, const char *dev_name,
6828 u8 port_num)
6829{
6830 struct common_audit_data ad;
6831 int err;
6832 u32 sid = 0;
6833 struct ib_security_struct *sec = ib_sec;
6834 struct lsm_ibendport_audit ibendport;
6835
6836 err = security_ib_endport_sid(&selinux_state, dev_name, port_num,
6837 &sid);
6838
6839 if (err)
6840 return err;
6841
6842 ad.type = LSM_AUDIT_DATA_IBENDPORT;
6843 ibendport.dev_name = dev_name;
6844 ibendport.port = port_num;
6845 ad.u.ibendport = &ibendport;
6846 return avc_has_perm(&selinux_state,
6847 sec->sid, sid,
6848 SECCLASS_INFINIBAND_ENDPORT,
6849 INFINIBAND_ENDPORT__MANAGE_SUBNET, &ad);
6850}
6851
6852static int selinux_ib_alloc_security(void **ib_sec)
6853{
6854 struct ib_security_struct *sec;
6855
6856 sec = kzalloc(sizeof(*sec), GFP_KERNEL);
6857 if (!sec)
6858 return -ENOMEM;
6859 sec->sid = current_sid();
6860
6861 *ib_sec = sec;
6862 return 0;
6863}
6864
6865static void selinux_ib_free_security(void *ib_sec)
6866{
6867 kfree(ib_sec);
6868}
6869#endif
6870
6871#ifdef CONFIG_BPF_SYSCALL
6872static int selinux_bpf(int cmd, union bpf_attr *attr,
6873 unsigned int size)
6874{
6875 u32 sid = current_sid();
6876 int ret;
6877
6878 switch (cmd) {
6879 case BPF_MAP_CREATE:
6880 ret = avc_has_perm(&selinux_state,
6881 sid, sid, SECCLASS_BPF, BPF__MAP_CREATE,
6882 NULL);
6883 break;
6884 case BPF_PROG_LOAD:
6885 ret = avc_has_perm(&selinux_state,
6886 sid, sid, SECCLASS_BPF, BPF__PROG_LOAD,
6887 NULL);
6888 break;
6889 default:
6890 ret = 0;
6891 break;
6892 }
6893
6894 return ret;
6895}
6896
6897static u32 bpf_map_fmode_to_av(fmode_t fmode)
6898{
6899 u32 av = 0;
6900
6901 if (fmode & FMODE_READ)
6902 av |= BPF__MAP_READ;
6903 if (fmode & FMODE_WRITE)
6904 av |= BPF__MAP_WRITE;
6905 return av;
6906}
6907
6908
6909
6910
6911
6912
6913
6914
6915
6916static int bpf_fd_pass(struct file *file, u32 sid)
6917{
6918 struct bpf_security_struct *bpfsec;
6919 struct bpf_prog *prog;
6920 struct bpf_map *map;
6921 int ret;
6922
6923 if (file->f_op == &bpf_map_fops) {
6924 map = file->private_data;
6925 bpfsec = map->security;
6926 ret = avc_has_perm(&selinux_state,
6927 sid, bpfsec->sid, SECCLASS_BPF,
6928 bpf_map_fmode_to_av(file->f_mode), NULL);
6929 if (ret)
6930 return ret;
6931 } else if (file->f_op == &bpf_prog_fops) {
6932 prog = file->private_data;
6933 bpfsec = prog->aux->security;
6934 ret = avc_has_perm(&selinux_state,
6935 sid, bpfsec->sid, SECCLASS_BPF,
6936 BPF__PROG_RUN, NULL);
6937 if (ret)
6938 return ret;
6939 }
6940 return 0;
6941}
6942
6943static int selinux_bpf_map(struct bpf_map *map, fmode_t fmode)
6944{
6945 u32 sid = current_sid();
6946 struct bpf_security_struct *bpfsec;
6947
6948 bpfsec = map->security;
6949 return avc_has_perm(&selinux_state,
6950 sid, bpfsec->sid, SECCLASS_BPF,
6951 bpf_map_fmode_to_av(fmode), NULL);
6952}
6953
6954static int selinux_bpf_prog(struct bpf_prog *prog)
6955{
6956 u32 sid = current_sid();
6957 struct bpf_security_struct *bpfsec;
6958
6959 bpfsec = prog->aux->security;
6960 return avc_has_perm(&selinux_state,
6961 sid, bpfsec->sid, SECCLASS_BPF,
6962 BPF__PROG_RUN, NULL);
6963}
6964
6965static int selinux_bpf_map_alloc(struct bpf_map *map)
6966{
6967 struct bpf_security_struct *bpfsec;
