1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26#include <linux/init.h>
27#include <linux/kd.h>
28#include <linux/kernel.h>
29#include <linux/tracehook.h>
30#include <linux/errno.h>
31#include <linux/sched.h>
32#include <linux/lsm_hooks.h>
33#include <linux/xattr.h>
34#include <linux/capability.h>
35#include <linux/unistd.h>
36#include <linux/mm.h>
37#include <linux/mman.h>
38#include <linux/slab.h>
39#include <linux/pagemap.h>
40#include <linux/proc_fs.h>
41#include <linux/swap.h>
42#include <linux/spinlock.h>
43#include <linux/syscalls.h>
44#include <linux/dcache.h>
45#include <linux/file.h>
46#include <linux/fdtable.h>
47#include <linux/namei.h>
48#include <linux/mount.h>
49#include <linux/netfilter_ipv4.h>
50#include <linux/netfilter_ipv6.h>
51#include <linux/tty.h>
52#include <net/icmp.h>
53#include <net/ip.h>
54#include <net/tcp.h>
55#include <net/inet_connection_sock.h>
56#include <net/net_namespace.h>
57#include <net/netlabel.h>
58#include <linux/uaccess.h>
59#include <asm/ioctls.h>
60#include <linux/atomic.h>
61#include <linux/bitops.h>
62#include <linux/interrupt.h>
63#include <linux/netdevice.h>
64#include <net/netlink.h>
65#include <linux/tcp.h>
66#include <linux/udp.h>
67#include <linux/dccp.h>
68#include <linux/quota.h>
69#include <linux/un.h>
70#include <net/af_unix.h>
71#include <linux/parser.h>
72#include <linux/nfs_mount.h>
73#include <net/ipv6.h>
74#include <linux/hugetlb.h>
75#include <linux/personality.h>
76#include <linux/audit.h>
77#include <linux/string.h>
78#include <linux/selinux.h>
79#include <linux/mutex.h>
80#include <linux/posix-timers.h>
81#include <linux/syslog.h>
82#include <linux/user_namespace.h>
83#include <linux/export.h>
84#include <linux/msg.h>
85#include <linux/shm.h>
86
87#include "avc.h"
88#include "objsec.h"
89#include "netif.h"
90#include "netnode.h"
91#include "netport.h"
92#include "xfrm.h"
93#include "netlabel.h"
94#include "audit.h"
95#include "avc_ss.h"
96
97
98static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
99
100#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
101int selinux_enforcing;
102
103static int __init enforcing_setup(char *str)
104{
105 unsigned long enforcing;
106 if (!kstrtoul(str, 0, &enforcing))
107 selinux_enforcing = enforcing ? 1 : 0;
108 return 1;
109}
110__setup("enforcing=", enforcing_setup);
111#endif
112
113#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
114int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
115
116static int __init selinux_enabled_setup(char *str)
117{
118 unsigned long enabled;
119 if (!kstrtoul(str, 0, &enabled))
120 selinux_enabled = enabled ? 1 : 0;
121 return 1;
122}
123__setup("selinux=", selinux_enabled_setup);
124#else
125int selinux_enabled = 1;
126#endif
127
128static struct kmem_cache *sel_inode_cache;
129static struct kmem_cache *file_security_cache;
130
131
132
133
134
135
136
137
138
139
140
141
142static int selinux_secmark_enabled(void)
143{
144 return (selinux_policycap_alwaysnetwork || atomic_read(&selinux_secmark_refcount));
145}
146
147
148
149
150
151
152
153
154
155
156
157static int selinux_peerlbl_enabled(void)
158{
159 return (selinux_policycap_alwaysnetwork || netlbl_enabled() || selinux_xfrm_enabled());
160}
161
162static int selinux_netcache_avc_callback(u32 event)
163{
164 if (event == AVC_CALLBACK_RESET) {
165 sel_netif_flush();
166 sel_netnode_flush();
167 sel_netport_flush();
168 synchronize_net();
169 }
170 return 0;
171}
172
173
174
175
176static void cred_init_security(void)
177{
178 struct cred *cred = (struct cred *) current->real_cred;
179 struct task_security_struct *tsec;
180
181 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
182 if (!tsec)
183 panic("SELinux: Failed to initialize initial task.\n");
184
185 tsec->osid = tsec->sid = SECINITSID_KERNEL;
186 cred->security = tsec;
187}
188
189
190
191
192static inline u32 cred_sid(const struct cred *cred)
193{
194 const struct task_security_struct *tsec;
195
196 tsec = cred->security;
197 return tsec->sid;
198}
199
200
201
202
203static inline u32 task_sid(const struct task_struct *task)
204{
205 u32 sid;
206
207 rcu_read_lock();
208 sid = cred_sid(__task_cred(task));
209 rcu_read_unlock();
210 return sid;
211}
212
213
214
215
216static inline u32 current_sid(void)
217{
218 const struct task_security_struct *tsec = current_security();
219
220 return tsec->sid;
221}
222
223
224
225static int inode_alloc_security(struct inode *inode)
226{
227 struct inode_security_struct *isec;
228 u32 sid = current_sid();
229
230 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
231 if (!isec)
232 return -ENOMEM;
233
234 mutex_init(&isec->lock);
235 INIT_LIST_HEAD(&isec->list);
236 isec->inode = inode;
237 isec->sid = SECINITSID_UNLABELED;
238 isec->sclass = SECCLASS_FILE;
239 isec->task_sid = sid;
240 inode->i_security = isec;
241
242 return 0;
243}
244
245static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
246
247
248
249
250
251
252
253
254static int __inode_security_revalidate(struct inode *inode,
255 struct dentry *opt_dentry,
256 bool may_sleep)
257{
258 struct inode_security_struct *isec = inode->i_security;
259
260 might_sleep_if(may_sleep);
261
262 if (isec->initialized == LABEL_INVALID) {
263 if (!may_sleep)
264 return -ECHILD;
265
266
267
268
269
270
271 inode_doinit_with_dentry(inode, opt_dentry);
272 }
273 return 0;
274}
275
276static struct inode_security_struct *inode_security_novalidate(struct inode *inode)
277{
278 return inode->i_security;
279}
280
281static struct inode_security_struct *inode_security_rcu(struct inode *inode, bool rcu)
282{
283 int error;
284
285 error = __inode_security_revalidate(inode, NULL, !rcu);
286 if (error)
287 return ERR_PTR(error);
288 return inode->i_security;
289}
290
291
292
293
294static struct inode_security_struct *inode_security(struct inode *inode)
295{
296 __inode_security_revalidate(inode, NULL, true);
297 return inode->i_security;
298}
299
300
301
302
303static struct inode_security_struct *backing_inode_security(struct dentry *dentry)
304{
305 struct inode *inode = d_backing_inode(dentry);
306
307 __inode_security_revalidate(inode, dentry, true);
308 return inode->i_security;
309}
310
311static void inode_free_rcu(struct rcu_head *head)
312{
313 struct inode_security_struct *isec;
314
315 isec = container_of(head, struct inode_security_struct, rcu);
316 kmem_cache_free(sel_inode_cache, isec);
317}
318
319static void inode_free_security(struct inode *inode)
320{
321 struct inode_security_struct *isec = inode->i_security;
322 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
323
324
325
326
327
328
329
330
331
332
333
334 if (!list_empty_careful(&isec->list)) {
335 spin_lock(&sbsec->isec_lock);
336 list_del_init(&isec->list);
337 spin_unlock(&sbsec->isec_lock);
338 }
339
340
341
342
343
344
345
346
347
348
349 call_rcu(&isec->rcu, inode_free_rcu);
350}
351
352static int file_alloc_security(struct file *file)
353{
354 struct file_security_struct *fsec;
355 u32 sid = current_sid();
356
357 fsec = kmem_cache_zalloc(file_security_cache, GFP_KERNEL);
358 if (!fsec)
359 return -ENOMEM;
360
361 fsec->sid = sid;
362 fsec->fown_sid = sid;
363 file->f_security = fsec;
364
365 return 0;
366}
367
368static void file_free_security(struct file *file)
369{
370 struct file_security_struct *fsec = file->f_security;
371 file->f_security = NULL;
372 kmem_cache_free(file_security_cache, fsec);
373}
374
375static int superblock_alloc_security(struct super_block *sb)
376{
377 struct superblock_security_struct *sbsec;
378
379 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
380 if (!sbsec)
381 return -ENOMEM;
382
383 mutex_init(&sbsec->lock);
384 INIT_LIST_HEAD(&sbsec->isec_head);
385 spin_lock_init(&sbsec->isec_lock);
386 sbsec->sb = sb;
387 sbsec->sid = SECINITSID_UNLABELED;
388 sbsec->def_sid = SECINITSID_FILE;
389 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
390 sb->s_security = sbsec;
391
392 return 0;
393}
394
395static void superblock_free_security(struct super_block *sb)
396{
397 struct superblock_security_struct *sbsec = sb->s_security;
398 sb->s_security = NULL;
399 kfree(sbsec);
400}
401
402
403
404static const char *labeling_behaviors[7] = {
405 "uses xattr",
406 "uses transition SIDs",
407 "uses task SIDs",
408 "uses genfs_contexts",
409 "not configured for labeling",
410 "uses mountpoint labeling",
411 "uses native labeling",
412};
413
414static inline int inode_doinit(struct inode *inode)
415{
416 return inode_doinit_with_dentry(inode, NULL);
417}
418
419enum {
420 Opt_error = -1,
421 Opt_context = 1,
422 Opt_fscontext = 2,
423 Opt_defcontext = 3,
424 Opt_rootcontext = 4,
425 Opt_labelsupport = 5,
426 Opt_nextmntopt = 6,
427};
428
429#define NUM_SEL_MNT_OPTS (Opt_nextmntopt - 1)
430
431static const match_table_t tokens = {
432 {Opt_context, CONTEXT_STR "%s"},
433 {Opt_fscontext, FSCONTEXT_STR "%s"},
434 {Opt_defcontext, DEFCONTEXT_STR "%s"},
435 {Opt_rootcontext, ROOTCONTEXT_STR "%s"},
436 {Opt_labelsupport, LABELSUPP_STR},
437 {Opt_error, NULL},
438};
439
440#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
441
442static int may_context_mount_sb_relabel(u32 sid,
443 struct superblock_security_struct *sbsec,
444 const struct cred *cred)
445{
446 const struct task_security_struct *tsec = cred->security;
447 int rc;
448
449 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
450 FILESYSTEM__RELABELFROM, NULL);
451 if (rc)
452 return rc;
453
454 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
455 FILESYSTEM__RELABELTO, NULL);
456 return rc;
457}
458
459static int may_context_mount_inode_relabel(u32 sid,
460 struct superblock_security_struct *sbsec,
461 const struct cred *cred)
462{
463 const struct task_security_struct *tsec = cred->security;
464 int rc;
465 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
466 FILESYSTEM__RELABELFROM, NULL);
467 if (rc)
468 return rc;
469
470 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
471 FILESYSTEM__ASSOCIATE, NULL);
472 return rc;
473}
474
475static int selinux_is_sblabel_mnt(struct super_block *sb)
476{
477 struct superblock_security_struct *sbsec = sb->s_security;
478
479 return sbsec->behavior == SECURITY_FS_USE_XATTR ||
480 sbsec->behavior == SECURITY_FS_USE_TRANS ||
481 sbsec->behavior == SECURITY_FS_USE_TASK ||
482 sbsec->behavior == SECURITY_FS_USE_NATIVE ||
483
484 !strcmp(sb->s_type->name, "sysfs") ||
485 !strcmp(sb->s_type->name, "pstore") ||
486 !strcmp(sb->s_type->name, "debugfs") ||
487 !strcmp(sb->s_type->name, "rootfs");
488}
489
490static int sb_finish_set_opts(struct super_block *sb)
491{
492 struct superblock_security_struct *sbsec = sb->s_security;
493 struct dentry *root = sb->s_root;
494 struct inode *root_inode = d_backing_inode(root);
495 int rc = 0;
496
497 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
498
499
500
501
502
503 if (!root_inode->i_op->getxattr) {
504 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
505 "xattr support\n", sb->s_id, sb->s_type->name);
506 rc = -EOPNOTSUPP;
507 goto out;
508 }
509 rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
510 if (rc < 0 && rc != -ENODATA) {
511 if (rc == -EOPNOTSUPP)
512 printk(KERN_WARNING "SELinux: (dev %s, type "
513 "%s) has no security xattr handler\n",
514 sb->s_id, sb->s_type->name);
515 else
516 printk(KERN_WARNING "SELinux: (dev %s, type "
517 "%s) getxattr errno %d\n", sb->s_id,
518 sb->s_type->name, -rc);
519 goto out;
520 }
521 }
522
523 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
524 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
525 sb->s_id, sb->s_type->name);
526
527 sbsec->flags |= SE_SBINITIALIZED;
528 if (selinux_is_sblabel_mnt(sb))
529 sbsec->flags |= SBLABEL_MNT;
530
531
532 rc = inode_doinit_with_dentry(root_inode, root);
533
534
535
536
537
538 spin_lock(&sbsec->isec_lock);
539next_inode:
540 if (!list_empty(&sbsec->isec_head)) {
541 struct inode_security_struct *isec =
542 list_entry(sbsec->isec_head.next,
543 struct inode_security_struct, list);
544 struct inode *inode = isec->inode;
545 list_del_init(&isec->list);
546 spin_unlock(&sbsec->isec_lock);
547 inode = igrab(inode);
548 if (inode) {
549 if (!IS_PRIVATE(inode))
550 inode_doinit(inode);
551 iput(inode);
552 }
553 spin_lock(&sbsec->isec_lock);
554 goto next_inode;
555 }
556 spin_unlock(&sbsec->isec_lock);
557out:
558 return rc;
559}
560
561
562
563
564
565
566static int selinux_get_mnt_opts(const struct super_block *sb,
567 struct security_mnt_opts *opts)
568{
569 int rc = 0, i;
570 struct superblock_security_struct *sbsec = sb->s_security;
571 char *context = NULL;
572 u32 len;
573 char tmp;
574
575 security_init_mnt_opts(opts);
576
577 if (!(sbsec->flags & SE_SBINITIALIZED))
578 return -EINVAL;
579
580 if (!ss_initialized)
581 return -EINVAL;
582
583
584 BUILD_BUG_ON(SE_MNTMASK >= (1 << NUM_SEL_MNT_OPTS));
585
586 tmp = sbsec->flags & SE_MNTMASK;
587
588 for (i = 0; i < NUM_SEL_MNT_OPTS; i++) {
589 if (tmp & 0x01)
590 opts->num_mnt_opts++;
591 tmp >>= 1;
592 }
593
594 if (sbsec->flags & SBLABEL_MNT)
595 opts->num_mnt_opts++;
596
597 opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
598 if (!opts->mnt_opts) {
599 rc = -ENOMEM;
600 goto out_free;
601 }
602
603 opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);
604 if (!opts->mnt_opts_flags) {
605 rc = -ENOMEM;
606 goto out_free;
607 }
608
609 i = 0;
610 if (sbsec->flags & FSCONTEXT_MNT) {
611 rc = security_sid_to_context(sbsec->sid, &context, &len);
612 if (rc)
613 goto out_free;
614 opts->mnt_opts[i] = context;
615 opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
616 }
617 if (sbsec->flags & CONTEXT_MNT) {
618 rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
619 if (rc)
620 goto out_free;
621 opts->mnt_opts[i] = context;
622 opts->mnt_opts_flags[i++] = CONTEXT_MNT;
623 }
624 if (sbsec->flags & DEFCONTEXT_MNT) {
625 rc = security_sid_to_context(sbsec->def_sid, &context, &len);
626 if (rc)
627 goto out_free;
628 opts->mnt_opts[i] = context;
629 opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;
630 }
631 if (sbsec->flags & ROOTCONTEXT_MNT) {
632 struct dentry *root = sbsec->sb->s_root;
633 struct inode_security_struct *isec = backing_inode_security(root);
634
635 rc = security_sid_to_context(isec->sid, &context, &len);
636 if (rc)
637 goto out_free;
638 opts->mnt_opts[i] = context;
639 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
640 }
641 if (sbsec->flags & SBLABEL_MNT) {
642 opts->mnt_opts[i] = NULL;
643 opts->mnt_opts_flags[i++] = SBLABEL_MNT;
644 }
645
646 BUG_ON(i != opts->num_mnt_opts);
647
648 return 0;
649
650out_free:
651 security_free_mnt_opts(opts);
652 return rc;
653}
654
655static int bad_option(struct superblock_security_struct *sbsec, char flag,
656 u32 old_sid, u32 new_sid)
657{
658 char mnt_flags = sbsec->flags & SE_MNTMASK;
659
660
661 if (sbsec->flags & SE_SBINITIALIZED)
662 if (!(sbsec->flags & flag) ||
663 (old_sid != new_sid))
664 return 1;
665
666
667
668
669 if (!(sbsec->flags & SE_SBINITIALIZED))
670 if (mnt_flags & flag)
671 return 1;
672 return 0;
673}
674
675
676
677
678
679static int selinux_set_mnt_opts(struct super_block *sb,
680 struct security_mnt_opts *opts,
681 unsigned long kern_flags,
682 unsigned long *set_kern_flags)
683{
684 const struct cred *cred = current_cred();
685 int rc = 0, i;
686 struct superblock_security_struct *sbsec = sb->s_security;
687 const char *name = sb->s_type->name;
688 struct dentry *root = sbsec->sb->s_root;
689 struct inode_security_struct *root_isec = backing_inode_security(root);
690 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
691 u32 defcontext_sid = 0;
692 char **mount_options = opts->mnt_opts;
693 int *flags = opts->mnt_opts_flags;
694 int num_opts = opts->num_mnt_opts;
695
696 mutex_lock(&sbsec->lock);
697
698 if (!ss_initialized) {
699 if (!num_opts) {
700
701
702
703 goto out;
704 }
705 rc = -EINVAL;
706 printk(KERN_WARNING "SELinux: Unable to set superblock options "
707 "before the security server is initialized\n");
708 goto out;
709 }
710 if (kern_flags && !set_kern_flags) {
711
712
713 rc = -EINVAL;
714 goto out;
715 }
716
717
718
719
720
721
722
723
724
725
726
727
728 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
729 && (num_opts == 0))
730 goto out;
731
732
733
734
735
736
737 for (i = 0; i < num_opts; i++) {
738 u32 sid;
739
740 if (flags[i] == SBLABEL_MNT)
741 continue;
742 rc = security_context_str_to_sid(mount_options[i], &sid, GFP_KERNEL);
743 if (rc) {
744 printk(KERN_WARNING "SELinux: security_context_str_to_sid"
745 "(%s) failed for (dev %s, type %s) errno=%d\n",
746 mount_options[i], sb->s_id, name, rc);
747 goto out;
748 }
749 switch (flags[i]) {
750 case FSCONTEXT_MNT:
751 fscontext_sid = sid;
752
753 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
754 fscontext_sid))
755 goto out_double_mount;
756
757 sbsec->flags |= FSCONTEXT_MNT;
758 break;
759 case CONTEXT_MNT:
760 context_sid = sid;
761
762 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
763 context_sid))
764 goto out_double_mount;
765
766 sbsec->flags |= CONTEXT_MNT;
767 break;
768 case ROOTCONTEXT_MNT:
769 rootcontext_sid = sid;
770
771 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
772 rootcontext_sid))
773 goto out_double_mount;
774
775 sbsec->flags |= ROOTCONTEXT_MNT;
776
777 break;
778 case DEFCONTEXT_MNT:
779 defcontext_sid = sid;
780
781 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
782 defcontext_sid))
783 goto out_double_mount;
784
785 sbsec->flags |= DEFCONTEXT_MNT;
786
787 break;
788 default:
789 rc = -EINVAL;
790 goto out;
791 }
792 }
793
794 if (sbsec->flags & SE_SBINITIALIZED) {
795
796 if ((sbsec->flags & SE_MNTMASK) && !num_opts)
797 goto out_double_mount;
798 rc = 0;
799 goto out;
800 }
801
802 if (strcmp(sb->s_type->name, "proc") == 0)
803 sbsec->flags |= SE_SBPROC | SE_SBGENFS;
804
805 if (!strcmp(sb->s_type->name, "debugfs") ||
806 !strcmp(sb->s_type->name, "sysfs") ||
807 !strcmp(sb->s_type->name, "pstore"))
808 sbsec->flags |= SE_SBGENFS;
809
810 if (!sbsec->behavior) {
811
812
813
814
815 rc = security_fs_use(sb);
816 if (rc) {
817 printk(KERN_WARNING
818 "%s: security_fs_use(%s) returned %d\n",
819 __func__, sb->s_type->name, rc);
820 goto out;
821 }
822 }
823
824 if (fscontext_sid) {
825 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
826 if (rc)
827 goto out;
828
829 sbsec->sid = fscontext_sid;
830 }
831
832
833
834
835
836
837 if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !context_sid) {
