1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26#include <linux/init.h>
27#include <linux/kd.h>
28#include <linux/kernel.h>
29#include <linux/tracehook.h>
30#include <linux/errno.h>
31#include <linux/sched.h>
32#include <linux/lsm_hooks.h>
33#include <linux/xattr.h>
34#include <linux/capability.h>
35#include <linux/unistd.h>
36#include <linux/mm.h>
37#include <linux/mman.h>
38#include <linux/slab.h>
39#include <linux/pagemap.h>
40#include <linux/proc_fs.h>
41#include <linux/swap.h>
42#include <linux/spinlock.h>
43#include <linux/syscalls.h>
44#include <linux/dcache.h>
45#include <linux/file.h>
46#include <linux/fdtable.h>
47#include <linux/namei.h>
48#include <linux/mount.h>
49#include <linux/netfilter_ipv4.h>
50#include <linux/netfilter_ipv6.h>
51#include <linux/tty.h>
52#include <net/icmp.h>
53#include <net/ip.h>
54#include <net/tcp.h>
55#include <net/inet_connection_sock.h>
56#include <net/net_namespace.h>
57#include <net/netlabel.h>
58#include <linux/uaccess.h>
59#include <asm/ioctls.h>
60#include <linux/atomic.h>
61#include <linux/bitops.h>
62#include <linux/interrupt.h>
63#include <linux/netdevice.h>
64#include <net/netlink.h>
65#include <linux/tcp.h>
66#include <linux/udp.h>
67#include <linux/dccp.h>
68#include <linux/quota.h>
69#include <linux/un.h>
70#include <net/af_unix.h>
71#include <linux/parser.h>
72#include <linux/nfs_mount.h>
73#include <net/ipv6.h>
74#include <linux/hugetlb.h>
75#include <linux/personality.h>
76#include <linux/audit.h>
77#include <linux/string.h>
78#include <linux/selinux.h>
79#include <linux/mutex.h>
80#include <linux/posix-timers.h>
81#include <linux/syslog.h>
82#include <linux/user_namespace.h>
83#include <linux/export.h>
84#include <linux/msg.h>
85#include <linux/shm.h>
86
87#include "avc.h"
88#include "objsec.h"
89#include "netif.h"
90#include "netnode.h"
91#include "netport.h"
92#include "xfrm.h"
93#include "netlabel.h"
94#include "audit.h"
95#include "avc_ss.h"
96
97
98static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
99
100#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
101int selinux_enforcing;
102
103static int __init enforcing_setup(char *str)
104{
105 unsigned long enforcing;
106 if (!kstrtoul(str, 0, &enforcing))
107 selinux_enforcing = enforcing ? 1 : 0;
108 return 1;
109}
110__setup("enforcing=", enforcing_setup);
111#endif
112
113#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
114int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
115
116static int __init selinux_enabled_setup(char *str)
117{
118 unsigned long enabled;
119 if (!kstrtoul(str, 0, &enabled))
120 selinux_enabled = enabled ? 1 : 0;
121 return 1;
122}
123__setup("selinux=", selinux_enabled_setup);
124#else
125int selinux_enabled = 1;
126#endif
127
128static struct kmem_cache *sel_inode_cache;
129static struct kmem_cache *file_security_cache;
130
131
132
133
134
135
136
137
138
139
140
141
142static int selinux_secmark_enabled(void)
143{
144 return (selinux_policycap_alwaysnetwork || atomic_read(&selinux_secmark_refcount));
145}
146
147
148
149
150
151
152
153
154
155
156
157static int selinux_peerlbl_enabled(void)
158{
159 return (selinux_policycap_alwaysnetwork || netlbl_enabled() || selinux_xfrm_enabled());
160}
161
162static int selinux_netcache_avc_callback(u32 event)
163{
164 if (event == AVC_CALLBACK_RESET) {
165 sel_netif_flush();
166 sel_netnode_flush();
167 sel_netport_flush();
168 synchronize_net();
169 }
170 return 0;
171}
172
173
174
175
176static void cred_init_security(void)
177{
178 struct cred *cred = (struct cred *) current->real_cred;
179 struct task_security_struct *tsec;
180
181 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
182 if (!tsec)
183 panic("SELinux: Failed to initialize initial task.\n");
184
185 tsec->osid = tsec->sid = SECINITSID_KERNEL;
186 cred->security = tsec;
187}
188
189
190
191
192static inline u32 cred_sid(const struct cred *cred)
193{
194 const struct task_security_struct *tsec;
195
196 tsec = cred->security;
197 return tsec->sid;
198}
199
200
201
202
203static inline u32 task_sid(const struct task_struct *task)
204{
205 u32 sid;
206
207 rcu_read_lock();
208 sid = cred_sid(__task_cred(task));
209 rcu_read_unlock();
210 return sid;
211}
212
213
214
215
216static inline u32 current_sid(void)
217{
218 const struct task_security_struct *tsec = current_security();
219
220 return tsec->sid;
221}
222
223
224
225static int inode_alloc_security(struct inode *inode)
226{
227 struct inode_security_struct *isec;
228 u32 sid = current_sid();
229
230 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
231 if (!isec)
232 return -ENOMEM;
233
234 mutex_init(&isec->lock);
235 INIT_LIST_HEAD(&isec->list);
236 isec->inode = inode;
237 isec->sid = SECINITSID_UNLABELED;
238 isec->sclass = SECCLASS_FILE;
239 isec->task_sid = sid;
240 inode->i_security = isec;
241
242 return 0;
243}
244
245static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
246
247
248
249
250
251
252
253
254static int __inode_security_revalidate(struct inode *inode,
255 struct dentry *opt_dentry,
256 bool may_sleep)
257{
258 struct inode_security_struct *isec = inode->i_security;
259
260 might_sleep_if(may_sleep);
261
262 if (ss_initialized && isec->initialized != LABEL_INITIALIZED) {
263 if (!may_sleep)
264 return -ECHILD;
265
266
267
268
269
270
271 inode_doinit_with_dentry(inode, opt_dentry);
272 }
273 return 0;
274}
275
276static struct inode_security_struct *inode_security_novalidate(struct inode *inode)
277{
278 return inode->i_security;
279}
280
281static struct inode_security_struct *inode_security_rcu(struct inode *inode, bool rcu)
282{
283 int error;
284
285 error = __inode_security_revalidate(inode, NULL, !rcu);
286 if (error)
287 return ERR_PTR(error);
288 return inode->i_security;
289}
290
291
292
293
294static struct inode_security_struct *inode_security(struct inode *inode)
295{
296 __inode_security_revalidate(inode, NULL, true);
297 return inode->i_security;
298}
299
300static struct inode_security_struct *backing_inode_security_novalidate(struct dentry *dentry)
301{
302 struct inode *inode = d_backing_inode(dentry);
303
304 return inode->i_security;
305}
306
307
308
309
310static struct inode_security_struct *backing_inode_security(struct dentry *dentry)
311{
312 struct inode *inode = d_backing_inode(dentry);
313
314 __inode_security_revalidate(inode, dentry, true);
315 return inode->i_security;
316}
317
318static void inode_free_rcu(struct rcu_head *head)
319{
320 struct inode_security_struct *isec;
321
322 isec = container_of(head, struct inode_security_struct, rcu);
323 kmem_cache_free(sel_inode_cache, isec);
324}
325
326static void inode_free_security(struct inode *inode)
327{
328 struct inode_security_struct *isec = inode->i_security;
329 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
330
331
332
333
334
335
336
337
338
339
340
341 if (!list_empty_careful(&isec->list)) {
342 spin_lock(&sbsec->isec_lock);
343 list_del_init(&isec->list);
344 spin_unlock(&sbsec->isec_lock);
345 }
346
347
348
349
350
351
352
353
354
355
356 call_rcu(&isec->rcu, inode_free_rcu);
357}
358
359static int file_alloc_security(struct file *file)
360{
361 struct file_security_struct *fsec;
362 u32 sid = current_sid();
363
364 fsec = kmem_cache_zalloc(file_security_cache, GFP_KERNEL);
365 if (!fsec)
366 return -ENOMEM;
367
368 fsec->sid = sid;
369 fsec->fown_sid = sid;
370 file->f_security = fsec;
371
372 return 0;
373}
374
375static void file_free_security(struct file *file)
376{
377 struct file_security_struct *fsec = file->f_security;
378 file->f_security = NULL;
379 kmem_cache_free(file_security_cache, fsec);
380}
381
382static int superblock_alloc_security(struct super_block *sb)
383{
384 struct superblock_security_struct *sbsec;
385
386 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
387 if (!sbsec)
388 return -ENOMEM;
389
390 mutex_init(&sbsec->lock);
391 INIT_LIST_HEAD(&sbsec->isec_head);
392 spin_lock_init(&sbsec->isec_lock);
393 sbsec->sb = sb;
394 sbsec->sid = SECINITSID_UNLABELED;
395 sbsec->def_sid = SECINITSID_FILE;
396 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
397 sb->s_security = sbsec;
398
399 return 0;
400}
401
402static void superblock_free_security(struct super_block *sb)
403{
404 struct superblock_security_struct *sbsec = sb->s_security;
405 sb->s_security = NULL;
406 kfree(sbsec);
407}
408
409
410
411static const char *labeling_behaviors[7] = {
412 "uses xattr",
413 "uses transition SIDs",
414 "uses task SIDs",
415 "uses genfs_contexts",
416 "not configured for labeling",
417 "uses mountpoint labeling",
418 "uses native labeling",
419};
420
421static inline int inode_doinit(struct inode *inode)
422{
423 return inode_doinit_with_dentry(inode, NULL);
424}
425
426enum {
427 Opt_error = -1,
428 Opt_context = 1,
429 Opt_fscontext = 2,
430 Opt_defcontext = 3,
431 Opt_rootcontext = 4,
432 Opt_labelsupport = 5,
433 Opt_nextmntopt = 6,
434};
435
436#define NUM_SEL_MNT_OPTS (Opt_nextmntopt - 1)
437
438static const match_table_t tokens = {
439 {Opt_context, CONTEXT_STR "%s"},
440 {Opt_fscontext, FSCONTEXT_STR "%s"},
441 {Opt_defcontext, DEFCONTEXT_STR "%s"},
442 {Opt_rootcontext, ROOTCONTEXT_STR "%s"},
443 {Opt_labelsupport, LABELSUPP_STR},
444 {Opt_error, NULL},
445};
446
447#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
448
449static int may_context_mount_sb_relabel(u32 sid,
450 struct superblock_security_struct *sbsec,
451 const struct cred *cred)
452{
453 const struct task_security_struct *tsec = cred->security;
454 int rc;
455
456 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
457 FILESYSTEM__RELABELFROM, NULL);
458 if (rc)
459 return rc;
460
461 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
462 FILESYSTEM__RELABELTO, NULL);
463 return rc;
464}
465
466static int may_context_mount_inode_relabel(u32 sid,
467 struct superblock_security_struct *sbsec,
468 const struct cred *cred)
469{
470 const struct task_security_struct *tsec = cred->security;
471 int rc;
472 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
473 FILESYSTEM__RELABELFROM, NULL);
474 if (rc)
475 return rc;
476
477 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
478 FILESYSTEM__ASSOCIATE, NULL);
479 return rc;
480}
481
482static int selinux_is_sblabel_mnt(struct super_block *sb)
483{
484 struct superblock_security_struct *sbsec = sb->s_security;
485
486 return sbsec->behavior == SECURITY_FS_USE_XATTR ||
487 sbsec->behavior == SECURITY_FS_USE_TRANS ||
488 sbsec->behavior == SECURITY_FS_USE_TASK ||
489 sbsec->behavior == SECURITY_FS_USE_NATIVE ||
490
491 !strcmp(sb->s_type->name, "sysfs") ||
492 !strcmp(sb->s_type->name, "pstore") ||
493 !strcmp(sb->s_type->name, "debugfs") ||
494 !strcmp(sb->s_type->name, "rootfs");
495}
496
497static int sb_finish_set_opts(struct super_block *sb)
498{
499 struct superblock_security_struct *sbsec = sb->s_security;
500 struct dentry *root = sb->s_root;
501 struct inode *root_inode = d_backing_inode(root);
502 int rc = 0;
503
504 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
505
506
507
508
509
510 if (!(root_inode->i_opflags & IOP_XATTR)) {
511 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
512 "xattr support\n", sb->s_id, sb->s_type->name);
513 rc = -EOPNOTSUPP;
514 goto out;
515 }
516
517 rc = __vfs_getxattr(root, root_inode, XATTR_NAME_SELINUX, NULL, 0);
518 if (rc < 0 && rc != -ENODATA) {
519 if (rc == -EOPNOTSUPP)
520 printk(KERN_WARNING "SELinux: (dev %s, type "
521 "%s) has no security xattr handler\n",
522 sb->s_id, sb->s_type->name);
523 else
524 printk(KERN_WARNING "SELinux: (dev %s, type "
525 "%s) getxattr errno %d\n", sb->s_id,
526 sb->s_type->name, -rc);
527 goto out;
528 }
529 }
530
531 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
532 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
533 sb->s_id, sb->s_type->name);
534
535 sbsec->flags |= SE_SBINITIALIZED;
536 if (selinux_is_sblabel_mnt(sb))
537 sbsec->flags |= SBLABEL_MNT;
538
539
540 rc = inode_doinit_with_dentry(root_inode, root);
541
542
543
544
545
546 spin_lock(&sbsec->isec_lock);
547next_inode:
548 if (!list_empty(&sbsec->isec_head)) {
549 struct inode_security_struct *isec =
550 list_entry(sbsec->isec_head.next,
551 struct inode_security_struct, list);
552 struct inode *inode = isec->inode;
553 list_del_init(&isec->list);
554 spin_unlock(&sbsec->isec_lock);
555 inode = igrab(inode);
556 if (inode) {
557 if (!IS_PRIVATE(inode))
558 inode_doinit(inode);
559 iput(inode);
560 }
561 spin_lock(&sbsec->isec_lock);
562 goto next_inode;
563 }
564 spin_unlock(&sbsec->isec_lock);
565out:
566 return rc;
567}
568
569
570
571
572
573
574static int selinux_get_mnt_opts(const struct super_block *sb,
575 struct security_mnt_opts *opts)
576{
577 int rc = 0, i;
578 struct superblock_security_struct *sbsec = sb->s_security;
579 char *context = NULL;
580 u32 len;
581 char tmp;
582
583 security_init_mnt_opts(opts);
584
585 if (!(sbsec->flags & SE_SBINITIALIZED))
586 return -EINVAL;
587
588 if (!ss_initialized)
589 return -EINVAL;
590
591
592 BUILD_BUG_ON(SE_MNTMASK >= (1 << NUM_SEL_MNT_OPTS));
593
594 tmp = sbsec->flags & SE_MNTMASK;
595
596 for (i = 0; i < NUM_SEL_MNT_OPTS; i++) {
597 if (tmp & 0x01)
598 opts->num_mnt_opts++;
599 tmp >>= 1;
600 }
601
602 if (sbsec->flags & SBLABEL_MNT)
603 opts->num_mnt_opts++;
604
605 opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
606 if (!opts->mnt_opts) {
607 rc = -ENOMEM;
608 goto out_free;
609 }
610
611 opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);
612 if (!opts->mnt_opts_flags) {
613 rc = -ENOMEM;
614 goto out_free;
615 }
616
617 i = 0;
618 if (sbsec->flags & FSCONTEXT_MNT) {
619 rc = security_sid_to_context(sbsec->sid, &context, &len);
620 if (rc)
621 goto out_free;
622 opts->mnt_opts[i] = context;
623 opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
624 }
625 if (sbsec->flags & CONTEXT_MNT) {
626 rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
627 if (rc)
628 goto out_free;
629 opts->mnt_opts[i] = context;
630 opts->mnt_opts_flags[i++] = CONTEXT_MNT;
631 }
632 if (sbsec->flags & DEFCONTEXT_MNT) {
633 rc = security_sid_to_context(sbsec->def_sid, &context, &len);
634 if (rc)
635 goto out_free;
636 opts->mnt_opts[i] = context;
637 opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;
638 }
639 if (sbsec->flags & ROOTCONTEXT_MNT) {
640 struct dentry *root = sbsec->sb->s_root;
641 struct inode_security_struct *isec = backing_inode_security(root);
642
643 rc = security_sid_to_context(isec->sid, &context, &len);
644 if (rc)
645 goto out_free;
646 opts->mnt_opts[i] = context;
647 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
648 }
649 if (sbsec->flags & SBLABEL_MNT) {
650 opts->mnt_opts[i] = NULL;
651 opts->mnt_opts_flags[i++] = SBLABEL_MNT;
652 }
653
654 BUG_ON(i != opts->num_mnt_opts);
655
656 return 0;
657
658out_free:
659 security_free_mnt_opts(opts);
660 return rc;
661}
662
663static int bad_option(struct superblock_security_struct *sbsec, char flag,
664 u32 old_sid, u32 new_sid)
665{
666 char mnt_flags = sbsec->flags & SE_MNTMASK;
667
668
669 if (sbsec->flags & SE_SBINITIALIZED)
670 if (!(sbsec->flags & flag) ||
671 (old_sid != new_sid))
672 return 1;
673
674
675
676
677 if (!(sbsec->flags & SE_SBINITIALIZED))
678 if (mnt_flags & flag)
679 return 1;
680 return 0;
681}
682
683
684
685
686
687static int selinux_set_mnt_opts(struct super_block *sb,
688 struct security_mnt_opts *opts,
689 unsigned long kern_flags,
690 unsigned long *set_kern_flags)
691{
692 const struct cred *cred = current_cred();
693 int rc = 0, i;
694 struct superblock_security_struct *sbsec = sb->s_security;
695 const char *name = sb->s_type->name;
696 struct dentry *root = sbsec->sb->s_root;
697 struct inode_security_struct *root_isec;
698 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
699 u32 defcontext_sid = 0;
700 char **mount_options = opts->mnt_opts;
701 int *flags = opts->mnt_opts_flags;
702 int num_opts = opts->num_mnt_opts;
703
704 mutex_lock(&sbsec->lock);
705
706 if (!ss_initialized) {
707 if (!num_opts) {
708
709
710
711 goto out;
712 }
713 rc = -EINVAL;
714 printk(KERN_WARNING "SELinux: Unable to set superblock options "
715 "before the security server is initialized\n");
716 goto out;
717 }
718 if (kern_flags && !set_kern_flags) {
719
720
721 rc = -EINVAL;
722 goto out;
723 }
724
725
726
727
728
729
730
731
732
733
734
735
736 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
737 && (num_opts == 0))
738 goto out;
739
740 root_isec = backing_inode_security_novalidate(root);
741
742
743
744
745
746
747 for (i = 0; i < num_opts; i++) {
748 u32 sid;
749
750 if (flags[i] == SBLABEL_MNT)
751 continue;
752 rc = security_context_str_to_sid(mount_options[i], &sid, GFP_KERNEL);
753 if (rc) {
754 printk(KERN_WARNING "SELinux: security_context_str_to_sid"
755 "(%s) failed for (dev %s, type %s) errno=%d\n",
756 mount_options[i], sb->s_id, name, rc);
757 goto out;
758 }
759 switch (flags[i]) {
760 case FSCONTEXT_MNT:
761 fscontext_sid = sid;
762
763 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
764 fscontext_sid))
765 goto out_double_mount;
766
767 sbsec->flags |= FSCONTEXT_MNT;
768 break;
769 case CONTEXT_MNT:
770 context_sid = sid;
771
772 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
773 context_sid))
774 goto out_double_mount;
775
776 sbsec->flags |= CONTEXT_MNT;
777 break;
778 case ROOTCONTEXT_MNT:
779 rootcontext_sid = sid;
780
781 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
782 rootcontext_sid))
783 goto out_double_mount;
784
785 sbsec->flags |= ROOTCONTEXT_MNT;
786
787 break;
788 case DEFCONTEXT_MNT:
789 defcontext_sid = sid;
790
791 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
792 defcontext_sid))
793 goto out_double_mount;
794
795 sbsec->flags |= DEFCONTEXT_MNT;
796
797 break;
798 default:
799 rc = -EINVAL;
800 goto out;
801 }
802 }
803
804 if (sbsec->flags & SE_SBINITIALIZED) {
805
806 if ((sbsec->flags & SE_MNTMASK) && !num_opts)
807 goto out_double_mount;
808 rc = 0;
809 goto out;
810 }
811
812 if (strcmp(sb->s_type->name, "proc") == 0)
813 sbsec->flags |= SE_SBPROC | SE_SBGENFS;
814
815 if (!strcmp(sb->s_type->name, "debugfs") ||
816 !strcmp(sb->s_type->name, "sysfs") ||
817 !strcmp(sb->s_type->name, "pstore"))
818 sbsec->flags |= SE_SBGENFS;
819
820 if (!sbsec->behavior) {
821
822
823
824
825 rc = security_fs_use(sb);
826 if (rc) {
827 printk(KERN_WARNING
828 "%s: security_fs_use(%s) returned %d\n",
829 __func__, sb->s_type->name, rc);
830 goto out;
831 }
832 }
833
834
835
836
837
838 if (sb->s_user_ns != &init_user_ns) {
839 if (context_sid || fscontext_sid || rootcontext_sid ||
840 defcontext_sid) {
841 rc = -EACCES;
842 goto out;
843 }
844 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
845 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
846 rc = security_transition_sid(current_sid(), current_sid(),
847 SECCLASS_FILE, NULL,