6968
6969 bpfsec = kzalloc(sizeof(*bpfsec), GFP_KERNEL);
6970 if (!bpfsec)
6971 return -ENOMEM;
6972
6973 bpfsec->sid = current_sid();
6974 map->security = bpfsec;
6975
6976 return 0;
6977}
6978
6979static void selinux_bpf_map_free(struct bpf_map *map)
6980{
6981 struct bpf_security_struct *bpfsec = map->security;
6982
6983 map->security = NULL;
6984 kfree(bpfsec);
6985}
6986
6987static int selinux_bpf_prog_alloc(struct bpf_prog_aux *aux)
6988{
6989 struct bpf_security_struct *bpfsec;
6990
6991 bpfsec = kzalloc(sizeof(*bpfsec), GFP_KERNEL);
6992 if (!bpfsec)
6993 return -ENOMEM;
6994
6995 bpfsec->sid = current_sid();
6996 aux->security = bpfsec;
6997
6998 return 0;
6999}
7000
7001static void selinux_bpf_prog_free(struct bpf_prog_aux *aux)
7002{
7003 struct bpf_security_struct *bpfsec = aux->security;
7004
7005 aux->security = NULL;
7006 kfree(bpfsec);
7007}
7008#endif
7009
7010static int selinux_lockdown(enum lockdown_reason what)
7011{
7012 struct common_audit_data ad;
7013 u32 sid = current_sid();
7014 int invalid_reason = (what <= LOCKDOWN_NONE) ||
7015 (what == LOCKDOWN_INTEGRITY_MAX) ||
7016 (what >= LOCKDOWN_CONFIDENTIALITY_MAX);
7017
7018 if (WARN(invalid_reason, "Invalid lockdown reason")) {
7019 audit_log(audit_context(),
7020 GFP_ATOMIC, AUDIT_SELINUX_ERR,
7021 "lockdown_reason=invalid");
7022 return -EINVAL;
7023 }
7024
7025 ad.type = LSM_AUDIT_DATA_LOCKDOWN;
7026 ad.u.reason = what;
7027
7028 if (what <= LOCKDOWN_INTEGRITY_MAX)
7029 return avc_has_perm(&selinux_state,
7030 sid, sid, SECCLASS_LOCKDOWN,
7031 LOCKDOWN__INTEGRITY, &ad);
7032 else
7033 return avc_has_perm(&selinux_state,
7034 sid, sid, SECCLASS_LOCKDOWN,
7035 LOCKDOWN__CONFIDENTIALITY, &ad);
7036}
7037
7038struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = {
7039 .lbs_cred = sizeof(struct task_security_struct),
7040 .lbs_file = sizeof(struct file_security_struct),
7041 .lbs_inode = sizeof(struct inode_security_struct),
7042 .lbs_ipc = sizeof(struct ipc_security_struct),
7043 .lbs_msg_msg = sizeof(struct msg_security_struct),
7044 .lbs_superblock = sizeof(struct superblock_security_struct),
7045};
7046
7047#ifdef CONFIG_PERF_EVENTS
7048static int selinux_perf_event_open(struct perf_event_attr *attr, int type)
7049{
7050 u32 requested, sid = current_sid();
7051
7052 if (type == PERF_SECURITY_OPEN)
7053 requested = PERF_EVENT__OPEN;
7054 else if (type == PERF_SECURITY_CPU)
7055 requested = PERF_EVENT__CPU;
7056 else if (type == PERF_SECURITY_KERNEL)
7057 requested = PERF_EVENT__KERNEL;
7058 else if (type == PERF_SECURITY_TRACEPOINT)
7059 requested = PERF_EVENT__TRACEPOINT;
7060 else
7061 return -EINVAL;
7062
7063 return avc_has_perm(&selinux_state, sid, sid, SECCLASS_PERF_EVENT,
7064 requested, NULL);
7065}
7066
7067static int selinux_perf_event_alloc(struct perf_event *event)
7068{
7069 struct perf_event_security_struct *perfsec;
7070
7071 perfsec = kzalloc(sizeof(*perfsec), GFP_KERNEL);
7072 if (!perfsec)
7073 return -ENOMEM;
7074
7075 perfsec->sid = current_sid();
7076 event->security = perfsec;
7077
7078 return 0;
7079}
7080
7081static void selinux_perf_event_free(struct perf_event *event)
7082{
7083 struct perf_event_security_struct *perfsec = event->security;