838 sbsec->behavior = SECURITY_FS_USE_NATIVE;
839 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
840 }
841
842 if (context_sid) {
843 if (!fscontext_sid) {
844 rc = may_context_mount_sb_relabel(context_sid, sbsec,
845 cred);
846 if (rc)
847 goto out;
848 sbsec->sid = context_sid;
849 } else {
850 rc = may_context_mount_inode_relabel(context_sid, sbsec,
851 cred);
852 if (rc)
853 goto out;
854 }
855 if (!rootcontext_sid)
856 rootcontext_sid = context_sid;
857
858 sbsec->mntpoint_sid = context_sid;
859 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
860 }
861
862 if (rootcontext_sid) {
863 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
864 cred);
865 if (rc)
866 goto out;
867
868 root_isec->sid = rootcontext_sid;
869 root_isec->initialized = LABEL_INITIALIZED;
870 }
871
872 if (defcontext_sid) {
873 if (sbsec->behavior != SECURITY_FS_USE_XATTR &&
874 sbsec->behavior != SECURITY_FS_USE_NATIVE) {
875 rc = -EINVAL;
876 printk(KERN_WARNING "SELinux: defcontext option is "
877 "invalid for this filesystem type\n");
878 goto out;
879 }
880
881 if (defcontext_sid != sbsec->def_sid) {
882 rc = may_context_mount_inode_relabel(defcontext_sid,
883 sbsec, cred);
884 if (rc)
885 goto out;
886 }
887
888 sbsec->def_sid = defcontext_sid;
889 }
890
891 rc = sb_finish_set_opts(sb);
892out:
893 mutex_unlock(&sbsec->lock);
894 return rc;
895out_double_mount:
896 rc = -EINVAL;
897 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
898 "security settings for (dev %s, type %s)\n", sb->s_id, name);
899 goto out;
900}
901
902static int selinux_cmp_sb_context(const struct super_block *oldsb,
903 const struct super_block *newsb)
904{
905 struct superblock_security_struct *old = oldsb->s_security;
906 struct superblock_security_struct *new = newsb->s_security;
907 char oldflags = old->flags & SE_MNTMASK;
908 char newflags = new->flags & SE_MNTMASK;
909
910 if (oldflags != newflags)
911 goto mismatch;
912 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid)
913 goto mismatch;
914 if ((oldflags & CONTEXT_MNT) && old->mntpoint_sid != new->mntpoint_sid)
915 goto mismatch;
916 if ((oldflags & DEFCONTEXT_MNT) && old->def_sid != new->def_sid)
917 goto mismatch;
918 if (oldflags & ROOTCONTEXT_MNT) {
919 struct inode_security_struct *oldroot = backing_inode_security(oldsb->s_root);
920 struct inode_security_struct *newroot = backing_inode_security(newsb->s_root);
921 if (oldroot->sid != newroot->sid)
922 goto mismatch;
923 }
924 return 0;
925mismatch:
926 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, "
927 "different security settings for (dev %s, "
928 "type %s)\n", newsb->s_id, newsb->s_type->name);
929 return -EBUSY;
930}
931
932static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
933 struct super_block *newsb)
934{
935 const struct superblock_security_struct *oldsbsec = oldsb->s_security;
936 struct superblock_security_struct *newsbsec = newsb->s_security;
937
938 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
939 int set_context = (oldsbsec->flags & CONTEXT_MNT);
940 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
941
942
943
944
945
946 if (!ss_initialized)
947 return 0;
948
949
950 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
951
952
953 if (newsbsec->flags & SE_SBINITIALIZED)
954 return selinux_cmp_sb_context(oldsb, newsb);
955
956 mutex_lock(&newsbsec->lock);
957
958 newsbsec->flags = oldsbsec->flags;
959
960 newsbsec->sid = oldsbsec->sid;
961 newsbsec->def_sid = oldsbsec->def_sid;
962 newsbsec->behavior = oldsbsec->behavior;
963
964 if (set_context) {
965 u32 sid = oldsbsec->mntpoint_sid;
966
967 if (!set_fscontext)
968 newsbsec->sid = sid;
969 if (!set_rootcontext) {
970 struct inode_security_struct *newisec = backing_inode_security(newsb->s_root);
971 newisec->sid = sid;
972 }
973 newsbsec->mntpoint_sid = sid;
974 }
975 if (set_rootcontext) {
976 const struct inode_security_struct *oldisec = backing_inode_security(oldsb->s_root);
977 struct inode_security_struct *newisec = backing_inode_security(newsb->s_root);
978
979 newisec->sid = oldisec->sid;
980 }
981
982 sb_finish_set_opts(newsb);
983 mutex_unlock(&newsbsec->lock);
984 return 0;
985}
986
987static int selinux_parse_opts_str(char *options,
988 struct security_mnt_opts *opts)
989{
990 char *p;
991 char *context = NULL, *defcontext = NULL;
992 char *fscontext = NULL, *rootcontext = NULL;
993 int rc, num_mnt_opts = 0;
994
995 opts->num_mnt_opts = 0;
996
997
998 while ((p = strsep(&options, "|")) != NULL) {
999 int token;
1000 substring_t args[MAX_OPT_ARGS];
1001
1002 if (!*p)
1003 continue;
1004
1005 token = match_token(p, tokens, args);
1006
1007 switch (token) {
1008 case Opt_context:
1009 if (context || defcontext) {
1010 rc = -EINVAL;
1011 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
1012 goto out_err;
1013 }
1014 context = match_strdup(&args[0]);
1015 if (!context) {
1016 rc = -ENOMEM;
1017 goto out_err;
1018 }
1019 break;
1020
1021 case Opt_fscontext:
1022 if (fscontext) {
1023 rc = -EINVAL;
1024 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
1025 goto out_err;
1026 }
1027 fscontext = match_strdup(&args[0]);
1028 if (!fscontext) {
1029 rc = -ENOMEM;
1030 goto out_err;
1031 }
1032 break;
1033
1034 case Opt_rootcontext:
1035 if (rootcontext) {
1036 rc = -EINVAL;
1037 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
1038 goto out_err;
1039 }
1040 rootcontext = match_strdup(&args[0]);
1041 if (!rootcontext) {
1042 rc = -ENOMEM;
1043 goto out_err;
1044 }
1045 break;
1046
1047 case Opt_defcontext:
1048 if (context || defcontext) {
1049 rc = -EINVAL;
1050 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
1051 goto out_err;
1052 }
1053 defcontext = match_strdup(&args[0]);
1054 if (!defcontext) {
1055 rc = -ENOMEM;
1056 goto out_err;
1057 }
1058 break;
1059 case Opt_labelsupport:
1060 break;
1061 default:
1062 rc = -EINVAL;
1063 printk(KERN_WARNING "SELinux: unknown mount option\n");
1064 goto out_err;
1065
1066 }
1067 }
1068
1069 rc = -ENOMEM;
1070 opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC);
1071 if (!opts->mnt_opts)
1072 goto out_err;
1073
1074 opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC);
1075 if (!opts->mnt_opts_flags) {
1076 kfree(opts->mnt_opts);
1077 goto out_err;
1078 }
1079
1080 if (fscontext) {
1081 opts->mnt_opts[num_mnt_opts] = fscontext;
1082 opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;
1083 }
1084 if (context) {
1085 opts->mnt_opts[num_mnt_opts] = context;
1086 opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;
1087 }
1088 if (rootcontext) {
1089 opts->mnt_opts[num_mnt_opts] = rootcontext;
1090 opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;
1091 }
1092 if (defcontext) {
1093 opts->mnt_opts[num_mnt_opts] = defcontext;
1094 opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;
1095 }
1096
1097 opts->num_mnt_opts = num_mnt_opts;
1098 return 0;
1099
1100out_err:
1101 kfree(context);
1102 kfree(defcontext);
1103 kfree(fscontext);
1104 kfree(rootcontext);
1105 return rc;
1106}
1107
1108
1109
1110static int superblock_doinit(struct super_block *sb, void *data)
1111{
1112 int rc = 0;
1113 char *options = data;
1114 struct security_mnt_opts opts;
1115
1116 security_init_mnt_opts(&opts);
1117
1118 if (!data)
1119 goto out;
1120
1121 BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
1122
1123 rc = selinux_parse_opts_str(options, &opts);
1124 if (rc)
1125 goto out_err;
1126
1127out:
1128 rc = selinux_set_mnt_opts(sb, &opts, 0, NULL);
1129
1130out_err:
1131 security_free_mnt_opts(&opts);
1132 return rc;
1133}
1134
1135static void selinux_write_opts(struct seq_file *m,
1136 struct security_mnt_opts *opts)
1137{
1138 int i;
1139 char *prefix;
1140
1141 for (i = 0; i < opts->num_mnt_opts; i++) {
1142 char *has_comma;
1143
1144 if (opts->mnt_opts[i])
1145 has_comma = strchr(opts->mnt_opts[i], ',');
1146 else
1147 has_comma = NULL;
1148
1149 switch (opts->mnt_opts_flags[i]) {
1150 case CONTEXT_MNT:
1151 prefix = CONTEXT_STR;
1152 break;
1153 case FSCONTEXT_MNT:
1154 prefix = FSCONTEXT_STR;
1155 break;
1156 case ROOTCONTEXT_MNT:
1157 prefix = ROOTCONTEXT_STR;
1158 break;
1159 case DEFCONTEXT_MNT:
1160 prefix = DEFCONTEXT_STR;
1161 break;
1162 case SBLABEL_MNT:
1163 seq_putc(m, ',');
1164 seq_puts(m, LABELSUPP_STR);
1165 continue;
1166 default:
1167 BUG();
1168 return;
1169 };
1170
1171 seq_putc(m, ',');
1172 seq_puts(m, prefix);
1173 if (has_comma)
1174 seq_putc(m, '\"');
1175 seq_escape(m, opts->mnt_opts[i], "\"\n\\");
1176 if (has_comma)
1177 seq_putc(m, '\"');
1178 }
1179}
1180
1181static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
1182{
1183 struct security_mnt_opts opts;
1184 int rc;
1185
1186 rc = selinux_get_mnt_opts(sb, &opts);
1187 if (rc) {
1188
1189 if (rc == -EINVAL)
1190 rc = 0;
1191 return rc;
1192 }
1193
1194 selinux_write_opts(m, &opts);
1195
1196 security_free_mnt_opts(&opts);
1197
1198 return rc;
1199}
1200
1201static inline u16 inode_mode_to_security_class(umode_t mode)
1202{
1203 switch (mode & S_IFMT) {
1204 case S_IFSOCK:
1205 return SECCLASS_SOCK_FILE;
1206 case S_IFLNK:
1207 return SECCLASS_LNK_FILE;
1208 case S_IFREG:
1209 return SECCLASS_FILE;
1210 case S_IFBLK:
1211 return SECCLASS_BLK_FILE;
1212 case S_IFDIR:
1213 return SECCLASS_DIR;
1214 case S_IFCHR:
1215 return SECCLASS_CHR_FILE;
1216 case S_IFIFO:
1217 return SECCLASS_FIFO_FILE;
1218
1219 }
1220
1221 return SECCLASS_FILE;
1222}
1223
1224static inline int default_protocol_stream(int protocol)
1225{
1226 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
1227}
1228
1229static inline int default_protocol_dgram(int protocol)
1230{
1231 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
1232}
1233
1234static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1235{
1236 switch (family) {
1237 case PF_UNIX:
1238 switch (type) {
1239 case SOCK_STREAM:
1240 case SOCK_SEQPACKET:
1241 return SECCLASS_UNIX_STREAM_SOCKET;
1242 case SOCK_DGRAM:
1243 return SECCLASS_UNIX_DGRAM_SOCKET;
1244 }
1245 break;
1246 case PF_INET:
1247 case PF_INET6:
1248 switch (type) {
1249 case SOCK_STREAM:
1250 if (default_protocol_stream(protocol))
1251 return SECCLASS_TCP_SOCKET;
1252 else
1253 return SECCLASS_RAWIP_SOCKET;
1254 case SOCK_DGRAM:
1255 if (default_protocol_dgram(protocol))
1256 return SECCLASS_UDP_SOCKET;
1257 else
1258 return SECCLASS_RAWIP_SOCKET;
1259 case SOCK_DCCP:
1260 return SECCLASS_DCCP_SOCKET;
1261 default:
1262 return SECCLASS_RAWIP_SOCKET;
1263 }
1264 break;
1265 case PF_NETLINK:
1266 switch (protocol) {
1267 case NETLINK_ROUTE:
1268 return SECCLASS_NETLINK_ROUTE_SOCKET;
1269 case NETLINK_SOCK_DIAG:
1270 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1271 case NETLINK_NFLOG:
1272 return SECCLASS_NETLINK_NFLOG_SOCKET;
1273 case NETLINK_XFRM:
1274 return SECCLASS_NETLINK_XFRM_SOCKET;
1275 case NETLINK_SELINUX:
1276 return SECCLASS_NETLINK_SELINUX_SOCKET;
1277 case NETLINK_ISCSI:
1278 return SECCLASS_NETLINK_ISCSI_SOCKET;
1279 case NETLINK_AUDIT:
1280 return SECCLASS_NETLINK_AUDIT_SOCKET;
1281 case NETLINK_FIB_LOOKUP:
1282 return SECCLASS_NETLINK_FIB_LOOKUP_SOCKET;
1283 case NETLINK_CONNECTOR:
1284 return SECCLASS_NETLINK_CONNECTOR_SOCKET;
1285 case NETLINK_NETFILTER:
1286 return SECCLASS_NETLINK_NETFILTER_SOCKET;
1287 case NETLINK_DNRTMSG:
1288 return SECCLASS_NETLINK_DNRT_SOCKET;
1289 case NETLINK_KOBJECT_UEVENT:
1290 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1291 case NETLINK_GENERIC:
1292 return SECCLASS_NETLINK_GENERIC_SOCKET;
1293 case NETLINK_SCSITRANSPORT:
1294 return SECCLASS_NETLINK_SCSITRANSPORT_SOCKET;
1295 case NETLINK_RDMA:
1296 return SECCLASS_NETLINK_RDMA_SOCKET;
1297 case NETLINK_CRYPTO:
1298 return SECCLASS_NETLINK_CRYPTO_SOCKET;
1299 default:
1300 return SECCLASS_NETLINK_SOCKET;
1301 }
1302 case PF_PACKET:
1303 return SECCLASS_PACKET_SOCKET;
1304 case PF_KEY:
1305 return SECCLASS_KEY_SOCKET;
1306 case PF_APPLETALK:
1307 return SECCLASS_APPLETALK_SOCKET;
1308 }
1309
1310 return SECCLASS_SOCKET;
1311}
1312
1313static int selinux_genfs_get_sid(struct dentry *dentry,
1314 u16 tclass,
1315 u16 flags,
1316 u32 *sid)
1317{
1318 int rc;
1319 struct super_block *sb = dentry->d_inode->i_sb;
1320 char *buffer, *path;
1321
1322 buffer = (char *)__get_free_page(GFP_KERNEL);
1323 if (!buffer)
1324 return -ENOMEM;
1325
1326 path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
1327 if (IS_ERR(path))
1328 rc = PTR_ERR(path);
1329 else {
1330 if (flags & SE_SBPROC) {
1331
1332
1333
1334 while (path[1] >= '0' && path[1] <= '9') {
1335 path[1] = '/';
1336 path++;
1337 }
1338 }
1339 rc = security_genfs_sid(sb->s_type->name, path, tclass, sid);
1340 }
1341 free_page((unsigned long)buffer);
1342 return rc;
1343}
1344
1345
1346static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1347{
1348 struct superblock_security_struct *sbsec = NULL;
1349 struct inode_security_struct *isec = inode->i_security;
1350 u32 sid;
1351 struct dentry *dentry;
1352#define INITCONTEXTLEN 255
1353 char *context = NULL;
1354 unsigned len = 0;
1355 int rc = 0;
1356
1357 if (isec->initialized == LABEL_INITIALIZED)
1358 goto out;
1359
1360 mutex_lock(&isec->lock);
1361 if (isec->initialized == LABEL_INITIALIZED)
1362 goto out_unlock;
1363
1364 sbsec = inode->i_sb->s_security;
1365 if (!(sbsec->flags & SE_SBINITIALIZED)) {
1366
1367
1368
1369 spin_lock(&sbsec->isec_lock);
1370 if (list_empty(&isec->list))
1371 list_add(&isec->list, &sbsec->isec_head);
1372 spin_unlock(&sbsec->isec_lock);
1373 goto out_unlock;
1374 }
1375
1376 switch (sbsec->behavior) {
1377 case SECURITY_FS_USE_NATIVE:
1378 break;
1379 case SECURITY_FS_USE_XATTR:
1380 if (!inode->i_op->getxattr) {
1381 isec->sid = sbsec->def_sid;
1382 break;
1383 }
1384
1385
1386
1387 if (opt_dentry) {
1388
1389 dentry = dget(opt_dentry);
1390 } else {
1391
1392 dentry = d_find_alias(inode);
1393 }
1394 if (!dentry) {
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404 goto out_unlock;
1405 }
1406
1407 len = INITCONTEXTLEN;
1408 context = kmalloc(len+1, GFP_NOFS);
1409 if (!context) {
1410 rc = -ENOMEM;
1411 dput(dentry);
1412 goto out_unlock;
1413 }
1414 context[len] = '\0';
1415 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1416 context, len);
1417 if (rc == -ERANGE) {
1418 kfree(context);
1419
1420
1421 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1422 NULL, 0);
1423 if (rc < 0) {
1424 dput(dentry);
1425 goto out_unlock;
1426 }
1427 len = rc;
1428 context = kmalloc(len+1, GFP_NOFS);
1429 if (!context) {
1430 rc = -ENOMEM;
1431 dput(dentry);
1432 goto out_unlock;
1433 }
1434 context[len] = '\0';
1435 rc = inode->i_op->getxattr(dentry,
1436 XATTR_NAME_SELINUX,
1437 context, len);
1438 }
1439 dput(dentry);
1440 if (rc < 0) {
1441 if (rc != -ENODATA) {
1442 printk(KERN_WARNING "SELinux: %s: getxattr returned "
1443 "%d for dev=%s ino=%ld\n", __func__,
1444 -rc, inode->i_sb->s_id, inode->i_ino);
1445 kfree(context);
1446 goto out_unlock;
1447 }
1448
1449 sid = sbsec->def_sid;
1450 rc = 0;
1451 } else {
1452 rc = security_context_to_sid_default(context, rc, &sid,
1453 sbsec->def_sid,
1454 GFP_NOFS);
1455 if (rc) {
1456 char *dev = inode->i_sb->s_id;
1457 unsigned long ino = inode->i_ino;
1458
1459 if (rc == -EINVAL) {
1460 if (printk_ratelimit())
1461 printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
1462 "context=%s. This indicates you may need to relabel the inode or the "
1463 "filesystem in question.\n", ino, dev, context);
1464 } else {
1465 printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
1466 "returned %d for dev=%s ino=%ld\n",
1467 __func__, context, -rc, dev, ino);
1468 }
1469 kfree(context);
1470
1471 rc = 0;
1472 break;
1473 }
1474 }
1475 kfree(context);
1476 isec->sid = sid;
1477 break;
1478 case SECURITY_FS_USE_TASK:
1479 isec->sid = isec->task_sid;
1480 break;
1481 case SECURITY_FS_USE_TRANS:
1482
1483 isec->sid = sbsec->sid;
1484
1485
1486 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1487 rc = security_transition_sid(isec->task_sid, sbsec->sid,
1488 isec->sclass, NULL, &sid);
1489 if (rc)
1490 goto out_unlock;
1491 isec->sid = sid;
1492 break;
1493 case SECURITY_FS_USE_MNTPOINT:
1494 isec->sid = sbsec->mntpoint_sid;
1495 break;
1496 default:
1497
1498 isec->sid = sbsec->sid;
1499
1500 if ((sbsec->flags & SE_SBGENFS) && !S_ISLNK(inode->i_mode)) {
1501
1502
1503 if (opt_dentry)
1504
1505
1506 dentry = dget(opt_dentry);
1507 else
1508
1509
1510 dentry = d_find_alias(inode);
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520 if (!dentry)
1521 goto out_unlock;
1522 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1523 rc = selinux_genfs_get_sid(dentry, isec->sclass,
1524 sbsec->flags, &sid);
1525 dput(dentry);
1526 if (rc)
1527 goto out_unlock;
1528 isec->sid = sid;
1529 }
1530 break;
1531 }
1532
1533 isec->initialized = LABEL_INITIALIZED;
1534
1535out_unlock:
1536 mutex_unlock(&isec->lock);
1537out:
1538 if (isec->sclass == SECCLASS_FILE)
1539 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1540 return rc;
1541}
1542
1543
1544static inline u32 signal_to_av(int sig)
1545{
1546 u32 perm = 0;
1547
1548 switch (sig) {
1549 case SIGCHLD:
1550
1551 perm = PROCESS__SIGCHLD;
1552 break;
1553 case SIGKILL:
1554
1555 perm = PROCESS__SIGKILL;
1556 break;
1557 case SIGSTOP:
1558
1559 perm = PROCESS__SIGSTOP;
1560 break;
1561 default:
1562
1563 perm = PROCESS__SIGNAL;
1564 break;
1565 }
1566
1567 return perm;
1568}
1569
1570
1571
1572
1573
1574static int cred_has_perm(const struct cred *actor,
1575 const struct cred *target,
1576 u32 perms)
1577{
1578 u32 asid = cred_sid(actor), tsid = cred_sid(target);
1579
1580 return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL);
1581}
1582
1583
1584
1585
1586
1587
1588
1589static int task_has_perm(const struct task_struct *tsk1,
1590 const struct task_struct *tsk2,
1591 u32 perms)
1592{
1593 const struct task_security_struct *__tsec1, *__tsec2;
1594 u32 sid1, sid2;
1595
1596 rcu_read_lock();
1597 __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid;
1598 __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid;
1599 rcu_read_unlock();
1600 return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL);
1601}
1602
1603
1604
1605
1606
1607
1608
1609static int current_has_perm(const struct task_struct *tsk,
1610 u32 perms)
1611{
1612 u32 sid, tsid;
1613
1614 sid = current_sid();
1615 tsid = task_sid(tsk);
1616 return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL);
1617}
1618
1619#if CAP_LAST_CAP > 63
1620#error Fix SELinux to handle capabilities > 63.