848 &sbsec->mntpoint_sid);
849 if (rc)
850 goto out;
851 }
852 goto out_set_opts;
853 }
854
855
856 if (fscontext_sid) {
857 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
858 if (rc)
859 goto out;
860
861 sbsec->sid = fscontext_sid;
862 }
863
864
865
866
867
868
869 if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !context_sid) {
870 sbsec->behavior = SECURITY_FS_USE_NATIVE;
871 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
872 }
873
874 if (context_sid) {
875 if (!fscontext_sid) {
876 rc = may_context_mount_sb_relabel(context_sid, sbsec,
877 cred);
878 if (rc)
879 goto out;
880 sbsec->sid = context_sid;
881 } else {
882 rc = may_context_mount_inode_relabel(context_sid, sbsec,
883 cred);
884 if (rc)
885 goto out;
886 }
887 if (!rootcontext_sid)
888 rootcontext_sid = context_sid;
889
890 sbsec->mntpoint_sid = context_sid;
891 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
892 }
893
894 if (rootcontext_sid) {
895 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
896 cred);
897 if (rc)
898 goto out;
899
900 root_isec->sid = rootcontext_sid;
901 root_isec->initialized = LABEL_INITIALIZED;
902 }
903
904 if (defcontext_sid) {
905 if (sbsec->behavior != SECURITY_FS_USE_XATTR &&
906 sbsec->behavior != SECURITY_FS_USE_NATIVE) {
907 rc = -EINVAL;
908 printk(KERN_WARNING "SELinux: defcontext option is "
909 "invalid for this filesystem type\n");
910 goto out;
911 }
912
913 if (defcontext_sid != sbsec->def_sid) {
914 rc = may_context_mount_inode_relabel(defcontext_sid,
915 sbsec, cred);
916 if (rc)
917 goto out;
918 }
919
920 sbsec->def_sid = defcontext_sid;
921 }
922
923out_set_opts:
924 rc = sb_finish_set_opts(sb);
925out:
926 mutex_unlock(&sbsec->lock);
927 return rc;
928out_double_mount:
929 rc = -EINVAL;
930 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
931 "security settings for (dev %s, type %s)\n", sb->s_id, name);
932 goto out;
933}
934
935static int selinux_cmp_sb_context(const struct super_block *oldsb,
936 const struct super_block *newsb)
937{
938 struct superblock_security_struct *old = oldsb->s_security;
939 struct superblock_security_struct *new = newsb->s_security;
940 char oldflags = old->flags & SE_MNTMASK;
941 char newflags = new->flags & SE_MNTMASK;
942
943 if (oldflags != newflags)
944 goto mismatch;
945 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid)
946 goto mismatch;
947 if ((oldflags & CONTEXT_MNT) && old->mntpoint_sid != new->mntpoint_sid)
948 goto mismatch;
949 if ((oldflags & DEFCONTEXT_MNT) && old->def_sid != new->def_sid)
950 goto mismatch;
951 if (oldflags & ROOTCONTEXT_MNT) {
952 struct inode_security_struct *oldroot = backing_inode_security(oldsb->s_root);
953 struct inode_security_struct *newroot = backing_inode_security(newsb->s_root);
954 if (oldroot->sid != newroot->sid)
955 goto mismatch;
956 }
957 return 0;
958mismatch:
959 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, "
960 "different security settings for (dev %s, "
961 "type %s)\n", newsb->s_id, newsb->s_type->name);
962 return -EBUSY;
963}
964
965static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
966 struct super_block *newsb)
967{
968 const struct superblock_security_struct *oldsbsec = oldsb->s_security;
969 struct superblock_security_struct *newsbsec = newsb->s_security;
970
971 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
972 int set_context = (oldsbsec->flags & CONTEXT_MNT);
973 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
974
975
976
977
978
979 if (!ss_initialized)
980 return 0;
981
982
983 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
984
985
986 if (newsbsec->flags & SE_SBINITIALIZED)
987 return selinux_cmp_sb_context(oldsb, newsb);
988
989 mutex_lock(&newsbsec->lock);
990
991 newsbsec->flags = oldsbsec->flags;
992
993 newsbsec->sid = oldsbsec->sid;
994 newsbsec->def_sid = oldsbsec->def_sid;
995 newsbsec->behavior = oldsbsec->behavior;
996
997 if (set_context) {
998 u32 sid = oldsbsec->mntpoint_sid;
999
1000 if (!set_fscontext)
1001 newsbsec->sid = sid;
1002 if (!set_rootcontext) {
1003 struct inode_security_struct *newisec = backing_inode_security(newsb->s_root);
1004 newisec->sid = sid;
1005 }
1006 newsbsec->mntpoint_sid = sid;
1007 }
1008 if (set_rootcontext) {
1009 const struct inode_security_struct *oldisec = backing_inode_security(oldsb->s_root);
1010 struct inode_security_struct *newisec = backing_inode_security(newsb->s_root);
1011
1012 newisec->sid = oldisec->sid;
1013 }
1014
1015 sb_finish_set_opts(newsb);
1016 mutex_unlock(&newsbsec->lock);
1017 return 0;
1018}
1019
1020static int selinux_parse_opts_str(char *options,
1021 struct security_mnt_opts *opts)
1022{
1023 char *p;
1024 char *context = NULL, *defcontext = NULL;
1025 char *fscontext = NULL, *rootcontext = NULL;
1026 int rc, num_mnt_opts = 0;
1027
1028 opts->num_mnt_opts = 0;
1029
1030
1031 while ((p = strsep(&options, "|")) != NULL) {
1032 int token;
1033 substring_t args[MAX_OPT_ARGS];
1034
1035 if (!*p)
1036 continue;
1037
1038 token = match_token(p, tokens, args);
1039
1040 switch (token) {
1041 case Opt_context:
1042 if (context || defcontext) {
1043 rc = -EINVAL;
1044 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
1045 goto out_err;
1046 }
1047 context = match_strdup(&args[0]);
1048 if (!context) {
1049 rc = -ENOMEM;
1050 goto out_err;
1051 }
1052 break;
1053
1054 case Opt_fscontext:
1055 if (fscontext) {
1056 rc = -EINVAL;
1057 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
1058 goto out_err;
1059 }
1060 fscontext = match_strdup(&args[0]);
1061 if (!fscontext) {
1062 rc = -ENOMEM;
1063 goto out_err;
1064 }
1065 break;
1066
1067 case Opt_rootcontext:
1068 if (rootcontext) {
1069 rc = -EINVAL;
1070 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
1071 goto out_err;
1072 }
1073 rootcontext = match_strdup(&args[0]);
1074 if (!rootcontext) {
1075 rc = -ENOMEM;
1076 goto out_err;
1077 }
1078 break;
1079
1080 case Opt_defcontext:
1081 if (context || defcontext) {
1082 rc = -EINVAL;
1083 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
1084 goto out_err;
1085 }
1086 defcontext = match_strdup(&args[0]);
1087 if (!defcontext) {
1088 rc = -ENOMEM;
1089 goto out_err;
1090 }
1091 break;
1092 case Opt_labelsupport:
1093 break;
1094 default:
1095 rc = -EINVAL;
1096 printk(KERN_WARNING "SELinux: unknown mount option\n");
1097 goto out_err;
1098
1099 }
1100 }
1101
1102 rc = -ENOMEM;
1103 opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC);
1104 if (!opts->mnt_opts)
1105 goto out_err;
1106
1107 opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC);
1108 if (!opts->mnt_opts_flags) {
1109 kfree(opts->mnt_opts);
1110 goto out_err;
1111 }
1112
1113 if (fscontext) {
1114 opts->mnt_opts[num_mnt_opts] = fscontext;
1115 opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;
1116 }
1117 if (context) {
1118 opts->mnt_opts[num_mnt_opts] = context;
1119 opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;
1120 }
1121 if (rootcontext) {
1122 opts->mnt_opts[num_mnt_opts] = rootcontext;
1123 opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;
1124 }
1125 if (defcontext) {
1126 opts->mnt_opts[num_mnt_opts] = defcontext;
1127 opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;
1128 }
1129
1130 opts->num_mnt_opts = num_mnt_opts;
1131 return 0;
1132
1133out_err:
1134 kfree(context);
1135 kfree(defcontext);
1136 kfree(fscontext);
1137 kfree(rootcontext);
1138 return rc;
1139}
1140
1141
1142
1143static int superblock_doinit(struct super_block *sb, void *data)
1144{
1145 int rc = 0;
1146 char *options = data;
1147 struct security_mnt_opts opts;
1148
1149 security_init_mnt_opts(&opts);
1150
1151 if (!data)
1152 goto out;
1153
1154 BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
1155
1156 rc = selinux_parse_opts_str(options, &opts);
1157 if (rc)
1158 goto out_err;
1159
1160out:
1161 rc = selinux_set_mnt_opts(sb, &opts, 0, NULL);
1162
1163out_err:
1164 security_free_mnt_opts(&opts);
1165 return rc;
1166}
1167
1168static void selinux_write_opts(struct seq_file *m,
1169 struct security_mnt_opts *opts)
1170{
1171 int i;
1172 char *prefix;
1173
1174 for (i = 0; i < opts->num_mnt_opts; i++) {
1175 char *has_comma;
1176
1177 if (opts->mnt_opts[i])
1178 has_comma = strchr(opts->mnt_opts[i], ',');
1179 else
1180 has_comma = NULL;
1181
1182 switch (opts->mnt_opts_flags[i]) {
1183 case CONTEXT_MNT:
1184 prefix = CONTEXT_STR;
1185 break;
1186 case FSCONTEXT_MNT:
1187 prefix = FSCONTEXT_STR;
1188 break;
1189 case ROOTCONTEXT_MNT:
1190 prefix = ROOTCONTEXT_STR;
1191 break;
1192 case DEFCONTEXT_MNT:
1193 prefix = DEFCONTEXT_STR;
1194 break;
1195 case SBLABEL_MNT:
1196 seq_putc(m, ',');
1197 seq_puts(m, LABELSUPP_STR);
1198 continue;
1199 default:
1200 BUG();
1201 return;
1202 };
1203
1204 seq_putc(m, ',');
1205 seq_puts(m, prefix);
1206 if (has_comma)
1207 seq_putc(m, '\"');
1208 seq_escape(m, opts->mnt_opts[i], "\"\n\\");
1209 if (has_comma)
1210 seq_putc(m, '\"');
1211 }
1212}
1213
1214static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
1215{
1216 struct security_mnt_opts opts;
1217 int rc;
1218
1219 rc = selinux_get_mnt_opts(sb, &opts);
1220 if (rc) {
1221
1222 if (rc == -EINVAL)
1223 rc = 0;
1224 return rc;
1225 }
1226
1227 selinux_write_opts(m, &opts);
1228
1229 security_free_mnt_opts(&opts);
1230
1231 return rc;
1232}
1233
1234static inline u16 inode_mode_to_security_class(umode_t mode)
1235{
1236 switch (mode & S_IFMT) {
1237 case S_IFSOCK:
1238 return SECCLASS_SOCK_FILE;
1239 case S_IFLNK:
1240 return SECCLASS_LNK_FILE;
1241 case S_IFREG:
1242 return SECCLASS_FILE;
1243 case S_IFBLK:
1244 return SECCLASS_BLK_FILE;
1245 case S_IFDIR:
1246 return SECCLASS_DIR;
1247 case S_IFCHR:
1248 return SECCLASS_CHR_FILE;
1249 case S_IFIFO:
1250 return SECCLASS_FIFO_FILE;
1251
1252 }
1253
1254 return SECCLASS_FILE;
1255}
1256
1257static inline int default_protocol_stream(int protocol)
1258{
1259 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
1260}
1261
1262static inline int default_protocol_dgram(int protocol)
1263{
1264 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
1265}
1266
1267static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1268{
1269 switch (family) {
1270 case PF_UNIX:
1271 switch (type) {
1272 case SOCK_STREAM:
1273 case SOCK_SEQPACKET:
1274 return SECCLASS_UNIX_STREAM_SOCKET;
1275 case SOCK_DGRAM:
1276 return SECCLASS_UNIX_DGRAM_SOCKET;
1277 }
1278 break;
1279 case PF_INET:
1280 case PF_INET6:
1281 switch (type) {
1282 case SOCK_STREAM:
1283 if (default_protocol_stream(protocol))
1284 return SECCLASS_TCP_SOCKET;
1285 else
1286 return SECCLASS_RAWIP_SOCKET;
1287 case SOCK_DGRAM:
1288 if (default_protocol_dgram(protocol))
1289 return SECCLASS_UDP_SOCKET;
1290 else
1291 return SECCLASS_RAWIP_SOCKET;
1292 case SOCK_DCCP:
1293 return SECCLASS_DCCP_SOCKET;
1294 default:
1295 return SECCLASS_RAWIP_SOCKET;
1296 }
1297 break;
1298 case PF_NETLINK:
1299 switch (protocol) {
1300 case NETLINK_ROUTE:
1301 return SECCLASS_NETLINK_ROUTE_SOCKET;
1302 case NETLINK_SOCK_DIAG:
1303 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1304 case NETLINK_NFLOG:
1305 return SECCLASS_NETLINK_NFLOG_SOCKET;
1306 case NETLINK_XFRM:
1307 return SECCLASS_NETLINK_XFRM_SOCKET;
1308 case NETLINK_SELINUX:
1309 return SECCLASS_NETLINK_SELINUX_SOCKET;
1310 case NETLINK_ISCSI:
1311 return SECCLASS_NETLINK_ISCSI_SOCKET;
1312 case NETLINK_AUDIT:
1313 return SECCLASS_NETLINK_AUDIT_SOCKET;
1314 case NETLINK_FIB_LOOKUP:
1315 return SECCLASS_NETLINK_FIB_LOOKUP_SOCKET;
1316 case NETLINK_CONNECTOR:
1317 return SECCLASS_NETLINK_CONNECTOR_SOCKET;
1318 case NETLINK_NETFILTER:
1319 return SECCLASS_NETLINK_NETFILTER_SOCKET;
1320 case NETLINK_DNRTMSG:
1321 return SECCLASS_NETLINK_DNRT_SOCKET;
1322 case NETLINK_KOBJECT_UEVENT:
1323 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1324 case NETLINK_GENERIC:
1325 return SECCLASS_NETLINK_GENERIC_SOCKET;
1326 case NETLINK_SCSITRANSPORT:
1327 return SECCLASS_NETLINK_SCSITRANSPORT_SOCKET;
1328 case NETLINK_RDMA:
1329 return SECCLASS_NETLINK_RDMA_SOCKET;
1330 case NETLINK_CRYPTO:
1331 return SECCLASS_NETLINK_CRYPTO_SOCKET;
1332 default:
1333 return SECCLASS_NETLINK_SOCKET;
1334 }
1335 case PF_PACKET:
1336 return SECCLASS_PACKET_SOCKET;
1337 case PF_KEY:
1338 return SECCLASS_KEY_SOCKET;
1339 case PF_APPLETALK:
1340 return SECCLASS_APPLETALK_SOCKET;
1341 }
1342
1343 return SECCLASS_SOCKET;
1344}
1345
1346static int selinux_genfs_get_sid(struct dentry *dentry,
1347 u16 tclass,
1348 u16 flags,
1349 u32 *sid)
1350{
1351 int rc;
1352 struct super_block *sb = dentry->d_sb;
1353 char *buffer, *path;
1354
1355 buffer = (char *)__get_free_page(GFP_KERNEL);
1356 if (!buffer)
1357 return -ENOMEM;
1358
1359 path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
1360 if (IS_ERR(path))
1361 rc = PTR_ERR(path);
1362 else {
1363 if (flags & SE_SBPROC) {
1364
1365
1366
1367 while (path[1] >= '0' && path[1] <= '9') {
1368 path[1] = '/';
1369 path++;
1370 }
1371 }
1372 rc = security_genfs_sid(sb->s_type->name, path, tclass, sid);
1373 }
1374 free_page((unsigned long)buffer);
1375 return rc;
1376}
1377
1378
1379static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1380{
1381 struct superblock_security_struct *sbsec = NULL;
1382 struct inode_security_struct *isec = inode->i_security;
1383 u32 sid;
1384 struct dentry *dentry;
1385#define INITCONTEXTLEN 255
1386 char *context = NULL;
1387 unsigned len = 0;
1388 int rc = 0;
1389
1390 if (isec->initialized == LABEL_INITIALIZED)
1391 goto out;
1392
1393 mutex_lock(&isec->lock);
1394 if (isec->initialized == LABEL_INITIALIZED)
1395 goto out_unlock;
1396
1397 sbsec = inode->i_sb->s_security;
1398 if (!(sbsec->flags & SE_SBINITIALIZED)) {
1399
1400
1401
1402 spin_lock(&sbsec->isec_lock);
1403 if (list_empty(&isec->list))
1404 list_add(&isec->list, &sbsec->isec_head);
1405 spin_unlock(&sbsec->isec_lock);
1406 goto out_unlock;
1407 }
1408
1409 switch (sbsec->behavior) {
1410 case SECURITY_FS_USE_NATIVE:
1411 break;
1412 case SECURITY_FS_USE_XATTR:
1413 if (!(inode->i_opflags & IOP_XATTR)) {
1414 isec->sid = sbsec->def_sid;
1415 break;
1416 }
1417
1418
1419 if (opt_dentry) {
1420
1421 dentry = dget(opt_dentry);
1422 } else {
1423
1424 dentry = d_find_alias(inode);
1425 }
1426 if (!dentry) {
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436 goto out_unlock;
1437 }
1438
1439 len = INITCONTEXTLEN;
1440 context = kmalloc(len+1, GFP_NOFS);
1441 if (!context) {
1442 rc = -ENOMEM;
1443 dput(dentry);
1444 goto out_unlock;
1445 }
1446 context[len] = '\0';
1447 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len);
1448 if (rc == -ERANGE) {
1449 kfree(context);
1450
1451
1452 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, NULL, 0);
1453 if (rc < 0) {
1454 dput(dentry);
1455 goto out_unlock;
1456 }
1457 len = rc;
1458 context = kmalloc(len+1, GFP_NOFS);
1459 if (!context) {
1460 rc = -ENOMEM;
1461 dput(dentry);
1462 goto out_unlock;
1463 }
1464 context[len] = '\0';
1465 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len);
1466 }
1467 dput(dentry);
1468 if (rc < 0) {
1469 if (rc != -ENODATA) {
1470 printk(KERN_WARNING "SELinux: %s: getxattr returned "
1471 "%d for dev=%s ino=%ld\n", __func__,
1472 -rc, inode->i_sb->s_id, inode->i_ino);
1473 kfree(context);
1474 goto out_unlock;
1475 }
1476
1477 sid = sbsec->def_sid;
1478 rc = 0;
1479 } else {
1480 rc = security_context_to_sid_default(context, rc, &sid,
1481 sbsec->def_sid,
1482 GFP_NOFS);
1483 if (rc) {
1484 char *dev = inode->i_sb->s_id;
1485 unsigned long ino = inode->i_ino;
1486
1487 if (rc == -EINVAL) {
1488 if (printk_ratelimit())
1489 printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
1490 "context=%s. This indicates you may need to relabel the inode or the "
1491 "filesystem in question.\n", ino, dev, context);
1492 } else {
1493 printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
1494 "returned %d for dev=%s ino=%ld\n",
1495 __func__, context, -rc, dev, ino);
1496 }
1497 kfree(context);
1498
1499 rc = 0;
1500 break;
1501 }
1502 }
1503 kfree(context);
1504 isec->sid = sid;
1505 break;
1506 case SECURITY_FS_USE_TASK:
1507 isec->sid = isec->task_sid;
1508 break;
1509 case SECURITY_FS_USE_TRANS:
1510
1511 isec->sid = sbsec->sid;
1512
1513
1514 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1515 rc = security_transition_sid(isec->task_sid, sbsec->sid,
1516 isec->sclass, NULL, &sid);
1517 if (rc)
1518 goto out_unlock;
1519 isec->sid = sid;
1520 break;
1521 case SECURITY_FS_USE_MNTPOINT:
1522 isec->sid = sbsec->mntpoint_sid;
1523 break;
1524 default:
1525
1526 isec->sid = sbsec->sid;
1527
1528 if ((sbsec->flags & SE_SBGENFS) && !S_ISLNK(inode->i_mode)) {
1529
1530
1531 if (opt_dentry)
1532
1533
1534 dentry = dget(opt_dentry);
1535 else
1536
1537
1538 dentry = d_find_alias(inode);
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548 if (!dentry)
1549 goto out_unlock;
1550 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1551 rc = selinux_genfs_get_sid(dentry, isec->sclass,
1552 sbsec->flags, &sid);
1553 dput(dentry);
1554 if (rc)
1555 goto out_unlock;
1556 isec->sid = sid;
1557 }
1558 break;
1559 }
1560
1561 isec->initialized = LABEL_INITIALIZED;
1562
1563out_unlock:
1564 mutex_unlock(&isec->lock);
1565out:
1566 if (isec->sclass == SECCLASS_FILE)
1567 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1568 return rc;
1569}
1570
1571
1572static inline u32 signal_to_av(int sig)
1573{
1574 u32 perm = 0;
1575
1576 switch (sig) {
1577 case SIGCHLD:
1578
1579 perm = PROCESS__SIGCHLD;
1580 break;
1581 case SIGKILL:
1582
1583 perm = PROCESS__SIGKILL;
1584 break;
1585 case SIGSTOP:
1586
1587 perm = PROCESS__SIGSTOP;
1588 break;
1589 default:
1590
1591 perm = PROCESS__SIGNAL;
1592 break;
1593 }
1594
1595 return perm;
1596}
1597
1598
1599
1600
1601
1602static int cred_has_perm(const struct cred *actor,
1603 const struct cred *target,
1604 u32 perms)
1605{
1606 u32 asid = cred_sid(actor), tsid = cred_sid(target);
1607
1608 return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL);
1609}
1610
1611
1612
1613
1614
1615
1616
1617static int task_has_perm(const struct task_struct *tsk1,
1618 const struct task_struct *tsk2,
1619 u32 perms)
1620{
1621 const struct task_security_struct *__tsec1, *__tsec2;
1622 u32 sid1, sid2;
1623
1624 rcu_read_lock();
1625 __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid;
1626 __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid;
1627 rcu_read_unlock();
1628 return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL);
1629}
1630
1631
1632
1633
1634
1635
1636
1637static int current_has_perm(const struct task_struct *tsk,
1638 u32 perms)
1639{
1640 u32 sid, tsid;
1641
1642 sid = current_sid();
1643 tsid = task_sid(tsk);
1644 return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL);
1645}
1646
1647#if CAP_LAST_CAP > 63
1648#error Fix SELinux to handle capabilities > 63.