7084
7085 event->security = NULL;
7086 kfree(perfsec);
7087}
7088
7089static int selinux_perf_event_read(struct perf_event *event)
7090{
7091 struct perf_event_security_struct *perfsec = event->security;
7092 u32 sid = current_sid();
7093
7094 return avc_has_perm(&selinux_state, sid, perfsec->sid,
7095 SECCLASS_PERF_EVENT, PERF_EVENT__READ, NULL);
7096}
7097
7098static int selinux_perf_event_write(struct perf_event *event)
7099{
7100 struct perf_event_security_struct *perfsec = event->security;
7101 u32 sid = current_sid();
7102
7103 return avc_has_perm(&selinux_state, sid, perfsec->sid,
7104 SECCLASS_PERF_EVENT, PERF_EVENT__WRITE, NULL);
7105}
7106#endif
7107
7108
7109
7110
7111
7112
7113
7114
7115
7116
7117
7118
7119
7120
7121
7122
7123static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
7124 LSM_HOOK_INIT(binder_set_context_mgr, selinux_binder_set_context_mgr),
7125 LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction),
7126 LSM_HOOK_INIT(binder_transfer_binder, selinux_binder_transfer_binder),
7127 LSM_HOOK_INIT(binder_transfer_file, selinux_binder_transfer_file),
7128
7129 LSM_HOOK_INIT(ptrace_access_check, selinux_ptrace_access_check),
7130 LSM_HOOK_INIT(ptrace_traceme, selinux_ptrace_traceme),
7131 LSM_HOOK_INIT(capget, selinux_capget),
7132 LSM_HOOK_INIT(capset, selinux_capset),
7133 LSM_HOOK_INIT(capable, selinux_capable),
7134 LSM_HOOK_INIT(quotactl, selinux_quotactl),
7135 LSM_HOOK_INIT(quota_on, selinux_quota_on),
7136 LSM_HOOK_INIT(syslog, selinux_syslog),
7137 LSM_HOOK_INIT(vm_enough_memory, selinux_vm_enough_memory),
7138
7139 LSM_HOOK_INIT(netlink_send, selinux_netlink_send),
7140
7141 LSM_HOOK_INIT(bprm_creds_for_exec, selinux_bprm_creds_for_exec),
7142 LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds),
7143 LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds),
7144
7145 LSM_HOOK_INIT(sb_free_mnt_opts, selinux_free_mnt_opts),
7146 LSM_HOOK_INIT(sb_mnt_opts_compat, selinux_sb_mnt_opts_compat),
7147 LSM_HOOK_INIT(sb_remount, selinux_sb_remount),
7148 LSM_HOOK_INIT(sb_kern_mount, selinux_sb_kern_mount),
7149 LSM_HOOK_INIT(sb_show_options, selinux_sb_show_options),
7150 LSM_HOOK_INIT(sb_statfs, selinux_sb_statfs),
7151 LSM_HOOK_INIT(sb_mount, selinux_mount),
7152 LSM_HOOK_INIT(sb_umount, selinux_umount),
7153 LSM_HOOK_INIT(sb_set_mnt_opts, selinux_set_mnt_opts),
7154 LSM_HOOK_INIT(sb_clone_mnt_opts, selinux_sb_clone_mnt_opts),
7155
7156 LSM_HOOK_INIT(move_mount, selinux_move_mount),
7157
7158 LSM_HOOK_INIT(dentry_init_security, selinux_dentry_init_security),
7159 LSM_HOOK_INIT(dentry_create_files_as, selinux_dentry_create_files_as),
7160
7161 LSM_HOOK_INIT(inode_free_security, selinux_inode_free_security),
7162 LSM_HOOK_INIT(inode_init_security, selinux_inode_init_security),
7163 LSM_HOOK_INIT(inode_init_security_anon, selinux_inode_init_security_anon),
7164 LSM_HOOK_INIT(inode_create, selinux_inode_create),
7165 LSM_HOOK_INIT(inode_link, selinux_inode_link),
7166 LSM_HOOK_INIT(inode_unlink, selinux_inode_unlink),
7167 LSM_HOOK_INIT(inode_symlink, selinux_inode_symlink),
7168 LSM_HOOK_INIT(inode_mkdir, selinux_inode_mkdir),
7169 LSM_HOOK_INIT(inode_rmdir, selinux_inode_rmdir),