1621#endif
1622
1623
1624static int cred_has_capability(const struct cred *cred,
1625 int cap, int audit)
1626{
1627 struct common_audit_data ad;
1628 struct av_decision avd;
1629 u16 sclass;
1630 u32 sid = cred_sid(cred);
1631 u32 av = CAP_TO_MASK(cap);
1632 int rc;
1633
1634 ad.type = LSM_AUDIT_DATA_CAP;
1635 ad.u.cap = cap;
1636
1637 switch (CAP_TO_INDEX(cap)) {
1638 case 0:
1639 sclass = SECCLASS_CAPABILITY;
1640 break;
1641 case 1:
1642 sclass = SECCLASS_CAPABILITY2;
1643 break;
1644 default:
1645 printk(KERN_ERR
1646 "SELinux: out of range capability %d\n", cap);
1647 BUG();
1648 return -EINVAL;
1649 }
1650
1651 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
1652 if (audit == SECURITY_CAP_AUDIT) {
1653 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0);
1654 if (rc2)
1655 return rc2;
1656 }
1657 return rc;
1658}
1659
1660
1661static int task_has_system(struct task_struct *tsk,
1662 u32 perms)
1663{
1664 u32 sid = task_sid(tsk);
1665
1666 return avc_has_perm(sid, SECINITSID_KERNEL,
1667 SECCLASS_SYSTEM, perms, NULL);
1668}
1669
1670
1671
1672
1673static int inode_has_perm(const struct cred *cred,
1674 struct inode *inode,
1675 u32 perms,
1676 struct common_audit_data *adp)
1677{
1678 struct inode_security_struct *isec;
1679 u32 sid;
1680
1681 validate_creds(cred);
1682
1683 if (unlikely(IS_PRIVATE(inode)))
1684 return 0;
1685
1686 sid = cred_sid(cred);
1687 isec = inode->i_security;
1688
1689 return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);
1690}
1691
1692
1693
1694
1695static inline int dentry_has_perm(const struct cred *cred,
1696 struct dentry *dentry,
1697 u32 av)
1698{
1699 struct inode *inode = d_backing_inode(dentry);
1700 struct common_audit_data ad;
1701
1702 ad.type = LSM_AUDIT_DATA_DENTRY;
1703 ad.u.dentry = dentry;
1704 __inode_security_revalidate(inode, dentry, true);
1705 return inode_has_perm(cred, inode, av, &ad);
1706}
1707
1708
1709
1710
1711static inline int path_has_perm(const struct cred *cred,
1712 const struct path *path,
1713 u32 av)
1714{
1715 struct inode *inode = d_backing_inode(path->dentry);
1716 struct common_audit_data ad;
1717
1718 ad.type = LSM_AUDIT_DATA_PATH;
1719 ad.u.path = *path;
1720 __inode_security_revalidate(inode, path->dentry, true);
1721 return inode_has_perm(cred, inode, av, &ad);
1722}
1723
1724
1725static inline int file_path_has_perm(const struct cred *cred,
1726 struct file *file,
1727 u32 av)
1728{
1729 struct common_audit_data ad;
1730
1731 ad.type = LSM_AUDIT_DATA_PATH;
1732 ad.u.path = file->f_path;
1733 return inode_has_perm(cred, file_inode(file), av, &ad);
1734}
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744static int file_has_perm(const struct cred *cred,
1745 struct file *file,
1746 u32 av)
1747{
1748 struct file_security_struct *fsec = file->f_security;
1749 struct inode *inode = file_inode(file);
1750 struct common_audit_data ad;
1751 u32 sid = cred_sid(cred);
1752 int rc;
1753
1754 ad.type = LSM_AUDIT_DATA_PATH;
1755 ad.u.path = file->f_path;
1756
1757 if (sid != fsec->sid) {
1758 rc = avc_has_perm(sid, fsec->sid,
1759 SECCLASS_FD,
1760 FD__USE,
1761 &ad);
1762 if (rc)
1763 goto out;
1764 }
1765
1766
1767 rc = 0;
1768 if (av)
1769 rc = inode_has_perm(cred, inode, av, &ad);
1770
1771out:
1772 return rc;
1773}
1774
1775
1776
1777
1778static int selinux_determine_inode_label(struct inode *dir,
1779 const struct qstr *name,
1780 u16 tclass,
1781 u32 *_new_isid)
1782{
1783 const struct superblock_security_struct *sbsec = dir->i_sb->s_security;
1784 const struct inode_security_struct *dsec = inode_security(dir);
1785 const struct task_security_struct *tsec = current_security();
1786
1787 if ((sbsec->flags & SE_SBINITIALIZED) &&
1788 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) {
1789 *_new_isid = sbsec->mntpoint_sid;
1790 } else if ((sbsec->flags & SBLABEL_MNT) &&
1791 tsec->create_sid) {
1792 *_new_isid = tsec->create_sid;
1793 } else {
1794 return security_transition_sid(tsec->sid, dsec->sid, tclass,
1795 name, _new_isid);
1796 }
1797
1798 return 0;
1799}
1800
1801
1802static int may_create(struct inode *dir,
1803 struct dentry *dentry,
1804 u16 tclass)
1805{
1806 const struct task_security_struct *tsec = current_security();
1807 struct inode_security_struct *dsec;
1808 struct superblock_security_struct *sbsec;
1809 u32 sid, newsid;
1810 struct common_audit_data ad;
1811 int rc;
1812
1813 dsec = inode_security(dir);
1814 sbsec = dir->i_sb->s_security;
1815
1816 sid = tsec->sid;
1817
1818 ad.type = LSM_AUDIT_DATA_DENTRY;
1819 ad.u.dentry = dentry;
1820
1821 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
1822 DIR__ADD_NAME | DIR__SEARCH,
1823 &ad);
1824 if (rc)
1825 return rc;
1826
1827 rc = selinux_determine_inode_label(dir, &dentry->d_name, tclass,
1828 &newsid);
1829 if (rc)
1830 return rc;
1831
1832 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);
1833 if (rc)
1834 return rc;
1835
1836 return avc_has_perm(newsid, sbsec->sid,
1837 SECCLASS_FILESYSTEM,
1838 FILESYSTEM__ASSOCIATE, &ad);
1839}
1840
1841
1842static int may_create_key(u32 ksid,
1843 struct task_struct *ctx)
1844{
1845 u32 sid = task_sid(ctx);
1846
1847 return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1848}
1849
1850#define MAY_LINK 0
1851#define MAY_UNLINK 1
1852#define MAY_RMDIR 2
1853
1854
1855static int may_link(struct inode *dir,
1856 struct dentry *dentry,
1857 int kind)
1858
1859{
1860 struct inode_security_struct *dsec, *isec;
1861 struct common_audit_data ad;
1862 u32 sid = current_sid();
1863 u32 av;
1864 int rc;
1865
1866 dsec = inode_security(dir);
1867 isec = backing_inode_security(dentry);
1868
1869 ad.type = LSM_AUDIT_DATA_DENTRY;
1870 ad.u.dentry = dentry;
1871
1872 av = DIR__SEARCH;
1873 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1874 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);
1875 if (rc)
1876 return rc;
1877
1878 switch (kind) {
1879 case MAY_LINK:
1880 av = FILE__LINK;
1881 break;
1882 case MAY_UNLINK:
1883 av = FILE__UNLINK;
1884 break;
1885 case MAY_RMDIR:
1886 av = DIR__RMDIR;
1887 break;
1888 default:
1889 printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
1890 __func__, kind);
1891 return 0;
1892 }
1893
1894 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);
1895 return rc;
1896}
1897
1898static inline int may_rename(struct inode *old_dir,
1899 struct dentry *old_dentry,
1900 struct inode *new_dir,
1901 struct dentry *new_dentry)
1902{
1903 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1904 struct common_audit_data ad;
1905 u32 sid = current_sid();
1906 u32 av;
1907 int old_is_dir, new_is_dir;
1908 int rc;
1909
1910 old_dsec = inode_security(old_dir);
1911 old_isec = backing_inode_security(old_dentry);
1912 old_is_dir = d_is_dir(old_dentry);
1913 new_dsec = inode_security(new_dir);
1914
1915 ad.type = LSM_AUDIT_DATA_DENTRY;
1916
1917 ad.u.dentry = old_dentry;
1918 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
1919 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1920 if (rc)
1921 return rc;
1922 rc = avc_has_perm(sid, old_isec->sid,
1923 old_isec->sclass, FILE__RENAME, &ad);
1924 if (rc)
1925 return rc;
1926 if (old_is_dir && new_dir != old_dir) {
1927 rc = avc_has_perm(sid, old_isec->sid,
1928 old_isec->sclass, DIR__REPARENT, &ad);
1929 if (rc)
1930 return rc;
1931 }
1932
1933 ad.u.dentry = new_dentry;
1934 av = DIR__ADD_NAME | DIR__SEARCH;
1935 if (d_is_positive(new_dentry))
1936 av |= DIR__REMOVE_NAME;
1937 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1938 if (rc)
1939 return rc;
1940 if (d_is_positive(new_dentry)) {
1941 new_isec = backing_inode_security(new_dentry);
1942 new_is_dir = d_is_dir(new_dentry);
1943 rc = avc_has_perm(sid, new_isec->sid,
1944 new_isec->sclass,
1945 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1946 if (rc)
1947 return rc;
1948 }
1949
1950 return 0;
1951}
1952
1953
1954static int superblock_has_perm(const struct cred *cred,
1955 struct super_block *sb,
1956 u32 perms,
1957 struct common_audit_data *ad)
1958{
1959 struct superblock_security_struct *sbsec;
1960 u32 sid = cred_sid(cred);
1961
1962 sbsec = sb->s_security;
1963 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
1964}
1965
1966
1967static inline u32 file_mask_to_av(int mode, int mask)
1968{
1969 u32 av = 0;
1970
1971 if (!S_ISDIR(mode)) {
1972 if (mask & MAY_EXEC)
1973 av |= FILE__EXECUTE;
1974 if (mask & MAY_READ)
1975 av |= FILE__READ;
1976
1977 if (mask & MAY_APPEND)
1978 av |= FILE__APPEND;
1979 else if (mask & MAY_WRITE)
1980 av |= FILE__WRITE;
1981
1982 } else {
1983 if (mask & MAY_EXEC)
1984 av |= DIR__SEARCH;
1985 if (mask & MAY_WRITE)
1986 av |= DIR__WRITE;
1987 if (mask & MAY_READ)
1988 av |= DIR__READ;
1989 }
1990
1991 return av;
1992}
1993
1994
1995static inline u32 file_to_av(struct file *file)
1996{
1997 u32 av = 0;
1998
1999 if (file->f_mode & FMODE_READ)
2000 av |= FILE__READ;
2001 if (file->f_mode & FMODE_WRITE) {
2002 if (file->f_flags & O_APPEND)
2003 av |= FILE__APPEND;
2004 else
2005 av |= FILE__WRITE;
2006 }
2007 if (!av) {
2008
2009
2010
2011 av = FILE__IOCTL;
2012 }
2013
2014 return av;
2015}
2016
2017
2018
2019
2020
2021static inline u32 open_file_to_av(struct file *file)
2022{
2023 u32 av = file_to_av(file);
2024
2025 if (selinux_policycap_openperm)
2026 av |= FILE__OPEN;
2027
2028 return av;
2029}
2030
2031
2032
2033static int selinux_binder_set_context_mgr(struct task_struct *mgr)
2034{
2035 u32 mysid = current_sid();
2036 u32 mgrsid = task_sid(mgr);
2037
2038 return avc_has_perm(mysid, mgrsid, SECCLASS_BINDER,
2039 BINDER__SET_CONTEXT_MGR, NULL);
2040}
2041
2042static int selinux_binder_transaction(struct task_struct *from,
2043 struct task_struct *to)
2044{
2045 u32 mysid = current_sid();
2046 u32 fromsid = task_sid(from);
2047 u32 tosid = task_sid(to);
2048 int rc;
2049
2050 if (mysid != fromsid) {
2051 rc = avc_has_perm(mysid, fromsid, SECCLASS_BINDER,
2052 BINDER__IMPERSONATE, NULL);
2053 if (rc)
2054 return rc;
2055 }
2056
2057 return avc_has_perm(fromsid, tosid, SECCLASS_BINDER, BINDER__CALL,
2058 NULL);
2059}
2060
2061static int selinux_binder_transfer_binder(struct task_struct *from,
2062 struct task_struct *to)
2063{
2064 u32 fromsid = task_sid(from);
2065 u32 tosid = task_sid(to);
2066
2067 return avc_has_perm(fromsid, tosid, SECCLASS_BINDER, BINDER__TRANSFER,
2068 NULL);
2069}
2070
2071static int selinux_binder_transfer_file(struct task_struct *from,
2072 struct task_struct *to,
2073 struct file *file)
2074{
2075 u32 sid = task_sid(to);
2076 struct file_security_struct *fsec = file->f_security;
2077 struct dentry *dentry = file->f_path.dentry;
2078 struct inode_security_struct *isec = backing_inode_security(dentry);
2079 struct common_audit_data ad;
2080 int rc;
2081
2082 ad.type = LSM_AUDIT_DATA_PATH;
2083 ad.u.path = file->f_path;
2084
2085 if (sid != fsec->sid) {
2086 rc = avc_has_perm(sid, fsec->sid,
2087 SECCLASS_FD,
2088 FD__USE,
2089 &ad);
2090 if (rc)
2091 return rc;
2092 }
2093
2094 if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2095 return 0;
2096
2097 return avc_has_perm(sid, isec->sid, isec->sclass, file_to_av(file),
2098 &ad);
2099}
2100
2101static int selinux_ptrace_access_check(struct task_struct *child,
2102 unsigned int mode)
2103{
2104 if (mode & PTRACE_MODE_READ) {
2105 u32 sid = current_sid();
2106 u32 csid = task_sid(child);
2107 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
2108 }
2109
2110 return current_has_perm(child, PROCESS__PTRACE);
2111}
2112
2113static int selinux_ptrace_traceme(struct task_struct *parent)
2114{
2115 return task_has_perm(parent, current, PROCESS__PTRACE);
2116}
2117
2118static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
2119 kernel_cap_t *inheritable, kernel_cap_t *permitted)
2120{
2121 return current_has_perm(target, PROCESS__GETCAP);
2122}
2123
2124static int selinux_capset(struct cred *new, const struct cred *old,
2125 const kernel_cap_t *effective,
2126 const kernel_cap_t *inheritable,
2127 const kernel_cap_t *permitted)
2128{
2129 return cred_has_perm(old, new, PROCESS__SETCAP);
2130}
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
2143 int cap, int audit)
2144{
2145 return cred_has_capability(cred, cap, audit);
2146}
2147
2148static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
2149{
2150 const struct cred *cred = current_cred();
2151 int rc = 0;
2152
2153 if (!sb)
2154 return 0;
2155
2156 switch (cmds) {
2157 case Q_SYNC:
2158 case Q_QUOTAON:
2159 case Q_QUOTAOFF:
2160 case Q_SETINFO:
2161 case Q_SETQUOTA:
2162 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
2163 break;
2164 case Q_GETFMT:
2165 case Q_GETINFO:
2166 case Q_GETQUOTA:
2167 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
2168 break;
2169 default:
2170 rc = 0;
2171 break;
2172 }
2173 return rc;
2174}
2175
2176static int selinux_quota_on(struct dentry *dentry)
2177{
2178 const struct cred *cred = current_cred();
2179
2180 return dentry_has_perm(cred, dentry, FILE__QUOTAON);
2181}
2182
2183static int selinux_syslog(int type)
2184{
2185 int rc;
2186
2187 switch (type) {
2188 case SYSLOG_ACTION_READ_ALL:
2189 case SYSLOG_ACTION_SIZE_BUFFER:
2190 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
2191 break;
2192 case SYSLOG_ACTION_CONSOLE_OFF:
2193 case SYSLOG_ACTION_CONSOLE_ON:
2194
2195 case SYSLOG_ACTION_CONSOLE_LEVEL:
2196 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
2197 break;
2198 case SYSLOG_ACTION_CLOSE:
2199 case SYSLOG_ACTION_OPEN:
2200 case SYSLOG_ACTION_READ:
2201 case SYSLOG_ACTION_READ_CLEAR:
2202 case SYSLOG_ACTION_CLEAR:
2203 default:
2204 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
2205 break;
2206 }
2207 return rc;
2208}
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
2219{
2220 int rc, cap_sys_admin = 0;
2221
2222 rc = cred_has_capability(current_cred(), CAP_SYS_ADMIN,
2223 SECURITY_CAP_NOAUDIT);
2224 if (rc == 0)
2225 cap_sys_admin = 1;
2226
2227 return cap_sys_admin;
2228}
2229
2230
2231
2232static int check_nnp_nosuid(const struct linux_binprm *bprm,
2233 const struct task_security_struct *old_tsec,
2234 const struct task_security_struct *new_tsec)
2235{
2236 int nnp = (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS);
2237 int nosuid = (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID);
2238 int rc;
2239
2240 if (!nnp && !nosuid)
2241 return 0;
2242
2243 if (new_tsec->sid == old_tsec->sid)
2244 return 0;
2245
2246
2247
2248
2249
2250
2251
2252 rc = security_bounded_transition(old_tsec->sid, new_tsec->sid);
2253 if (rc) {
2254
2255
2256
2257
2258
2259 if (nnp)
2260 return -EPERM;
2261 else
2262 return -EACCES;
2263 }
2264 return 0;
2265}
2266
2267static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2268{
2269 const struct task_security_struct *old_tsec;
2270 struct task_security_struct *new_tsec;
2271 struct inode_security_struct *isec;
2272 struct common_audit_data ad;
2273 struct inode *inode = file_inode(bprm->file);
2274 int rc;
2275
2276
2277
2278 if (bprm->cred_prepared)
2279 return 0;
2280
2281 old_tsec = current_security();
2282 new_tsec = bprm->cred->security;
2283 isec = inode_security(inode);
2284
2285
2286 new_tsec->sid = old_tsec->sid;
2287 new_tsec->osid = old_tsec->sid;
2288
2289
2290 new_tsec->create_sid = 0;
2291 new_tsec->keycreate_sid = 0;
2292 new_tsec->sockcreate_sid = 0;
2293
2294 if (old_tsec->exec_sid) {
2295 new_tsec->sid = old_tsec->exec_sid;
2296
2297 new_tsec->exec_sid = 0;
2298
2299
2300 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec);
2301 if (rc)
2302 return rc;
2303 } else {
2304
2305 rc = security_transition_sid(old_tsec->sid, isec->sid,
2306 SECCLASS_PROCESS, NULL,
2307 &new_tsec->sid);
2308 if (rc)
2309 return rc;
2310
2311
2312
2313
2314
2315 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec);
2316 if (rc)
2317 new_tsec->sid = old_tsec->sid;
2318 }
2319
2320 ad.type = LSM_AUDIT_DATA_PATH;
2321 ad.u.path = bprm->file->f_path;
2322
2323 if (new_tsec->sid == old_tsec->sid) {
2324 rc = avc_has_perm(old_tsec->sid, isec->sid,
2325 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2326 if (rc)
2327 return rc;
2328 } else {
2329
2330 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2331 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2332 if (rc)
2333 return rc;
2334
2335 rc = avc_has_perm(new_tsec->sid, isec->sid,
2336 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2337 if (rc)
2338 return rc;
2339
2340
2341 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2342 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2343 SECCLASS_PROCESS, PROCESS__SHARE,
2344 NULL);
2345 if (rc)
2346 return -EPERM;
2347 }
2348
2349
2350
2351 if (bprm->unsafe &
2352 (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
2353 struct task_struct *tracer;
2354 struct task_security_struct *sec;
2355 u32 ptsid = 0;
2356
2357 rcu_read_lock();
2358 tracer = ptrace_parent(current);
2359 if (likely(tracer != NULL)) {
2360 sec = __task_cred(tracer)->security;
2361 ptsid = sec->sid;
2362 }
2363 rcu_read_unlock();
2364
2365 if (ptsid != 0) {
2366 rc = avc_has_perm(ptsid, new_tsec->sid,
2367 SECCLASS_PROCESS,
2368 PROCESS__PTRACE, NULL);
2369 if (rc)
2370 return -EPERM;
2371 }
2372 }
2373
2374
2375 bprm->per_clear |= PER_CLEAR_ON_SETID;
2376 }
2377
2378 return 0;
2379}
2380
2381static int selinux_bprm_secureexec(struct linux_binprm *bprm)
2382{
2383 const struct task_security_struct *tsec = current_security();
2384 u32 sid, osid;
2385 int atsecure = 0;
2386
2387 sid = tsec->sid;
2388 osid = tsec->osid;
2389
2390 if (osid != sid) {
2391
2392
2393
2394 atsecure = avc_has_perm(osid, sid,
2395 SECCLASS_PROCESS,
2396 PROCESS__NOATSECURE, NULL);
2397 }
2398
2399 return !!atsecure;
2400}
2401
2402static int match_file(const void *p, struct file *file, unsigned fd)
2403{
2404 return file_has_perm(p, file, file_to_av(file)) ? fd + 1 : 0;
2405}
2406
2407
2408static inline void flush_unauthorized_files(const struct cred *cred,
2409 struct files_struct *files)
2410{
2411 struct file *file, *devnull = NULL;
2412 struct tty_struct *tty;
2413 int drop_tty = 0;
2414 unsigned n;
2415
2416 tty = get_current_tty();
2417 if (tty) {
2418 spin_lock(&tty->files_lock);
2419 if (!list_empty(&tty->tty_files)) {
2420 struct tty_file_private *file_priv;
2421
2422
2423
2424
2425
2426
2427 file_priv = list_first_entry(&tty->tty_files,
2428 struct tty_file_private, list);
2429 file = file_priv->file;
2430 if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))
2431 drop_tty = 1;
2432 }
2433 spin_unlock(&tty->files_lock);
2434 tty_kref_put(tty);
2435 }
2436
2437 if (drop_tty)
2438 no_tty();
2439
2440
2441 n = iterate_fd(files, 0, match_file, cred);
2442 if (!n)
2443 return;
2444
2445 devnull = dentry_open(&selinux_null, O_RDWR, cred);
2446 if (IS_ERR(devnull))
2447 devnull = NULL;
2448
2449 do {
2450 replace_fd(n - 1, devnull, 0);
2451 } while ((n = iterate_fd(files, n, match_file, cred)) != 0);
2452 if (devnull)
2453 fput(devnull);
2454}
2455
2456
2457
2458
2459static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2460{
2461 struct task_security_struct *new_tsec;
2462 struct rlimit *rlim, *initrlim;
2463 int rc, i;
2464
2465 new_tsec = bprm->cred->security;
2466 if (new_tsec->sid == new_tsec->osid)
2467 return;
2468
2469
2470 flush_unauthorized_files(bprm->cred, current->files);
2471
2472
2473 current->pdeath_signal = 0;
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2486 PROCESS__RLIMITINH, NULL);
2487 if (rc) {
2488
2489 task_lock(current);
2490 for (i = 0; i < RLIM_NLIMITS; i++) {
2491 rlim = current->signal->rlim + i;
2492 initrlim = init_task.signal->rlim + i;
2493 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2494 }
2495 task_unlock(current);
2496 update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
2497 }
2498}
2499
2500
2501
2502
2503
2504static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2505{
2506 const struct task_security_struct *tsec = current_security();
2507 struct itimerval itimer;
2508 u32 osid, sid;
2509 int rc, i;
2510
2511 osid = tsec->osid;
2512 sid = tsec->sid;
2513
2514 if (sid == osid)
2515 return;
2516
2517
2518
2519
2520
2521
2522
2523
2524 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2525 if (rc) {
2526 memset(&itimer, 0, sizeof itimer);
2527 for (i = 0; i < 3; i++)
2528 do_setitimer(i, &itimer, NULL);
2529 spin_lock_irq(¤t->sighand->siglock);
2530 if (!fatal_signal_pending(current)) {
2531 flush_sigqueue(¤t->pending);
2532 flush_sigqueue(¤t->signal->shared_pending);
2533 flush_signal_handlers(current, 1);
2534 sigemptyset(¤t->blocked);
2535 recalc_sigpending();
2536 }
2537 spin_unlock_irq(¤t->sighand->siglock);
2538 }
2539
2540
2541
2542 read_lock(&tasklist_lock);
2543 __wake_up_parent(current, current->real_parent);
2544 read_unlock(&tasklist_lock);
2545}
2546
2547
2548
2549static int selinux_sb_alloc_security(struct super_block *sb)