1649#endif
1650
1651
1652static int cred_has_capability(const struct cred *cred,
1653 int cap, int audit, bool initns)
1654{
1655 struct common_audit_data ad;
1656 struct av_decision avd;
1657 u16 sclass;
1658 u32 sid = cred_sid(cred);
1659 u32 av = CAP_TO_MASK(cap);
1660 int rc;
1661
1662 ad.type = LSM_AUDIT_DATA_CAP;
1663 ad.u.cap = cap;
1664
1665 switch (CAP_TO_INDEX(cap)) {
1666 case 0:
1667 sclass = initns ? SECCLASS_CAPABILITY : SECCLASS_CAP_USERNS;
1668 break;
1669 case 1:
1670 sclass = initns ? SECCLASS_CAPABILITY2 : SECCLASS_CAP2_USERNS;
1671 break;
1672 default:
1673 printk(KERN_ERR
1674 "SELinux: out of range capability %d\n", cap);
1675 BUG();
1676 return -EINVAL;
1677 }
1678
1679 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
1680 if (audit == SECURITY_CAP_AUDIT) {
1681 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0);
1682 if (rc2)
1683 return rc2;
1684 }
1685 return rc;
1686}
1687
1688
1689static int task_has_system(struct task_struct *tsk,
1690 u32 perms)
1691{
1692 u32 sid = task_sid(tsk);
1693
1694 return avc_has_perm(sid, SECINITSID_KERNEL,
1695 SECCLASS_SYSTEM, perms, NULL);
1696}
1697
1698
1699
1700
1701static int inode_has_perm(const struct cred *cred,
1702 struct inode *inode,
1703 u32 perms,
1704 struct common_audit_data *adp)
1705{
1706 struct inode_security_struct *isec;
1707 u32 sid;
1708
1709 validate_creds(cred);
1710
1711 if (unlikely(IS_PRIVATE(inode)))
1712 return 0;
1713
1714 sid = cred_sid(cred);
1715 isec = inode->i_security;
1716
1717 return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);
1718}
1719
1720
1721
1722
1723static inline int dentry_has_perm(const struct cred *cred,
1724 struct dentry *dentry,
1725 u32 av)
1726{
1727 struct inode *inode = d_backing_inode(dentry);
1728 struct common_audit_data ad;
1729
1730 ad.type = LSM_AUDIT_DATA_DENTRY;
1731 ad.u.dentry = dentry;
1732 __inode_security_revalidate(inode, dentry, true);
1733 return inode_has_perm(cred, inode, av, &ad);
1734}
1735
1736
1737
1738
1739static inline int path_has_perm(const struct cred *cred,
1740 const struct path *path,
1741 u32 av)
1742{
1743 struct inode *inode = d_backing_inode(path->dentry);
1744 struct common_audit_data ad;
1745
1746 ad.type = LSM_AUDIT_DATA_PATH;
1747 ad.u.path = *path;
1748 __inode_security_revalidate(inode, path->dentry, true);
1749 return inode_has_perm(cred, inode, av, &ad);
1750}
1751
1752
1753static inline int file_path_has_perm(const struct cred *cred,
1754 struct file *file,
1755 u32 av)
1756{
1757 struct common_audit_data ad;
1758
1759 ad.type = LSM_AUDIT_DATA_FILE;
1760 ad.u.file = file;
1761 return inode_has_perm(cred, file_inode(file), av, &ad);
1762}
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772static int file_has_perm(const struct cred *cred,
1773 struct file *file,
1774 u32 av)
1775{
1776 struct file_security_struct *fsec = file->f_security;
1777 struct inode *inode = file_inode(file);
1778 struct common_audit_data ad;
1779 u32 sid = cred_sid(cred);
1780 int rc;
1781
1782 ad.type = LSM_AUDIT_DATA_FILE;
1783 ad.u.file = file;
1784
1785 if (sid != fsec->sid) {
1786 rc = avc_has_perm(sid, fsec->sid,
1787 SECCLASS_FD,
1788 FD__USE,
1789 &ad);
1790 if (rc)
1791 goto out;
1792 }
1793
1794
1795 rc = 0;
1796 if (av)
1797 rc = inode_has_perm(cred, inode, av, &ad);
1798
1799out:
1800 return rc;
1801}
1802
1803
1804
1805
1806static int
1807selinux_determine_inode_label(const struct task_security_struct *tsec,
1808 struct inode *dir,
1809 const struct qstr *name, u16 tclass,
1810 u32 *_new_isid)
1811{
1812 const struct superblock_security_struct *sbsec = dir->i_sb->s_security;
1813
1814 if ((sbsec->flags & SE_SBINITIALIZED) &&
1815 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) {
1816 *_new_isid = sbsec->mntpoint_sid;
1817 } else if ((sbsec->flags & SBLABEL_MNT) &&
1818 tsec->create_sid) {
1819 *_new_isid = tsec->create_sid;
1820 } else {
1821 const struct inode_security_struct *dsec = inode_security(dir);
1822 return security_transition_sid(tsec->sid, dsec->sid, tclass,
1823 name, _new_isid);
1824 }
1825
1826 return 0;
1827}
1828
1829
1830static int may_create(struct inode *dir,
1831 struct dentry *dentry,
1832 u16 tclass)
1833{
1834 const struct task_security_struct *tsec = current_security();
1835 struct inode_security_struct *dsec;
1836 struct superblock_security_struct *sbsec;
1837 u32 sid, newsid;
1838 struct common_audit_data ad;
1839 int rc;
1840
1841 dsec = inode_security(dir);
1842 sbsec = dir->i_sb->s_security;
1843
1844 sid = tsec->sid;
1845
1846 ad.type = LSM_AUDIT_DATA_DENTRY;
1847 ad.u.dentry = dentry;
1848
1849 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
1850 DIR__ADD_NAME | DIR__SEARCH,
1851 &ad);
1852 if (rc)
1853 return rc;
1854
1855 rc = selinux_determine_inode_label(current_security(), dir,
1856 &dentry->d_name, tclass, &newsid);
1857 if (rc)
1858 return rc;
1859
1860 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);
1861 if (rc)
1862 return rc;
1863
1864 return avc_has_perm(newsid, sbsec->sid,
1865 SECCLASS_FILESYSTEM,
1866 FILESYSTEM__ASSOCIATE, &ad);
1867}
1868
1869
1870static int may_create_key(u32 ksid,
1871 struct task_struct *ctx)
1872{
1873 u32 sid = task_sid(ctx);
1874
1875 return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1876}
1877
1878#define MAY_LINK 0
1879#define MAY_UNLINK 1
1880#define MAY_RMDIR 2
1881
1882
1883static int may_link(struct inode *dir,
1884 struct dentry *dentry,
1885 int kind)
1886
1887{
1888 struct inode_security_struct *dsec, *isec;
1889 struct common_audit_data ad;
1890 u32 sid = current_sid();
1891 u32 av;
1892 int rc;
1893
1894 dsec = inode_security(dir);
1895 isec = backing_inode_security(dentry);
1896
1897 ad.type = LSM_AUDIT_DATA_DENTRY;
1898 ad.u.dentry = dentry;
1899
1900 av = DIR__SEARCH;
1901 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1902 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);
1903 if (rc)
1904 return rc;
1905
1906 switch (kind) {
1907 case MAY_LINK:
1908 av = FILE__LINK;
1909 break;
1910 case MAY_UNLINK:
1911 av = FILE__UNLINK;
1912 break;
1913 case MAY_RMDIR:
1914 av = DIR__RMDIR;
1915 break;
1916 default:
1917 printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
1918 __func__, kind);
1919 return 0;
1920 }
1921
1922 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);
1923 return rc;
1924}
1925
1926static inline int may_rename(struct inode *old_dir,
1927 struct dentry *old_dentry,
1928 struct inode *new_dir,
1929 struct dentry *new_dentry)
1930{
1931 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1932 struct common_audit_data ad;
1933 u32 sid = current_sid();
1934 u32 av;
1935 int old_is_dir, new_is_dir;
1936 int rc;
1937
1938 old_dsec = inode_security(old_dir);
1939 old_isec = backing_inode_security(old_dentry);
1940 old_is_dir = d_is_dir(old_dentry);
1941 new_dsec = inode_security(new_dir);
1942
1943 ad.type = LSM_AUDIT_DATA_DENTRY;
1944
1945 ad.u.dentry = old_dentry;
1946 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
1947 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1948 if (rc)
1949 return rc;
1950 rc = avc_has_perm(sid, old_isec->sid,
1951 old_isec->sclass, FILE__RENAME, &ad);
1952 if (rc)
1953 return rc;
1954 if (old_is_dir && new_dir != old_dir) {
1955 rc = avc_has_perm(sid, old_isec->sid,
1956 old_isec->sclass, DIR__REPARENT, &ad);
1957 if (rc)
1958 return rc;
1959 }
1960
1961 ad.u.dentry = new_dentry;
1962 av = DIR__ADD_NAME | DIR__SEARCH;
1963 if (d_is_positive(new_dentry))
1964 av |= DIR__REMOVE_NAME;
1965 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1966 if (rc)
1967 return rc;
1968 if (d_is_positive(new_dentry)) {
1969 new_isec = backing_inode_security(new_dentry);
1970 new_is_dir = d_is_dir(new_dentry);
1971 rc = avc_has_perm(sid, new_isec->sid,
1972 new_isec->sclass,
1973 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1974 if (rc)
1975 return rc;
1976 }
1977
1978 return 0;
1979}
1980
1981
1982static int superblock_has_perm(const struct cred *cred,
1983 struct super_block *sb,
1984 u32 perms,
1985 struct common_audit_data *ad)
1986{
1987 struct superblock_security_struct *sbsec;
1988 u32 sid = cred_sid(cred);
1989
1990 sbsec = sb->s_security;
1991 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
1992}
1993
1994
1995static inline u32 file_mask_to_av(int mode, int mask)
1996{
1997 u32 av = 0;
1998
1999 if (!S_ISDIR(mode)) {
2000 if (mask & MAY_EXEC)
2001 av |= FILE__EXECUTE;
2002 if (mask & MAY_READ)
2003 av |= FILE__READ;
2004
2005 if (mask & MAY_APPEND)
2006 av |= FILE__APPEND;
2007 else if (mask & MAY_WRITE)
2008 av |= FILE__WRITE;
2009
2010 } else {
2011 if (mask & MAY_EXEC)
2012 av |= DIR__SEARCH;
2013 if (mask & MAY_WRITE)
2014 av |= DIR__WRITE;
2015 if (mask & MAY_READ)
2016 av |= DIR__READ;
2017 }
2018
2019 return av;
2020}
2021
2022
2023static inline u32 file_to_av(struct file *file)
2024{
2025 u32 av = 0;
2026
2027 if (file->f_mode & FMODE_READ)
2028 av |= FILE__READ;
2029 if (file->f_mode & FMODE_WRITE) {
2030 if (file->f_flags & O_APPEND)
2031 av |= FILE__APPEND;
2032 else
2033 av |= FILE__WRITE;
2034 }
2035 if (!av) {
2036
2037
2038
2039 av = FILE__IOCTL;
2040 }
2041
2042 return av;
2043}
2044
2045
2046
2047
2048
2049static inline u32 open_file_to_av(struct file *file)
2050{
2051 u32 av = file_to_av(file);
2052
2053 if (selinux_policycap_openperm)
2054 av |= FILE__OPEN;
2055
2056 return av;
2057}
2058
2059
2060
2061static int selinux_binder_set_context_mgr(struct task_struct *mgr)
2062{
2063 u32 mysid = current_sid();
2064 u32 mgrsid = task_sid(mgr);
2065
2066 return avc_has_perm(mysid, mgrsid, SECCLASS_BINDER,
2067 BINDER__SET_CONTEXT_MGR, NULL);
2068}
2069
2070static int selinux_binder_transaction(struct task_struct *from,
2071 struct task_struct *to)
2072{
2073 u32 mysid = current_sid();
2074 u32 fromsid = task_sid(from);
2075 u32 tosid = task_sid(to);
2076 int rc;
2077
2078 if (mysid != fromsid) {
2079 rc = avc_has_perm(mysid, fromsid, SECCLASS_BINDER,
2080 BINDER__IMPERSONATE, NULL);
2081 if (rc)
2082 return rc;
2083 }
2084
2085 return avc_has_perm(fromsid, tosid, SECCLASS_BINDER, BINDER__CALL,
2086 NULL);
2087}
2088
2089static int selinux_binder_transfer_binder(struct task_struct *from,
2090 struct task_struct *to)
2091{
2092 u32 fromsid = task_sid(from);
2093 u32 tosid = task_sid(to);
2094
2095 return avc_has_perm(fromsid, tosid, SECCLASS_BINDER, BINDER__TRANSFER,
2096 NULL);
2097}
2098
2099static int selinux_binder_transfer_file(struct task_struct *from,
2100 struct task_struct *to,
2101 struct file *file)
2102{
2103 u32 sid = task_sid(to);
2104 struct file_security_struct *fsec = file->f_security;
2105 struct dentry *dentry = file->f_path.dentry;
2106 struct inode_security_struct *isec;
2107 struct common_audit_data ad;
2108 int rc;
2109
2110 ad.type = LSM_AUDIT_DATA_PATH;
2111 ad.u.path = file->f_path;
2112
2113 if (sid != fsec->sid) {
2114 rc = avc_has_perm(sid, fsec->sid,
2115 SECCLASS_FD,
2116 FD__USE,
2117 &ad);
2118 if (rc)
2119 return rc;
2120 }
2121
2122 if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2123 return 0;
2124
2125 isec = backing_inode_security(dentry);
2126 return avc_has_perm(sid, isec->sid, isec->sclass, file_to_av(file),
2127 &ad);
2128}
2129
2130static int selinux_ptrace_access_check(struct task_struct *child,
2131 unsigned int mode)
2132{
2133 if (mode & PTRACE_MODE_READ) {
2134 u32 sid = current_sid();
2135 u32 csid = task_sid(child);
2136 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
2137 }
2138
2139 return current_has_perm(child, PROCESS__PTRACE);
2140}
2141
2142static int selinux_ptrace_traceme(struct task_struct *parent)
2143{
2144 return task_has_perm(parent, current, PROCESS__PTRACE);
2145}
2146
2147static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
2148 kernel_cap_t *inheritable, kernel_cap_t *permitted)
2149{
2150 return current_has_perm(target, PROCESS__GETCAP);
2151}
2152
2153static int selinux_capset(struct cred *new, const struct cred *old,
2154 const kernel_cap_t *effective,
2155 const kernel_cap_t *inheritable,
2156 const kernel_cap_t *permitted)
2157{
2158 return cred_has_perm(old, new, PROCESS__SETCAP);
2159}
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
2172 int cap, int audit)
2173{
2174 return cred_has_capability(cred, cap, audit, ns == &init_user_ns);
2175}
2176
2177static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
2178{
2179 const struct cred *cred = current_cred();
2180 int rc = 0;
2181
2182 if (!sb)
2183 return 0;
2184
2185 switch (cmds) {
2186 case Q_SYNC:
2187 case Q_QUOTAON:
2188 case Q_QUOTAOFF:
2189 case Q_SETINFO:
2190 case Q_SETQUOTA:
2191 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
2192 break;
2193 case Q_GETFMT:
2194 case Q_GETINFO:
2195 case Q_GETQUOTA:
2196 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
2197 break;
2198 default:
2199 rc = 0;
2200 break;
2201 }
2202 return rc;
2203}
2204
2205static int selinux_quota_on(struct dentry *dentry)
2206{
2207 const struct cred *cred = current_cred();
2208
2209 return dentry_has_perm(cred, dentry, FILE__QUOTAON);
2210}
2211
2212static int selinux_syslog(int type)
2213{
2214 int rc;
2215
2216 switch (type) {
2217 case SYSLOG_ACTION_READ_ALL:
2218 case SYSLOG_ACTION_SIZE_BUFFER:
2219 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
2220 break;
2221 case SYSLOG_ACTION_CONSOLE_OFF:
2222 case SYSLOG_ACTION_CONSOLE_ON:
2223
2224 case SYSLOG_ACTION_CONSOLE_LEVEL:
2225 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
2226 break;
2227 case SYSLOG_ACTION_CLOSE:
2228 case SYSLOG_ACTION_OPEN:
2229 case SYSLOG_ACTION_READ:
2230 case SYSLOG_ACTION_READ_CLEAR:
2231 case SYSLOG_ACTION_CLEAR:
2232 default:
2233 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
2234 break;
2235 }
2236 return rc;
2237}
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
2248{
2249 int rc, cap_sys_admin = 0;
2250
2251 rc = cred_has_capability(current_cred(), CAP_SYS_ADMIN,
2252 SECURITY_CAP_NOAUDIT, true);
2253 if (rc == 0)
2254 cap_sys_admin = 1;
2255
2256 return cap_sys_admin;
2257}
2258
2259
2260
2261static u32 ptrace_parent_sid(struct task_struct *task)
2262{
2263 u32 sid = 0;
2264 struct task_struct *tracer;
2265
2266 rcu_read_lock();
2267 tracer = ptrace_parent(task);
2268 if (tracer)
2269 sid = task_sid(tracer);
2270 rcu_read_unlock();
2271
2272 return sid;
2273}
2274
2275static int check_nnp_nosuid(const struct linux_binprm *bprm,
2276 const struct task_security_struct *old_tsec,
2277 const struct task_security_struct *new_tsec)
2278{
2279 int nnp = (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS);
2280 int nosuid = !mnt_may_suid(bprm->file->f_path.mnt);
2281 int rc;
2282
2283 if (!nnp && !nosuid)
2284 return 0;
2285
2286 if (new_tsec->sid == old_tsec->sid)
2287 return 0;
2288
2289
2290
2291
2292
2293
2294
2295 rc = security_bounded_transition(old_tsec->sid, new_tsec->sid);
2296 if (rc) {
2297
2298
2299
2300
2301
2302 if (nnp)
2303 return -EPERM;
2304 else
2305 return -EACCES;
2306 }
2307 return 0;
2308}
2309
2310static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2311{
2312 const struct task_security_struct *old_tsec;
2313 struct task_security_struct *new_tsec;
2314 struct inode_security_struct *isec;
2315 struct common_audit_data ad;
2316 struct inode *inode = file_inode(bprm->file);
2317 int rc;
2318
2319
2320
2321 if (bprm->cred_prepared)
2322 return 0;
2323
2324 old_tsec = current_security();
2325 new_tsec = bprm->cred->security;
2326 isec = inode_security(inode);
2327
2328
2329 new_tsec->sid = old_tsec->sid;
2330 new_tsec->osid = old_tsec->sid;
2331
2332
2333 new_tsec->create_sid = 0;
2334 new_tsec->keycreate_sid = 0;
2335 new_tsec->sockcreate_sid = 0;
2336
2337 if (old_tsec->exec_sid) {
2338 new_tsec->sid = old_tsec->exec_sid;
2339
2340 new_tsec->exec_sid = 0;
2341
2342
2343 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec);
2344 if (rc)
2345 return rc;
2346 } else {
2347
2348 rc = security_transition_sid(old_tsec->sid, isec->sid,
2349 SECCLASS_PROCESS, NULL,
2350 &new_tsec->sid);
2351 if (rc)
2352 return rc;
2353
2354
2355
2356
2357
2358 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec);
2359 if (rc)
2360 new_tsec->sid = old_tsec->sid;
2361 }
2362
2363 ad.type = LSM_AUDIT_DATA_FILE;
2364 ad.u.file = bprm->file;