7170 LSM_HOOK_INIT(inode_mknod, selinux_inode_mknod),
7171 LSM_HOOK_INIT(inode_rename, selinux_inode_rename),
7172 LSM_HOOK_INIT(inode_readlink, selinux_inode_readlink),
7173 LSM_HOOK_INIT(inode_follow_link, selinux_inode_follow_link),
7174 LSM_HOOK_INIT(inode_permission, selinux_inode_permission),
7175 LSM_HOOK_INIT(inode_setattr, selinux_inode_setattr),
7176 LSM_HOOK_INIT(inode_getattr, selinux_inode_getattr),
7177 LSM_HOOK_INIT(inode_setxattr, selinux_inode_setxattr),
7178 LSM_HOOK_INIT(inode_post_setxattr, selinux_inode_post_setxattr),
7179 LSM_HOOK_INIT(inode_getxattr, selinux_inode_getxattr),
7180 LSM_HOOK_INIT(inode_listxattr, selinux_inode_listxattr),
7181 LSM_HOOK_INIT(inode_removexattr, selinux_inode_removexattr),
7182 LSM_HOOK_INIT(inode_getsecurity, selinux_inode_getsecurity),
7183 LSM_HOOK_INIT(inode_setsecurity, selinux_inode_setsecurity),
7184 LSM_HOOK_INIT(inode_listsecurity, selinux_inode_listsecurity),
7185 LSM_HOOK_INIT(inode_getsecid, selinux_inode_getsecid),
7186 LSM_HOOK_INIT(inode_copy_up, selinux_inode_copy_up),
7187 LSM_HOOK_INIT(inode_copy_up_xattr, selinux_inode_copy_up_xattr),
7188 LSM_HOOK_INIT(path_notify, selinux_path_notify),
7189
7190 LSM_HOOK_INIT(kernfs_init_security, selinux_kernfs_init_security),
7191
7192 LSM_HOOK_INIT(file_permission, selinux_file_permission),
7193 LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security),
7194 LSM_HOOK_INIT(file_ioctl, selinux_file_ioctl),
7195 LSM_HOOK_INIT(mmap_file, selinux_mmap_file),
7196 LSM_HOOK_INIT(mmap_addr, selinux_mmap_addr),
7197 LSM_HOOK_INIT(file_mprotect, selinux_file_mprotect),
7198 LSM_HOOK_INIT(file_lock, selinux_file_lock),
7199 LSM_HOOK_INIT(file_fcntl, selinux_file_fcntl),
7200 LSM_HOOK_INIT(file_set_fowner, selinux_file_set_fowner),
7201 LSM_HOOK_INIT(file_send_sigiotask, selinux_file_send_sigiotask),
7202 LSM_HOOK_INIT(file_receive, selinux_file_receive),
7203
7204 LSM_HOOK_INIT(file_open, selinux_file_open),
7205
7206 LSM_HOOK_INIT(task_alloc, selinux_task_alloc),
7207 LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare),
7208 LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer),
7209 LSM_HOOK_INIT(cred_getsecid, selinux_cred_getsecid),
7210 LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as),
7211 LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as),
7212 LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request),
7213 LSM_HOOK_INIT(kernel_load_data, selinux_kernel_load_data),
7214 LSM_HOOK_INIT(kernel_read_file, selinux_kernel_read_file),
7215 LSM_HOOK_INIT(task_setpgid, selinux_task_setpgid),
7216 LSM_HOOK_INIT(task_getpgid, selinux_task_getpgid),
7217 LSM_HOOK_INIT(task_getsid, selinux_task_getsid),
7218 LSM_HOOK_INIT(task_getsecid_subj, selinux_task_getsecid_subj),
7219 LSM_HOOK_INIT(task_getsecid_obj, selinux_task_getsecid_obj),
7220 LSM_HOOK_INIT(task_setnice, selinux_task_setnice),
7221 LSM_HOOK_INIT(task_setioprio, selinux_task_setioprio),
7222 LSM_HOOK_INIT(task_getioprio, selinux_task_getioprio),
7223 LSM_HOOK_INIT(task_prlimit, selinux_task_prlimit),
7224 LSM_HOOK_INIT(task_setrlimit, selinux_task_setrlimit),
7225 LSM_HOOK_INIT(task_setscheduler, selinux_task_setscheduler),