2550{
2551 return superblock_alloc_security(sb);
2552}
2553
2554static void selinux_sb_free_security(struct super_block *sb)
2555{
2556 superblock_free_security(sb);
2557}
2558
2559static inline int match_prefix(char *prefix, int plen, char *option, int olen)
2560{
2561 if (plen > olen)
2562 return 0;
2563
2564 return !memcmp(prefix, option, plen);
2565}
2566
2567static inline int selinux_option(char *option, int len)
2568{
2569 return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) ||
2570 match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) ||
2571 match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) ||
2572 match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) ||
2573 match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len));
2574}
2575
2576static inline void take_option(char **to, char *from, int *first, int len)
2577{
2578 if (!*first) {
2579 **to = ',';
2580 *to += 1;
2581 } else
2582 *first = 0;
2583 memcpy(*to, from, len);
2584 *to += len;
2585}
2586
2587static inline void take_selinux_option(char **to, char *from, int *first,
2588 int len)
2589{
2590 int current_size = 0;
2591
2592 if (!*first) {
2593 **to = '|';
2594 *to += 1;
2595 } else
2596 *first = 0;
2597
2598 while (current_size < len) {
2599 if (*from != '"') {
2600 **to = *from;
2601 *to += 1;
2602 }
2603 from += 1;
2604 current_size += 1;
2605 }
2606}
2607
2608static int selinux_sb_copy_data(char *orig, char *copy)
2609{
2610 int fnosec, fsec, rc = 0;
2611 char *in_save, *in_curr, *in_end;
2612 char *sec_curr, *nosec_save, *nosec;
2613 int open_quote = 0;
2614
2615 in_curr = orig;
2616 sec_curr = copy;
2617
2618 nosec = (char *)get_zeroed_page(GFP_KERNEL);
2619 if (!nosec) {
2620 rc = -ENOMEM;
2621 goto out;
2622 }
2623
2624 nosec_save = nosec;
2625 fnosec = fsec = 1;
2626 in_save = in_end = orig;
2627
2628 do {
2629 if (*in_end == '"')
2630 open_quote = !open_quote;
2631 if ((*in_end == ',' && open_quote == 0) ||
2632 *in_end == '\0') {
2633 int len = in_end - in_curr;
2634
2635 if (selinux_option(in_curr, len))
2636 take_selinux_option(&sec_curr, in_curr, &fsec, len);
2637 else
2638 take_option(&nosec, in_curr, &fnosec, len);
2639
2640 in_curr = in_end + 1;
2641 }
2642 } while (*in_end++);
2643
2644 strcpy(in_save, nosec_save);
2645 free_page((unsigned long)nosec_save);
2646out:
2647 return rc;
2648}
2649
2650static int selinux_sb_remount(struct super_block *sb, void *data)
2651{
2652 int rc, i, *flags;
2653 struct security_mnt_opts opts;
2654 char *secdata, **mount_options;
2655 struct superblock_security_struct *sbsec = sb->s_security;
2656
2657 if (!(sbsec->flags & SE_SBINITIALIZED))
2658 return 0;
2659
2660 if (!data)
2661 return 0;
2662
2663 if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
2664 return 0;
2665
2666 security_init_mnt_opts(&opts);
2667 secdata = alloc_secdata();
2668 if (!secdata)
2669 return -ENOMEM;
2670 rc = selinux_sb_copy_data(data, secdata);
2671 if (rc)
2672 goto out_free_secdata;
2673
2674 rc = selinux_parse_opts_str(secdata, &opts);
2675 if (rc)
2676 goto out_free_secdata;
2677
2678 mount_options = opts.mnt_opts;
2679 flags = opts.mnt_opts_flags;
2680
2681 for (i = 0; i < opts.num_mnt_opts; i++) {
2682 u32 sid;
2683
2684 if (flags[i] == SBLABEL_MNT)
2685 continue;
2686 rc = security_context_str_to_sid(mount_options[i], &sid, GFP_KERNEL);
2687 if (rc) {
2688 printk(KERN_WARNING "SELinux: security_context_str_to_sid"
2689 "(%s) failed for (dev %s, type %s) errno=%d\n",
2690 mount_options[i], sb->s_id, sb->s_type->name, rc);
2691 goto out_free_opts;
2692 }
2693 rc = -EINVAL;
2694 switch (flags[i]) {
2695 case FSCONTEXT_MNT:
2696 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
2697 goto out_bad_option;
2698 break;
2699 case CONTEXT_MNT:
2700 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
2701 goto out_bad_option;
2702 break;
2703 case ROOTCONTEXT_MNT: {
2704 struct inode_security_struct *root_isec;
2705 root_isec = backing_inode_security(sb->s_root);
2706
2707 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
2708 goto out_bad_option;
2709 break;
2710 }
2711 case DEFCONTEXT_MNT:
2712 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
2713 goto out_bad_option;
2714 break;
2715 default:
2716 goto out_free_opts;
2717 }
2718 }
2719
2720 rc = 0;
2721out_free_opts:
2722 security_free_mnt_opts(&opts);
2723out_free_secdata:
2724 free_secdata(secdata);
2725 return rc;
2726out_bad_option:
2727 printk(KERN_WARNING "SELinux: unable to change security options "
2728 "during remount (dev %s, type=%s)\n", sb->s_id,
2729 sb->s_type->name);
2730 goto out_free_opts;
2731}
2732
2733static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2734{
2735 const struct cred *cred = current_cred();
2736 struct common_audit_data ad;
2737 int rc;
2738
2739 rc = superblock_doinit(sb, data);
2740 if (rc)
2741 return rc;
2742
2743
2744 if (flags & MS_KERNMOUNT)
2745 return 0;
2746
2747 ad.type = LSM_AUDIT_DATA_DENTRY;
2748 ad.u.dentry = sb->s_root;
2749 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2750}
2751
2752static int selinux_sb_statfs(struct dentry *dentry)
2753{
2754 const struct cred *cred = current_cred();
2755 struct common_audit_data ad;
2756
2757 ad.type = LSM_AUDIT_DATA_DENTRY;
2758 ad.u.dentry = dentry->d_sb->s_root;
2759 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2760}
2761
2762static int selinux_mount(const char *dev_name,
2763 struct path *path,
2764 const char *type,
2765 unsigned long flags,
2766 void *data)
2767{
2768 const struct cred *cred = current_cred();
2769
2770 if (flags & MS_REMOUNT)
2771 return superblock_has_perm(cred, path->dentry->d_sb,
2772 FILESYSTEM__REMOUNT, NULL);
2773 else
2774 return path_has_perm(cred, path, FILE__MOUNTON);
2775}
2776
2777static int selinux_umount(struct vfsmount *mnt, int flags)
2778{
2779 const struct cred *cred = current_cred();
2780
2781 return superblock_has_perm(cred, mnt->mnt_sb,
2782 FILESYSTEM__UNMOUNT, NULL);
2783}
2784
2785
2786
2787static int selinux_inode_alloc_security(struct inode *inode)
2788{
2789 return inode_alloc_security(inode);
2790}
2791
2792static void selinux_inode_free_security(struct inode *inode)
2793{
2794 inode_free_security(inode);
2795}
2796
2797static int selinux_dentry_init_security(struct dentry *dentry, int mode,
2798 struct qstr *name, void **ctx,
2799 u32 *ctxlen)
2800{
2801 u32 newsid;
2802 int rc;
2803
2804 rc = selinux_determine_inode_label(d_inode(dentry->d_parent), name,
2805 inode_mode_to_security_class(mode),
2806 &newsid);
2807 if (rc)
2808 return rc;
2809
2810 return security_sid_to_context(newsid, (char **)ctx, ctxlen);
2811}
2812
2813static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2814 const struct qstr *qstr,
2815 const char **name,
2816 void **value, size_t *len)
2817{
2818 const struct task_security_struct *tsec = current_security();
2819 struct superblock_security_struct *sbsec;
2820 u32 sid, newsid, clen;
2821 int rc;
2822 char *context;
2823
2824 sbsec = dir->i_sb->s_security;
2825
2826 sid = tsec->sid;
2827 newsid = tsec->create_sid;
2828
2829 rc = selinux_determine_inode_label(
2830 dir, qstr,
2831 inode_mode_to_security_class(inode->i_mode),
2832 &newsid);
2833 if (rc)
2834 return rc;
2835
2836
2837 if (sbsec->flags & SE_SBINITIALIZED) {
2838 struct inode_security_struct *isec = inode->i_security;
2839 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2840 isec->sid = newsid;
2841 isec->initialized = LABEL_INITIALIZED;
2842 }
2843
2844 if (!ss_initialized || !(sbsec->flags & SBLABEL_MNT))
2845 return -EOPNOTSUPP;
2846
2847 if (name)
2848 *name = XATTR_SELINUX_SUFFIX;
2849
2850 if (value && len) {
2851 rc = security_sid_to_context_force(newsid, &context, &clen);
2852 if (rc)
2853 return rc;
2854 *value = context;
2855 *len = clen;
2856 }
2857
2858 return 0;
2859}
2860
2861static int selinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
2862{
2863 return may_create(dir, dentry, SECCLASS_FILE);
2864}
2865
2866static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2867{
2868 return may_link(dir, old_dentry, MAY_LINK);
2869}
2870
2871static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2872{
2873 return may_link(dir, dentry, MAY_UNLINK);
2874}
2875
2876static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2877{
2878 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2879}
2880
2881static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask)
2882{
2883 return may_create(dir, dentry, SECCLASS_DIR);
2884}
2885
2886static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2887{
2888 return may_link(dir, dentry, MAY_RMDIR);
2889}
2890
2891static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
2892{
2893 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2894}
2895
2896static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2897 struct inode *new_inode, struct dentry *new_dentry)
2898{
2899 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2900}
2901
2902static int selinux_inode_readlink(struct dentry *dentry)
2903{
2904 const struct cred *cred = current_cred();
2905
2906 return dentry_has_perm(cred, dentry, FILE__READ);
2907}
2908
2909static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
2910 bool rcu)
2911{
2912 const struct cred *cred = current_cred();
2913 struct common_audit_data ad;
2914 struct inode_security_struct *isec;
2915 u32 sid;
2916
2917 validate_creds(cred);
2918
2919 ad.type = LSM_AUDIT_DATA_DENTRY;
2920 ad.u.dentry = dentry;
2921 sid = cred_sid(cred);
2922 isec = inode_security_rcu(inode, rcu);
2923 if (IS_ERR(isec))
2924 return PTR_ERR(isec);
2925
2926 return avc_has_perm_flags(sid, isec->sid, isec->sclass, FILE__READ, &ad,
2927 rcu ? MAY_NOT_BLOCK : 0);
2928}
2929
2930static noinline int audit_inode_permission(struct inode *inode,
2931 u32 perms, u32 audited, u32 denied,
2932 int result,
2933 unsigned flags)
2934{
2935 struct common_audit_data ad;
2936 struct inode_security_struct *isec = inode->i_security;
2937 int rc;
2938
2939 ad.type = LSM_AUDIT_DATA_INODE;
2940 ad.u.inode = inode;
2941
2942 rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms,
2943 audited, denied, result, &ad, flags);
2944 if (rc)
2945 return rc;
2946 return 0;
2947}
2948
2949static int selinux_inode_permission(struct inode *inode, int mask)
2950{
2951 const struct cred *cred = current_cred();
2952 u32 perms;
2953 bool from_access;
2954 unsigned flags = mask & MAY_NOT_BLOCK;
2955 struct inode_security_struct *isec;
2956 u32 sid;
2957 struct av_decision avd;
2958 int rc, rc2;
2959 u32 audited, denied;
2960
2961 from_access = mask & MAY_ACCESS;
2962 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
2963
2964
2965 if (!mask)
2966 return 0;
2967
2968 validate_creds(cred);
2969
2970 if (unlikely(IS_PRIVATE(inode)))
2971 return 0;
2972
2973 perms = file_mask_to_av(inode->i_mode, mask);
2974
2975 sid = cred_sid(cred);
2976 isec = inode_security_rcu(inode, flags & MAY_NOT_BLOCK);
2977 if (IS_ERR(isec))
2978 return PTR_ERR(isec);
2979
2980 rc = avc_has_perm_noaudit(sid, isec->sid, isec->sclass, perms, 0, &avd);
2981 audited = avc_audit_required(perms, &avd, rc,
2982 from_access ? FILE__AUDIT_ACCESS : 0,
2983 &denied);
2984 if (likely(!audited))
2985 return rc;
2986
2987 rc2 = audit_inode_permission(inode, perms, audited, denied, rc, flags);
2988 if (rc2)
2989 return rc2;
2990 return rc;
2991}
2992
2993static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2994{
2995 const struct cred *cred = current_cred();
2996 unsigned int ia_valid = iattr->ia_valid;
2997 __u32 av = FILE__WRITE;
2998
2999
3000 if (ia_valid & ATTR_FORCE) {
3001 ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE |
3002 ATTR_FORCE);
3003 if (!ia_valid)
3004 return 0;
3005 }
3006
3007 if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
3008 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
3009 return dentry_has_perm(cred, dentry, FILE__SETATTR);
3010
3011 if (selinux_policycap_openperm && (ia_valid & ATTR_SIZE)
3012 && !(ia_valid & ATTR_FILE))
3013 av |= FILE__OPEN;
3014
3015 return dentry_has_perm(cred, dentry, av);
3016}
3017
3018static int selinux_inode_getattr(const struct path *path)
3019{
3020 return path_has_perm(current_cred(), path, FILE__GETATTR);
3021}
3022
3023static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
3024{
3025 const struct cred *cred = current_cred();
3026
3027 if (!strncmp(name, XATTR_SECURITY_PREFIX,
3028 sizeof XATTR_SECURITY_PREFIX - 1)) {
3029 if (!strcmp(name, XATTR_NAME_CAPS)) {
3030 if (!capable(CAP_SETFCAP))
3031 return -EPERM;
3032 } else if (!capable(CAP_SYS_ADMIN)) {
3033
3034
3035 return -EPERM;
3036 }
3037 }
3038
3039
3040
3041 return dentry_has_perm(cred, dentry, FILE__SETATTR);
3042}
3043
3044static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
3045 const void *value, size_t size, int flags)
3046{
3047 struct inode *inode = d_backing_inode(dentry);
3048 struct inode_security_struct *isec = backing_inode_security(dentry);
3049 struct superblock_security_struct *sbsec;
3050 struct common_audit_data ad;
3051 u32 newsid, sid = current_sid();
3052 int rc = 0;
3053
3054 if (strcmp(name, XATTR_NAME_SELINUX))
3055 return selinux_inode_setotherxattr(dentry, name);
3056
3057 sbsec = inode->i_sb->s_security;
3058 if (!(sbsec->flags & SBLABEL_MNT))
3059 return -EOPNOTSUPP;
3060
3061 if (!inode_owner_or_capable(inode))
3062 return -EPERM;
3063
3064 ad.type = LSM_AUDIT_DATA_DENTRY;
3065 ad.u.dentry = dentry;
3066
3067 rc = avc_has_perm(sid, isec->sid, isec->sclass,
3068 FILE__RELABELFROM, &ad);
3069 if (rc)
3070 return rc;
3071
3072 rc = security_context_to_sid(value, size, &newsid, GFP_KERNEL);
3073 if (rc == -EINVAL) {
3074 if (!capable(CAP_MAC_ADMIN)) {
3075 struct audit_buffer *ab;
3076 size_t audit_size;
3077 const char *str;
3078
3079
3080
3081 if (value) {
3082 str = value;
3083 if (str[size - 1] == '\0')
3084 audit_size = size - 1;
3085 else
3086 audit_size = size;
3087 } else {
3088 str = "";
3089 audit_size = 0;
3090 }
3091 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
3092 audit_log_format(ab, "op=setxattr invalid_context=");
3093 audit_log_n_untrustedstring(ab, value, audit_size);
3094 audit_log_end(ab);
3095
3096 return rc;
3097 }
3098 rc = security_context_to_sid_force(value, size, &newsid);
3099 }
3100 if (rc)
3101 return rc;
3102
3103 rc = avc_has_perm(sid, newsid, isec->sclass,
3104 FILE__RELABELTO, &ad);
3105 if (rc)
3106 return rc;
3107
3108 rc = security_validate_transition(isec->sid, newsid, sid,
3109 isec->sclass);
3110 if (rc)
3111 return rc;
3112
3113 return avc_has_perm(newsid,
3114 sbsec->sid,
3115 SECCLASS_FILESYSTEM,
3116 FILESYSTEM__ASSOCIATE,
3117 &ad);
3118}
3119
3120static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
3121 const void *value, size_t size,
3122 int flags)
3123{
3124 struct inode *inode = d_backing_inode(dentry);
3125 struct inode_security_struct *isec = backing_inode_security(dentry);
3126 u32 newsid;
3127 int rc;
3128
3129 if (strcmp(name, XATTR_NAME_SELINUX)) {
3130
3131 return;
3132 }
3133
3134 rc = security_context_to_sid_force(value, size, &newsid);
3135 if (rc) {
3136 printk(KERN_ERR "SELinux: unable to map context to SID"
3137 "for (%s, %lu), rc=%d\n",
3138 inode->i_sb->s_id, inode->i_ino, -rc);
3139 return;
3140 }
3141
3142 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3143 isec->sid = newsid;
3144 isec->initialized = LABEL_INITIALIZED;
3145
3146 return;
3147}
3148
3149static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
3150{
3151 const struct cred *cred = current_cred();
3152
3153 return dentry_has_perm(cred, dentry, FILE__GETATTR);
3154}
3155
3156static int selinux_inode_listxattr(struct dentry *dentry)
3157{
3158 const struct cred *cred = current_cred();
3159
3160 return dentry_has_perm(cred, dentry, FILE__GETATTR);
3161}
3162
3163static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
3164{
3165 if (strcmp(name, XATTR_NAME_SELINUX))
3166 return selinux_inode_setotherxattr(dentry, name);
3167
3168
3169
3170 return -EACCES;
3171}
3172
3173
3174
3175
3176
3177
3178static int selinux_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)
3179{
3180 u32 size;
3181 int error;
3182 char *context = NULL;
3183 struct inode_security_struct *isec = inode_security(inode);
3184
3185 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3186 return -EOPNOTSUPP;
3187
3188
3189
3190
3191
3192
3193
3194
3195
3196
3197 error = cap_capable(current_cred(), &init_user_ns, CAP_MAC_ADMIN,
3198 SECURITY_CAP_NOAUDIT);
3199 if (!error)
3200 error = cred_has_capability(current_cred(), CAP_MAC_ADMIN,
3201 SECURITY_CAP_NOAUDIT);
3202 if (!error)
3203 error = security_sid_to_context_force(isec->sid, &context,
3204 &size);
3205 else
3206 error = security_sid_to_context(isec->sid, &context, &size);
3207 if (error)
3208 return error;
3209 error = size;
3210 if (alloc) {
3211 *buffer = context;
3212 goto out_nofree;
3213 }
3214 kfree(context);
3215out_nofree:
3216 return error;
3217}
3218
3219static int selinux_inode_setsecurity(struct inode *inode, const char *name,
3220 const void *value, size_t size, int flags)
3221{
3222 struct inode_security_struct *isec = inode_security(inode);
3223 u32 newsid;
3224 int rc;
3225
3226 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3227 return -EOPNOTSUPP;
3228
3229 if (!value || !size)
3230 return -EACCES;
3231
3232 rc = security_context_to_sid(value, size, &newsid, GFP_KERNEL);
3233 if (rc)
3234 return rc;
3235
3236 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3237 isec->sid = newsid;
3238 isec->initialized = LABEL_INITIALIZED;
3239 return 0;
3240}
3241
3242static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
3243{
3244 const int len = sizeof(XATTR_NAME_SELINUX);
3245 if (buffer && len <= buffer_size)
3246 memcpy(buffer, XATTR_NAME_SELINUX, len);
3247 return len;
3248}
3249
3250static void selinux_inode_getsecid(struct inode *inode, u32 *secid)
3251{
3252 struct inode_security_struct *isec = inode_security_novalidate(inode);
3253 *secid = isec->sid;
3254}
3255
3256
3257
3258static int selinux_revalidate_file_permission(struct file *file, int mask)
3259{
3260 const struct cred *cred = current_cred();
3261 struct inode *inode = file_inode(file);
3262
3263
3264 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
3265 mask |= MAY_APPEND;
3266
3267 return file_has_perm(cred, file,
3268 file_mask_to_av(inode->i_mode, mask));
3269}
3270
3271static int selinux_file_permission(struct file *file, int mask)
3272{
3273 struct inode *inode = file_inode(file);
3274 struct file_security_struct *fsec = file->f_security;
3275 struct inode_security_struct *isec;
3276 u32 sid = current_sid();
3277
3278 if (!mask)
3279
3280 return 0;
3281
3282 isec = inode_security(inode);
3283 if (sid == fsec->sid && fsec->isid == isec->sid &&
3284 fsec->pseqno == avc_policy_seqno())
3285
3286 return 0;
3287
3288 return selinux_revalidate_file_permission(file, mask);
3289}
3290
3291static int selinux_file_alloc_security(struct file *file)
3292{
3293 return file_alloc_security(file);
3294}
3295
3296static void selinux_file_free_security(struct file *file)
3297{
3298 file_free_security(file);
3299}
3300
3301
3302
3303
3304
3305static int ioctl_has_perm(const struct cred *cred, struct file *file,
3306 u32 requested, u16 cmd)
3307{
3308 struct common_audit_data ad;
3309 struct file_security_struct *fsec = file->f_security;
3310 struct inode *inode = file_inode(file);
3311 struct inode_security_struct *isec = inode_security(inode);
3312 struct lsm_ioctlop_audit ioctl;
3313 u32 ssid = cred_sid(cred);
3314 int rc;
3315 u8 driver = cmd >> 8;
3316 u8 xperm = cmd & 0xff;
3317
3318 ad.type = LSM_AUDIT_DATA_IOCTL_OP;
3319 ad.u.op = &ioctl;
3320 ad.u.op->cmd = cmd;
3321 ad.u.op->path = file->f_path;
3322
3323 if (ssid != fsec->sid) {
3324 rc = avc_has_perm(ssid, fsec->sid,
3325 SECCLASS_FD,
3326 FD__USE,
3327 &ad);
3328 if (rc)
3329 goto out;
3330 }
3331
3332 if (unlikely(IS_PRIVATE(inode)))
3333 return 0;
3334
3335 rc = avc_has_extended_perms(ssid, isec->sid, isec->sclass,
3336 requested, driver, xperm, &ad);
3337out:
3338 return rc;
3339}
3340
3341static int selinux_file_ioctl(struct file *file, unsigned int cmd,
3342 unsigned long arg)
3343{
3344 const struct cred *cred = current_cred();
3345 int error = 0;
3346
3347 switch (cmd) {
3348 case FIONREAD:
3349
3350 case FIBMAP:
3351
3352 case FIGETBSZ:
3353
3354 case FS_IOC_GETFLAGS:
3355
3356 case FS_IOC_GETVERSION:
3357 error = file_has_perm(cred, file, FILE__GETATTR);
3358 break;
3359
3360 case FS_IOC_SETFLAGS:
3361
3362 case FS_IOC_SETVERSION:
3363 error = file_has_perm(cred, file, FILE__SETATTR);
3364 break;
3365
3366
3367 case FIONBIO:
3368
3369 case FIOASYNC:
3370 error = file_has_perm(cred, file, 0);
3371 break;
3372
3373 case KDSKBENT:
3374 case KDSKBSENT:
3375 error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG,