2365
2366 if (new_tsec->sid == old_tsec->sid) {
2367 rc = avc_has_perm(old_tsec->sid, isec->sid,
2368 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2369 if (rc)
2370 return rc;
2371 } else {
2372
2373 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2374 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2375 if (rc)
2376 return rc;
2377
2378 rc = avc_has_perm(new_tsec->sid, isec->sid,
2379 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2380 if (rc)
2381 return rc;
2382
2383
2384 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2385 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2386 SECCLASS_PROCESS, PROCESS__SHARE,
2387 NULL);
2388 if (rc)
2389 return -EPERM;
2390 }
2391
2392
2393
2394 if (bprm->unsafe &
2395 (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
2396 u32 ptsid = ptrace_parent_sid(current);
2397 if (ptsid != 0) {
2398 rc = avc_has_perm(ptsid, new_tsec->sid,
2399 SECCLASS_PROCESS,
2400 PROCESS__PTRACE, NULL);
2401 if (rc)
2402 return -EPERM;
2403 }
2404 }
2405
2406
2407 bprm->per_clear |= PER_CLEAR_ON_SETID;
2408 }
2409
2410 return 0;
2411}
2412
2413static int selinux_bprm_secureexec(struct linux_binprm *bprm)
2414{
2415 const struct task_security_struct *tsec = current_security();
2416 u32 sid, osid;
2417 int atsecure = 0;
2418
2419 sid = tsec->sid;
2420 osid = tsec->osid;
2421
2422 if (osid != sid) {
2423
2424
2425
2426 atsecure = avc_has_perm(osid, sid,
2427 SECCLASS_PROCESS,
2428 PROCESS__NOATSECURE, NULL);
2429 }
2430
2431 return !!atsecure;
2432}
2433
2434static int match_file(const void *p, struct file *file, unsigned fd)
2435{
2436 return file_has_perm(p, file, file_to_av(file)) ? fd + 1 : 0;
2437}
2438
2439
2440static inline void flush_unauthorized_files(const struct cred *cred,
2441 struct files_struct *files)
2442{
2443 struct file *file, *devnull = NULL;
2444 struct tty_struct *tty;
2445 int drop_tty = 0;
2446 unsigned n;
2447
2448 tty = get_current_tty();
2449 if (tty) {
2450 spin_lock(&tty->files_lock);
2451 if (!list_empty(&tty->tty_files)) {
2452 struct tty_file_private *file_priv;
2453
2454
2455
2456
2457
2458
2459 file_priv = list_first_entry(&tty->tty_files,
2460 struct tty_file_private, list);
2461 file = file_priv->file;
2462 if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))
2463 drop_tty = 1;
2464 }
2465 spin_unlock(&tty->files_lock);
2466 tty_kref_put(tty);
2467 }
2468
2469 if (drop_tty)
2470 no_tty();
2471
2472
2473 n = iterate_fd(files, 0, match_file, cred);
2474 if (!n)
2475 return;
2476
2477 devnull = dentry_open(&selinux_null, O_RDWR, cred);
2478 if (IS_ERR(devnull))
2479 devnull = NULL;
2480
2481 do {
2482 replace_fd(n - 1, devnull, 0);
2483 } while ((n = iterate_fd(files, n, match_file, cred)) != 0);
2484 if (devnull)
2485 fput(devnull);
2486}
2487
2488
2489
2490
2491static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2492{
2493 struct task_security_struct *new_tsec;
2494 struct rlimit *rlim, *initrlim;
2495 int rc, i;
2496
2497 new_tsec = bprm->cred->security;
2498 if (new_tsec->sid == new_tsec->osid)
2499 return;
2500
2501
2502 flush_unauthorized_files(bprm->cred, current->files);
2503
2504
2505 current->pdeath_signal = 0;
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2518 PROCESS__RLIMITINH, NULL);
2519 if (rc) {
2520
2521 task_lock(current);
2522 for (i = 0; i < RLIM_NLIMITS; i++) {
2523 rlim = current->signal->rlim + i;
2524 initrlim = init_task.signal->rlim + i;
2525 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2526 }
2527 task_unlock(current);
2528 update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
2529 }
2530}
2531
2532
2533
2534
2535
2536static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2537{
2538 const struct task_security_struct *tsec = current_security();
2539 struct itimerval itimer;
2540 u32 osid, sid;
2541 int rc, i;
2542
2543 osid = tsec->osid;
2544 sid = tsec->sid;
2545
2546 if (sid == osid)
2547 return;
2548
2549
2550
2551
2552
2553
2554
2555
2556 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2557 if (rc) {
2558 memset(&itimer, 0, sizeof itimer);
2559 for (i = 0; i < 3; i++)
2560 do_setitimer(i, &itimer, NULL);
2561 spin_lock_irq(¤t->sighand->siglock);
2562 if (!fatal_signal_pending(current)) {
2563 flush_sigqueue(¤t->pending);
2564 flush_sigqueue(¤t->signal->shared_pending);
2565 flush_signal_handlers(current, 1);
2566 sigemptyset(¤t->blocked);
2567 recalc_sigpending();
2568 }
2569 spin_unlock_irq(¤t->sighand->siglock);
2570 }
2571
2572
2573
2574 read_lock(&tasklist_lock);
2575 __wake_up_parent(current, current->real_parent);
2576 read_unlock(&tasklist_lock);
2577}
2578
2579
2580
2581static int selinux_sb_alloc_security(struct super_block *sb)
2582{
2583 return superblock_alloc_security(sb);
2584}
2585
2586static void selinux_sb_free_security(struct super_block *sb)
2587{
2588 superblock_free_security(sb);
2589}
2590
2591static inline int match_prefix(char *prefix, int plen, char *option, int olen)
2592{
2593 if (plen > olen)
2594 return 0;
2595
2596 return !memcmp(prefix, option, plen);
2597}
2598
2599static inline int selinux_option(char *option, int len)
2600{
2601 return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) ||
2602 match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) ||
2603 match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) ||
2604 match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) ||
2605 match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len));
2606}
2607
2608static inline void take_option(char **to, char *from, int *first, int len)
2609{
2610 if (!*first) {
2611 **to = ',';
2612 *to += 1;
2613 } else
2614 *first = 0;
2615 memcpy(*to, from, len);
2616 *to += len;
2617}
2618
2619static inline void take_selinux_option(char **to, char *from, int *first,
2620 int len)
2621{
2622 int current_size = 0;
2623
2624 if (!*first) {
2625 **to = '|';
2626 *to += 1;
2627 } else
2628 *first = 0;
2629
2630 while (current_size < len) {
2631 if (*from != '"') {
2632 **to = *from;
2633 *to += 1;
2634 }
2635 from += 1;
2636 current_size += 1;
2637 }
2638}
2639
2640static int selinux_sb_copy_data(char *orig, char *copy)
2641{
2642 int fnosec, fsec, rc = 0;
2643 char *in_save, *in_curr, *in_end;
2644 char *sec_curr, *nosec_save, *nosec;
2645 int open_quote = 0;
2646
2647 in_curr = orig;
2648 sec_curr = copy;
2649
2650 nosec = (char *)get_zeroed_page(GFP_KERNEL);
2651 if (!nosec) {
2652 rc = -ENOMEM;
2653 goto out;
2654 }
2655
2656 nosec_save = nosec;
2657 fnosec = fsec = 1;
2658 in_save = in_end = orig;
2659
2660 do {
2661 if (*in_end == '"')
2662 open_quote = !open_quote;
2663 if ((*in_end == ',' && open_quote == 0) ||
2664 *in_end == '\0') {
2665 int len = in_end - in_curr;
2666
2667 if (selinux_option(in_curr, len))
2668 take_selinux_option(&sec_curr, in_curr, &fsec, len);
2669 else
2670 take_option(&nosec, in_curr, &fnosec, len);
2671
2672 in_curr = in_end + 1;
2673 }
2674 } while (*in_end++);
2675
2676 strcpy(in_save, nosec_save);
2677 free_page((unsigned long)nosec_save);
2678out:
2679 return rc;
2680}
2681
2682static int selinux_sb_remount(struct super_block *sb, void *data)
2683{
2684 int rc, i, *flags;
2685 struct security_mnt_opts opts;
2686 char *secdata, **mount_options;
2687 struct superblock_security_struct *sbsec = sb->s_security;
2688
2689 if (!(sbsec->flags & SE_SBINITIALIZED))
2690 return 0;
2691
2692 if (!data)
2693 return 0;
2694
2695 if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
2696 return 0;
2697
2698 security_init_mnt_opts(&opts);
2699 secdata = alloc_secdata();
2700 if (!secdata)
2701 return -ENOMEM;
2702 rc = selinux_sb_copy_data(data, secdata);
2703 if (rc)
2704 goto out_free_secdata;
2705
2706 rc = selinux_parse_opts_str(secdata, &opts);
2707 if (rc)
2708 goto out_free_secdata;
2709
2710 mount_options = opts.mnt_opts;
2711 flags = opts.mnt_opts_flags;
2712
2713 for (i = 0; i < opts.num_mnt_opts; i++) {
2714 u32 sid;
2715
2716 if (flags[i] == SBLABEL_MNT)
2717 continue;
2718 rc = security_context_str_to_sid(mount_options[i], &sid, GFP_KERNEL);
2719 if (rc) {
2720 printk(KERN_WARNING "SELinux: security_context_str_to_sid"
2721 "(%s) failed for (dev %s, type %s) errno=%d\n",
2722 mount_options[i], sb->s_id, sb->s_type->name, rc);
2723 goto out_free_opts;
2724 }
2725 rc = -EINVAL;
2726 switch (flags[i]) {
2727 case FSCONTEXT_MNT:
2728 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
2729 goto out_bad_option;
2730 break;
2731 case CONTEXT_MNT:
2732 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
2733 goto out_bad_option;
2734 break;
2735 case ROOTCONTEXT_MNT: {
2736 struct inode_security_struct *root_isec;
2737 root_isec = backing_inode_security(sb->s_root);
2738
2739 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
2740 goto out_bad_option;
2741 break;
2742 }
2743 case DEFCONTEXT_MNT:
2744 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
2745 goto out_bad_option;
2746 break;
2747 default:
2748 goto out_free_opts;
2749 }
2750 }
2751
2752 rc = 0;
2753out_free_opts:
2754 security_free_mnt_opts(&opts);
2755out_free_secdata:
2756 free_secdata(secdata);
2757 return rc;
2758out_bad_option:
2759 printk(KERN_WARNING "SELinux: unable to change security options "
2760 "during remount (dev %s, type=%s)\n", sb->s_id,
2761 sb->s_type->name);
2762 goto out_free_opts;
2763}
2764
2765static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2766{
2767 const struct cred *cred = current_cred();
2768 struct common_audit_data ad;
2769 int rc;
2770
2771 rc = superblock_doinit(sb, data);
2772 if (rc)
2773 return rc;
2774
2775
2776 if (flags & MS_KERNMOUNT)
2777 return 0;
2778
2779 ad.type = LSM_AUDIT_DATA_DENTRY;
2780 ad.u.dentry = sb->s_root;
2781 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2782}
2783
2784static int selinux_sb_statfs(struct dentry *dentry)
2785{
2786 const struct cred *cred = current_cred();
2787 struct common_audit_data ad;
2788
2789 ad.type = LSM_AUDIT_DATA_DENTRY;
2790 ad.u.dentry = dentry->d_sb->s_root;
2791 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2792}
2793
2794static int selinux_mount(const char *dev_name,
2795 const struct path *path,
2796 const char *type,
2797 unsigned long flags,
2798 void *data)
2799{
2800 const struct cred *cred = current_cred();
2801
2802 if (flags & MS_REMOUNT)
2803 return superblock_has_perm(cred, path->dentry->d_sb,
2804 FILESYSTEM__REMOUNT, NULL);
2805 else
2806 return path_has_perm(cred, path, FILE__MOUNTON);
2807}
2808
2809static int selinux_umount(struct vfsmount *mnt, int flags)
2810{
2811 const struct cred *cred = current_cred();
2812
2813 return superblock_has_perm(cred, mnt->mnt_sb,
2814 FILESYSTEM__UNMOUNT, NULL);
2815}
2816
2817
2818
2819static int selinux_inode_alloc_security(struct inode *inode)
2820{
2821 return inode_alloc_security(inode);
2822}
2823
2824static void selinux_inode_free_security(struct inode *inode)
2825{
2826 inode_free_security(inode);
2827}
2828
2829static int selinux_dentry_init_security(struct dentry *dentry, int mode,
2830 const struct qstr *name, void **ctx,
2831 u32 *ctxlen)
2832{
2833 u32 newsid;
2834 int rc;
2835
2836 rc = selinux_determine_inode_label(current_security(),
2837 d_inode(dentry->d_parent), name,
2838 inode_mode_to_security_class(mode),
2839 &newsid);
2840 if (rc)
2841 return rc;
2842
2843 return security_sid_to_context(newsid, (char **)ctx, ctxlen);
2844}
2845
2846static int selinux_dentry_create_files_as(struct dentry *dentry, int mode,
2847 struct qstr *name,
2848 const struct cred *old,
2849 struct cred *new)
2850{
2851 u32 newsid;
2852 int rc;
2853 struct task_security_struct *tsec;
2854
2855 rc = selinux_determine_inode_label(old->security,
2856 d_inode(dentry->d_parent), name,
2857 inode_mode_to_security_class(mode),
2858 &newsid);
2859 if (rc)
2860 return rc;
2861
2862 tsec = new->security;
2863 tsec->create_sid = newsid;
2864 return 0;
2865}
2866
2867static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2868 const struct qstr *qstr,
2869 const char **name,
2870 void **value, size_t *len)
2871{
2872 const struct task_security_struct *tsec = current_security();
2873 struct superblock_security_struct *sbsec;
2874 u32 sid, newsid, clen;
2875 int rc;
2876 char *context;
2877
2878 sbsec = dir->i_sb->s_security;
2879
2880 sid = tsec->sid;
2881 newsid = tsec->create_sid;
2882
2883 rc = selinux_determine_inode_label(current_security(),
2884 dir, qstr,
2885 inode_mode_to_security_class(inode->i_mode),
2886 &newsid);
2887 if (rc)
2888 return rc;
2889
2890
2891 if (sbsec->flags & SE_SBINITIALIZED) {
2892 struct inode_security_struct *isec = inode->i_security;
2893 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2894 isec->sid = newsid;
2895 isec->initialized = LABEL_INITIALIZED;
2896 }
2897
2898 if (!ss_initialized || !(sbsec->flags & SBLABEL_MNT))
2899 return -EOPNOTSUPP;
2900
2901 if (name)
2902 *name = XATTR_SELINUX_SUFFIX;
2903
2904 if (value && len) {
2905 rc = security_sid_to_context_force(newsid, &context, &clen);
2906 if (rc)
2907 return rc;
2908 *value = context;
2909 *len = clen;
2910 }
2911
2912 return 0;
2913}
2914
2915static int selinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
2916{
2917 return may_create(dir, dentry, SECCLASS_FILE);
2918}
2919
2920static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2921{
2922 return may_link(dir, old_dentry, MAY_LINK);
2923}
2924
2925static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2926{
2927 return may_link(dir, dentry, MAY_UNLINK);
2928}
2929
2930static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2931{
2932 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2933}
2934
2935static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask)
2936{
2937 return may_create(dir, dentry, SECCLASS_DIR);
2938}
2939
2940static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2941{
2942 return may_link(dir, dentry, MAY_RMDIR);
2943}
2944
2945static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
2946{
2947 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2948}
2949
2950static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2951 struct inode *new_inode, struct dentry *new_dentry)
2952{
2953 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2954}
2955
2956static int selinux_inode_readlink(struct dentry *dentry)
2957{
2958 const struct cred *cred = current_cred();
2959
2960 return dentry_has_perm(cred, dentry, FILE__READ);
2961}
2962
2963static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
2964 bool rcu)
2965{
2966 const struct cred *cred = current_cred();
2967 struct common_audit_data ad;
2968 struct inode_security_struct *isec;
2969 u32 sid;
2970
2971 validate_creds(cred);
2972
2973 ad.type = LSM_AUDIT_DATA_DENTRY;
2974 ad.u.dentry = dentry;
2975 sid = cred_sid(cred);
2976 isec = inode_security_rcu(inode, rcu);
2977 if (IS_ERR(isec))
2978 return PTR_ERR(isec);
2979
2980 return avc_has_perm_flags(sid, isec->sid, isec->sclass, FILE__READ, &ad,
2981 rcu ? MAY_NOT_BLOCK : 0);
2982}
2983
2984static noinline int audit_inode_permission(struct inode *inode,
2985 u32 perms, u32 audited, u32 denied,
2986 int result,
2987 unsigned flags)
2988{
2989 struct common_audit_data ad;
2990 struct inode_security_struct *isec = inode->i_security;
2991 int rc;
2992
2993 ad.type = LSM_AUDIT_DATA_INODE;
2994 ad.u.inode = inode;
2995
2996 rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms,
2997 audited, denied, result, &ad, flags);
2998 if (rc)
2999 return rc;
3000 return 0;
3001}
3002
3003static int selinux_inode_permission(struct inode *inode, int mask)
3004{
3005 const struct cred *cred = current_cred();
3006 u32 perms;
3007 bool from_access;
3008 unsigned flags = mask & MAY_NOT_BLOCK;
3009 struct inode_security_struct *isec;
3010 u32 sid;
3011 struct av_decision avd;
3012 int rc, rc2;
3013 u32 audited, denied;
3014
3015 from_access = mask & MAY_ACCESS;
3016 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
3017
3018
3019 if (!mask)
3020 return 0;
3021
3022 validate_creds(cred);
3023
3024 if (unlikely(IS_PRIVATE(inode)))
3025 return 0;
3026
3027 perms = file_mask_to_av(inode->i_mode, mask);
3028
3029 sid = cred_sid(cred);
3030 isec = inode_security_rcu(inode, flags & MAY_NOT_BLOCK);
3031 if (IS_ERR(isec))
3032 return PTR_ERR(isec);