7226 LSM_HOOK_INIT(task_getscheduler, selinux_task_getscheduler),
7227 LSM_HOOK_INIT(task_movememory, selinux_task_movememory),
7228 LSM_HOOK_INIT(task_kill, selinux_task_kill),
7229 LSM_HOOK_INIT(task_to_inode, selinux_task_to_inode),
7230
7231 LSM_HOOK_INIT(ipc_permission, selinux_ipc_permission),
7232 LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid),
7233
7234 LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate),
7235 LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl),
7236 LSM_HOOK_INIT(msg_queue_msgsnd, selinux_msg_queue_msgsnd),
7237 LSM_HOOK_INIT(msg_queue_msgrcv, selinux_msg_queue_msgrcv),
7238
7239 LSM_HOOK_INIT(shm_associate, selinux_shm_associate),
7240 LSM_HOOK_INIT(shm_shmctl, selinux_shm_shmctl),
7241 LSM_HOOK_INIT(shm_shmat, selinux_shm_shmat),
7242
7243 LSM_HOOK_INIT(sem_associate, selinux_sem_associate),
7244 LSM_HOOK_INIT(sem_semctl, selinux_sem_semctl),
7245 LSM_HOOK_INIT(sem_semop, selinux_sem_semop),
7246
7247 LSM_HOOK_INIT(d_instantiate, selinux_d_instantiate),
7248
7249 LSM_HOOK_INIT(getprocattr, selinux_getprocattr),
7250 LSM_HOOK_INIT(setprocattr, selinux_setprocattr),
7251
7252 LSM_HOOK_INIT(ismaclabel, selinux_ismaclabel),
7253 LSM_HOOK_INIT(secctx_to_secid, selinux_secctx_to_secid),
7254 LSM_HOOK_INIT(release_secctx, selinux_release_secctx),
7255 LSM_HOOK_INIT(inode_invalidate_secctx, selinux_inode_invalidate_secctx),
7256 LSM_HOOK_INIT(inode_notifysecctx, selinux_inode_notifysecctx),
7257 LSM_HOOK_INIT(inode_setsecctx, selinux_inode_setsecctx),
7258
7259 LSM_HOOK_INIT(unix_stream_connect, selinux_socket_unix_stream_connect),
7260 LSM_HOOK_INIT(unix_may_send, selinux_socket_unix_may_send),
7261
7262 LSM_HOOK_INIT(socket_create, selinux_socket_create),
7263 LSM_HOOK_INIT(socket_post_create, selinux_socket_post_create),
7264 LSM_HOOK_INIT(socket_socketpair, selinux_socket_socketpair),
7265 LSM_HOOK_INIT(socket_bind, selinux_socket_bind),
7266 LSM_HOOK_INIT(socket_connect, selinux_socket_connect),
7267 LSM_HOOK_INIT(socket_listen, selinux_socket_listen),
7268 LSM_HOOK_INIT(socket_accept, selinux_socket_accept),
7269 LSM_HOOK_INIT(socket_sendmsg, selinux_socket_sendmsg),
7270 LSM_HOOK_INIT(socket_recvmsg, selinux_socket_recvmsg),
7271 LSM_HOOK_INIT(socket_getsockname, selinux_socket_getsockname),
7272 LSM_HOOK_INIT(socket_getpeername, selinux_socket_getpeername),
7273 LSM_HOOK_INIT(socket_getsockopt, selinux_socket_getsockopt),
7274 LSM_HOOK_INIT(socket_setsockopt, selinux_socket_setsockopt),
7275 LSM_HOOK_INIT(socket_shutdown, selinux_socket_shutdown),
7276 LSM_HOOK_INIT(socket_sock_rcv_skb, selinux_socket_sock_rcv_skb),
7277 LSM_HOOK_INIT(socket_getpeersec_stream,
7278 selinux_socket_getpeersec_stream),
7279 LSM_HOOK_INIT(socket_getpeersec_dgram, selinux_socket_getpeersec_dgram),
7280 LSM_HOOK_INIT(sk_free_security, selinux_sk_free_security),
7281 LSM_HOOK_INIT(sk_clone_security, selinux_sk_clone_security),
7282 LSM_HOOK_INIT(sk_getsecid, selinux_sk_getsecid),
7283 LSM_HOOK_INIT(sock_graft, selinux_sock_graft),
7284 LSM_HOOK_INIT(sctp_assoc_request, selinux_sctp_assoc_request),
7285 LSM_HOOK_INIT(sctp_sk_clone, selinux_sctp_sk_clone),
7286 LSM_HOOK_INIT(sctp_bind_connect, selinux_sctp_bind_connect),