3376 SECURITY_CAP_AUDIT);
3377 break;
3378
3379
3380
3381
3382 default:
3383 error = ioctl_has_perm(cred, file, FILE__IOCTL, (u16) cmd);
3384 }
3385 return error;
3386}
3387
3388static int default_noexec;
3389
3390static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
3391{
3392 const struct cred *cred = current_cred();
3393 int rc = 0;
3394
3395 if (default_noexec &&
3396 (prot & PROT_EXEC) && (!file || IS_PRIVATE(file_inode(file)) ||
3397 (!shared && (prot & PROT_WRITE)))) {
3398
3399
3400
3401
3402
3403 rc = cred_has_perm(cred, cred, PROCESS__EXECMEM);
3404 if (rc)
3405 goto error;
3406 }
3407
3408 if (file) {
3409
3410 u32 av = FILE__READ;
3411
3412
3413 if (shared && (prot & PROT_WRITE))
3414 av |= FILE__WRITE;
3415
3416 if (prot & PROT_EXEC)
3417 av |= FILE__EXECUTE;
3418
3419 return file_has_perm(cred, file, av);
3420 }
3421
3422error:
3423 return rc;
3424}
3425
3426static int selinux_mmap_addr(unsigned long addr)
3427{
3428 int rc = 0;
3429
3430 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
3431 u32 sid = current_sid();
3432 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
3433 MEMPROTECT__MMAP_ZERO, NULL);
3434 }
3435
3436 return rc;
3437}
3438
3439static int selinux_mmap_file(struct file *file, unsigned long reqprot,
3440 unsigned long prot, unsigned long flags)
3441{
3442 if (selinux_checkreqprot)
3443 prot = reqprot;
3444
3445 return file_map_prot_check(file, prot,
3446 (flags & MAP_TYPE) == MAP_SHARED);
3447}
3448
3449static int selinux_file_mprotect(struct vm_area_struct *vma,
3450 unsigned long reqprot,
3451 unsigned long prot)
3452{
3453 const struct cred *cred = current_cred();
3454
3455 if (selinux_checkreqprot)
3456 prot = reqprot;
3457
3458 if (default_noexec &&
3459 (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3460 int rc = 0;
3461 if (vma->vm_start >= vma->vm_mm->start_brk &&
3462 vma->vm_end <= vma->vm_mm->brk) {
3463 rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP);
3464 } else if (!vma->vm_file &&
3465 vma->vm_start <= vma->vm_mm->start_stack &&
3466 vma->vm_end >= vma->vm_mm->start_stack) {
3467 rc = current_has_perm(current, PROCESS__EXECSTACK);
3468 } else if (vma->vm_file && vma->anon_vma) {
3469
3470
3471
3472
3473
3474
3475
3476 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3477 }
3478 if (rc)
3479 return rc;
3480 }
3481
3482 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3483}
3484
3485static int selinux_file_lock(struct file *file, unsigned int cmd)
3486{
3487 const struct cred *cred = current_cred();
3488
3489 return file_has_perm(cred, file, FILE__LOCK);
3490}
3491
3492static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3493 unsigned long arg)
3494{
3495 const struct cred *cred = current_cred();
3496 int err = 0;
3497
3498 switch (cmd) {
3499 case F_SETFL:
3500 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3501 err = file_has_perm(cred, file, FILE__WRITE);
3502 break;
3503 }
3504
3505 case F_SETOWN:
3506 case F_SETSIG:
3507 case F_GETFL:
3508 case F_GETOWN:
3509 case F_GETSIG:
3510 case F_GETOWNER_UIDS:
3511
3512 err = file_has_perm(cred, file, 0);
3513 break;
3514 case F_GETLK:
3515 case F_SETLK:
3516 case F_SETLKW:
3517 case F_OFD_GETLK:
3518 case F_OFD_SETLK:
3519 case F_OFD_SETLKW:
3520#if BITS_PER_LONG == 32
3521 case F_GETLK64:
3522 case F_SETLK64:
3523 case F_SETLKW64:
3524#endif
3525 err = file_has_perm(cred, file, FILE__LOCK);
3526 break;
3527 }
3528
3529 return err;
3530}
3531
3532static void selinux_file_set_fowner(struct file *file)
3533{
3534 struct file_security_struct *fsec;
3535
3536 fsec = file->f_security;
3537 fsec->fown_sid = current_sid();
3538}
3539
3540static int selinux_file_send_sigiotask(struct task_struct *tsk,
3541 struct fown_struct *fown, int signum)
3542{
3543 struct file *file;
3544 u32 sid = task_sid(tsk);
3545 u32 perm;
3546 struct file_security_struct *fsec;
3547
3548
3549 file = container_of(fown, struct file, f_owner);
3550
3551 fsec = file->f_security;
3552
3553 if (!signum)
3554 perm = signal_to_av(SIGIO);
3555 else
3556 perm = signal_to_av(signum);
3557
3558 return avc_has_perm(fsec->fown_sid, sid,
3559 SECCLASS_PROCESS, perm, NULL);
3560}
3561
3562static int selinux_file_receive(struct file *file)
3563{
3564 const struct cred *cred = current_cred();
3565
3566 return file_has_perm(cred, file, file_to_av(file));
3567}
3568
3569static int selinux_file_open(struct file *file, const struct cred *cred)
3570{
3571 struct file_security_struct *fsec;
3572 struct inode_security_struct *isec;
3573
3574 fsec = file->f_security;
3575 isec = inode_security(file_inode(file));
3576
3577
3578
3579
3580
3581
3582
3583 fsec->isid = isec->sid;
3584 fsec->pseqno = avc_policy_seqno();
3585
3586
3587
3588
3589
3590
3591
3592
3593 return file_path_has_perm(cred, file, open_file_to_av(file));
3594}
3595
3596
3597
3598static int selinux_task_create(unsigned long clone_flags)
3599{
3600 return current_has_perm(current, PROCESS__FORK);
3601}
3602
3603
3604
3605
3606static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp)
3607{
3608 struct task_security_struct *tsec;
3609
3610 tsec = kzalloc(sizeof(struct task_security_struct), gfp);
3611 if (!tsec)
3612 return -ENOMEM;
3613
3614 cred->security = tsec;
3615 return 0;
3616}
3617
3618
3619
3620
3621static void selinux_cred_free(struct cred *cred)
3622{
3623 struct task_security_struct *tsec = cred->security;
3624
3625
3626
3627
3628
3629 BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE);
3630 cred->security = (void *) 0x7UL;
3631 kfree(tsec);
3632}
3633
3634
3635
3636
3637static int selinux_cred_prepare(struct cred *new, const struct cred *old,
3638 gfp_t gfp)
3639{
3640 const struct task_security_struct *old_tsec;
3641 struct task_security_struct *tsec;
3642
3643 old_tsec = old->security;
3644
3645 tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp);
3646 if (!tsec)
3647 return -ENOMEM;
3648
3649 new->security = tsec;
3650 return 0;
3651}
3652
3653
3654
3655
3656static void selinux_cred_transfer(struct cred *new, const struct cred *old)
3657{
3658 const struct task_security_struct *old_tsec = old->security;
3659 struct task_security_struct *tsec = new->security;
3660
3661 *tsec = *old_tsec;
3662}
3663
3664
3665
3666
3667
3668static int selinux_kernel_act_as(struct cred *new, u32 secid)
3669{
3670 struct task_security_struct *tsec = new->security;
3671 u32 sid = current_sid();
3672 int ret;
3673
3674 ret = avc_has_perm(sid, secid,
3675 SECCLASS_KERNEL_SERVICE,
3676 KERNEL_SERVICE__USE_AS_OVERRIDE,
3677 NULL);
3678 if (ret == 0) {
3679 tsec->sid = secid;
3680 tsec->create_sid = 0;
3681 tsec->keycreate_sid = 0;
3682 tsec->sockcreate_sid = 0;
3683 }
3684 return ret;
3685}
3686
3687
3688
3689
3690
3691static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3692{
3693 struct inode_security_struct *isec = inode_security(inode);
3694 struct task_security_struct *tsec = new->security;
3695 u32 sid = current_sid();
3696 int ret;
3697
3698 ret = avc_has_perm(sid, isec->sid,
3699 SECCLASS_KERNEL_SERVICE,
3700 KERNEL_SERVICE__CREATE_FILES_AS,
3701 NULL);
3702
3703 if (ret == 0)
3704 tsec->create_sid = isec->sid;
3705 return ret;
3706}
3707
3708static int selinux_kernel_module_request(char *kmod_name)
3709{
3710 u32 sid;
3711 struct common_audit_data ad;
3712
3713 sid = task_sid(current);
3714
3715 ad.type = LSM_AUDIT_DATA_KMOD;
3716 ad.u.kmod_name = kmod_name;
3717
3718 return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM,
3719 SYSTEM__MODULE_REQUEST, &ad);
3720}
3721
3722static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
3723{
3724 return current_has_perm(p, PROCESS__SETPGID);
3725}
3726
3727static int selinux_task_getpgid(struct task_struct *p)
3728{
3729 return current_has_perm(p, PROCESS__GETPGID);
3730}
3731
3732static int selinux_task_getsid(struct task_struct *p)
3733{
3734 return current_has_perm(p, PROCESS__GETSESSION);
3735}
3736
3737static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
3738{
3739 *secid = task_sid(p);
3740}
3741
3742static int selinux_task_setnice(struct task_struct *p, int nice)
3743{
3744 return current_has_perm(p, PROCESS__SETSCHED);
3745}
3746
3747static int selinux_task_setioprio(struct task_struct *p, int ioprio)
3748{
3749 return current_has_perm(p, PROCESS__SETSCHED);
3750}
3751
3752static int selinux_task_getioprio(struct task_struct *p)
3753{
3754 return current_has_perm(p, PROCESS__GETSCHED);
3755}
3756
3757static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
3758 struct rlimit *new_rlim)
3759{
3760 struct rlimit *old_rlim = p->signal->rlim + resource;
3761
3762
3763
3764
3765
3766 if (old_rlim->rlim_max != new_rlim->rlim_max)
3767 return current_has_perm(p, PROCESS__SETRLIMIT);
3768
3769 return 0;
3770}
3771
3772static int selinux_task_setscheduler(struct task_struct *p)
3773{
3774 return current_has_perm(p, PROCESS__SETSCHED);
3775}
3776
3777static int selinux_task_getscheduler(struct task_struct *p)
3778{
3779 return current_has_perm(p, PROCESS__GETSCHED);
3780}
3781
3782static int selinux_task_movememory(struct task_struct *p)
3783{
3784 return current_has_perm(p, PROCESS__SETSCHED);
3785}
3786
3787static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
3788 int sig, u32 secid)
3789{
3790 u32 perm;
3791 int rc;
3792
3793 if (!sig)
3794 perm = PROCESS__SIGNULL;
3795 else
3796 perm = signal_to_av(sig);
3797 if (secid)
3798 rc = avc_has_perm(secid, task_sid(p),
3799 SECCLASS_PROCESS, perm, NULL);
3800 else
3801 rc = current_has_perm(p, perm);
3802 return rc;
3803}
3804
3805static int selinux_task_wait(struct task_struct *p)
3806{
3807 return task_has_perm(p, current, PROCESS__SIGCHLD);
3808}
3809
3810static void selinux_task_to_inode(struct task_struct *p,
3811 struct inode *inode)
3812{
3813 struct inode_security_struct *isec = inode->i_security;
3814 u32 sid = task_sid(p);
3815
3816 isec->sid = sid;
3817 isec->initialized = LABEL_INITIALIZED;
3818}
3819
3820
3821static int selinux_parse_skb_ipv4(struct sk_buff *skb,
3822 struct common_audit_data *ad, u8 *proto)
3823{
3824 int offset, ihlen, ret = -EINVAL;
3825 struct iphdr _iph, *ih;
3826
3827 offset = skb_network_offset(skb);
3828 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
3829 if (ih == NULL)
3830 goto out;
3831
3832 ihlen = ih->ihl * 4;
3833 if (ihlen < sizeof(_iph))
3834 goto out;
3835
3836 ad->u.net->v4info.saddr = ih->saddr;
3837 ad->u.net->v4info.daddr = ih->daddr;
3838 ret = 0;
3839
3840 if (proto)
3841 *proto = ih->protocol;
3842
3843 switch (ih->protocol) {
3844 case IPPROTO_TCP: {
3845 struct tcphdr _tcph, *th;
3846
3847 if (ntohs(ih->frag_off) & IP_OFFSET)
3848 break;
3849
3850 offset += ihlen;
3851 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3852 if (th == NULL)
3853 break;
3854
3855 ad->u.net->sport = th->source;
3856 ad->u.net->dport = th->dest;
3857 break;
3858 }
3859
3860 case IPPROTO_UDP: {
3861 struct udphdr _udph, *uh;
3862
3863 if (ntohs(ih->frag_off) & IP_OFFSET)
3864 break;
3865
3866 offset += ihlen;
3867 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3868 if (uh == NULL)
3869 break;
3870
3871 ad->u.net->sport = uh->source;
3872 ad->u.net->dport = uh->dest;
3873 break;
3874 }
3875
3876 case IPPROTO_DCCP: {
3877 struct dccp_hdr _dccph, *dh;
3878
3879 if (ntohs(ih->frag_off) & IP_OFFSET)
3880 break;
3881
3882 offset += ihlen;
3883 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3884 if (dh == NULL)
3885 break;
3886
3887 ad->u.net->sport = dh->dccph_sport;
3888 ad->u.net->dport = dh->dccph_dport;
3889 break;
3890 }
3891
3892 default:
3893 break;
3894 }
3895out:
3896 return ret;
3897}
3898
3899#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3900
3901
3902static int selinux_parse_skb_ipv6(struct sk_buff *skb,
3903 struct common_audit_data *ad, u8 *proto)
3904{
3905 u8 nexthdr;
3906 int ret = -EINVAL, offset;
3907 struct ipv6hdr _ipv6h, *ip6;
3908 __be16 frag_off;
3909
3910 offset = skb_network_offset(skb);
3911 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3912 if (ip6 == NULL)
3913 goto out;
3914
3915 ad->u.net->v6info.saddr = ip6->saddr;
3916 ad->u.net->v6info.daddr = ip6->daddr;
3917 ret = 0;
3918
3919 nexthdr = ip6->nexthdr;
3920 offset += sizeof(_ipv6h);
3921 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3922 if (offset < 0)
3923 goto out;
3924
3925 if (proto)
3926 *proto = nexthdr;
3927
3928 switch (nexthdr) {
3929 case IPPROTO_TCP: {
3930 struct tcphdr _tcph, *th;
3931
3932 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3933 if (th == NULL)
3934 break;
3935
3936 ad->u.net->sport = th->source;
3937 ad->u.net->dport = th->dest;
3938 break;
3939 }
3940
3941 case IPPROTO_UDP: {
3942 struct udphdr _udph, *uh;
3943
3944 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3945 if (uh == NULL)
3946 break;
3947
3948 ad->u.net->sport = uh->source;
3949 ad->u.net->dport = uh->dest;
3950 break;
3951 }
3952
3953 case IPPROTO_DCCP: {
3954 struct dccp_hdr _dccph, *dh;
3955
3956 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3957 if (dh == NULL)
3958 break;
3959
3960 ad->u.net->sport = dh->dccph_sport;
3961 ad->u.net->dport = dh->dccph_dport;
3962 break;
3963 }
3964
3965
3966 default:
3967 break;
3968 }
3969out:
3970 return ret;
3971}
3972
3973#endif
3974
3975static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
3976 char **_addrp, int src, u8 *proto)
3977{
3978 char *addrp;
3979 int ret;
3980
3981 switch (ad->u.net->family) {
3982 case PF_INET:
3983 ret = selinux_parse_skb_ipv4(skb, ad, proto);
3984 if (ret)
3985 goto parse_error;
3986 addrp = (char *)(src ? &ad->u.net->v4info.saddr :
3987 &ad->u.net->v4info.daddr);
3988 goto okay;
3989
3990#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3991 case PF_INET6:
3992 ret = selinux_parse_skb_ipv6(skb, ad, proto);
3993 if (ret)
3994 goto parse_error;
3995 addrp = (char *)(src ? &ad->u.net->v6info.saddr :
3996 &ad->u.net->v6info.daddr);
3997 goto okay;
3998#endif
3999 default:
4000 addrp = NULL;
4001 goto okay;
4002 }
4003
4004parse_error:
4005 printk(KERN_WARNING
4006 "SELinux: failure in selinux_parse_skb(),"
4007 " unable to parse packet\n");
4008 return ret;
4009
4010okay:
4011 if (_addrp)
4012 *_addrp = addrp;
4013 return 0;
4014}
4015
4016
4017
4018
4019
4020
4021
4022
4023
4024
4025
4026
4027
4028
4029
4030
4031static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
4032{
4033 int err;
4034 u32 xfrm_sid;
4035 u32 nlbl_sid;
4036 u32 nlbl_type;
4037
4038 err = selinux_xfrm_skb_sid(skb, &xfrm_sid);
4039 if (unlikely(err))
4040 return -EACCES;
4041 err = selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
4042 if (unlikely(err))
4043 return -EACCES;
4044
4045 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
4046 if (unlikely(err)) {
4047 printk(KERN_WARNING
4048 "SELinux: failure in selinux_skb_peerlbl_sid(),"
4049 " unable to determine packet's peer label\n");
4050 return -EACCES;
4051 }
4052
4053 return 0;
4054}
4055
4056
4057
4058
4059
4060
4061
4062
4063
4064
4065
4066
4067
4068static int selinux_conn_sid(u32 sk_sid, u32 skb_sid, u32 *conn_sid)
4069{
4070 int err = 0;
4071
4072 if (skb_sid != SECSID_NULL)
4073 err = security_sid_mls_copy(sk_sid, skb_sid, conn_sid);
4074 else
4075 *conn_sid = sk_sid;
4076
4077 return err;
4078}
4079
4080
4081
4082static int socket_sockcreate_sid(const struct task_security_struct *tsec,
4083 u16 secclass, u32 *socksid)
4084{
4085 if (tsec->sockcreate_sid > SECSID_NULL) {
4086 *socksid = tsec->sockcreate_sid;
4087 return 0;
4088 }
4089
4090 return security_transition_sid(tsec->sid, tsec->sid, secclass, NULL,
4091 socksid);
4092}
4093
4094static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms)
4095{
4096 struct sk_security_struct *sksec = sk->sk_security;
4097 struct common_audit_data ad;
4098 struct lsm_network_audit net = {0,};
4099 u32 tsid = task_sid(task);
4100
4101 if (sksec->sid == SECINITSID_KERNEL)
4102 return 0;
4103
4104 ad.type = LSM_AUDIT_DATA_NET;
4105 ad.u.net = &net;
4106 ad.u.net->sk = sk;
4107
4108 return avc_has_perm(tsid, sksec->sid, sksec->sclass, perms, &ad);
4109}
4110
4111static int selinux_socket_create(int family, int type,
4112 int protocol, int kern)
4113{
4114 const struct task_security_struct *tsec = current_security();
4115 u32 newsid;
4116 u16 secclass;
4117 int rc;
4118
4119 if (kern)
4120 return 0;
4121
4122 secclass = socket_type_to_security_class(family, type, protocol);
4123 rc = socket_sockcreate_sid(tsec, secclass, &newsid);
4124 if (rc)
4125 return rc;
4126
4127 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
4128}
4129
4130static int selinux_socket_post_create(struct socket *sock, int family,
4131 int type, int protocol, int kern)
4132{
4133 const struct task_security_struct *tsec = current_security();
4134 struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(sock));
4135 struct sk_security_struct *sksec;
4136 int err = 0;
4137
4138 isec->sclass = socket_type_to_security_class(family, type, protocol);
4139
4140 if (kern)
4141 isec->sid = SECINITSID_KERNEL;
4142 else {
4143 err = socket_sockcreate_sid(tsec, isec->sclass, &(isec->sid));
4144 if (err)
4145 return err;
4146 }
4147
4148 isec->initialized = LABEL_INITIALIZED;
4149
4150 if (sock->sk) {
4151 sksec = sock->sk->sk_security;
4152 sksec->sid = isec->sid;
4153 sksec->sclass = isec->sclass;
4154 err = selinux_netlbl_socket_post_create(sock->sk, family);
4155 }
4156
4157 return err;
4158}
4159
4160
4161
4162
4163
4164static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
4165{
4166 struct sock *sk = sock->sk;
4167 u16 family;
4168 int err;
4169
4170 err = sock_has_perm(current, sk, SOCKET__BIND);
4171 if (err)
4172 goto out;
4173
4174
4175
4176
4177
4178
4179 family = sk->sk_family;
4180 if (family == PF_INET || family == PF_INET6) {
4181 char *addrp;
4182 struct sk_security_struct *sksec = sk->sk_security;
4183 struct common_audit_data ad;
4184 struct lsm_network_audit net = {0,};
4185 struct sockaddr_in *addr4 = NULL;
4186 struct sockaddr_in6 *addr6 = NULL;
4187 unsigned short snum;
4188 u32 sid, node_perm;
4189
4190 if (family == PF_INET) {
4191 addr4 = (struct sockaddr_in *)address;
4192 snum = ntohs(addr4->sin_port);
4193 addrp = (char *)&addr4->sin_addr.s_addr;
4194 } else {
4195 addr6 = (struct sockaddr_in6 *)address;
4196 snum = ntohs(addr6->sin6_port);
4197 addrp = (char *)&addr6->sin6_addr.s6_addr;
4198 }
4199
4200 if (snum) {
4201 int low, high;
4202
4203 inet_get_local_port_range(sock_net(sk), &low, &high);
4204
4205 if (snum < max(PROT_SOCK, low) || snum > high) {
4206 err = sel_netport_sid(sk->sk_protocol,
4207 snum, &sid);
4208 if (err)
4209 goto out;
4210 ad.type = LSM_AUDIT_DATA_NET;
4211 ad.u.net = &net;
4212 ad.u.net->sport = htons(snum);
4213 ad.u.net->family = family;
4214 err = avc_has_perm(sksec->sid, sid,
4215 sksec->sclass,
4216 SOCKET__NAME_BIND, &ad);
4217 if (err)
4218 goto out;
4219 }
4220 }
4221
4222 switch (sksec->sclass) {
4223 case SECCLASS_TCP_SOCKET:
4224 node_perm = TCP_SOCKET__NODE_BIND;
4225 break;
4226
4227 case SECCLASS_UDP_SOCKET:
4228 node_perm = UDP_SOCKET__NODE_BIND;
4229 break;
4230
4231 case SECCLASS_DCCP_SOCKET:
4232 node_perm = DCCP_SOCKET__NODE_BIND;
4233 break;
4234
4235 default:
4236 node_perm = RAWIP_SOCKET__NODE_BIND;
4237 break;
4238 }
4239
4240 err = sel_netnode_sid(addrp, family, &sid);
4241 if (err)
4242 goto out;
4243
4244 ad.type = LSM_AUDIT_DATA_NET;
4245 ad.u.net = &net;
4246 ad.u.net->sport = htons(snum);
4247 ad.u.net->family = family;
4248
4249 if (family == PF_INET)
4250 ad.u.net->v4info.saddr = addr4->sin_addr.s_addr;
4251 else
4252 ad.u.net->v6info.saddr = addr6->sin6_addr;
4253
4254 err = avc_has_perm(sksec->sid, sid,
4255 sksec->sclass, node_perm, &ad);
4256 if (err)
4257 goto out;
4258 }
4259out:
4260 return err;
4261}
4262
4263static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
4264{
4265 struct sock *sk = sock->sk;
4266 struct sk_security_struct *sksec = sk->sk_security;
4267 int err;
4268
4269 err = sock_has_perm(current, sk, SOCKET__CONNECT);
4270 if (err)
4271 return err;
4272
4273
4274
4275
4276 if (sksec->sclass == SECCLASS_TCP_SOCKET ||
4277 sksec->sclass == SECCLASS_DCCP_SOCKET) {
4278 struct common_audit_data ad;
4279 struct lsm_network_audit net = {0,};
4280 struct sockaddr_in *addr4 = NULL;
4281 struct sockaddr_in6 *addr6 = NULL;
4282 unsigned short snum;
4283 u32 sid, perm;
4284
4285 if (sk->sk_family == PF_INET) {
4286 addr4 = (struct sockaddr_in *)address;
4287 if (addrlen < sizeof(struct sockaddr_in))
4288 return -EINVAL;
4289 snum = ntohs(addr4->sin_port);
4290 } else {
4291 addr6 = (struct sockaddr_in6 *)address;
4292 if (addrlen < SIN6_LEN_RFC2133)
4293 return -EINVAL;
4294 snum = ntohs(addr6->sin6_port);
4295 }
4296
4297 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
4298 if (err)
4299 goto out;
4300
4301 perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ?