3033
3034 rc = avc_has_perm_noaudit(sid, isec->sid, isec->sclass, perms, 0, &avd);
3035 audited = avc_audit_required(perms, &avd, rc,
3036 from_access ? FILE__AUDIT_ACCESS : 0,
3037 &denied);
3038 if (likely(!audited))
3039 return rc;
3040
3041 rc2 = audit_inode_permission(inode, perms, audited, denied, rc, flags);
3042 if (rc2)
3043 return rc2;
3044 return rc;
3045}
3046
3047static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
3048{
3049 const struct cred *cred = current_cred();
3050 unsigned int ia_valid = iattr->ia_valid;
3051 __u32 av = FILE__WRITE;
3052
3053
3054 if (ia_valid & ATTR_FORCE) {
3055 ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE |
3056 ATTR_FORCE);
3057 if (!ia_valid)
3058 return 0;
3059 }
3060
3061 if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
3062 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
3063 return dentry_has_perm(cred, dentry, FILE__SETATTR);
3064
3065 if (selinux_policycap_openperm && (ia_valid & ATTR_SIZE)
3066 && !(ia_valid & ATTR_FILE))
3067 av |= FILE__OPEN;
3068
3069 return dentry_has_perm(cred, dentry, av);
3070}
3071
3072static int selinux_inode_getattr(const struct path *path)
3073{
3074 return path_has_perm(current_cred(), path, FILE__GETATTR);
3075}
3076
3077static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
3078{
3079 const struct cred *cred = current_cred();
3080
3081 if (!strncmp(name, XATTR_SECURITY_PREFIX,
3082 sizeof XATTR_SECURITY_PREFIX - 1)) {
3083 if (!strcmp(name, XATTR_NAME_CAPS)) {
3084 if (!capable(CAP_SETFCAP))
3085 return -EPERM;
3086 } else if (!capable(CAP_SYS_ADMIN)) {
3087
3088
3089 return -EPERM;
3090 }
3091 }
3092
3093
3094
3095 return dentry_has_perm(cred, dentry, FILE__SETATTR);
3096}
3097
3098static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
3099 const void *value, size_t size, int flags)
3100{
3101 struct inode *inode = d_backing_inode(dentry);
3102 struct inode_security_struct *isec;
3103 struct superblock_security_struct *sbsec;
3104 struct common_audit_data ad;
3105 u32 newsid, sid = current_sid();
3106 int rc = 0;
3107
3108 if (strcmp(name, XATTR_NAME_SELINUX))
3109 return selinux_inode_setotherxattr(dentry, name);
3110
3111 sbsec = inode->i_sb->s_security;
3112 if (!(sbsec->flags & SBLABEL_MNT))
3113 return -EOPNOTSUPP;
3114
3115 if (!inode_owner_or_capable(inode))
3116 return -EPERM;
3117
3118 ad.type = LSM_AUDIT_DATA_DENTRY;
3119 ad.u.dentry = dentry;
3120
3121 isec = backing_inode_security(dentry);
3122 rc = avc_has_perm(sid, isec->sid, isec->sclass,
3123 FILE__RELABELFROM, &ad);
3124 if (rc)
3125 return rc;
3126
3127 rc = security_context_to_sid(value, size, &newsid, GFP_KERNEL);
3128 if (rc == -EINVAL) {
3129 if (!capable(CAP_MAC_ADMIN)) {
3130 struct audit_buffer *ab;
3131 size_t audit_size;
3132 const char *str;
3133
3134
3135
3136 if (value) {
3137 str = value;
3138 if (str[size - 1] == '\0')
3139 audit_size = size - 1;
3140 else
3141 audit_size = size;
3142 } else {
3143 str = "";
3144 audit_size = 0;
3145 }
3146 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
3147 audit_log_format(ab, "op=setxattr invalid_context=");
3148 audit_log_n_untrustedstring(ab, value, audit_size);
3149 audit_log_end(ab);
3150
3151 return rc;
3152 }
3153 rc = security_context_to_sid_force(value, size, &newsid);
3154 }
3155 if (rc)
3156 return rc;
3157
3158 rc = avc_has_perm(sid, newsid, isec->sclass,
3159 FILE__RELABELTO, &ad);
3160 if (rc)
3161 return rc;
3162
3163 rc = security_validate_transition(isec->sid, newsid, sid,
3164 isec->sclass);
3165 if (rc)
3166 return rc;
3167
3168 return avc_has_perm(newsid,
3169 sbsec->sid,
3170 SECCLASS_FILESYSTEM,
3171 FILESYSTEM__ASSOCIATE,
3172 &ad);
3173}
3174
3175static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
3176 const void *value, size_t size,
3177 int flags)
3178{
3179 struct inode *inode = d_backing_inode(dentry);
3180 struct inode_security_struct *isec;
3181 u32 newsid;
3182 int rc;
3183
3184 if (strcmp(name, XATTR_NAME_SELINUX)) {
3185
3186 return;
3187 }
3188
3189 rc = security_context_to_sid_force(value, size, &newsid);
3190 if (rc) {
3191 printk(KERN_ERR "SELinux: unable to map context to SID"
3192 "for (%s, %lu), rc=%d\n",
3193 inode->i_sb->s_id, inode->i_ino, -rc);
3194 return;
3195 }
3196
3197 isec = backing_inode_security(dentry);
3198 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3199 isec->sid = newsid;
3200 isec->initialized = LABEL_INITIALIZED;
3201
3202 return;
3203}
3204
3205static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
3206{
3207 const struct cred *cred = current_cred();
3208
3209 return dentry_has_perm(cred, dentry, FILE__GETATTR);
3210}
3211
3212static int selinux_inode_listxattr(struct dentry *dentry)
3213{
3214 const struct cred *cred = current_cred();
3215
3216 return dentry_has_perm(cred, dentry, FILE__GETATTR);
3217}
3218
3219static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
3220{
3221 if (strcmp(name, XATTR_NAME_SELINUX))
3222 return selinux_inode_setotherxattr(dentry, name);
3223
3224
3225
3226 return -EACCES;
3227}
3228
3229
3230
3231
3232
3233
3234static int selinux_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)
3235{
3236 u32 size;
3237 int error;
3238 char *context = NULL;
3239 struct inode_security_struct *isec;
3240
3241 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3242 return -EOPNOTSUPP;
3243
3244
3245
3246
3247
3248
3249
3250
3251
3252
3253 error = cap_capable(current_cred(), &init_user_ns, CAP_MAC_ADMIN,
3254 SECURITY_CAP_NOAUDIT);
3255 if (!error)
3256 error = cred_has_capability(current_cred(), CAP_MAC_ADMIN,
3257 SECURITY_CAP_NOAUDIT, true);
3258 isec = inode_security(inode);
3259 if (!error)
3260 error = security_sid_to_context_force(isec->sid, &context,
3261 &size);
3262 else
3263 error = security_sid_to_context(isec->sid, &context, &size);
3264 if (error)
3265 return error;
3266 error = size;
3267 if (alloc) {
3268 *buffer = context;
3269 goto out_nofree;
3270 }
3271 kfree(context);
3272out_nofree:
3273 return error;
3274}
3275
3276static int selinux_inode_setsecurity(struct inode *inode, const char *name,
3277 const void *value, size_t size, int flags)
3278{
3279 struct inode_security_struct *isec = inode_security_novalidate(inode);
3280 u32 newsid;
3281 int rc;
3282
3283 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3284 return -EOPNOTSUPP;
3285
3286 if (!value || !size)
3287 return -EACCES;
3288
3289 rc = security_context_to_sid(value, size, &newsid, GFP_KERNEL);
3290 if (rc)
3291 return rc;
3292
3293 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3294 isec->sid = newsid;
3295 isec->initialized = LABEL_INITIALIZED;
3296 return 0;
3297}
3298
3299static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
3300{
3301 const int len = sizeof(XATTR_NAME_SELINUX);
3302 if (buffer && len <= buffer_size)
3303 memcpy(buffer, XATTR_NAME_SELINUX, len);
3304 return len;
3305}
3306
3307static void selinux_inode_getsecid(struct inode *inode, u32 *secid)
3308{
3309 struct inode_security_struct *isec = inode_security_novalidate(inode);
3310 *secid = isec->sid;
3311}
3312
3313static int selinux_inode_copy_up(struct dentry *src, struct cred **new)
3314{
3315 u32 sid;
3316 struct task_security_struct *tsec;
3317 struct cred *new_creds = *new;
3318
3319 if (new_creds == NULL) {
3320 new_creds = prepare_creds();
3321 if (!new_creds)
3322 return -ENOMEM;
3323 }
3324
3325 tsec = new_creds->security;
3326
3327 selinux_inode_getsecid(d_inode(src), &sid);
3328 tsec->create_sid = sid;
3329 *new = new_creds;
3330 return 0;
3331}
3332
3333static int selinux_inode_copy_up_xattr(const char *name)
3334{
3335
3336
3337
3338
3339 if (strcmp(name, XATTR_NAME_SELINUX) == 0)
3340 return 1;
3341
3342
3343
3344
3345 return -EOPNOTSUPP;
3346}
3347
3348
3349
3350static int selinux_revalidate_file_permission(struct file *file, int mask)
3351{
3352 const struct cred *cred = current_cred();
3353 struct inode *inode = file_inode(file);
3354
3355
3356 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
3357 mask |= MAY_APPEND;
3358
3359 return file_has_perm(cred, file,
3360 file_mask_to_av(inode->i_mode, mask));
3361}
3362
3363static int selinux_file_permission(struct file *file, int mask)
3364{
3365 struct inode *inode = file_inode(file);
3366 struct file_security_struct *fsec = file->f_security;
3367 struct inode_security_struct *isec;
3368 u32 sid = current_sid();
3369
3370 if (!mask)
3371
3372 return 0;
3373
3374 isec = inode_security(inode);
3375 if (sid == fsec->sid && fsec->isid == isec->sid &&
3376 fsec->pseqno == avc_policy_seqno())
3377
3378 return 0;
3379
3380 return selinux_revalidate_file_permission(file, mask);
3381}
3382
3383static int selinux_file_alloc_security(struct file *file)
3384{
3385 return file_alloc_security(file);
3386}
3387
3388static void selinux_file_free_security(struct file *file)
3389{
3390 file_free_security(file);
3391}
3392
3393
3394
3395
3396
3397static int ioctl_has_perm(const struct cred *cred, struct file *file,
3398 u32 requested, u16 cmd)
3399{
3400 struct common_audit_data ad;
3401 struct file_security_struct *fsec = file->f_security;
3402 struct inode *inode = file_inode(file);
3403 struct inode_security_struct *isec;
3404 struct lsm_ioctlop_audit ioctl;
3405 u32 ssid = cred_sid(cred);
3406 int rc;
3407 u8 driver = cmd >> 8;
3408 u8 xperm = cmd & 0xff;
3409
3410 ad.type = LSM_AUDIT_DATA_IOCTL_OP;
3411 ad.u.op = &ioctl;
3412 ad.u.op->cmd = cmd;
3413 ad.u.op->path = file->f_path;
3414
3415 if (ssid != fsec->sid) {
3416 rc = avc_has_perm(ssid, fsec->sid,
3417 SECCLASS_FD,
3418 FD__USE,
3419 &ad);
3420 if (rc)
3421 goto out;
3422 }
3423
3424 if (unlikely(IS_PRIVATE(inode)))
3425 return 0;
3426
3427 isec = inode_security(inode);
3428 rc = avc_has_extended_perms(ssid, isec->sid, isec->sclass,
3429 requested, driver, xperm, &ad);
3430out:
3431 return rc;
3432}
3433
3434static int selinux_file_ioctl(struct file *file, unsigned int cmd,
3435 unsigned long arg)
3436{
3437 const struct cred *cred = current_cred();
3438 int error = 0;
3439
3440 switch (cmd) {
3441 case FIONREAD:
3442
3443 case FIBMAP:
3444
3445 case FIGETBSZ:
3446
3447 case FS_IOC_GETFLAGS:
3448
3449 case FS_IOC_GETVERSION:
3450 error = file_has_perm(cred, file, FILE__GETATTR);
3451 break;
3452
3453 case FS_IOC_SETFLAGS:
3454
3455 case FS_IOC_SETVERSION:
3456 error = file_has_perm(cred, file, FILE__SETATTR);
3457 break;
3458
3459
3460 case FIONBIO:
3461
3462 case FIOASYNC:
3463 error = file_has_perm(cred, file, 0);
3464 break;
3465
3466 case KDSKBENT:
3467 case KDSKBSENT:
3468 error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG,
3469 SECURITY_CAP_AUDIT, true);
3470 break;
3471
3472
3473
3474
3475 default:
3476 error = ioctl_has_perm(cred, file, FILE__IOCTL, (u16) cmd);
3477 }
3478 return error;
3479}
3480
3481static int default_noexec;
3482
3483static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
3484{
3485 const struct cred *cred = current_cred();
3486 int rc = 0;
3487
3488 if (default_noexec &&
3489 (prot & PROT_EXEC) && (!file || IS_PRIVATE(file_inode(file)) ||
3490 (!shared && (prot & PROT_WRITE)))) {
3491
3492
3493
3494
3495
3496 rc = cred_has_perm(cred, cred, PROCESS__EXECMEM);
3497 if (rc)
3498 goto error;
3499 }
3500
3501 if (file) {
3502
3503 u32 av = FILE__READ;
3504
3505
3506 if (shared && (prot & PROT_WRITE))
3507 av |= FILE__WRITE;
3508
3509 if (prot & PROT_EXEC)
3510 av |= FILE__EXECUTE;
3511
3512 return file_has_perm(cred, file, av);
3513 }
3514
3515error:
3516 return rc;
3517}
3518
3519static int selinux_mmap_addr(unsigned long addr)
3520{
3521 int rc = 0;
3522
3523 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
3524 u32 sid = current_sid();
3525 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
3526 MEMPROTECT__MMAP_ZERO, NULL);
3527 }
3528
3529 return rc;
3530}
3531
3532static int selinux_mmap_file(struct file *file, unsigned long reqprot,
3533 unsigned long prot, unsigned long flags)
3534{
3535 if (selinux_checkreqprot)
3536 prot = reqprot;
3537
3538 return file_map_prot_check(file, prot,
3539 (flags & MAP_TYPE) == MAP_SHARED);
3540}
3541
3542static int selinux_file_mprotect(struct vm_area_struct *vma,
3543 unsigned long reqprot,
3544 unsigned long prot)
3545{
3546 const struct cred *cred = current_cred();
3547
3548 if (selinux_checkreqprot)
3549 prot = reqprot;
3550
3551 if (default_noexec &&
3552 (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3553 int rc = 0;
3554 if (vma->vm_start >= vma->vm_mm->start_brk &&
3555 vma->vm_end <= vma->vm_mm->brk) {
3556 rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP);
3557 } else if (!vma->vm_file &&
3558 ((vma->vm_start <= vma->vm_mm->start_stack &&
3559 vma->vm_end >= vma->vm_mm->start_stack) ||
3560 vma_is_stack_for_current(vma))) {
3561 rc = current_has_perm(current, PROCESS__EXECSTACK);
3562 } else if (vma->vm_file && vma->anon_vma) {
3563
3564
3565
3566
3567
3568
3569
3570 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3571 }
3572 if (rc)
3573 return rc;
3574 }
3575
3576 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3577}
3578
3579static int selinux_file_lock(struct file *file, unsigned int cmd)
3580{
3581 const struct cred *cred = current_cred();
3582
3583 return file_has_perm(cred, file, FILE__LOCK);
3584}
3585
3586static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3587 unsigned long arg)
3588{
3589 const struct cred *cred = current_cred();
3590 int err = 0;
3591
3592 switch (cmd) {
3593 case F_SETFL:
3594 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3595 err = file_has_perm(cred, file, FILE__WRITE);
3596 break;
3597 }
3598
3599 case F_SETOWN:
3600 case F_SETSIG:
3601 case F_GETFL:
3602 case F_GETOWN:
3603 case F_GETSIG:
3604 case F_GETOWNER_UIDS:
3605
3606 err = file_has_perm(cred, file, 0);
3607 break;
3608 case F_GETLK:
3609 case F_SETLK:
3610 case F_SETLKW:
3611 case F_OFD_GETLK:
3612 case F_OFD_SETLK:
3613 case F_OFD_SETLKW:
3614#if BITS_PER_LONG == 32
3615 case F_GETLK64:
3616 case F_SETLK64:
3617 case F_SETLKW64:
3618#endif
3619 err = file_has_perm(cred, file, FILE__LOCK);
3620 break;
3621 }
3622
3623 return err;
3624}
3625
3626static void selinux_file_set_fowner(struct file *file)
3627{
3628 struct file_security_struct *fsec;
3629
3630 fsec = file->f_security;
3631 fsec->fown_sid = current_sid();
3632}
3633
3634static int selinux_file_send_sigiotask(struct task_struct *tsk,
3635 struct fown_struct *fown, int signum)
3636{
3637 struct file *file;
3638 u32 sid = task_sid(tsk);
3639 u32 perm;
3640 struct file_security_struct *fsec;
3641
3642
3643 file = container_of(fown, struct file, f_owner);
3644
3645 fsec = file->f_security;
3646
3647 if (!signum)
3648 perm = signal_to_av(SIGIO);
3649 else
3650 perm = signal_to_av(signum);
3651
3652 return avc_has_perm(fsec->fown_sid, sid,
3653 SECCLASS_PROCESS, perm, NULL);
3654}
3655
3656static int selinux_file_receive(struct file *file)
3657{
3658 const struct cred *cred = current_cred();
3659
3660 return file_has_perm(cred, file, file_to_av(file));
3661}
3662
3663static int selinux_file_open(struct file *file, const struct cred *cred)
3664{
3665 struct file_security_struct *fsec;
3666 struct inode_security_struct *isec;
3667
3668 fsec = file->f_security;
3669 isec = inode_security(file_inode(file));
3670
3671
3672
3673
3674
3675
3676
3677 fsec->isid = isec->sid;
3678 fsec->pseqno = avc_policy_seqno();
3679
3680
3681
3682
3683
3684
3685
3686
3687 return file_path_has_perm(cred, file, open_file_to_av(file));
3688}
3689
3690
3691
3692static int selinux_task_create(unsigned long clone_flags)
3693{
3694 return current_has_perm(current, PROCESS__FORK);
3695}
3696
3697
3698
3699
3700static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp)
3701{
3702 struct task_security_struct *tsec;
3703
3704 tsec = kzalloc(sizeof(struct task_security_struct), gfp);
3705 if (!tsec)
3706 return -ENOMEM;
3707
3708 cred->security = tsec;
3709 return 0;
3710}
3711
3712
3713
3714
3715static void selinux_cred_free(struct cred *cred)
3716{
3717 struct task_security_struct *tsec = cred->security;
3718
3719
3720
3721
3722
3723 BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE);
3724 cred->security = (void *) 0x7UL;
3725 kfree(tsec);
3726}
3727
3728
3729
3730