7287 LSM_HOOK_INIT(inet_conn_request, selinux_inet_conn_request),
7288 LSM_HOOK_INIT(inet_csk_clone, selinux_inet_csk_clone),
7289 LSM_HOOK_INIT(inet_conn_established, selinux_inet_conn_established),
7290 LSM_HOOK_INIT(secmark_relabel_packet, selinux_secmark_relabel_packet),
7291 LSM_HOOK_INIT(secmark_refcount_inc, selinux_secmark_refcount_inc),
7292 LSM_HOOK_INIT(secmark_refcount_dec, selinux_secmark_refcount_dec),
7293 LSM_HOOK_INIT(req_classify_flow, selinux_req_classify_flow),
7294 LSM_HOOK_INIT(tun_dev_free_security, selinux_tun_dev_free_security),
7295 LSM_HOOK_INIT(tun_dev_create, selinux_tun_dev_create),
7296 LSM_HOOK_INIT(tun_dev_attach_queue, selinux_tun_dev_attach_queue),
7297 LSM_HOOK_INIT(tun_dev_attach, selinux_tun_dev_attach),
7298 LSM_HOOK_INIT(tun_dev_open, selinux_tun_dev_open),
7299#ifdef CONFIG_SECURITY_INFINIBAND
7300 LSM_HOOK_INIT(ib_pkey_access, selinux_ib_pkey_access),
7301 LSM_HOOK_INIT(ib_endport_manage_subnet,
7302 selinux_ib_endport_manage_subnet),
7303 LSM_HOOK_INIT(ib_free_security, selinux_ib_free_security),
7304#endif
7305#ifdef CONFIG_SECURITY_NETWORK_XFRM
7306 LSM_HOOK_INIT(xfrm_policy_free_security, selinux_xfrm_policy_free),
7307 LSM_HOOK_INIT(xfrm_policy_delete_security, selinux_xfrm_policy_delete),
7308 LSM_HOOK_INIT(xfrm_state_free_security, selinux_xfrm_state_free),
7309 LSM_HOOK_INIT(xfrm_state_delete_security, selinux_xfrm_state_delete),
7310 LSM_HOOK_INIT(xfrm_policy_lookup, selinux_xfrm_policy_lookup),
7311 LSM_HOOK_INIT(xfrm_state_pol_flow_match,
7312 selinux_xfrm_state_pol_flow_match),
7313 LSM_HOOK_INIT(xfrm_decode_session, selinux_xfrm_decode_session),
7314#endif
7315
7316#ifdef CONFIG_KEYS
7317 LSM_HOOK_INIT(key_free, selinux_key_free),
7318 LSM_HOOK_INIT(key_permission, selinux_key_permission),
7319 LSM_HOOK_INIT(key_getsecurity, selinux_key_getsecurity),
7320#ifdef CONFIG_KEY_NOTIFICATIONS
7321 LSM_HOOK_INIT(watch_key, selinux_watch_key),
7322#endif
7323#endif
7324
7325#ifdef CONFIG_AUDIT
7326 LSM_HOOK_INIT(audit_rule_known, selinux_audit_rule_known),
7327 LSM_HOOK_INIT(audit_rule_match, selinux_audit_rule_match),
7328 LSM_HOOK_INIT(audit_rule_free, selinux_audit_rule_free),
7329#endif
7330
7331#ifdef CONFIG_BPF_SYSCALL
7332 LSM_HOOK_INIT(bpf, selinux_bpf),
7333 LSM_HOOK_INIT(bpf_map, selinux_bpf_map),
7334 LSM_HOOK_INIT(bpf_prog, selinux_bpf_prog),
7335 LSM_HOOK_INIT(bpf_map_free_security, selinux_bpf_map_free),
7336 LSM_HOOK_INIT(bpf_prog_free_security, selinux_bpf_prog_free),
7337#endif
7338
7339#ifdef CONFIG_PERF_EVENTS
7340 LSM_HOOK_INIT(perf_event_open, selinux_perf_event_open),
7341 LSM_HOOK_INIT(perf_event_free, selinux_perf_event_free),
7342 LSM_HOOK_INIT(perf_event_read, selinux_perf_event_read),
7343 LSM_HOOK_INIT(perf_event_write, selinux_perf_event_write),
7344#endif
7345
7346 LSM_HOOK_INIT(locked_down, selinux_lockdown),
7347
7348
7349
7350
7351 LSM_HOOK_INIT(fs_context_dup, selinux_fs_context_dup),
7352 LSM_HOOK_INIT(fs_context_parse_param, selinux_fs_context_parse_param),
7353 LSM_HOOK_INIT(sb_eat_lsm_opts, selinux_sb_eat_lsm_opts),
7354 LSM_HOOK_INIT(sb_add_mnt_opt, selinux_add_mnt_opt),
7355#ifdef CONFIG_SECURITY_NETWORK_XFRM