4302 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
4303
4304 ad.type = LSM_AUDIT_DATA_NET;
4305 ad.u.net = &net;
4306 ad.u.net->dport = htons(snum);
4307 ad.u.net->family = sk->sk_family;
4308 err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad);
4309 if (err)
4310 goto out;
4311 }
4312
4313 err = selinux_netlbl_socket_connect(sk, address);
4314
4315out:
4316 return err;
4317}
4318
4319static int selinux_socket_listen(struct socket *sock, int backlog)
4320{
4321 return sock_has_perm(current, sock->sk, SOCKET__LISTEN);
4322}
4323
4324static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
4325{
4326 int err;
4327 struct inode_security_struct *isec;
4328 struct inode_security_struct *newisec;
4329
4330 err = sock_has_perm(current, sock->sk, SOCKET__ACCEPT);
4331 if (err)
4332 return err;
4333
4334 newisec = inode_security_novalidate(SOCK_INODE(newsock));
4335
4336 isec = inode_security_novalidate(SOCK_INODE(sock));
4337 newisec->sclass = isec->sclass;
4338 newisec->sid = isec->sid;
4339 newisec->initialized = LABEL_INITIALIZED;
4340
4341 return 0;
4342}
4343
4344static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
4345 int size)
4346{
4347 return sock_has_perm(current, sock->sk, SOCKET__WRITE);
4348}
4349
4350static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
4351 int size, int flags)
4352{
4353 return sock_has_perm(current, sock->sk, SOCKET__READ);
4354}
4355
4356static int selinux_socket_getsockname(struct socket *sock)
4357{
4358 return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
4359}
4360
4361static int selinux_socket_getpeername(struct socket *sock)
4362{
4363 return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
4364}
4365
4366static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
4367{
4368 int err;
4369
4370 err = sock_has_perm(current, sock->sk, SOCKET__SETOPT);
4371 if (err)
4372 return err;
4373
4374 return selinux_netlbl_socket_setsockopt(sock, level, optname);
4375}
4376
4377static int selinux_socket_getsockopt(struct socket *sock, int level,
4378 int optname)
4379{
4380 return sock_has_perm(current, sock->sk, SOCKET__GETOPT);
4381}
4382
4383static int selinux_socket_shutdown(struct socket *sock, int how)
4384{
4385 return sock_has_perm(current, sock->sk, SOCKET__SHUTDOWN);
4386}
4387
4388static int selinux_socket_unix_stream_connect(struct sock *sock,
4389 struct sock *other,
4390 struct sock *newsk)
4391{
4392 struct sk_security_struct *sksec_sock = sock->sk_security;
4393 struct sk_security_struct *sksec_other = other->sk_security;
4394 struct sk_security_struct *sksec_new = newsk->sk_security;
4395 struct common_audit_data ad;
4396 struct lsm_network_audit net = {0,};
4397 int err;
4398
4399 ad.type = LSM_AUDIT_DATA_NET;
4400 ad.u.net = &net;
4401 ad.u.net->sk = other;
4402
4403 err = avc_has_perm(sksec_sock->sid, sksec_other->sid,
4404 sksec_other->sclass,
4405 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
4406 if (err)
4407 return err;
4408
4409
4410 sksec_new->peer_sid = sksec_sock->sid;
4411 err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid,
4412 &sksec_new->sid);
4413 if (err)
4414 return err;
4415
4416
4417 sksec_sock->peer_sid = sksec_new->sid;
4418
4419 return 0;
4420}
4421
4422static int selinux_socket_unix_may_send(struct socket *sock,
4423 struct socket *other)
4424{
4425 struct sk_security_struct *ssec = sock->sk->sk_security;
4426 struct sk_security_struct *osec = other->sk->sk_security;
4427 struct common_audit_data ad;
4428 struct lsm_network_audit net = {0,};
4429
4430 ad.type = LSM_AUDIT_DATA_NET;
4431 ad.u.net = &net;
4432 ad.u.net->sk = other->sk;
4433
4434 return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
4435 &ad);
4436}
4437
4438static int selinux_inet_sys_rcv_skb(struct net *ns, int ifindex,
4439 char *addrp, u16 family, u32 peer_sid,
4440 struct common_audit_data *ad)
4441{
4442 int err;
4443 u32 if_sid;
4444 u32 node_sid;
4445
4446 err = sel_netif_sid(ns, ifindex, &if_sid);
4447 if (err)
4448 return err;
4449 err = avc_has_perm(peer_sid, if_sid,
4450 SECCLASS_NETIF, NETIF__INGRESS, ad);
4451 if (err)
4452 return err;
4453
4454 err = sel_netnode_sid(addrp, family, &node_sid);
4455 if (err)
4456 return err;
4457 return avc_has_perm(peer_sid, node_sid,
4458 SECCLASS_NODE, NODE__RECVFROM, ad);
4459}
4460
4461static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4462 u16 family)
4463{
4464 int err = 0;
4465 struct sk_security_struct *sksec = sk->sk_security;
4466 u32 sk_sid = sksec->sid;
4467 struct common_audit_data ad;
4468 struct lsm_network_audit net = {0,};
4469 char *addrp;
4470
4471 ad.type = LSM_AUDIT_DATA_NET;
4472 ad.u.net = &net;
4473 ad.u.net->netif = skb->skb_iif;
4474 ad.u.net->family = family;
4475 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4476 if (err)
4477 return err;
4478
4479 if (selinux_secmark_enabled()) {
4480 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4481 PACKET__RECV, &ad);
4482 if (err)
4483 return err;
4484 }
4485
4486 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
4487 if (err)
4488 return err;
4489 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
4490
4491 return err;
4492}
4493
4494static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4495{
4496 int err;
4497 struct sk_security_struct *sksec = sk->sk_security;
4498 u16 family = sk->sk_family;
4499 u32 sk_sid = sksec->sid;
4500 struct common_audit_data ad;
4501 struct lsm_network_audit net = {0,};
4502 char *addrp;
4503 u8 secmark_active;
4504 u8 peerlbl_active;
4505
4506 if (family != PF_INET && family != PF_INET6)
4507 return 0;
4508
4509
4510 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4511 family = PF_INET;
4512
4513
4514
4515
4516
4517 if (!selinux_policycap_netpeer)
4518 return selinux_sock_rcv_skb_compat(sk, skb, family);
4519
4520 secmark_active = selinux_secmark_enabled();
4521 peerlbl_active = selinux_peerlbl_enabled();
4522 if (!secmark_active && !peerlbl_active)
4523 return 0;
4524
4525 ad.type = LSM_AUDIT_DATA_NET;
4526 ad.u.net = &net;
4527 ad.u.net->netif = skb->skb_iif;
4528 ad.u.net->family = family;
4529 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4530 if (err)
4531 return err;
4532
4533 if (peerlbl_active) {
4534 u32 peer_sid;
4535
4536 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4537 if (err)
4538 return err;
4539 err = selinux_inet_sys_rcv_skb(sock_net(sk), skb->skb_iif,
4540 addrp, family, peer_sid, &ad);
4541 if (err) {
4542 selinux_netlbl_err(skb, err, 0);
4543 return err;
4544 }
4545 err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
4546 PEER__RECV, &ad);
4547 if (err) {
4548 selinux_netlbl_err(skb, err, 0);
4549 return err;
4550 }
4551 }
4552
4553 if (secmark_active) {
4554 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4555 PACKET__RECV, &ad);
4556 if (err)
4557 return err;
4558 }
4559
4560 return err;
4561}
4562
4563static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
4564 int __user *optlen, unsigned len)
4565{
4566 int err = 0;
4567 char *scontext;
4568 u32 scontext_len;
4569 struct sk_security_struct *sksec = sock->sk->sk_security;
4570 u32 peer_sid = SECSID_NULL;
4571
4572 if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
4573 sksec->sclass == SECCLASS_TCP_SOCKET)
4574 peer_sid = sksec->peer_sid;
4575 if (peer_sid == SECSID_NULL)
4576 return -ENOPROTOOPT;
4577
4578 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
4579 if (err)
4580 return err;
4581
4582 if (scontext_len > len) {
4583 err = -ERANGE;
4584 goto out_len;
4585 }
4586
4587 if (copy_to_user(optval, scontext, scontext_len))
4588 err = -EFAULT;
4589
4590out_len:
4591 if (put_user(scontext_len, optlen))
4592 err = -EFAULT;
4593 kfree(scontext);
4594 return err;
4595}
4596
4597static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
4598{
4599 u32 peer_secid = SECSID_NULL;
4600 u16 family;
4601
4602 if (skb && skb->protocol == htons(ETH_P_IP))
4603 family = PF_INET;
4604 else if (skb && skb->protocol == htons(ETH_P_IPV6))
4605 family = PF_INET6;
4606 else if (sock)
4607 family = sock->sk->sk_family;
4608 else
4609 goto out;
4610
4611 if (sock && family == PF_UNIX)
4612 selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
4613 else if (skb)
4614 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
4615
4616out:
4617 *secid = peer_secid;
4618 if (peer_secid == SECSID_NULL)
4619 return -EINVAL;
4620 return 0;
4621}
4622
4623static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
4624{
4625 struct sk_security_struct *sksec;
4626
4627 sksec = kzalloc(sizeof(*sksec), priority);
4628 if (!sksec)
4629 return -ENOMEM;
4630
4631 sksec->peer_sid = SECINITSID_UNLABELED;
4632 sksec->sid = SECINITSID_UNLABELED;
4633 sksec->sclass = SECCLASS_SOCKET;
4634 selinux_netlbl_sk_security_reset(sksec);
4635 sk->sk_security = sksec;
4636
4637 return 0;
4638}
4639
4640static void selinux_sk_free_security(struct sock *sk)
4641{
4642 struct sk_security_struct *sksec = sk->sk_security;
4643
4644 sk->sk_security = NULL;
4645 selinux_netlbl_sk_security_free(sksec);
4646 kfree(sksec);
4647}
4648
4649static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
4650{
4651 struct sk_security_struct *sksec = sk->sk_security;
4652 struct sk_security_struct *newsksec = newsk->sk_security;
4653
4654 newsksec->sid = sksec->sid;
4655 newsksec->peer_sid = sksec->peer_sid;
4656 newsksec->sclass = sksec->sclass;
4657
4658 selinux_netlbl_sk_security_reset(newsksec);
4659}
4660
4661static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
4662{
4663 if (!sk)
4664 *secid = SECINITSID_ANY_SOCKET;
4665 else {
4666 struct sk_security_struct *sksec = sk->sk_security;
4667
4668 *secid = sksec->sid;
4669 }
4670}
4671
4672static void selinux_sock_graft(struct sock *sk, struct socket *parent)
4673{
4674 struct inode_security_struct *isec =
4675 inode_security_novalidate(SOCK_INODE(parent));
4676 struct sk_security_struct *sksec = sk->sk_security;
4677
4678 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
4679 sk->sk_family == PF_UNIX)
4680 isec->sid = sksec->sid;
4681 sksec->sclass = isec->sclass;
4682}
4683
4684static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4685 struct request_sock *req)
4686{
4687 struct sk_security_struct *sksec = sk->sk_security;
4688 int err;
4689 u16 family = req->rsk_ops->family;
4690 u32 connsid;
4691 u32 peersid;
4692
4693 err = selinux_skb_peerlbl_sid(skb, family, &peersid);
4694 if (err)
4695 return err;
4696 err = selinux_conn_sid(sksec->sid, peersid, &connsid);
4697 if (err)
4698 return err;
4699 req->secid = connsid;
4700 req->peer_secid = peersid;
4701
4702 return selinux_netlbl_inet_conn_request(req, family);
4703}
4704
4705static void selinux_inet_csk_clone(struct sock *newsk,
4706 const struct request_sock *req)
4707{
4708 struct sk_security_struct *newsksec = newsk->sk_security;
4709
4710 newsksec->sid = req->secid;
4711 newsksec->peer_sid = req->peer_secid;
4712
4713
4714
4715
4716
4717
4718
4719 selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
4720}
4721
4722static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
4723{
4724 u16 family = sk->sk_family;
4725 struct sk_security_struct *sksec = sk->sk_security;
4726
4727
4728 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4729 family = PF_INET;
4730
4731 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
4732}
4733
4734static int selinux_secmark_relabel_packet(u32 sid)
4735{
4736 const struct task_security_struct *__tsec;
4737 u32 tsid;
4738
4739 __tsec = current_security();
4740 tsid = __tsec->sid;
4741
4742 return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL);
4743}
4744
4745static void selinux_secmark_refcount_inc(void)
4746{
4747 atomic_inc(&selinux_secmark_refcount);
4748}
4749
4750static void selinux_secmark_refcount_dec(void)
4751{
4752 atomic_dec(&selinux_secmark_refcount);
4753}
4754
4755static void selinux_req_classify_flow(const struct request_sock *req,
4756 struct flowi *fl)
4757{
4758 fl->flowi_secid = req->secid;
4759}
4760
4761static int selinux_tun_dev_alloc_security(void **security)
4762{
4763 struct tun_security_struct *tunsec;
4764
4765 tunsec = kzalloc(sizeof(*tunsec), GFP_KERNEL);
4766 if (!tunsec)
4767 return -ENOMEM;
4768 tunsec->sid = current_sid();
4769
4770 *security = tunsec;
4771 return 0;
4772}
4773
4774static void selinux_tun_dev_free_security(void *security)
4775{
4776 kfree(security);
4777}
4778
4779static int selinux_tun_dev_create(void)
4780{
4781 u32 sid = current_sid();
4782
4783
4784
4785
4786
4787
4788
4789
4790 return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
4791 NULL);
4792}
4793
4794static int selinux_tun_dev_attach_queue(void *security)
4795{
4796 struct tun_security_struct *tunsec = security;
4797
4798 return avc_has_perm(current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET,
4799 TUN_SOCKET__ATTACH_QUEUE, NULL);
4800}
4801
4802static int selinux_tun_dev_attach(struct sock *sk, void *security)
4803{
4804 struct tun_security_struct *tunsec = security;
4805 struct sk_security_struct *sksec = sk->sk_security;
4806
4807
4808
4809
4810
4811
4812
4813
4814 sksec->sid = tunsec->sid;
4815 sksec->sclass = SECCLASS_TUN_SOCKET;
4816
4817 return 0;
4818}
4819
4820static int selinux_tun_dev_open(void *security)
4821{
4822 struct tun_security_struct *tunsec = security;
4823 u32 sid = current_sid();
4824 int err;
4825
4826 err = avc_has_perm(sid, tunsec->sid, SECCLASS_TUN_SOCKET,
4827 TUN_SOCKET__RELABELFROM, NULL);
4828 if (err)
4829 return err;
4830 err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET,
4831 TUN_SOCKET__RELABELTO, NULL);
4832 if (err)
4833 return err;
4834 tunsec->sid = sid;
4835
4836 return 0;
4837}
4838
4839static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
4840{
4841 int err = 0;
4842 u32 perm;
4843 struct nlmsghdr *nlh;
4844 struct sk_security_struct *sksec = sk->sk_security;
4845
4846 if (skb->len < NLMSG_HDRLEN) {
4847 err = -EINVAL;
4848 goto out;
4849 }
4850 nlh = nlmsg_hdr(skb);
4851
4852 err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);
4853 if (err) {
4854 if (err == -EINVAL) {
4855 pr_warn_ratelimited("SELinux: unrecognized netlink"
4856 " message: protocol=%hu nlmsg_type=%hu sclass=%s"
4857 " pig=%d comm=%s\n",
4858 sk->sk_protocol, nlh->nlmsg_type,
4859 secclass_map[sksec->sclass - 1].name,
4860 task_pid_nr(current), current->comm);
4861 if (!selinux_enforcing || security_get_allow_unknown())
4862 err = 0;
4863 }
4864
4865
4866 if (err == -ENOENT)
4867 err = 0;
4868 goto out;
4869 }
4870
4871 err = sock_has_perm(current, sk, perm);
4872out:
4873 return err;
4874}
4875
4876#ifdef CONFIG_NETFILTER
4877
4878static unsigned int selinux_ip_forward(struct sk_buff *skb,
4879 const struct net_device *indev,
4880 u16 family)
4881{
4882 int err;
4883 char *addrp;
4884 u32 peer_sid;
4885 struct common_audit_data ad;
4886 struct lsm_network_audit net = {0,};
4887 u8 secmark_active;
4888 u8 netlbl_active;
4889 u8 peerlbl_active;
4890
4891 if (!selinux_policycap_netpeer)
4892 return NF_ACCEPT;
4893
4894 secmark_active = selinux_secmark_enabled();
4895 netlbl_active = netlbl_enabled();
4896 peerlbl_active = selinux_peerlbl_enabled();
4897 if (!secmark_active && !peerlbl_active)
4898 return NF_ACCEPT;
4899
4900 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
4901 return NF_DROP;
4902
4903 ad.type = LSM_AUDIT_DATA_NET;
4904 ad.u.net = &net;
4905 ad.u.net->netif = indev->ifindex;
4906 ad.u.net->family = family;
4907 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
4908 return NF_DROP;
4909
4910 if (peerlbl_active) {
4911 err = selinux_inet_sys_rcv_skb(dev_net(indev), indev->ifindex,
4912 addrp, family, peer_sid, &ad);
4913 if (err) {
4914 selinux_netlbl_err(skb, err, 1);
4915 return NF_DROP;
4916 }
4917 }
4918
4919 if (secmark_active)
4920 if (avc_has_perm(peer_sid, skb->secmark,
4921 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
4922 return NF_DROP;
4923
4924 if (netlbl_active)
4925
4926
4927
4928
4929 if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
4930 return NF_DROP;
4931
4932 return NF_ACCEPT;
4933}
4934
4935static unsigned int selinux_ipv4_forward(void *priv,
4936 struct sk_buff *skb,
4937 const struct nf_hook_state *state)
4938{
4939 return selinux_ip_forward(skb, state->in, PF_INET);
4940}
4941
4942#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4943static unsigned int selinux_ipv6_forward(void *priv,
4944 struct sk_buff *skb,
4945 const struct nf_hook_state *state)
4946{
4947 return selinux_ip_forward(skb, state->in, PF_INET6);
4948}
4949#endif
4950
4951static unsigned int selinux_ip_output(struct sk_buff *skb,
4952 u16 family)
4953{
4954 struct sock *sk;
4955 u32 sid;
4956
4957 if (!netlbl_enabled())
4958 return NF_ACCEPT;
4959
4960
4961
4962
4963 sk = skb->sk;
4964 if (sk) {
4965 struct sk_security_struct *sksec;
4966
4967 if (sk_listener(sk))
4968
4969
4970
4971
4972
4973
4974
4975
4976
4977
4978
4979
4980 return NF_ACCEPT;
4981
4982
4983 sksec = sk->sk_security;
4984 sid = sksec->sid;
4985 } else
4986 sid = SECINITSID_KERNEL;
4987 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
4988 return NF_DROP;
4989
4990 return NF_ACCEPT;
4991}
4992
4993static unsigned int selinux_ipv4_output(void *priv,
4994 struct sk_buff *skb,
4995 const struct nf_hook_state *state)
4996{
4997 return selinux_ip_output(skb, PF_INET);
4998}
4999
5000static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
5001 int ifindex,
5002 u16 family)
5003{
5004 struct sock *sk = skb_to_full_sk(skb);
5005 struct sk_security_struct *sksec;
5006 struct common_audit_data ad;
5007 struct lsm_network_audit net = {0,};
5008 char *addrp;
5009 u8 proto;
5010
5011 if (sk == NULL)
5012 return NF_ACCEPT;
5013 sksec = sk->sk_security;
5014
5015 ad.type = LSM_AUDIT_DATA_NET;
5016 ad.u.net = &net;
5017 ad.u.net->netif = ifindex;
5018 ad.u.net->family = family;
5019 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
5020 return NF_DROP;
5021
5022 if (selinux_secmark_enabled())
5023 if (avc_has_perm(sksec->sid, skb->secmark,