3731static int selinux_cred_prepare(struct cred *new, const struct cred *old,
3732 gfp_t gfp)
3733{
3734 const struct task_security_struct *old_tsec;
3735 struct task_security_struct *tsec;
3736
3737 old_tsec = old->security;
3738
3739 tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp);
3740 if (!tsec)
3741 return -ENOMEM;
3742
3743 new->security = tsec;
3744 return 0;
3745}
3746
3747
3748
3749
3750static void selinux_cred_transfer(struct cred *new, const struct cred *old)
3751{
3752 const struct task_security_struct *old_tsec = old->security;
3753 struct task_security_struct *tsec = new->security;
3754
3755 *tsec = *old_tsec;
3756}
3757
3758
3759
3760
3761
3762static int selinux_kernel_act_as(struct cred *new, u32 secid)
3763{
3764 struct task_security_struct *tsec = new->security;
3765 u32 sid = current_sid();
3766 int ret;
3767
3768 ret = avc_has_perm(sid, secid,
3769 SECCLASS_KERNEL_SERVICE,
3770 KERNEL_SERVICE__USE_AS_OVERRIDE,
3771 NULL);
3772 if (ret == 0) {
3773 tsec->sid = secid;
3774 tsec->create_sid = 0;
3775 tsec->keycreate_sid = 0;
3776 tsec->sockcreate_sid = 0;
3777 }
3778 return ret;
3779}
3780
3781
3782
3783
3784
3785static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3786{
3787 struct inode_security_struct *isec = inode_security(inode);
3788 struct task_security_struct *tsec = new->security;
3789 u32 sid = current_sid();
3790 int ret;
3791
3792 ret = avc_has_perm(sid, isec->sid,
3793 SECCLASS_KERNEL_SERVICE,
3794 KERNEL_SERVICE__CREATE_FILES_AS,
3795 NULL);
3796
3797 if (ret == 0)
3798 tsec->create_sid = isec->sid;
3799 return ret;
3800}
3801
3802static int selinux_kernel_module_request(char *kmod_name)
3803{
3804 u32 sid;
3805 struct common_audit_data ad;
3806
3807 sid = task_sid(current);
3808
3809 ad.type = LSM_AUDIT_DATA_KMOD;
3810 ad.u.kmod_name = kmod_name;
3811
3812 return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM,
3813 SYSTEM__MODULE_REQUEST, &ad);
3814}
3815
3816static int selinux_kernel_module_from_file(struct file *file)
3817{
3818 struct common_audit_data ad;
3819 struct inode_security_struct *isec;
3820 struct file_security_struct *fsec;
3821 u32 sid = current_sid();
3822 int rc;
3823
3824
3825 if (file == NULL)
3826 return avc_has_perm(sid, sid, SECCLASS_SYSTEM,
3827 SYSTEM__MODULE_LOAD, NULL);
3828
3829
3830
3831 ad.type = LSM_AUDIT_DATA_FILE;
3832 ad.u.file = file;
3833
3834 fsec = file->f_security;
3835 if (sid != fsec->sid) {
3836 rc = avc_has_perm(sid, fsec->sid, SECCLASS_FD, FD__USE, &ad);
3837 if (rc)
3838 return rc;
3839 }
3840
3841 isec = inode_security(file_inode(file));
3842 return avc_has_perm(sid, isec->sid, SECCLASS_SYSTEM,
3843 SYSTEM__MODULE_LOAD, &ad);
3844}
3845
3846static int selinux_kernel_read_file(struct file *file,
3847 enum kernel_read_file_id id)
3848{
3849 int rc = 0;
3850
3851 switch (id) {
3852 case READING_MODULE:
3853 rc = selinux_kernel_module_from_file(file);
3854 break;
3855 default:
3856 break;
3857 }
3858
3859 return rc;
3860}
3861
3862static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
3863{
3864 return current_has_perm(p, PROCESS__SETPGID);
3865}
3866
3867static int selinux_task_getpgid(struct task_struct *p)
3868{
3869 return current_has_perm(p, PROCESS__GETPGID);
3870}
3871
3872static int selinux_task_getsid(struct task_struct *p)
3873{
3874 return current_has_perm(p, PROCESS__GETSESSION);
3875}
3876
3877static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
3878{
3879 *secid = task_sid(p);
3880}
3881
3882static int selinux_task_setnice(struct task_struct *p, int nice)
3883{
3884 return current_has_perm(p, PROCESS__SETSCHED);
3885}
3886
3887static int selinux_task_setioprio(struct task_struct *p, int ioprio)
3888{
3889 return current_has_perm(p, PROCESS__SETSCHED);
3890}
3891
3892static int selinux_task_getioprio(struct task_struct *p)
3893{
3894 return current_has_perm(p, PROCESS__GETSCHED);
3895}
3896
3897static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
3898 struct rlimit *new_rlim)
3899{
3900 struct rlimit *old_rlim = p->signal->rlim + resource;
3901
3902
3903
3904
3905
3906 if (old_rlim->rlim_max != new_rlim->rlim_max)
3907 return current_has_perm(p, PROCESS__SETRLIMIT);
3908
3909 return 0;
3910}
3911
3912static int selinux_task_setscheduler(struct task_struct *p)
3913{
3914 return current_has_perm(p, PROCESS__SETSCHED);
3915}
3916
3917static int selinux_task_getscheduler(struct task_struct *p)
3918{
3919 return current_has_perm(p, PROCESS__GETSCHED);
3920}
3921
3922static int selinux_task_movememory(struct task_struct *p)
3923{
3924 return current_has_perm(p, PROCESS__SETSCHED);
3925}
3926
3927static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
3928 int sig, u32 secid)
3929{
3930 u32 perm;
3931 int rc;
3932
3933 if (!sig)
3934 perm = PROCESS__SIGNULL;
3935 else
3936 perm = signal_to_av(sig);
3937 if (secid)
3938 rc = avc_has_perm(secid, task_sid(p),
3939 SECCLASS_PROCESS, perm, NULL);
3940 else
3941 rc = current_has_perm(p, perm);
3942 return rc;
3943}
3944
3945static int selinux_task_wait(struct task_struct *p)
3946{
3947 return task_has_perm(p, current, PROCESS__SIGCHLD);
3948}
3949
3950static void selinux_task_to_inode(struct task_struct *p,
3951 struct inode *inode)
3952{
3953 struct inode_security_struct *isec = inode->i_security;
3954 u32 sid = task_sid(p);
3955
3956 isec->sid = sid;
3957 isec->initialized = LABEL_INITIALIZED;
3958}
3959
3960
3961static int selinux_parse_skb_ipv4(struct sk_buff *skb,
3962 struct common_audit_data *ad, u8 *proto)
3963{
3964 int offset, ihlen, ret = -EINVAL;
3965 struct iphdr _iph, *ih;
3966
3967 offset = skb_network_offset(skb);
3968 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
3969 if (ih == NULL)
3970 goto out;
3971
3972 ihlen = ih->ihl * 4;
3973 if (ihlen < sizeof(_iph))
3974 goto out;
3975
3976 ad->u.net->v4info.saddr = ih->saddr;
3977 ad->u.net->v4info.daddr = ih->daddr;
3978 ret = 0;
3979
3980 if (proto)
3981 *proto = ih->protocol;
3982
3983 switch (ih->protocol) {
3984 case IPPROTO_TCP: {
3985 struct tcphdr _tcph, *th;
3986
3987 if (ntohs(ih->frag_off) & IP_OFFSET)
3988 break;
3989
3990 offset += ihlen;
3991 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3992 if (th == NULL)
3993 break;
3994
3995 ad->u.net->sport = th->source;
3996 ad->u.net->dport = th->dest;
3997 break;
3998 }
3999
4000 case IPPROTO_UDP: {
4001 struct udphdr _udph, *uh;
4002
4003 if (ntohs(ih->frag_off) & IP_OFFSET)
4004 break;
4005
4006 offset += ihlen;
4007 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
4008 if (uh == NULL)
4009 break;
4010
4011 ad->u.net->sport = uh->source;
4012 ad->u.net->dport = uh->dest;
4013 break;
4014 }
4015
4016 case IPPROTO_DCCP: {
4017 struct dccp_hdr _dccph, *dh;
4018
4019 if (ntohs(ih->frag_off) & IP_OFFSET)
4020 break;
4021
4022 offset += ihlen;
4023 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
4024 if (dh == NULL)
4025 break;
4026
4027 ad->u.net->sport = dh->dccph_sport;
4028 ad->u.net->dport = dh->dccph_dport;
4029 break;
4030 }
4031
4032 default:
4033 break;
4034 }
4035out:
4036 return ret;
4037}
4038
4039#if IS_ENABLED(CONFIG_IPV6)
4040
4041
4042static int selinux_parse_skb_ipv6(struct sk_buff *skb,
4043 struct common_audit_data *ad, u8 *proto)
4044{
4045 u8 nexthdr;
4046 int ret = -EINVAL, offset;
4047 struct ipv6hdr _ipv6h, *ip6;
4048 __be16 frag_off;
4049
4050 offset = skb_network_offset(skb);
4051 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
4052 if (ip6 == NULL)
4053 goto out;
4054
4055 ad->u.net->v6info.saddr = ip6->saddr;
4056 ad->u.net->v6info.daddr = ip6->daddr;
4057 ret = 0;
4058
4059 nexthdr = ip6->nexthdr;
4060 offset += sizeof(_ipv6h);
4061 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
4062 if (offset < 0)
4063 goto out;
4064
4065 if (proto)
4066 *proto = nexthdr;
4067
4068 switch (nexthdr) {
4069 case IPPROTO_TCP: {
4070 struct tcphdr _tcph, *th;
4071
4072 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
4073 if (th == NULL)
4074 break;
4075
4076 ad->u.net->sport = th->source;
4077 ad->u.net->dport = th->dest;
4078 break;
4079 }
4080
4081 case IPPROTO_UDP: {
4082 struct udphdr _udph, *uh;
4083
4084 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
4085 if (uh == NULL)
4086 break;
4087
4088 ad->u.net->sport = uh->source;
4089 ad->u.net->dport = uh->dest;
4090 break;
4091 }
4092
4093 case IPPROTO_DCCP: {
4094 struct dccp_hdr _dccph, *dh;
4095
4096 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
4097 if (dh == NULL)
4098 break;
4099
4100 ad->u.net->sport = dh->dccph_sport;
4101 ad->u.net->dport = dh->dccph_dport;
4102 break;
4103 }
4104
4105
4106 default:
4107 break;
4108 }
4109out:
4110 return ret;
4111}
4112
4113#endif
4114
4115static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
4116 char **_addrp, int src, u8 *proto)
4117{
4118 char *addrp;
4119 int ret;
4120
4121 switch (ad->u.net->family) {
4122 case PF_INET:
4123 ret = selinux_parse_skb_ipv4(skb, ad, proto);
4124 if (ret)
4125 goto parse_error;
4126 addrp = (char *)(src ? &ad->u.net->v4info.saddr :
4127 &ad->u.net->v4info.daddr);
4128 goto okay;
4129
4130#if IS_ENABLED(CONFIG_IPV6)
4131 case PF_INET6:
4132 ret = selinux_parse_skb_ipv6(skb, ad, proto);
4133 if (ret)
4134 goto parse_error;
4135 addrp = (char *)(src ? &ad->u.net->v6info.saddr :
4136 &ad->u.net->v6info.daddr);
4137 goto okay;
4138#endif
4139 default:
4140 addrp = NULL;
4141 goto okay;
4142 }
4143
4144parse_error:
4145 printk(KERN_WARNING
4146 "SELinux: failure in selinux_parse_skb(),"
4147 " unable to parse packet\n");
4148 return ret;
4149
4150okay:
4151 if (_addrp)
4152 *_addrp = addrp;
4153 return 0;
4154}
4155
4156
4157
4158
4159
4160
4161
4162
4163
4164
4165
4166
4167
4168
4169
4170
4171static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
4172{
4173 int err;
4174 u32 xfrm_sid;
4175 u32 nlbl_sid;
4176 u32 nlbl_type;
4177
4178 err = selinux_xfrm_skb_sid(skb, &xfrm_sid);
4179 if (unlikely(err))
4180 return -EACCES;
4181 err = selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
4182 if (unlikely(err))
4183 return -EACCES;
4184
4185 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
4186 if (unlikely(err)) {
4187 printk(KERN_WARNING
4188 "SELinux: failure in selinux_skb_peerlbl_sid(),"
4189 " unable to determine packet's peer label\n");
4190 return -EACCES;
4191 }
4192
4193 return 0;
4194}
4195
4196
4197
4198
4199
4200
4201
4202
4203
4204
4205
4206
4207
4208static int selinux_conn_sid(u32 sk_sid, u32 skb_sid, u32 *conn_sid)
4209{
4210 int err = 0;
4211
4212 if (skb_sid != SECSID_NULL)
4213 err = security_sid_mls_copy(sk_sid, skb_sid, conn_sid);
4214 else
4215 *conn_sid = sk_sid;
4216
4217 return err;
4218}
4219
4220
4221
4222static int socket_sockcreate_sid(const struct task_security_struct *tsec,
4223 u16 secclass, u32 *socksid)
4224{
4225 if (tsec->sockcreate_sid > SECSID_NULL) {
4226 *socksid = tsec->sockcreate_sid;
4227 return 0;
4228 }
4229
4230 return security_transition_sid(tsec->sid, tsec->sid, secclass, NULL,
4231 socksid);
4232}
4233
4234static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms)
4235{
4236 struct sk_security_struct *sksec = sk->sk_security;
4237 struct common_audit_data ad;
4238 struct lsm_network_audit net = {0,};
4239 u32 tsid = task_sid(task);
4240
4241 if (sksec->sid == SECINITSID_KERNEL)
4242 return 0;
4243
4244 ad.type = LSM_AUDIT_DATA_NET;
4245 ad.u.net = &net;
4246 ad.u.net->sk = sk;
4247
4248 return avc_has_perm(tsid, sksec->sid, sksec->sclass, perms, &ad);
4249}
4250
4251static int selinux_socket_create(int family, int type,
4252 int protocol, int kern)
4253{
4254 const struct task_security_struct *tsec = current_security();
4255 u32 newsid;
4256 u16 secclass;
4257 int rc;
4258
4259 if (kern)
4260 return 0;
4261
4262 secclass = socket_type_to_security_class(family, type, protocol);
4263 rc = socket_sockcreate_sid(tsec, secclass, &newsid);
4264 if (rc)
4265 return rc;
4266
4267 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
4268}
4269
4270static int selinux_socket_post_create(struct socket *sock, int family,
4271 int type, int protocol, int kern)
4272{
4273 const struct task_security_struct *tsec = current_security();
4274 struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(sock));
4275 struct sk_security_struct *sksec;
4276 int err = 0;
4277
4278 isec->sclass = socket_type_to_security_class(family, type, protocol);
4279
4280 if (kern)
4281 isec->sid = SECINITSID_KERNEL;
4282 else {
4283 err = socket_sockcreate_sid(tsec, isec->sclass, &(isec->sid));
4284 if (err)
4285 return err;
4286 }
4287
4288 isec->initialized = LABEL_INITIALIZED;
4289
4290 if (sock->sk) {
4291 sksec = sock->sk->sk_security;
4292 sksec->sid = isec->sid;
4293 sksec->sclass = isec->sclass;
4294 err = selinux_netlbl_socket_post_create(sock->sk, family);
4295 }
4296
4297 return err;
4298}
4299
4300
4301
4302
4303
4304static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
4305{
4306 struct sock *sk = sock->sk;
4307 u16 family;
4308 int err;
4309
4310 err = sock_has_perm(current, sk, SOCKET__BIND);
4311 if (err)
4312 goto out;
4313
4314
4315
4316
4317
4318
4319 family = sk->sk_family;
4320 if (family == PF_INET || family == PF_INET6) {
4321 char *addrp;
4322 struct sk_security_struct *sksec = sk->sk_security;
4323 struct common_audit_data ad;
4324 struct lsm_network_audit net = {0,};
4325 struct sockaddr_in *addr4 = NULL;
4326 struct sockaddr_in6 *addr6 = NULL;
4327 unsigned short snum;
4328 u32 sid, node_perm;
4329
4330 if (family == PF_INET) {
4331 addr4 = (struct sockaddr_in *)address;
4332 snum = ntohs(addr4->sin_port);
4333 addrp = (char *)&addr4->sin_addr.s_addr;
4334 } else {
4335 addr6 = (struct sockaddr_in6 *)address;
4336 snum = ntohs(addr6->sin6_port);
4337 addrp = (char *)&addr6->sin6_addr.s6_addr;
4338 }
4339
4340 if (snum) {
4341 int low, high;
4342
4343 inet_get_local_port_range(sock_net(sk), &low, &high);
4344
4345 if (snum < max(PROT_SOCK, low) || snum > high) {
4346 err = sel_netport_sid(sk->sk_protocol,
4347 snum, &sid);
4348 if (err)
4349 goto out;
4350 ad.type = LSM_AUDIT_DATA_NET;
4351 ad.u.net = &net;
4352 ad.u.net->sport = htons(snum);
4353 ad.u.net->family = family;
4354 err = avc_has_perm(sksec->sid, sid,
4355 sksec->sclass,
4356 SOCKET__NAME_BIND, &ad);
4357 if (err)
4358 goto out;
4359 }
4360 }
4361
4362 switch (sksec->sclass) {
4363 case SECCLASS_TCP_SOCKET:
4364 node_perm = TCP_SOCKET__NODE_BIND;
4365 break;
4366
4367 case SECCLASS_UDP_SOCKET:
4368 node_perm = UDP_SOCKET__NODE_BIND;
4369 break;
4370
4371 case SECCLASS_DCCP_SOCKET:
4372 node_perm = DCCP_SOCKET__NODE_BIND;
4373 break;
4374
4375 default:
4376 node_perm = RAWIP_SOCKET__NODE_BIND;
4377 break;
4378 }
4379
4380 err = sel_netnode_sid(addrp, family, &sid);
4381 if (err)
4382 goto out;
4383
4384 ad.type = LSM_AUDIT_DATA_NET;
4385 ad.u.net = &net;
4386 ad.u.net->sport = htons(snum);
4387 ad.u.net->family = family;
4388
4389 if (family == PF_INET)
4390 ad.u.net->v4info.saddr = addr4->sin_addr.s_addr;
4391 else
4392 ad.u.net->v6info.saddr = addr6->sin6_addr;
4393
4394 err = avc_has_perm(sksec->sid, sid,
4395 sksec->sclass, node_perm, &ad);
4396 if (err)
4397 goto out;
4398 }
4399out:
4400 return err;
4401}
4402
4403static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
4404{
4405 struct sock *sk = sock->sk;
4406 struct sk_security_struct *sksec = sk->sk_security;
4407 int err;
4408
4409 err = sock_has_perm(current, sk, SOCKET__CONNECT);
4410 if (err)
4411 return err;
4412
4413
4414
4415
4416 if (sksec->sclass == SECCLASS_TCP_SOCKET ||
4417 sksec->sclass == SECCLASS_DCCP_SOCKET) {
4418 struct common_audit_data ad;
4419 struct lsm_network_audit net = {0,};
4420 struct sockaddr_in *addr4 = NULL;
4421 struct sockaddr_in6 *addr6 = NULL;
4422 unsigned short snum;
4423 u32 sid, perm;
4424
4425 if (sk->sk_family == PF_INET) {
4426 addr4 = (struct sockaddr_in *)address;
4427 if (addrlen < sizeof(struct sockaddr_in))
4428 return -EINVAL;
4429 snum = ntohs(addr4->sin_port);
4430 } else {
4431 addr6 = (struct sockaddr_in6 *)address;
4432 if (addrlen < SIN6_LEN_RFC2133)
4433 return -EINVAL;
4434 snum = ntohs(addr6->sin6_port);
4435 }
4436
4437 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
4438 if (err)
4439 goto out;
4440
4441 perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ?