7356 LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone),
7357#endif
7358
7359
7360
7361
7362 LSM_HOOK_INIT(msg_msg_alloc_security, selinux_msg_msg_alloc_security),
7363 LSM_HOOK_INIT(msg_queue_alloc_security,
7364 selinux_msg_queue_alloc_security),
7365 LSM_HOOK_INIT(shm_alloc_security, selinux_shm_alloc_security),
7366 LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security),
7367 LSM_HOOK_INIT(inode_alloc_security, selinux_inode_alloc_security),
7368 LSM_HOOK_INIT(sem_alloc_security, selinux_sem_alloc_security),
7369 LSM_HOOK_INIT(secid_to_secctx, selinux_secid_to_secctx),
7370 LSM_HOOK_INIT(inode_getsecctx, selinux_inode_getsecctx),
7371 LSM_HOOK_INIT(sk_alloc_security, selinux_sk_alloc_security),
7372 LSM_HOOK_INIT(tun_dev_alloc_security, selinux_tun_dev_alloc_security),
7373#ifdef CONFIG_SECURITY_INFINIBAND
7374 LSM_HOOK_INIT(ib_alloc_security, selinux_ib_alloc_security),
7375#endif
7376#ifdef CONFIG_SECURITY_NETWORK_XFRM
7377 LSM_HOOK_INIT(xfrm_policy_alloc_security, selinux_xfrm_policy_alloc),
7378 LSM_HOOK_INIT(xfrm_state_alloc, selinux_xfrm_state_alloc),
7379 LSM_HOOK_INIT(xfrm_state_alloc_acquire,
7380 selinux_xfrm_state_alloc_acquire),
7381#endif
7382#ifdef CONFIG_KEYS
7383 LSM_HOOK_INIT(key_alloc, selinux_key_alloc),
7384#endif
7385#ifdef CONFIG_AUDIT
7386 LSM_HOOK_INIT(audit_rule_init, selinux_audit_rule_init),
7387#endif
7388#ifdef CONFIG_BPF_SYSCALL
7389 LSM_HOOK_INIT(bpf_map_alloc_security, selinux_bpf_map_alloc),
7390 LSM_HOOK_INIT(bpf_prog_alloc_security, selinux_bpf_prog_alloc),
7391#endif
7392#ifdef CONFIG_PERF_EVENTS
7393 LSM_HOOK_INIT(perf_event_alloc, selinux_perf_event_alloc),
7394#endif
7395};
7396
7397static __init int selinux_init(void)
7398{
7399 pr_info("SELinux: Initializing.\n");
7400
7401 memset(&selinux_state, 0, sizeof(selinux_state));
7402 enforcing_set(&selinux_state, selinux_enforcing_boot);
7403 checkreqprot_set(&selinux_state, selinux_checkreqprot_boot);
7404 selinux_avc_init(&selinux_state.avc);
7405 mutex_init(&selinux_state.status_lock);
7406 mutex_init(&selinux_state.policy_mutex);
7407
7408
7409 cred_init_security();
7410
7411 default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
7412
7413 avc_init();
7414
7415 avtab_cache_init();
7416
7417 ebitmap_cache_init();
7418
7419 hashtab_cache_init();
7420
7421 security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux");
7422
7423 if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET))
7424 panic("SELinux: Unable to register AVC netcache callback\n");
7425
7426 if (avc_add_callback(selinux_lsm_notifier_avc_callback, AVC_CALLBACK_RESET))
7427 panic("SELinux: Unable to register AVC LSM notifier callback\n");
7428
7429 if (selinux_enforcing_boot)
7430 pr_debug("SELinux: Starting in enforcing mode\n");
7431 else
7432 pr_debug("SELinux: Starting in permissive mode\n");
7433
7434 fs_validate_description("selinux", selinux_fs_parameters);
7435
7436 return 0;
7437}
7438
7439static void delayed_superblock_init(struct super_block *sb, void *unused)
7440{
7441 selinux_set_mnt_opts(sb, NULL, 0, NULL);
7442}
7443
7444void selinux_complete_init(void)
7445{
7446 pr_debug("SELinux: Completing initialization.\n");
7447
7448