5024 SECCLASS_PACKET, PACKET__SEND, &ad))
5025 return NF_DROP_ERR(-ECONNREFUSED);
5026
5027 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
5028 return NF_DROP_ERR(-ECONNREFUSED);
5029
5030 return NF_ACCEPT;
5031}
5032
5033static unsigned int selinux_ip_postroute(struct sk_buff *skb,
5034 const struct net_device *outdev,
5035 u16 family)
5036{
5037 u32 secmark_perm;
5038 u32 peer_sid;
5039 int ifindex = outdev->ifindex;
5040 struct sock *sk;
5041 struct common_audit_data ad;
5042 struct lsm_network_audit net = {0,};
5043 char *addrp;
5044 u8 secmark_active;
5045 u8 peerlbl_active;
5046
5047
5048
5049
5050
5051 if (!selinux_policycap_netpeer)
5052 return selinux_ip_postroute_compat(skb, ifindex, family);
5053
5054 secmark_active = selinux_secmark_enabled();
5055 peerlbl_active = selinux_peerlbl_enabled();
5056 if (!secmark_active && !peerlbl_active)
5057 return NF_ACCEPT;
5058
5059 sk = skb_to_full_sk(skb);
5060
5061#ifdef CONFIG_XFRM
5062
5063
5064
5065
5066
5067
5068
5069
5070
5071
5072
5073 if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL &&
5074 !(sk && sk_listener(sk)))
5075 return NF_ACCEPT;
5076#endif
5077
5078 if (sk == NULL) {
5079
5080
5081
5082
5083 if (skb->skb_iif) {
5084 secmark_perm = PACKET__FORWARD_OUT;
5085 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
5086 return NF_DROP;
5087 } else {
5088 secmark_perm = PACKET__SEND;
5089 peer_sid = SECINITSID_KERNEL;
5090 }
5091 } else if (sk_listener(sk)) {
5092
5093
5094
5095
5096
5097
5098
5099
5100
5101 u32 skb_sid;
5102 struct sk_security_struct *sksec;
5103
5104 sksec = sk->sk_security;
5105 if (selinux_skb_peerlbl_sid(skb, family, &skb_sid))
5106 return NF_DROP;
5107
5108
5109
5110
5111
5112
5113 if (skb_sid == SECSID_NULL) {
5114 switch (family) {
5115 case PF_INET:
5116 if (IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED)
5117 return NF_ACCEPT;
5118 break;
5119 case PF_INET6:
5120 if (IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED)
5121 return NF_ACCEPT;
5122 break;
5123 default:
5124 return NF_DROP_ERR(-ECONNREFUSED);
5125 }
5126 }
5127 if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid))
5128 return NF_DROP;
5129 secmark_perm = PACKET__SEND;
5130 } else {
5131
5132
5133 struct sk_security_struct *sksec = sk->sk_security;
5134 peer_sid = sksec->sid;
5135 secmark_perm = PACKET__SEND;
5136 }
5137
5138 ad.type = LSM_AUDIT_DATA_NET;
5139 ad.u.net = &net;
5140 ad.u.net->netif = ifindex;
5141 ad.u.net->family = family;
5142 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
5143 return NF_DROP;
5144
5145 if (secmark_active)
5146 if (avc_has_perm(peer_sid, skb->secmark,
5147 SECCLASS_PACKET, secmark_perm, &ad))
5148 return NF_DROP_ERR(-ECONNREFUSED);
5149
5150 if (peerlbl_active) {
5151 u32 if_sid;
5152 u32 node_sid;
5153
5154 if (sel_netif_sid(dev_net(outdev), ifindex, &if_sid))
5155 return NF_DROP;
5156 if (avc_has_perm(peer_sid, if_sid,
5157 SECCLASS_NETIF, NETIF__EGRESS, &ad))
5158 return NF_DROP_ERR(-ECONNREFUSED);
5159
5160 if (sel_netnode_sid(addrp, family, &node_sid))
5161 return NF_DROP;
5162 if (avc_has_perm(peer_sid, node_sid,
5163 SECCLASS_NODE, NODE__SENDTO, &ad))
5164 return NF_DROP_ERR(-ECONNREFUSED);
5165 }
5166
5167 return NF_ACCEPT;
5168}
5169
5170static unsigned int selinux_ipv4_postroute(void *priv,
5171 struct sk_buff *skb,
5172 const struct nf_hook_state *state)
5173{
5174 return selinux_ip_postroute(skb, state->out, PF_INET);
5175}
5176
5177#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5178static unsigned int selinux_ipv6_postroute(void *priv,
5179 struct sk_buff *skb,
5180 const struct nf_hook_state *state)
5181{
5182 return selinux_ip_postroute(skb, state->out, PF_INET6);
5183}
5184#endif
5185
5186#endif
5187
5188static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
5189{
5190 return selinux_nlmsg_perm(sk, skb);
5191}
5192
5193static int ipc_alloc_security(struct task_struct *task,
5194 struct kern_ipc_perm *perm,
5195 u16 sclass)
5196{
5197 struct ipc_security_struct *isec;
5198 u32 sid;
5199
5200 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
5201 if (!isec)
5202 return -ENOMEM;
5203
5204 sid = task_sid(task);
5205 isec->sclass = sclass;
5206 isec->sid = sid;
5207 perm->security = isec;
5208
5209 return 0;
5210}
5211
5212static void ipc_free_security(struct kern_ipc_perm *perm)
5213{
5214 struct ipc_security_struct *isec = perm->security;
5215 perm->security = NULL;
5216 kfree(isec);
5217}
5218
5219static int msg_msg_alloc_security(struct msg_msg *msg)
5220{
5221 struct msg_security_struct *msec;
5222
5223 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
5224 if (!msec)
5225 return -ENOMEM;
5226
5227 msec->sid = SECINITSID_UNLABELED;
5228 msg->security = msec;
5229
5230 return 0;
5231}
5232
5233static void msg_msg_free_security(struct msg_msg *msg)
5234{
5235 struct msg_security_struct *msec = msg->security;
5236
5237 msg->security = NULL;
5238 kfree(msec);
5239}
5240
5241static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
5242 u32 perms)
5243{
5244 struct ipc_security_struct *isec;
5245 struct common_audit_data ad;
5246 u32 sid = current_sid();
5247
5248 isec = ipc_perms->security;
5249
5250 ad.type = LSM_AUDIT_DATA_IPC;
5251 ad.u.ipc_id = ipc_perms->key;
5252
5253 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
5254}
5255
5256static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
5257{
5258 return msg_msg_alloc_security(msg);
5259}
5260
5261static void selinux_msg_msg_free_security(struct msg_msg *msg)
5262{
5263 msg_msg_free_security(msg);
5264}
5265
5266
5267static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
5268{
5269 struct ipc_security_struct *isec;
5270 struct common_audit_data ad;
5271 u32 sid = current_sid();
5272 int rc;
5273
5274 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
5275 if (rc)
5276 return rc;
5277
5278 isec = msq->q_perm.security;
5279
5280 ad.type = LSM_AUDIT_DATA_IPC;
5281 ad.u.ipc_id = msq->q_perm.key;
5282
5283 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5284 MSGQ__CREATE, &ad);
5285 if (rc) {
5286 ipc_free_security(&msq->q_perm);
5287 return rc;
5288 }
5289 return 0;
5290}
5291
5292static void selinux_msg_queue_free_security(struct msg_queue *msq)
5293{
5294 ipc_free_security(&msq->q_perm);
5295}
5296
5297static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
5298{
5299 struct ipc_security_struct *isec;
5300 struct common_audit_data ad;
5301 u32 sid = current_sid();
5302
5303 isec = msq->q_perm.security;
5304
5305 ad.type = LSM_AUDIT_DATA_IPC;
5306 ad.u.ipc_id = msq->q_perm.key;
5307
5308 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5309 MSGQ__ASSOCIATE, &ad);
5310}
5311
5312static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
5313{
5314 int err;
5315 int perms;
5316
5317 switch (cmd) {
5318 case IPC_INFO:
5319 case MSG_INFO:
5320
5321 return task_has_system(current, SYSTEM__IPC_INFO);
5322 case IPC_STAT:
5323 case MSG_STAT:
5324 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
5325 break;
5326 case IPC_SET:
5327 perms = MSGQ__SETATTR;
5328 break;
5329 case IPC_RMID:
5330 perms = MSGQ__DESTROY;
5331 break;
5332 default:
5333 return 0;
5334 }
5335
5336 err = ipc_has_perm(&msq->q_perm, perms);
5337 return err;
5338}
5339
5340static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
5341{
5342 struct ipc_security_struct *isec;
5343 struct msg_security_struct *msec;
5344 struct common_audit_data ad;
5345 u32 sid = current_sid();
5346 int rc;
5347
5348 isec = msq->q_perm.security;
5349 msec = msg->security;
5350
5351
5352
5353
5354 if (msec->sid == SECINITSID_UNLABELED) {
5355
5356
5357
5358
5359 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG,
5360 NULL, &msec->sid);
5361 if (rc)
5362 return rc;
5363 }
5364
5365 ad.type = LSM_AUDIT_DATA_IPC;
5366 ad.u.ipc_id = msq->q_perm.key;
5367
5368
5369 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5370 MSGQ__WRITE, &ad);
5371 if (!rc)
5372
5373 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG,
5374 MSG__SEND, &ad);
5375 if (!rc)
5376
5377 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ,
5378 MSGQ__ENQUEUE, &ad);
5379
5380 return rc;
5381}
5382
5383static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
5384 struct task_struct *target,
5385 long type, int mode)
5386{
5387 struct ipc_security_struct *isec;
5388 struct msg_security_struct *msec;
5389 struct common_audit_data ad;
5390 u32 sid = task_sid(target);
5391 int rc;
5392
5393 isec = msq->q_perm.security;
5394 msec = msg->security;
5395
5396 ad.type = LSM_AUDIT_DATA_IPC;
5397 ad.u.ipc_id = msq->q_perm.key;
5398
5399 rc = avc_has_perm(sid, isec->sid,
5400 SECCLASS_MSGQ, MSGQ__READ, &ad);
5401 if (!rc)
5402 rc = avc_has_perm(sid, msec->sid,
5403 SECCLASS_MSG, MSG__RECEIVE, &ad);
5404 return rc;
5405}
5406
5407
5408static int selinux_shm_alloc_security(struct shmid_kernel *shp)
5409{
5410 struct ipc_security_struct *isec;
5411 struct common_audit_data ad;
5412 u32 sid = current_sid();
5413 int rc;
5414
5415 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
5416 if (rc)
5417 return rc;
5418
5419 isec = shp->shm_perm.security;
5420
5421 ad.type = LSM_AUDIT_DATA_IPC;
5422 ad.u.ipc_id = shp->shm_perm.key;
5423
5424 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5425 SHM__CREATE, &ad);
5426 if (rc) {
5427 ipc_free_security(&shp->shm_perm);
5428 return rc;
5429 }
5430 return 0;
5431}
5432
5433static void selinux_shm_free_security(struct shmid_kernel *shp)
5434{
5435 ipc_free_security(&shp->shm_perm);
5436}
5437
5438static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
5439{
5440 struct ipc_security_struct *isec;
5441 struct common_audit_data ad;
5442 u32 sid = current_sid();
5443
5444 isec = shp->shm_perm.security;
5445
5446 ad.type = LSM_AUDIT_DATA_IPC;
5447 ad.u.ipc_id = shp->shm_perm.key;
5448
5449 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5450 SHM__ASSOCIATE, &ad);
5451}
5452
5453
5454static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
5455{
5456 int perms;
5457 int err;
5458
5459 switch (cmd) {
5460 case IPC_INFO:
5461 case SHM_INFO:
5462
5463 return task_has_system(current, SYSTEM__IPC_INFO);
5464 case IPC_STAT:
5465 case SHM_STAT:
5466 perms = SHM__GETATTR | SHM__ASSOCIATE;
5467 break;
5468 case IPC_SET:
5469 perms = SHM__SETATTR;
5470 break;
5471 case SHM_LOCK:
5472 case SHM_UNLOCK:
5473 perms = SHM__LOCK;
5474 break;
5475 case IPC_RMID:
5476 perms = SHM__DESTROY;
5477 break;
5478 default:
5479 return 0;
5480 }
5481
5482 err = ipc_has_perm(&shp->shm_perm, perms);
5483 return err;
5484}
5485
5486static int selinux_shm_shmat(struct shmid_kernel *shp,
5487 char __user *shmaddr, int shmflg)
5488{
5489 u32 perms;
5490
5491 if (shmflg & SHM_RDONLY)
5492 perms = SHM__READ;
5493 else
5494 perms = SHM__READ | SHM__WRITE;
5495
5496 return ipc_has_perm(&shp->shm_perm, perms);
5497}
5498
5499
5500static int selinux_sem_alloc_security(struct sem_array *sma)
5501{
5502 struct ipc_security_struct *isec;
5503 struct common_audit_data ad;
5504 u32 sid = current_sid();
5505 int rc;
5506
5507 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
5508 if (rc)
5509 return rc;
5510
5511 isec = sma->sem_perm.security;
5512
5513 ad.type = LSM_AUDIT_DATA_IPC;
5514 ad.u.ipc_id = sma->sem_perm.key;
5515
5516 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5517 SEM__CREATE, &ad);
5518 if (rc) {
5519 ipc_free_security(&sma->sem_perm);
5520 return rc;
5521 }
5522 return 0;
5523}
5524
5525static void selinux_sem_free_security(struct sem_array *sma)
5526{
5527 ipc_free_security(&sma->sem_perm);
5528}
5529
5530static int selinux_sem_associate(struct sem_array *sma, int semflg)
5531{
5532 struct ipc_security_struct *isec;
5533 struct common_audit_data ad;
5534 u32 sid = current_sid();
5535
5536 isec = sma->sem_perm.security;
5537
5538 ad.type = LSM_AUDIT_DATA_IPC;
5539 ad.u.ipc_id = sma->sem_perm.key;
5540
5541 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5542 SEM__ASSOCIATE, &ad);
5543}
5544
5545
5546static int selinux_sem_semctl(struct sem_array *sma, int cmd)
5547{
5548 int err;
5549 u32 perms;
5550
5551 switch (cmd) {
5552 case IPC_INFO:
5553 case SEM_INFO:
5554
5555 return task_has_system(current, SYSTEM__IPC_INFO);
5556 case GETPID:
5557 case GETNCNT:
5558 case GETZCNT:
5559 perms = SEM__GETATTR;
5560 break;
5561 case GETVAL:
5562 case GETALL:
5563 perms = SEM__READ;
5564 break;
5565 case SETVAL:
5566 case SETALL:
5567 perms = SEM__WRITE;
5568 break;
5569 case IPC_RMID:
5570 perms = SEM__DESTROY;
5571 break;
5572 case IPC_SET:
5573 perms = SEM__SETATTR;
5574 break;
5575 case IPC_STAT:
5576 case SEM_STAT:
5577 perms = SEM__GETATTR | SEM__ASSOCIATE;
5578 break;
5579 default:
5580 return 0;
5581 }
5582
5583 err = ipc_has_perm(&sma->sem_perm, perms);
5584 return err;
5585}
5586
5587static int selinux_sem_semop(struct sem_array *sma,
5588 struct sembuf *sops, unsigned nsops, int alter)
5589{
5590 u32 perms;
5591
5592 if (alter)
5593 perms = SEM__READ | SEM__WRITE;
5594 else
5595 perms = SEM__READ;
5596
5597 return ipc_has_perm(&sma->sem_perm, perms);
5598}
5599
5600static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
5601{
5602 u32 av = 0;
5603
5604 av = 0;
5605 if (flag & S_IRUGO)
5606 av |= IPC__UNIX_READ;
5607 if (flag & S_IWUGO)
5608 av |= IPC__UNIX_WRITE;
5609
5610 if (av == 0)
5611 return 0;
5612
5613 return ipc_has_perm(ipcp, av);
5614}
5615
5616static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
5617{
5618 struct ipc_security_struct *isec = ipcp->security;
5619 *secid = isec->sid;
5620}
5621
5622static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
5623{
5624 if (inode)
5625 inode_doinit_with_dentry(inode, dentry);
5626}
5627
5628static int selinux_getprocattr(struct task_struct *p,
5629 char *name, char **value)
5630{
5631 const struct task_security_struct *__tsec;
5632 u32 sid;
5633 int error;
5634 unsigned len;
5635
5636 if (current != p) {
5637 error = current_has_perm(p, PROCESS__GETATTR);
5638 if (error)
5639 return error;
5640 }
5641
5642 rcu_read_lock();
5643 __tsec = __task_cred(p)->security;
5644
5645 if (!strcmp(name, "current"))
5646 sid = __tsec->sid;
5647 else if (!strcmp(name, "prev"))
5648 sid = __tsec->osid;
5649 else if (!strcmp(name, "exec"))
5650 sid = __tsec->exec_sid;
5651 else if (!strcmp(name, "fscreate"))
5652 sid = __tsec->create_sid;
5653 else if (!strcmp(name, "keycreate"))
5654 sid = __tsec->keycreate_sid;
5655 else if (!strcmp(name, "sockcreate"))
5656 sid = __tsec->sockcreate_sid;
5657 else
5658 goto invalid;
5659 rcu_read_unlock();
5660
5661 if (!sid)
5662 return 0;
5663
5664 error = security_sid_to_context(sid, value, &len);
5665 if (error)
5666 return error;
5667 return len;
5668
5669invalid:
5670 rcu_read_unlock();
5671 return -EINVAL;
5672}
5673
5674static int selinux_setprocattr(struct task_struct *p,
5675 char *name, void *value, size_t size)
5676{
5677 struct task_security_struct *tsec;
5678 struct task_struct *tracer;
5679 struct cred *new;
5680 u32 sid = 0, ptsid;
5681 int error;
5682 char *str = value;
5683
5684 if (current != p) {
5685
5686
5687 return -EACCES;
5688 }
5689
5690
5691
5692
5693
5694
5695 if (!strcmp(name, "exec"))
5696 error = current_has_perm(p, PROCESS__SETEXEC);
5697 else if (!strcmp(name, "fscreate"))
5698 error = current_has_perm(p, PROCESS__SETFSCREATE);
5699 else if (!strcmp(name, "keycreate"))
5700 error = current_has_perm(p, PROCESS__SETKEYCREATE);
5701 else if (!strcmp(name, "sockcreate"))
5702 error = current_has_perm(p, PROCESS__SETSOCKCREATE);
5703 else if (!strcmp(name, "current"))
5704 error = current_has_perm(p, PROCESS__SETCURRENT);
5705 else
5706 error = -EINVAL;
5707 if (error)
5708 return error;
5709
5710
5711 if (size && str[1] && str[1] != '\n') {
5712 if (str[size-1] == '\n') {
5713 str[size-1] = 0;
5714 size--;
5715 }
5716 error = security_context_to_sid(value, size, &sid, GFP_KERNEL);
5717 if (error == -EINVAL && !strcmp(name, "fscreate")) {
5718 if (!capable(CAP_MAC_ADMIN)) {
5719 struct audit_buffer *ab;
5720 size_t audit_size;
5721
5722
5723
5724 if (str[size - 1] == '\0')
5725 audit_size = size - 1;
5726 else
5727 audit_size = size;
5728 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
5729 audit_log_format(ab, "op=fscreate invalid_context=");
5730 audit_log_n_untrustedstring(ab, value, audit_size);
5731 audit_log_end(ab);
5732
5733 return error;
5734 }
5735 error = security_context_to_sid_force(value, size,
5736 &sid);
5737 }
5738 if (error)
5739 return error;
5740 }
5741
5742 new = prepare_creds();
5743 if (!new)
5744 return -ENOMEM;
5745
5746
5747
5748
5749
5750
5751
5752 tsec = new->security;
5753 if (!strcmp(name, "exec")) {
5754 tsec->exec_sid = sid;
5755 } else if (!strcmp(name, "fscreate")) {
5756 tsec->create_sid = sid;
5757 } else if (!strcmp(name, "keycreate")) {
5758 error = may_create_key(sid, p);
5759 if (error)
5760 goto abort_change;
5761 tsec->keycreate_sid = sid;
5762 } else if (!strcmp(name, "sockcreate")) {
5763 tsec->sockcreate_sid = sid;
5764 } else if (!strcmp(name, "current")) {
5765 error = -EINVAL;
5766 if (sid == 0)
5767 goto abort_change;
5768
5769
5770 error = -EPERM;
5771 if (!current_is_single_threaded()) {
5772 error = security_bounded_transition(tsec->sid, sid);
5773 if (error)
5774 goto abort_change;
5775 }
5776
5777
5778 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
5779 PROCESS__DYNTRANSITION, NULL);
5780 if (error)
5781 goto abort_change;
5782
5783
5784
5785 ptsid = 0;
5786 rcu_read_lock();
5787 tracer = ptrace_parent(p);
5788 if (tracer)
5789 ptsid = task_sid(tracer);
5790 rcu_read_unlock();
5791
5792 if (tracer) {
5793 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
5794 PROCESS__PTRACE, NULL);
5795 if (error)
5796 goto abort_change;
5797 }
5798
5799 tsec->sid = sid;
5800 } else {
5801 error = -EINVAL;
5802 goto abort_change;
5803 }
5804
5805 commit_creds(new);
5806 return size;
5807
5808abort_change:
5809 abort_creds(new);
5810 return error;
5811}
5812
5813static int selinux_ismaclabel(const char *name)
5814{