4442 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
4443
4444 ad.type = LSM_AUDIT_DATA_NET;
4445 ad.u.net = &net;
4446 ad.u.net->dport = htons(snum);
4447 ad.u.net->family = sk->sk_family;
4448 err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad);
4449 if (err)
4450 goto out;
4451 }
4452
4453 err = selinux_netlbl_socket_connect(sk, address);
4454
4455out:
4456 return err;
4457}
4458
4459static int selinux_socket_listen(struct socket *sock, int backlog)
4460{
4461 return sock_has_perm(current, sock->sk, SOCKET__LISTEN);
4462}
4463
4464static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
4465{
4466 int err;
4467 struct inode_security_struct *isec;
4468 struct inode_security_struct *newisec;
4469
4470 err = sock_has_perm(current, sock->sk, SOCKET__ACCEPT);
4471 if (err)
4472 return err;
4473
4474 newisec = inode_security_novalidate(SOCK_INODE(newsock));
4475
4476 isec = inode_security_novalidate(SOCK_INODE(sock));
4477 newisec->sclass = isec->sclass;
4478 newisec->sid = isec->sid;
4479 newisec->initialized = LABEL_INITIALIZED;
4480
4481 return 0;
4482}
4483
4484static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
4485 int size)
4486{
4487 return sock_has_perm(current, sock->sk, SOCKET__WRITE);
4488}
4489
4490static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
4491 int size, int flags)
4492{
4493 return sock_has_perm(current, sock->sk, SOCKET__READ);
4494}
4495
4496static int selinux_socket_getsockname(struct socket *sock)
4497{
4498 return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
4499}
4500
4501static int selinux_socket_getpeername(struct socket *sock)
4502{
4503 return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
4504}
4505
4506static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
4507{
4508 int err;
4509
4510 err = sock_has_perm(current, sock->sk, SOCKET__SETOPT);
4511 if (err)
4512 return err;
4513
4514 return selinux_netlbl_socket_setsockopt(sock, level, optname);
4515}
4516
4517static int selinux_socket_getsockopt(struct socket *sock, int level,
4518 int optname)
4519{
4520 return sock_has_perm(current, sock->sk, SOCKET__GETOPT);
4521}
4522
4523static int selinux_socket_shutdown(struct socket *sock, int how)
4524{
4525 return sock_has_perm(current, sock->sk, SOCKET__SHUTDOWN);
4526}
4527
4528static int selinux_socket_unix_stream_connect(struct sock *sock,
4529 struct sock *other,
4530 struct sock *newsk)
4531{
4532 struct sk_security_struct *sksec_sock = sock->sk_security;
4533 struct sk_security_struct *sksec_other = other->sk_security;
4534 struct sk_security_struct *sksec_new = newsk->sk_security;
4535 struct common_audit_data ad;
4536 struct lsm_network_audit net = {0,};
4537 int err;
4538
4539 ad.type = LSM_AUDIT_DATA_NET;
4540 ad.u.net = &net;
4541 ad.u.net->sk = other;
4542
4543 err = avc_has_perm(sksec_sock->sid, sksec_other->sid,
4544 sksec_other->sclass,
4545 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
4546 if (err)
4547 return err;
4548
4549
4550 sksec_new->peer_sid = sksec_sock->sid;
4551 err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid,
4552 &sksec_new->sid);
4553 if (err)
4554 return err;
4555
4556
4557 sksec_sock->peer_sid = sksec_new->sid;
4558
4559 return 0;
4560}
4561
4562static int selinux_socket_unix_may_send(struct socket *sock,
4563 struct socket *other)
4564{
4565 struct sk_security_struct *ssec = sock->sk->sk_security;
4566 struct sk_security_struct *osec = other->sk->sk_security;
4567 struct common_audit_data ad;
4568 struct lsm_network_audit net = {0,};
4569
4570 ad.type = LSM_AUDIT_DATA_NET;
4571 ad.u.net = &net;
4572 ad.u.net->sk = other->sk;
4573
4574 return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
4575 &ad);
4576}
4577
4578static int selinux_inet_sys_rcv_skb(struct net *ns, int ifindex,
4579 char *addrp, u16 family, u32 peer_sid,
4580 struct common_audit_data *ad)
4581{
4582 int err;
4583 u32 if_sid;
4584 u32 node_sid;
4585
4586 err = sel_netif_sid(ns, ifindex, &if_sid);
4587 if (err)
4588 return err;
4589 err = avc_has_perm(peer_sid, if_sid,
4590 SECCLASS_NETIF, NETIF__INGRESS, ad);
4591 if (err)
4592 return err;
4593
4594 err = sel_netnode_sid(addrp, family, &node_sid);
4595 if (err)
4596 return err;
4597 return avc_has_perm(peer_sid, node_sid,
4598 SECCLASS_NODE, NODE__RECVFROM, ad);
4599}
4600
4601static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4602 u16 family)
4603{
4604 int err = 0;
4605 struct sk_security_struct *sksec = sk->sk_security;
4606 u32 sk_sid = sksec->sid;
4607 struct common_audit_data ad;
4608 struct lsm_network_audit net = {0,};
4609 char *addrp;
4610
4611 ad.type = LSM_AUDIT_DATA_NET;
4612 ad.u.net = &net;
4613 ad.u.net->netif = skb->skb_iif;
4614 ad.u.net->family = family;
4615 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4616 if (err)
4617 return err;
4618
4619 if (selinux_secmark_enabled()) {
4620 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4621 PACKET__RECV, &ad);
4622 if (err)
4623 return err;
4624 }
4625
4626 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
4627 if (err)
4628 return err;
4629 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
4630
4631 return err;
4632}
4633
4634static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4635{
4636 int err;
4637 struct sk_security_struct *sksec = sk->sk_security;
4638 u16 family = sk->sk_family;
4639 u32 sk_sid = sksec->sid;
4640 struct common_audit_data ad;
4641 struct lsm_network_audit net = {0,};
4642 char *addrp;
4643 u8 secmark_active;
4644 u8 peerlbl_active;
4645
4646 if (family != PF_INET && family != PF_INET6)
4647 return 0;
4648
4649
4650 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4651 family = PF_INET;
4652
4653
4654
4655
4656
4657 if (!selinux_policycap_netpeer)
4658 return selinux_sock_rcv_skb_compat(sk, skb, family);
4659
4660 secmark_active = selinux_secmark_enabled();
4661 peerlbl_active = selinux_peerlbl_enabled();
4662 if (!secmark_active && !peerlbl_active)
4663 return 0;
4664
4665 ad.type = LSM_AUDIT_DATA_NET;
4666 ad.u.net = &net;
4667 ad.u.net->netif = skb->skb_iif;
4668 ad.u.net->family = family;
4669 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4670 if (err)
4671 return err;
4672
4673 if (peerlbl_active) {
4674 u32 peer_sid;
4675
4676 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4677 if (err)
4678 return err;
4679 err = selinux_inet_sys_rcv_skb(sock_net(sk), skb->skb_iif,
4680 addrp, family, peer_sid, &ad);
4681 if (err) {
4682 selinux_netlbl_err(skb, family, err, 0);
4683 return err;
4684 }
4685 err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
4686 PEER__RECV, &ad);
4687 if (err) {
4688 selinux_netlbl_err(skb, family, err, 0);
4689 return err;
4690 }
4691 }
4692
4693 if (secmark_active) {
4694 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4695 PACKET__RECV, &ad);
4696 if (err)
4697 return err;
4698 }
4699
4700 return err;
4701}
4702
4703static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
4704 int __user *optlen, unsigned len)
4705{
4706 int err = 0;
4707 char *scontext;
4708 u32 scontext_len;
4709 struct sk_security_struct *sksec = sock->sk->sk_security;
4710 u32 peer_sid = SECSID_NULL;
4711
4712 if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
4713 sksec->sclass == SECCLASS_TCP_SOCKET)
4714 peer_sid = sksec->peer_sid;
4715 if (peer_sid == SECSID_NULL)
4716 return -ENOPROTOOPT;
4717
4718 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
4719 if (err)
4720 return err;
4721
4722 if (scontext_len > len) {
4723 err = -ERANGE;
4724 goto out_len;
4725 }
4726
4727 if (copy_to_user(optval, scontext, scontext_len))
4728 err = -EFAULT;
4729
4730out_len:
4731 if (put_user(scontext_len, optlen))
4732 err = -EFAULT;
4733 kfree(scontext);
4734 return err;
4735}
4736
4737static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
4738{
4739 u32 peer_secid = SECSID_NULL;
4740 u16 family;
4741 struct inode_security_struct *isec;
4742
4743 if (skb && skb->protocol == htons(ETH_P_IP))
4744 family = PF_INET;
4745 else if (skb && skb->protocol == htons(ETH_P_IPV6))
4746 family = PF_INET6;
4747 else if (sock)
4748 family = sock->sk->sk_family;
4749 else
4750 goto out;
4751
4752 if (sock && family == PF_UNIX) {
4753 isec = inode_security_novalidate(SOCK_INODE(sock));
4754 peer_secid = isec->sid;
4755 } else if (skb)
4756 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
4757
4758out:
4759 *secid = peer_secid;
4760 if (peer_secid == SECSID_NULL)
4761 return -EINVAL;
4762 return 0;
4763}
4764
4765static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
4766{
4767 struct sk_security_struct *sksec;
4768
4769 sksec = kzalloc(sizeof(*sksec), priority);
4770 if (!sksec)
4771 return -ENOMEM;
4772
4773 sksec->peer_sid = SECINITSID_UNLABELED;
4774 sksec->sid = SECINITSID_UNLABELED;
4775 sksec->sclass = SECCLASS_SOCKET;
4776 selinux_netlbl_sk_security_reset(sksec);
4777 sk->sk_security = sksec;
4778
4779 return 0;
4780}
4781
4782static void selinux_sk_free_security(struct sock *sk)
4783{
4784 struct sk_security_struct *sksec = sk->sk_security;
4785
4786 sk->sk_security = NULL;
4787 selinux_netlbl_sk_security_free(sksec);
4788 kfree(sksec);
4789}
4790
4791static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
4792{
4793 struct sk_security_struct *sksec = sk->sk_security;
4794 struct sk_security_struct *newsksec = newsk->sk_security;
4795
4796 newsksec->sid = sksec->sid;
4797 newsksec->peer_sid = sksec->peer_sid;
4798 newsksec->sclass = sksec->sclass;
4799
4800 selinux_netlbl_sk_security_reset(newsksec);
4801}
4802
4803static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
4804{
4805 if (!sk)
4806 *secid = SECINITSID_ANY_SOCKET;
4807 else {
4808 struct sk_security_struct *sksec = sk->sk_security;
4809
4810 *secid = sksec->sid;
4811 }
4812}
4813
4814static void selinux_sock_graft(struct sock *sk, struct socket *parent)
4815{
4816 struct inode_security_struct *isec =
4817 inode_security_novalidate(SOCK_INODE(parent));
4818 struct sk_security_struct *sksec = sk->sk_security;
4819
4820 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
4821 sk->sk_family == PF_UNIX)
4822 isec->sid = sksec->sid;
4823 sksec->sclass = isec->sclass;
4824}
4825
4826static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4827 struct request_sock *req)
4828{
4829 struct sk_security_struct *sksec = sk->sk_security;
4830 int err;
4831 u16 family = req->rsk_ops->family;
4832 u32 connsid;
4833 u32 peersid;
4834
4835 err = selinux_skb_peerlbl_sid(skb, family, &peersid);
4836 if (err)
4837 return err;
4838 err = selinux_conn_sid(sksec->sid, peersid, &connsid);
4839 if (err)
4840 return err;
4841 req->secid = connsid;
4842 req->peer_secid = peersid;
4843
4844 return selinux_netlbl_inet_conn_request(req, family);
4845}
4846
4847static void selinux_inet_csk_clone(struct sock *newsk,
4848 const struct request_sock *req)
4849{
4850 struct sk_security_struct *newsksec = newsk->sk_security;
4851
4852 newsksec->sid = req->secid;
4853 newsksec->peer_sid = req->peer_secid;
4854
4855
4856
4857
4858
4859
4860
4861 selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
4862}
4863
4864static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
4865{
4866 u16 family = sk->sk_family;
4867 struct sk_security_struct *sksec = sk->sk_security;
4868
4869
4870 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4871 family = PF_INET;
4872
4873 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
4874}
4875
4876static int selinux_secmark_relabel_packet(u32 sid)
4877{
4878 const struct task_security_struct *__tsec;
4879 u32 tsid;
4880
4881 __tsec = current_security();
4882 tsid = __tsec->sid;
4883
4884 return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL);
4885}
4886
4887static void selinux_secmark_refcount_inc(void)
4888{
4889 atomic_inc(&selinux_secmark_refcount);
4890}
4891
4892static void selinux_secmark_refcount_dec(void)
4893{
4894 atomic_dec(&selinux_secmark_refcount);
4895}
4896
4897static void selinux_req_classify_flow(const struct request_sock *req,
4898 struct flowi *fl)
4899{
4900 fl->flowi_secid = req->secid;
4901}
4902
4903static int selinux_tun_dev_alloc_security(void **security)
4904{
4905 struct tun_security_struct *tunsec;
4906
4907 tunsec = kzalloc(sizeof(*tunsec), GFP_KERNEL);
4908 if (!tunsec)
4909 return -ENOMEM;
4910 tunsec->sid = current_sid();
4911
4912 *security = tunsec;
4913 return 0;
4914}
4915
4916static void selinux_tun_dev_free_security(void *security)
4917{
4918 kfree(security);
4919}
4920
4921static int selinux_tun_dev_create(void)
4922{
4923 u32 sid = current_sid();
4924
4925
4926
4927
4928
4929
4930
4931
4932 return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
4933 NULL);
4934}
4935
4936static int selinux_tun_dev_attach_queue(void *security)
4937{
4938 struct tun_security_struct *tunsec = security;
4939
4940 return avc_has_perm(current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET,
4941 TUN_SOCKET__ATTACH_QUEUE, NULL);
4942}
4943
4944static int selinux_tun_dev_attach(struct sock *sk, void *security)
4945{
4946 struct tun_security_struct *tunsec = security;
4947 struct sk_security_struct *sksec = sk->sk_security;
4948
4949
4950
4951
4952
4953
4954
4955
4956 sksec->sid = tunsec->sid;
4957 sksec->sclass = SECCLASS_TUN_SOCKET;
4958
4959 return 0;
4960}
4961
4962static int selinux_tun_dev_open(void *security)
4963{
4964 struct tun_security_struct *tunsec = security;
4965 u32 sid = current_sid();
4966 int err;
4967
4968 err = avc_has_perm(sid, tunsec->sid, SECCLASS_TUN_SOCKET,
4969 TUN_SOCKET__RELABELFROM, NULL);
4970 if (err)
4971 return err;
4972 err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET,
4973 TUN_SOCKET__RELABELTO, NULL);
4974 if (err)
4975 return err;
4976 tunsec->sid = sid;
4977
4978 return 0;
4979}
4980
4981static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
4982{
4983 int err = 0;
4984 u32 perm;
4985 struct nlmsghdr *nlh;
4986 struct sk_security_struct *sksec = sk->sk_security;
4987
4988 if (skb->len < NLMSG_HDRLEN) {
4989 err = -EINVAL;
4990 goto out;
4991 }
4992 nlh = nlmsg_hdr(skb);
4993
4994 err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);
4995 if (err) {
4996 if (err == -EINVAL) {
4997 pr_warn_ratelimited("SELinux: unrecognized netlink"
4998 " message: protocol=%hu nlmsg_type=%hu sclass=%s"
4999 " pig=%d comm=%s\n",
5000 sk->sk_protocol, nlh->nlmsg_type,
5001 secclass_map[sksec->sclass - 1].name,
5002 task_pid_nr(current), current->comm);
5003 if (!selinux_enforcing || security_get_allow_unknown())
5004 err = 0;
5005 }
5006
5007
5008 if (err == -ENOENT)
5009 err = 0;
5010 goto out;
5011 }
5012
5013 err = sock_has_perm(current, sk, perm);
5014out:
5015 return err;
5016}
5017
5018#ifdef CONFIG_NETFILTER
5019
5020static unsigned int selinux_ip_forward(struct sk_buff *skb,
5021 const struct net_device *indev,
5022 u16 family)
5023{
5024 int err;
5025 char *addrp;
5026 u32 peer_sid;
5027 struct common_audit_data ad;
5028 struct lsm_network_audit net = {0,};
5029 u8 secmark_active;
5030 u8 netlbl_active;
5031 u8 peerlbl_active;
5032
5033 if (!selinux_policycap_netpeer)
5034 return NF_ACCEPT;
5035
5036 secmark_active = selinux_secmark_enabled();
5037 netlbl_active = netlbl_enabled();
5038 peerlbl_active = selinux_peerlbl_enabled();
5039 if (!secmark_active && !peerlbl_active)
5040 return NF_ACCEPT;
5041
5042 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
5043 return NF_DROP;
5044
5045 ad.type = LSM_AUDIT_DATA_NET;
5046 ad.u.net = &net;
5047 ad.u.net->netif = indev->ifindex;
5048 ad.u.net->family = family;
5049 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
5050 return NF_DROP;
5051
5052 if (peerlbl_active) {
5053 err = selinux_inet_sys_rcv_skb(dev_net(indev), indev->ifindex,
5054 addrp, family, peer_sid, &ad);
5055 if (err) {
5056 selinux_netlbl_err(skb, family, err, 1);
5057 return NF_DROP;
5058 }
5059 }
5060
5061 if (secmark_active)
5062 if (avc_has_perm(peer_sid, skb->secmark,
5063 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
5064 return NF_DROP;
5065
5066 if (netlbl_active)
5067
5068
5069
5070
5071 if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
5072 return NF_DROP;
5073
5074 return NF_ACCEPT;
5075}
5076
5077static unsigned int selinux_ipv4_forward(void *priv,
5078 struct sk_buff *skb,
5079 const struct nf_hook_state *state)
5080{
5081 return selinux_ip_forward(skb, state->in, PF_INET);
5082}
5083
5084#if IS_ENABLED(CONFIG_IPV6)
5085static unsigned int selinux_ipv6_forward(void *priv,
5086 struct sk_buff *skb,
5087 const struct nf_hook_state *state)
5088{
5089 return selinux_ip_forward(skb, state->in, PF_INET6);
5090}
5091#endif
5092
5093static unsigned int selinux_ip_output(struct sk_buff *skb,
5094 u16 family)
5095{
5096 struct sock *sk;
5097 u32 sid;
5098
5099 if (!netlbl_enabled())
5100 return NF_ACCEPT;
5101
5102
5103
5104
5105 sk = skb->sk;
5106 if (sk) {
5107 struct sk_security_struct *sksec;
5108
5109 if (sk_listener(sk))
5110
5111
5112
5113
5114
5115
5116
5117
5118
5119
5120
5121
5122 return NF_ACCEPT;
5123
5124
5125 sksec = sk->sk_security;
5126 sid = sksec->sid;
5127 } else
5128 sid = SECINITSID_KERNEL;
5129 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
5130 return NF_DROP;
5131
5132 return NF_ACCEPT;
5133}
5134
5135static unsigned int selinux_ipv4_output(void *priv,
5136 struct sk_buff *skb,
5137 const struct nf_hook_state *state)
5138{
5139 return selinux_ip_output(skb, PF_INET);
5140}
5141
5142#if IS_ENABLED(CONFIG_IPV6)
5143static unsigned int selinux_ipv6_output(void *priv,
5144 struct sk_buff *skb,
5145 const struct nf_hook_state *state)
5146{
5147 return selinux_ip_output(skb, PF_INET6);
5148}
5149#endif
5150
5151static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
5152 int ifindex,
5153 u16 family)
5154{
5155 struct sock *sk = skb_to_full_sk(skb);
5156 struct sk_security_struct *sksec;
5157 struct common_audit_data ad;
5158 struct lsm_network_audit net = {0,};
5159 char *addrp;
5160 u8 proto;
5161
5162 if (sk == NULL)
5163 return NF_ACCEPT;
5164 sksec = sk->sk_security;
5165
5166 ad.type = LSM_AUDIT_DATA_NET;
5167 ad.u.net = &net;
5168 ad.u.net->netif = ifindex;
5169 ad.u.net->family = family;
5170 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
5171 return NF_DROP;
5172
5173 if (selinux_secmark_enabled())
5174 if (avc_has_perm(sksec->sid, skb->secmark,
5175 SECCLASS_PACKET, PACKET__SEND, &ad))
5176 return NF_DROP_ERR(-ECONNREFUSED);
5177
5178 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
5179 return NF_DROP_ERR(-ECONNREFUSED);
5180
5181 return NF_ACCEPT;
5182}
5183
5184static unsigned int selinux_ip_postroute(struct sk_buff *skb,
5185 const struct net_device *outdev,
5186 u16 family)
5187{
5188 u32 secmark_perm;
5189 u32 peer_sid;