7449 pr_debug("SELinux: Setting up existing superblocks.\n");
7450 iterate_supers(delayed_superblock_init, NULL);
7451}
7452
7453
7454
7455DEFINE_LSM(selinux) = {
7456 .name = "selinux",
7457 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
7458 .enabled = &selinux_enabled_boot,
7459 .blobs = &selinux_blob_sizes,
7460 .init = selinux_init,
7461};
7462
7463#if defined(CONFIG_NETFILTER)
7464
7465static const struct nf_hook_ops selinux_nf_ops[] = {
7466 {
7467 .hook = selinux_ipv4_postroute,
7468 .pf = NFPROTO_IPV4,
7469 .hooknum = NF_INET_POST_ROUTING,
7470 .priority = NF_IP_PRI_SELINUX_LAST,
7471 },
7472 {
7473 .hook = selinux_ipv4_forward,
7474 .pf = NFPROTO_IPV4,
7475 .hooknum = NF_INET_FORWARD,
7476 .priority = NF_IP_PRI_SELINUX_FIRST,
7477 },
7478 {
7479 .hook = selinux_ipv4_output,
7480 .pf = NFPROTO_IPV4,
7481 .hooknum = NF_INET_LOCAL_OUT,
7482 .priority = NF_IP_PRI_SELINUX_FIRST,
7483 },
7484#if IS_ENABLED(CONFIG_IPV6)
7485 {
7486 .hook = selinux_ipv6_postroute,
7487 .pf = NFPROTO_IPV6,
7488 .hooknum = NF_INET_POST_ROUTING,
7489 .priority = NF_IP6_PRI_SELINUX_LAST,
7490 },
7491 {
7492 .hook = selinux_ipv6_forward,
7493 .pf = NFPROTO_IPV6,
7494 .hooknum = NF_INET_FORWARD,
7495 .priority = NF_IP6_PRI_SELINUX_FIRST,
7496 },
7497 {
7498 .hook = selinux_ipv6_output,
7499 .pf = NFPROTO_IPV6,
7500 .hooknum = NF_INET_LOCAL_OUT,
7501 .priority = NF_IP6_PRI_SELINUX_FIRST,
7502 },
7503#endif
7504};
7505
7506static int __net_init selinux_nf_register(struct net *net)
7507{
7508 return nf_register_net_hooks(net, selinux_nf_ops,
7509 ARRAY_SIZE(selinux_nf_ops));
7510}
7511
7512static void __net_exit selinux_nf_unregister(struct net *net)
7513{
7514 nf_unregister_net_hooks(net, selinux_nf_ops,
7515 ARRAY_SIZE(selinux_nf_ops));
7516}
7517
7518static struct pernet_operations selinux_net_ops = {
7519 .init = selinux_nf_register,
7520 .exit = selinux_nf_unregister,
7521};
7522
7523static int __init selinux_nf_ip_init(void)
7524{
7525 int err;
7526
7527 if (!selinux_enabled_boot)
7528 return 0;
7529
7530 pr_debug("SELinux: Registering netfilter hooks\n");
7531
7532 err = register_pernet_subsys(&selinux_net_ops);
7533 if (err)
7534 panic("SELinux: register_pernet_subsys: error %d\n", err);
7535
7536 return 0;
7537}
7538__initcall(selinux_nf_ip_init);
7539
7540#ifdef CONFIG_SECURITY_SELINUX_DISABLE
7541static void selinux_nf_ip_exit(void)
7542{
7543 pr_debug("SELinux: Unregistering netfilter hooks\n");
7544
7545 unregister_pernet_subsys(&selinux_net_ops);
7546}
7547#endif
7548
7549#else
7550
7551#ifdef CONFIG_SECURITY_SELINUX_DISABLE
7552#define selinux_nf_ip_exit()
7553#endif
7554
7555#endif
7556
7557#ifdef CONFIG_SECURITY_SELINUX_DISABLE
7558int selinux_disable(struct selinux_state *state)
7559{
7560 if (selinux_initialized(state)) {
7561
7562 return -EINVAL;
7563 }
7564
7565 if (selinux_disabled(state)) {
7566
7567 return -EINVAL;
7568 }
7569
7570 selinux_mark_disabled(state);
7571
7572 pr_info("SELinux: Disabled at runtime.\n");
7573
7574
7575
7576
7577
7578
7579 selinux_nf_ip_exit();
7580
7581 security_delete_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks));
7582
7583
7584 avc_disable();
7585
7586
7587 exit_sel_fs();
7588
7589 return 0;
7590}
7591#endif
7592