5815 return (strcmp(name, XATTR_SELINUX_SUFFIX) == 0);
5816}
5817
5818static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
5819{
5820 return security_sid_to_context(secid, secdata, seclen);
5821}
5822
5823static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
5824{
5825 return security_context_to_sid(secdata, seclen, secid, GFP_KERNEL);
5826}
5827
5828static void selinux_release_secctx(char *secdata, u32 seclen)
5829{
5830 kfree(secdata);
5831}
5832
5833static void selinux_inode_invalidate_secctx(struct inode *inode)
5834{
5835 struct inode_security_struct *isec = inode->i_security;
5836
5837 mutex_lock(&isec->lock);
5838 isec->initialized = LABEL_INVALID;
5839 mutex_unlock(&isec->lock);
5840}
5841
5842
5843
5844
5845static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
5846{
5847 return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0);
5848}
5849
5850
5851
5852
5853static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
5854{
5855 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
5856}
5857
5858static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
5859{
5860 int len = 0;
5861 len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,
5862 ctx, true);
5863 if (len < 0)
5864 return len;
5865 *ctxlen = len;
5866 return 0;
5867}
5868#ifdef CONFIG_KEYS
5869
5870static int selinux_key_alloc(struct key *k, const struct cred *cred,
5871 unsigned long flags)
5872{
5873 const struct task_security_struct *tsec;
5874 struct key_security_struct *ksec;
5875
5876 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
5877 if (!ksec)
5878 return -ENOMEM;
5879
5880 tsec = cred->security;
5881 if (tsec->keycreate_sid)
5882 ksec->sid = tsec->keycreate_sid;
5883 else
5884 ksec->sid = tsec->sid;
5885
5886 k->security = ksec;
5887 return 0;
5888}
5889
5890static void selinux_key_free(struct key *k)
5891{
5892 struct key_security_struct *ksec = k->security;
5893
5894 k->security = NULL;
5895 kfree(ksec);
5896}
5897
5898static int selinux_key_permission(key_ref_t key_ref,
5899 const struct cred *cred,
5900 unsigned perm)
5901{
5902 struct key *key;
5903 struct key_security_struct *ksec;
5904 u32 sid;
5905
5906
5907
5908
5909 if (perm == 0)
5910 return 0;
5911
5912 sid = cred_sid(cred);
5913
5914 key = key_ref_to_ptr(key_ref);
5915 ksec = key->security;
5916
5917 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL);
5918}
5919
5920static int selinux_key_getsecurity(struct key *key, char **_buffer)
5921{
5922 struct key_security_struct *ksec = key->security;
5923 char *context = NULL;
5924 unsigned len;
5925 int rc;
5926
5927 rc = security_sid_to_context(ksec->sid, &context, &len);
5928 if (!rc)
5929 rc = len;
5930 *_buffer = context;
5931 return rc;
5932}
5933
5934#endif
5935
5936static struct security_hook_list selinux_hooks[] = {
5937 LSM_HOOK_INIT(binder_set_context_mgr, selinux_binder_set_context_mgr),
5938 LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction),
5939 LSM_HOOK_INIT(binder_transfer_binder, selinux_binder_transfer_binder),
5940 LSM_HOOK_INIT(binder_transfer_file, selinux_binder_transfer_file),
5941
5942 LSM_HOOK_INIT(ptrace_access_check, selinux_ptrace_access_check),
5943 LSM_HOOK_INIT(ptrace_traceme, selinux_ptrace_traceme),
5944 LSM_HOOK_INIT(capget, selinux_capget),
5945 LSM_HOOK_INIT(capset, selinux_capset),
5946 LSM_HOOK_INIT(capable, selinux_capable),
5947 LSM_HOOK_INIT(quotactl, selinux_quotactl),
5948 LSM_HOOK_INIT(quota_on, selinux_quota_on),
5949 LSM_HOOK_INIT(syslog, selinux_syslog),
5950 LSM_HOOK_INIT(vm_enough_memory, selinux_vm_enough_memory),
5951
5952 LSM_HOOK_INIT(netlink_send, selinux_netlink_send),
5953
5954 LSM_HOOK_INIT(bprm_set_creds, selinux_bprm_set_creds),
5955 LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds),
5956 LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds),
5957 LSM_HOOK_INIT(bprm_secureexec, selinux_bprm_secureexec),
5958
5959 LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security),
5960 LSM_HOOK_INIT(sb_free_security, selinux_sb_free_security),
5961 LSM_HOOK_INIT(sb_copy_data, selinux_sb_copy_data),
5962 LSM_HOOK_INIT(sb_remount, selinux_sb_remount),
5963 LSM_HOOK_INIT(sb_kern_mount, selinux_sb_kern_mount),
5964 LSM_HOOK_INIT(sb_show_options, selinux_sb_show_options),
5965 LSM_HOOK_INIT(sb_statfs, selinux_sb_statfs),
5966 LSM_HOOK_INIT(sb_mount, selinux_mount),
5967 LSM_HOOK_INIT(sb_umount, selinux_umount),
5968 LSM_HOOK_INIT(sb_set_mnt_opts, selinux_set_mnt_opts),
5969 LSM_HOOK_INIT(sb_clone_mnt_opts, selinux_sb_clone_mnt_opts),
5970 LSM_HOOK_INIT(sb_parse_opts_str, selinux_parse_opts_str),
5971
5972 LSM_HOOK_INIT(dentry_init_security, selinux_dentry_init_security),
5973
5974 LSM_HOOK_INIT(inode_alloc_security, selinux_inode_alloc_security),
5975 LSM_HOOK_INIT(inode_free_security, selinux_inode_free_security),
5976 LSM_HOOK_INIT(inode_init_security, selinux_inode_init_security),
5977 LSM_HOOK_INIT(inode_create, selinux_inode_create),
5978 LSM_HOOK_INIT(inode_link, selinux_inode_link),
5979 LSM_HOOK_INIT(inode_unlink, selinux_inode_unlink),
5980 LSM_HOOK_INIT(inode_symlink, selinux_inode_symlink),
5981 LSM_HOOK_INIT(inode_mkdir, selinux_inode_mkdir),
5982 LSM_HOOK_INIT(inode_rmdir, selinux_inode_rmdir),
5983 LSM_HOOK_INIT(inode_mknod, selinux_inode_mknod),
5984 LSM_HOOK_INIT(inode_rename, selinux_inode_rename),
5985 LSM_HOOK_INIT(inode_readlink, selinux_inode_readlink),
5986 LSM_HOOK_INIT(inode_follow_link, selinux_inode_follow_link),
5987 LSM_HOOK_INIT(inode_permission, selinux_inode_permission),
5988 LSM_HOOK_INIT(inode_setattr, selinux_inode_setattr),
5989 LSM_HOOK_INIT(inode_getattr, selinux_inode_getattr),
5990 LSM_HOOK_INIT(inode_setxattr, selinux_inode_setxattr),
5991 LSM_HOOK_INIT(inode_post_setxattr, selinux_inode_post_setxattr),
5992 LSM_HOOK_INIT(inode_getxattr, selinux_inode_getxattr),
5993 LSM_HOOK_INIT(inode_listxattr, selinux_inode_listxattr),
5994 LSM_HOOK_INIT(inode_removexattr, selinux_inode_removexattr),
5995 LSM_HOOK_INIT(inode_getsecurity, selinux_inode_getsecurity),
5996 LSM_HOOK_INIT(inode_setsecurity, selinux_inode_setsecurity),
5997 LSM_HOOK_INIT(inode_listsecurity, selinux_inode_listsecurity),
5998 LSM_HOOK_INIT(inode_getsecid, selinux_inode_getsecid),
5999
6000 LSM_HOOK_INIT(file_permission, selinux_file_permission),
6001 LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security),
6002 LSM_HOOK_INIT(file_free_security, selinux_file_free_security),
6003 LSM_HOOK_INIT(file_ioctl, selinux_file_ioctl),
6004 LSM_HOOK_INIT(mmap_file, selinux_mmap_file),
6005 LSM_HOOK_INIT(mmap_addr, selinux_mmap_addr),
6006 LSM_HOOK_INIT(file_mprotect, selinux_file_mprotect),
6007 LSM_HOOK_INIT(file_lock, selinux_file_lock),
6008 LSM_HOOK_INIT(file_fcntl, selinux_file_fcntl),
6009 LSM_HOOK_INIT(file_set_fowner, selinux_file_set_fowner),
6010 LSM_HOOK_INIT(file_send_sigiotask, selinux_file_send_sigiotask),
6011 LSM_HOOK_INIT(file_receive, selinux_file_receive),
6012
6013 LSM_HOOK_INIT(file_open, selinux_file_open),
6014
6015 LSM_HOOK_INIT(task_create, selinux_task_create),
6016 LSM_HOOK_INIT(cred_alloc_blank, selinux_cred_alloc_blank),
6017 LSM_HOOK_INIT(cred_free, selinux_cred_free),
6018 LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare),
6019 LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer),
6020 LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as),
6021 LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as),
6022 LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request),
6023 LSM_HOOK_INIT(task_setpgid, selinux_task_setpgid),
6024 LSM_HOOK_INIT(task_getpgid, selinux_task_getpgid),
6025 LSM_HOOK_INIT(task_getsid, selinux_task_getsid),
6026 LSM_HOOK_INIT(task_getsecid, selinux_task_getsecid),
6027 LSM_HOOK_INIT(task_setnice, selinux_task_setnice),
6028 LSM_HOOK_INIT(task_setioprio, selinux_task_setioprio),
6029 LSM_HOOK_INIT(task_getioprio, selinux_task_getioprio),
6030 LSM_HOOK_INIT(task_setrlimit, selinux_task_setrlimit),
6031 LSM_HOOK_INIT(task_setscheduler, selinux_task_setscheduler),
6032 LSM_HOOK_INIT(task_getscheduler, selinux_task_getscheduler),
6033 LSM_HOOK_INIT(task_movememory, selinux_task_movememory),
6034 LSM_HOOK_INIT(task_kill, selinux_task_kill),
6035 LSM_HOOK_INIT(task_wait, selinux_task_wait),
6036 LSM_HOOK_INIT(task_to_inode, selinux_task_to_inode),
6037
6038 LSM_HOOK_INIT(ipc_permission, selinux_ipc_permission),
6039 LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid),
6040
6041 LSM_HOOK_INIT(msg_msg_alloc_security, selinux_msg_msg_alloc_security),
6042 LSM_HOOK_INIT(msg_msg_free_security, selinux_msg_msg_free_security),
6043
6044 LSM_HOOK_INIT(msg_queue_alloc_security,
6045 selinux_msg_queue_alloc_security),
6046 LSM_HOOK_INIT(msg_queue_free_security, selinux_msg_queue_free_security),
6047 LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate),
6048 LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl),
6049 LSM_HOOK_INIT(msg_queue_msgsnd, selinux_msg_queue_msgsnd),
6050 LSM_HOOK_INIT(msg_queue_msgrcv, selinux_msg_queue_msgrcv),
6051
6052 LSM_HOOK_INIT(shm_alloc_security, selinux_shm_alloc_security),
6053 LSM_HOOK_INIT(shm_free_security, selinux_shm_free_security),
6054 LSM_HOOK_INIT(shm_associate, selinux_shm_associate),
6055 LSM_HOOK_INIT(shm_shmctl, selinux_shm_shmctl),
6056 LSM_HOOK_INIT(shm_shmat, selinux_shm_shmat),
6057
6058 LSM_HOOK_INIT(sem_alloc_security, selinux_sem_alloc_security),
6059 LSM_HOOK_INIT(sem_free_security, selinux_sem_free_security),
6060 LSM_HOOK_INIT(sem_associate, selinux_sem_associate),
6061 LSM_HOOK_INIT(sem_semctl, selinux_sem_semctl),
6062 LSM_HOOK_INIT(sem_semop, selinux_sem_semop),
6063
6064 LSM_HOOK_INIT(d_instantiate, selinux_d_instantiate),
6065
6066 LSM_HOOK_INIT(getprocattr, selinux_getprocattr),
6067 LSM_HOOK_INIT(setprocattr, selinux_setprocattr),
6068
6069 LSM_HOOK_INIT(ismaclabel, selinux_ismaclabel),
6070 LSM_HOOK_INIT(secid_to_secctx, selinux_secid_to_secctx),
6071 LSM_HOOK_INIT(secctx_to_secid, selinux_secctx_to_secid),
6072 LSM_HOOK_INIT(release_secctx, selinux_release_secctx),
6073 LSM_HOOK_INIT(inode_invalidate_secctx, selinux_inode_invalidate_secctx),
6074 LSM_HOOK_INIT(inode_notifysecctx, selinux_inode_notifysecctx),
6075 LSM_HOOK_INIT(inode_setsecctx, selinux_inode_setsecctx),
6076 LSM_HOOK_INIT(inode_getsecctx, selinux_inode_getsecctx),
6077
6078 LSM_HOOK_INIT(unix_stream_connect, selinux_socket_unix_stream_connect),
6079 LSM_HOOK_INIT(unix_may_send, selinux_socket_unix_may_send),
6080
6081 LSM_HOOK_INIT(socket_create, selinux_socket_create),
6082 LSM_HOOK_INIT(socket_post_create, selinux_socket_post_create),
6083 LSM_HOOK_INIT(socket_bind, selinux_socket_bind),
6084 LSM_HOOK_INIT(socket_connect, selinux_socket_connect),
6085 LSM_HOOK_INIT(socket_listen, selinux_socket_listen),
6086 LSM_HOOK_INIT(socket_accept, selinux_socket_accept),
6087 LSM_HOOK_INIT(socket_sendmsg, selinux_socket_sendmsg),
6088 LSM_HOOK_INIT(socket_recvmsg, selinux_socket_recvmsg),
6089 LSM_HOOK_INIT(socket_getsockname, selinux_socket_getsockname),
6090 LSM_HOOK_INIT(socket_getpeername, selinux_socket_getpeername),
6091 LSM_HOOK_INIT(socket_getsockopt, selinux_socket_getsockopt),
6092 LSM_HOOK_INIT(socket_setsockopt, selinux_socket_setsockopt),
6093 LSM_HOOK_INIT(socket_shutdown, selinux_socket_shutdown),
6094 LSM_HOOK_INIT(socket_sock_rcv_skb, selinux_socket_sock_rcv_skb),
6095 LSM_HOOK_INIT(socket_getpeersec_stream,
6096 selinux_socket_getpeersec_stream),
6097 LSM_HOOK_INIT(socket_getpeersec_dgram, selinux_socket_getpeersec_dgram),
6098 LSM_HOOK_INIT(sk_alloc_security, selinux_sk_alloc_security),
6099 LSM_HOOK_INIT(sk_free_security, selinux_sk_free_security),
6100 LSM_HOOK_INIT(sk_clone_security, selinux_sk_clone_security),
6101 LSM_HOOK_INIT(sk_getsecid, selinux_sk_getsecid),
6102 LSM_HOOK_INIT(sock_graft, selinux_sock_graft),
6103 LSM_HOOK_INIT(inet_conn_request, selinux_inet_conn_request),
6104 LSM_HOOK_INIT(inet_csk_clone, selinux_inet_csk_clone),
6105 LSM_HOOK_INIT(inet_conn_established, selinux_inet_conn_established),
6106 LSM_HOOK_INIT(secmark_relabel_packet, selinux_secmark_relabel_packet),
6107 LSM_HOOK_INIT(secmark_refcount_inc, selinux_secmark_refcount_inc),
6108 LSM_HOOK_INIT(secmark_refcount_dec, selinux_secmark_refcount_dec),
6109 LSM_HOOK_INIT(req_classify_flow, selinux_req_classify_flow),
6110 LSM_HOOK_INIT(tun_dev_alloc_security, selinux_tun_dev_alloc_security),
6111 LSM_HOOK_INIT(tun_dev_free_security, selinux_tun_dev_free_security),
6112 LSM_HOOK_INIT(tun_dev_create, selinux_tun_dev_create),
6113 LSM_HOOK_INIT(tun_dev_attach_queue, selinux_tun_dev_attach_queue),
6114 LSM_HOOK_INIT(tun_dev_attach, selinux_tun_dev_attach),
6115 LSM_HOOK_INIT(tun_dev_open, selinux_tun_dev_open),
6116
6117#ifdef CONFIG_SECURITY_NETWORK_XFRM
6118 LSM_HOOK_INIT(xfrm_policy_alloc_security, selinux_xfrm_policy_alloc),
6119 LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone),
6120 LSM_HOOK_INIT(xfrm_policy_free_security, selinux_xfrm_policy_free),
6121 LSM_HOOK_INIT(xfrm_policy_delete_security, selinux_xfrm_policy_delete),
6122 LSM_HOOK_INIT(xfrm_state_alloc, selinux_xfrm_state_alloc),
6123 LSM_HOOK_INIT(xfrm_state_alloc_acquire,
6124 selinux_xfrm_state_alloc_acquire),
6125 LSM_HOOK_INIT(xfrm_state_free_security, selinux_xfrm_state_free),
6126 LSM_HOOK_INIT(xfrm_state_delete_security, selinux_xfrm_state_delete),
6127 LSM_HOOK_INIT(xfrm_policy_lookup, selinux_xfrm_policy_lookup),
6128 LSM_HOOK_INIT(xfrm_state_pol_flow_match,
6129 selinux_xfrm_state_pol_flow_match),
6130 LSM_HOOK_INIT(xfrm_decode_session, selinux_xfrm_decode_session),
6131#endif
6132
6133#ifdef CONFIG_KEYS
6134 LSM_HOOK_INIT(key_alloc, selinux_key_alloc),
6135 LSM_HOOK_INIT(key_free, selinux_key_free),
6136 LSM_HOOK_INIT(key_permission, selinux_key_permission),
6137 LSM_HOOK_INIT(key_getsecurity, selinux_key_getsecurity),
6138#endif
6139
6140#ifdef CONFIG_AUDIT
6141 LSM_HOOK_INIT(audit_rule_init, selinux_audit_rule_init),
6142 LSM_HOOK_INIT(audit_rule_known, selinux_audit_rule_known),
6143 LSM_HOOK_INIT(audit_rule_match, selinux_audit_rule_match),
6144 LSM_HOOK_INIT(audit_rule_free, selinux_audit_rule_free),
6145#endif
6146};
6147
6148static __init int selinux_init(void)
6149{
6150 if (!security_module_enable("selinux")) {
6151 selinux_enabled = 0;
6152 return 0;
6153 }
6154
6155 if (!selinux_enabled) {
6156 printk(KERN_INFO "SELinux: Disabled at boot.\n");
6157 return 0;
6158 }
6159
6160 printk(KERN_INFO "SELinux: Initializing.\n");
6161
6162
6163 cred_init_security();
6164
6165 default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
6166
6167 sel_inode_cache = kmem_cache_create("selinux_inode_security",
6168 sizeof(struct inode_security_struct),
6169 0, SLAB_PANIC, NULL);
6170 file_security_cache = kmem_cache_create("selinux_file_security",
6171 sizeof(struct file_security_struct),
6172 0, SLAB_PANIC, NULL);
6173 avc_init();
6174
6175 security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks));
6176
6177 if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET))
6178 panic("SELinux: Unable to register AVC netcache callback\n");
6179
6180 if (selinux_enforcing)
6181 printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
6182 else
6183 printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
6184
6185 return 0;
6186}
6187
6188static void delayed_superblock_init(struct super_block *sb, void *unused)
6189{
6190 superblock_doinit(sb, NULL);
6191}
6192
6193void selinux_complete_init(void)
6194{
6195 printk(KERN_DEBUG "SELinux: Completing initialization.\n");
6196
6197
6198 printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
6199 iterate_supers(delayed_superblock_init, NULL);
6200}
6201
6202
6203
6204security_initcall(selinux_init);
6205
6206#if defined(CONFIG_NETFILTER)
6207
6208static struct nf_hook_ops selinux_nf_ops[] = {
6209 {
6210 .hook = selinux_ipv4_postroute,
6211 .pf = NFPROTO_IPV4,
6212 .hooknum = NF_INET_POST_ROUTING,
6213 .priority = NF_IP_PRI_SELINUX_LAST,
6214 },
6215 {
6216 .hook = selinux_ipv4_forward,
6217 .pf = NFPROTO_IPV4,
6218 .hooknum = NF_INET_FORWARD,
6219 .priority = NF_IP_PRI_SELINUX_FIRST,
6220 },
6221 {
6222 .hook = selinux_ipv4_output,
6223 .pf = NFPROTO_IPV4,
6224 .hooknum = NF_INET_LOCAL_OUT,
6225 .priority = NF_IP_PRI_SELINUX_FIRST,
6226 },
6227#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
6228 {
6229 .hook = selinux_ipv6_postroute,
6230 .pf = NFPROTO_IPV6,
6231 .hooknum = NF_INET_POST_ROUTING,
6232 .priority = NF_IP6_PRI_SELINUX_LAST,
6233 },
6234 {
6235 .hook = selinux_ipv6_forward,
6236 .pf = NFPROTO_IPV6,
6237 .hooknum = NF_INET_FORWARD,
6238 .priority = NF_IP6_PRI_SELINUX_FIRST,
6239 },
6240#endif
6241};
6242
6243static int __init selinux_nf_ip_init(void)
6244{
6245 int err;
6246
6247 if (!selinux_enabled)
6248 return 0;
6249
6250 printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
6251
6252 err = nf_register_hooks(selinux_nf_ops, ARRAY_SIZE(selinux_nf_ops));
6253 if (err)
6254 panic("SELinux: nf_register_hooks: error %d\n", err);
6255
6256 return 0;
6257}
6258
6259__initcall(selinux_nf_ip_init);
6260
6261#ifdef CONFIG_SECURITY_SELINUX_DISABLE
6262static void selinux_nf_ip_exit(void)
6263{
6264 printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
6265
6266 nf_unregister_hooks(selinux_nf_ops, ARRAY_SIZE(selinux_nf_ops));
6267}
6268#endif
6269
6270#else
6271
6272#ifdef CONFIG_SECURITY_SELINUX_DISABLE
6273#define selinux_nf_ip_exit()
6274#endif
6275
6276#endif
6277
6278#ifdef CONFIG_SECURITY_SELINUX_DISABLE
6279static int selinux_disabled;
6280
6281int selinux_disable(void)
6282{
6283 if (ss_initialized) {
6284
6285 return -EINVAL;
6286 }
6287
6288 if (selinux_disabled) {
6289
6290 return -EINVAL;
6291 }
6292
6293 printk(KERN_INFO "SELinux: Disabled at runtime.\n");
6294
6295 selinux_disabled = 1;
6296 selinux_enabled = 0;
6297
6298 security_delete_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks));
6299
6300
6301 avc_disable();
6302
6303
6304 selinux_nf_ip_exit();
6305
6306
6307 exit_sel_fs();
6308
6309 return 0;
6310}
6311#endif
6312