5190 int ifindex = outdev->ifindex;
5191 struct sock *sk;
5192 struct common_audit_data ad;
5193 struct lsm_network_audit net = {0,};
5194 char *addrp;
5195 u8 secmark_active;
5196 u8 peerlbl_active;
5197
5198
5199
5200
5201
5202 if (!selinux_policycap_netpeer)
5203 return selinux_ip_postroute_compat(skb, ifindex, family);
5204
5205 secmark_active = selinux_secmark_enabled();
5206 peerlbl_active = selinux_peerlbl_enabled();
5207 if (!secmark_active && !peerlbl_active)
5208 return NF_ACCEPT;
5209
5210 sk = skb_to_full_sk(skb);
5211
5212#ifdef CONFIG_XFRM
5213
5214
5215
5216
5217
5218
5219
5220
5221
5222
5223
5224 if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL &&
5225 !(sk && sk_listener(sk)))
5226 return NF_ACCEPT;
5227#endif
5228
5229 if (sk == NULL) {
5230
5231
5232
5233
5234 if (skb->skb_iif) {
5235 secmark_perm = PACKET__FORWARD_OUT;
5236 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
5237 return NF_DROP;
5238 } else {
5239 secmark_perm = PACKET__SEND;
5240 peer_sid = SECINITSID_KERNEL;
5241 }
5242 } else if (sk_listener(sk)) {
5243
5244
5245
5246
5247
5248
5249
5250
5251
5252 u32 skb_sid;
5253 struct sk_security_struct *sksec;
5254
5255 sksec = sk->sk_security;
5256 if (selinux_skb_peerlbl_sid(skb, family, &skb_sid))
5257 return NF_DROP;
5258
5259
5260
5261
5262
5263
5264 if (skb_sid == SECSID_NULL) {
5265 switch (family) {
5266 case PF_INET:
5267 if (IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED)
5268 return NF_ACCEPT;
5269 break;
5270 case PF_INET6:
5271 if (IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED)
5272 return NF_ACCEPT;
5273 break;
5274 default:
5275 return NF_DROP_ERR(-ECONNREFUSED);
5276 }
5277 }
5278 if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid))
5279 return NF_DROP;
5280 secmark_perm = PACKET__SEND;
5281 } else {
5282
5283
5284 struct sk_security_struct *sksec = sk->sk_security;
5285 peer_sid = sksec->sid;
5286 secmark_perm = PACKET__SEND;
5287 }
5288
5289 ad.type = LSM_AUDIT_DATA_NET;
5290 ad.u.net = &net;
5291 ad.u.net->netif = ifindex;
5292 ad.u.net->family = family;
5293 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
5294 return NF_DROP;
5295
5296 if (secmark_active)
5297 if (avc_has_perm(peer_sid, skb->secmark,
5298 SECCLASS_PACKET, secmark_perm, &ad))
5299 return NF_DROP_ERR(-ECONNREFUSED);
5300
5301 if (peerlbl_active) {
5302 u32 if_sid;
5303 u32 node_sid;
5304
5305 if (sel_netif_sid(dev_net(outdev), ifindex, &if_sid))
5306 return NF_DROP;
5307 if (avc_has_perm(peer_sid, if_sid,
5308 SECCLASS_NETIF, NETIF__EGRESS, &ad))
5309 return NF_DROP_ERR(-ECONNREFUSED);
5310
5311 if (sel_netnode_sid(addrp, family, &node_sid))
5312 return NF_DROP;
5313 if (avc_has_perm(peer_sid, node_sid,
5314 SECCLASS_NODE, NODE__SENDTO, &ad))
5315 return NF_DROP_ERR(-ECONNREFUSED);
5316 }
5317
5318 return NF_ACCEPT;
5319}
5320
5321static unsigned int selinux_ipv4_postroute(void *priv,
5322 struct sk_buff *skb,
5323 const struct nf_hook_state *state)
5324{
5325 return selinux_ip_postroute(skb, state->out, PF_INET);
5326}
5327
5328#if IS_ENABLED(CONFIG_IPV6)
5329static unsigned int selinux_ipv6_postroute(void *priv,
5330 struct sk_buff *skb,
5331 const struct nf_hook_state *state)
5332{
5333 return selinux_ip_postroute(skb, state->out, PF_INET6);
5334}
5335#endif
5336
5337#endif
5338
5339static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
5340{
5341 return selinux_nlmsg_perm(sk, skb);
5342}
5343
5344static int ipc_alloc_security(struct task_struct *task,
5345 struct kern_ipc_perm *perm,
5346 u16 sclass)
5347{
5348 struct ipc_security_struct *isec;
5349 u32 sid;
5350
5351 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
5352 if (!isec)
5353 return -ENOMEM;
5354
5355 sid = task_sid(task);
5356 isec->sclass = sclass;
5357 isec->sid = sid;
5358 perm->security = isec;
5359
5360 return 0;
5361}
5362
5363static void ipc_free_security(struct kern_ipc_perm *perm)
5364{
5365 struct ipc_security_struct *isec = perm->security;
5366 perm->security = NULL;
5367 kfree(isec);
5368}
5369
5370static int msg_msg_alloc_security(struct msg_msg *msg)
5371{
5372 struct msg_security_struct *msec;
5373
5374 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
5375 if (!msec)
5376 return -ENOMEM;
5377
5378 msec->sid = SECINITSID_UNLABELED;
5379 msg->security = msec;
5380
5381 return 0;
5382}
5383
5384static void msg_msg_free_security(struct msg_msg *msg)
5385{
5386 struct msg_security_struct *msec = msg->security;
5387
5388 msg->security = NULL;
5389 kfree(msec);
5390}
5391
5392static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
5393 u32 perms)
5394{
5395 struct ipc_security_struct *isec;
5396 struct common_audit_data ad;
5397 u32 sid = current_sid();
5398
5399 isec = ipc_perms->security;
5400
5401 ad.type = LSM_AUDIT_DATA_IPC;
5402 ad.u.ipc_id = ipc_perms->key;
5403
5404 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
5405}
5406
5407static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
5408{
5409 return msg_msg_alloc_security(msg);
5410}
5411
5412static void selinux_msg_msg_free_security(struct msg_msg *msg)
5413{
5414 msg_msg_free_security(msg);
5415}
5416
5417
5418static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
5419{
5420 struct ipc_security_struct *isec;
5421 struct common_audit_data ad;
5422 u32 sid = current_sid();
5423 int rc;
5424
5425 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
5426 if (rc)
5427 return rc;
5428
5429 isec = msq->q_perm.security;
5430
5431 ad.type = LSM_AUDIT_DATA_IPC;
5432 ad.u.ipc_id = msq->q_perm.key;
5433
5434 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5435 MSGQ__CREATE, &ad);
5436 if (rc) {
5437 ipc_free_security(&msq->q_perm);
5438 return rc;
5439 }
5440 return 0;
5441}
5442
5443static void selinux_msg_queue_free_security(struct msg_queue *msq)
5444{
5445 ipc_free_security(&msq->q_perm);
5446}
5447
5448static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
5449{
5450 struct ipc_security_struct *isec;
5451 struct common_audit_data ad;
5452 u32 sid = current_sid();
5453
5454 isec = msq->q_perm.security;
5455
5456 ad.type = LSM_AUDIT_DATA_IPC;
5457 ad.u.ipc_id = msq->q_perm.key;
5458
5459 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5460 MSGQ__ASSOCIATE, &ad);
5461}
5462
5463static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
5464{
5465 int err;
5466 int perms;
5467
5468 switch (cmd) {
5469 case IPC_INFO:
5470 case MSG_INFO:
5471
5472 return task_has_system(current, SYSTEM__IPC_INFO);
5473 case IPC_STAT:
5474 case MSG_STAT:
5475 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
5476 break;
5477 case IPC_SET:
5478 perms = MSGQ__SETATTR;
5479 break;
5480 case IPC_RMID:
5481 perms = MSGQ__DESTROY;
5482 break;
5483 default:
5484 return 0;
5485 }
5486
5487 err = ipc_has_perm(&msq->q_perm, perms);
5488 return err;
5489}
5490
5491static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
5492{
5493 struct ipc_security_struct *isec;
5494 struct msg_security_struct *msec;
5495 struct common_audit_data ad;
5496 u32 sid = current_sid();
5497 int rc;
5498
5499 isec = msq->q_perm.security;
5500 msec = msg->security;
5501
5502
5503
5504
5505 if (msec->sid == SECINITSID_UNLABELED) {
5506
5507
5508
5509
5510 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG,
5511 NULL, &msec->sid);
5512 if (rc)
5513 return rc;
5514 }
5515
5516 ad.type = LSM_AUDIT_DATA_IPC;
5517 ad.u.ipc_id = msq->q_perm.key;
5518
5519
5520 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5521 MSGQ__WRITE, &ad);
5522 if (!rc)
5523
5524 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG,
5525 MSG__SEND, &ad);
5526 if (!rc)
5527
5528 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ,
5529 MSGQ__ENQUEUE, &ad);
5530
5531 return rc;
5532}
5533
5534static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
5535 struct task_struct *target,
5536 long type, int mode)
5537{
5538 struct ipc_security_struct *isec;
5539 struct msg_security_struct *msec;
5540 struct common_audit_data ad;
5541 u32 sid = task_sid(target);
5542 int rc;
5543
5544 isec = msq->q_perm.security;
5545 msec = msg->security;
5546
5547 ad.type = LSM_AUDIT_DATA_IPC;
5548 ad.u.ipc_id = msq->q_perm.key;
5549
5550 rc = avc_has_perm(sid, isec->sid,
5551 SECCLASS_MSGQ, MSGQ__READ, &ad);
5552 if (!rc)
5553 rc = avc_has_perm(sid, msec->sid,
5554 SECCLASS_MSG, MSG__RECEIVE, &ad);
5555 return rc;
5556}
5557
5558
5559static int selinux_shm_alloc_security(struct shmid_kernel *shp)
5560{
5561 struct ipc_security_struct *isec;
5562 struct common_audit_data ad;
5563 u32 sid = current_sid();
5564 int rc;
5565
5566 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
5567 if (rc)
5568 return rc;
5569
5570 isec = shp->shm_perm.security;
5571
5572 ad.type = LSM_AUDIT_DATA_IPC;
5573 ad.u.ipc_id = shp->shm_perm.key;
5574
5575 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5576 SHM__CREATE, &ad);
5577 if (rc) {
5578 ipc_free_security(&shp->shm_perm);
5579 return rc;
5580 }
5581 return 0;
5582}
5583
5584static void selinux_shm_free_security(struct shmid_kernel *shp)
5585{
5586 ipc_free_security(&shp->shm_perm);
5587}
5588
5589static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
5590{
5591 struct ipc_security_struct *isec;
5592 struct common_audit_data ad;
5593 u32 sid = current_sid();
5594
5595 isec = shp->shm_perm.security;
5596
5597 ad.type = LSM_AUDIT_DATA_IPC;
5598 ad.u.ipc_id = shp->shm_perm.key;
5599
5600 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5601 SHM__ASSOCIATE, &ad);
5602}
5603
5604
5605static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
5606{
5607 int perms;
5608 int err;
5609
5610 switch (cmd) {
5611 case IPC_INFO:
5612 case SHM_INFO:
5613
5614 return task_has_system(current, SYSTEM__IPC_INFO);
5615 case IPC_STAT:
5616 case SHM_STAT:
5617 perms = SHM__GETATTR | SHM__ASSOCIATE;
5618 break;
5619 case IPC_SET:
5620 perms = SHM__SETATTR;
5621 break;
5622 case SHM_LOCK:
5623 case SHM_UNLOCK:
5624 perms = SHM__LOCK;
5625 break;
5626 case IPC_RMID:
5627 perms = SHM__DESTROY;
5628 break;
5629 default:
5630 return 0;
5631 }
5632
5633 err = ipc_has_perm(&shp->shm_perm, perms);
5634 return err;
5635}
5636
5637static int selinux_shm_shmat(struct shmid_kernel *shp,
5638 char __user *shmaddr, int shmflg)
5639{
5640 u32 perms;
5641
5642 if (shmflg & SHM_RDONLY)
5643 perms = SHM__READ;
5644 else
5645 perms = SHM__READ | SHM__WRITE;
5646
5647 return ipc_has_perm(&shp->shm_perm, perms);
5648}
5649
5650
5651static int selinux_sem_alloc_security(struct sem_array *sma)
5652{
5653 struct ipc_security_struct *isec;
5654 struct common_audit_data ad;
5655 u32 sid = current_sid();
5656 int rc;
5657
5658 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
5659 if (rc)
5660 return rc;
5661
5662 isec = sma->sem_perm.security;
5663
5664 ad.type = LSM_AUDIT_DATA_IPC;
5665 ad.u.ipc_id = sma->sem_perm.key;
5666
5667 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5668 SEM__CREATE, &ad);
5669 if (rc) {
5670 ipc_free_security(&sma->sem_perm);
5671 return rc;
5672 }
5673 return 0;
5674}
5675
5676static void selinux_sem_free_security(struct sem_array *sma)
5677{
5678 ipc_free_security(&sma->sem_perm);
5679}
5680
5681static int selinux_sem_associate(struct sem_array *sma, int semflg)
5682{
5683 struct ipc_security_struct *isec;
5684 struct common_audit_data ad;
5685 u32 sid = current_sid();
5686
5687 isec = sma->sem_perm.security;
5688
5689 ad.type = LSM_AUDIT_DATA_IPC;
5690 ad.u.ipc_id = sma->sem_perm.key;
5691
5692 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5693 SEM__ASSOCIATE, &ad);
5694}
5695
5696
5697static int selinux_sem_semctl(struct sem_array *sma, int cmd)
5698{
5699 int err;
5700 u32 perms;
5701
5702 switch (cmd) {
5703 case IPC_INFO:
5704 case SEM_INFO:
5705
5706 return task_has_system(current, SYSTEM__IPC_INFO);
5707 case GETPID:
5708 case GETNCNT:
5709 case GETZCNT:
5710 perms = SEM__GETATTR;
5711 break;
5712 case GETVAL:
5713 case GETALL:
5714 perms = SEM__READ;
5715 break;
5716 case SETVAL:
5717 case SETALL:
5718 perms = SEM__WRITE;
5719 break;
5720 case IPC_RMID:
5721 perms = SEM__DESTROY;
5722 break;
5723 case IPC_SET:
5724 perms = SEM__SETATTR;
5725 break;
5726 case IPC_STAT:
5727 case SEM_STAT:
5728 perms = SEM__GETATTR | SEM__ASSOCIATE;
5729 break;
5730 default:
5731 return 0;
5732 }
5733
5734 err = ipc_has_perm(&sma->sem_perm, perms);
5735 return err;
5736}
5737
5738static int selinux_sem_semop(struct sem_array *sma,
5739 struct sembuf *sops, unsigned nsops, int alter)
5740{
5741 u32 perms;
5742
5743 if (alter)
5744 perms = SEM__READ | SEM__WRITE;
5745 else
5746 perms = SEM__READ;
5747
5748 return ipc_has_perm(&sma->sem_perm, perms);
5749}
5750
5751static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
5752{
5753 u32 av = 0;
5754
5755 av = 0;
5756 if (flag & S_IRUGO)
5757 av |= IPC__UNIX_READ;
5758 if (flag & S_IWUGO)
5759 av |= IPC__UNIX_WRITE;
5760
5761 if (av == 0)
5762 return 0;
5763
5764 return ipc_has_perm(ipcp, av);
5765}
5766
5767static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
5768{
5769 struct ipc_security_struct *isec = ipcp->security;
5770 *secid = isec->sid;
5771}
5772
5773static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
5774{
5775 if (inode)
5776 inode_doinit_with_dentry(inode, dentry);
5777}
5778
5779static int selinux_getprocattr(struct task_struct *p,
5780 char *name, char **value)
5781{
5782 const struct task_security_struct *__tsec;
5783 u32 sid;
5784 int error;
5785 unsigned len;
5786
5787 if (current != p) {
5788 error = current_has_perm(p, PROCESS__GETATTR);
5789 if (error)
5790 return error;
5791 }
5792
5793 rcu_read_lock();
5794 __tsec = __task_cred(p)->security;
5795
5796 if (!strcmp(name, "current"))
5797 sid = __tsec->sid;
5798 else if (!strcmp(name, "prev"))
5799 sid = __tsec->osid;
5800 else if (!strcmp(name, "exec"))
5801 sid = __tsec->exec_sid;
5802 else if (!strcmp(name, "fscreate"))
5803 sid = __tsec->create_sid;
5804 else if (!strcmp(name, "keycreate"))
5805 sid = __tsec->keycreate_sid;
5806 else if (!strcmp(name, "sockcreate"))
5807 sid = __tsec->sockcreate_sid;
5808 else
5809 goto invalid;
5810 rcu_read_unlock();
5811
5812 if (!sid)
5813 return 0;
5814
5815 error = security_sid_to_context(sid, value, &len);
5816 if (error)
5817 return error;
5818 return len;
5819
5820invalid:
5821 rcu_read_unlock();
5822 return -EINVAL;
5823}
5824
5825static int selinux_setprocattr(struct task_struct *p,
5826 char *name, void *value, size_t size)
5827{
5828 struct task_security_struct *tsec;
5829 struct cred *new;
5830 u32 sid = 0, ptsid;
5831 int error;
5832 char *str = value;
5833
5834 if (current != p) {
5835
5836
5837 return -EACCES;
5838 }
5839
5840
5841
5842
5843
5844
5845 if (!strcmp(name, "exec"))
5846 error = current_has_perm(p, PROCESS__SETEXEC);
5847 else if (!strcmp(name, "fscreate"))
5848 error = current_has_perm(p, PROCESS__SETFSCREATE);
5849 else if (!strcmp(name, "keycreate"))
5850 error = current_has_perm(p, PROCESS__SETKEYCREATE);
5851 else if (!strcmp(name, "sockcreate"))
5852 error = current_has_perm(p, PROCESS__SETSOCKCREATE);
5853 else if (!strcmp(name, "current"))
5854 error = current_has_perm(p, PROCESS__SETCURRENT);
5855 else
5856 error = -EINVAL;
5857 if (error)
5858 return error;
5859
5860
5861 if (size && str[1] && str[1] != '\n') {
5862 if (str[size-1] == '\n') {
5863 str[size-1] = 0;
5864 size--;
5865 }
5866 error = security_context_to_sid(value, size, &sid, GFP_KERNEL);
5867 if (error == -EINVAL && !strcmp(name, "fscreate")) {
5868 if (!capable(CAP_MAC_ADMIN)) {
5869 struct audit_buffer *ab;
5870 size_t audit_size;
5871
5872
5873
5874 if (str[size - 1] == '\0')
5875 audit_size = size - 1;
5876 else
5877 audit_size = size;
5878 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
5879 audit_log_format(ab, "op=fscreate invalid_context=");
5880 audit_log_n_untrustedstring(ab, value, audit_size);
5881 audit_log_end(ab);
5882
5883 return error;
5884 }
5885 error = security_context_to_sid_force(value, size,
5886 &sid);
5887 }
5888 if (error)
5889 return error;
5890 }
5891
5892 new = prepare_creds();
5893 if (!new)
5894 return -ENOMEM;
5895
5896
5897
5898
5899
5900
5901
5902 tsec = new->security;
5903 if (!strcmp(name, "exec")) {
5904 tsec->exec_sid = sid;
5905 } else if (!strcmp(name, "fscreate")) {
5906 tsec->create_sid = sid;
5907 } else if (!strcmp(name, "keycreate")) {
5908 error = may_create_key(sid, p);
5909 if (error)
5910 goto abort_change;
5911 tsec->keycreate_sid = sid;
5912 } else if (!strcmp(name, "sockcreate")) {
5913 tsec->sockcreate_sid = sid;
5914 } else if (!strcmp(name, "current")) {
5915 error = -EINVAL;
5916 if (sid == 0)
5917 goto abort_change;
5918
5919
5920 error = -EPERM;
5921 if (!current_is_single_threaded()) {
5922 error = security_bounded_transition(tsec->sid, sid);
5923 if (error)
5924 goto abort_change;
5925 }
5926
5927
5928 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
5929 PROCESS__DYNTRANSITION, NULL);
5930 if (error)
5931 goto abort_change;
5932
5933
5934
5935 ptsid = ptrace_parent_sid(p);
5936 if (ptsid != 0) {
5937 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
5938 PROCESS__PTRACE, NULL);
5939 if (error)
5940 goto abort_change;
5941 }
5942
5943 tsec->sid = sid;
5944 } else {
5945 error = -EINVAL;
5946 goto abort_change;
5947 }
5948
5949 commit_creds(new);
5950 return size;
5951
5952abort_change:
5953 abort_creds(new);
5954 return error;
5955}
5956
5957static int selinux_ismaclabel(const char *name)
5958{
5959 return (strcmp(name, XATTR_SELINUX_SUFFIX) == 0);
5960}
5961
5962static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
5963{
5964 return security_sid_to_context(secid, secdata, seclen);
5965}
5966
5967static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
5968{
5969 return security_context_to_sid(secdata, seclen, secid, GFP_KERNEL);
5970}
5971
5972static void selinux_release_secctx(char *secdata, u32 seclen)
5973{
5974 kfree(secdata);
5975}
5976
5977static void selinux_inode_invalidate_secctx(struct inode *inode)
5978{
5979 struct inode_security_struct *isec = inode->i_security;
5980
5981 mutex_lock(&isec->lock);
5982 isec->initialized = LABEL_INVALID;
5983 mutex_unlock(&isec->lock);
5984}
5985
5986
5987
5988
5989static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
5990{
5991 return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0);
5992}
5993
5994
5995
5996
5997static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
5998{
5999 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
6000}
6001
6002static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
6003{
6004 int len = 0;
6005 len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,
6006 ctx, true);
6007 if (len < 0)
6008 return len;
6009 *ctxlen = len;
6010 return 0;
6011}
6012#ifdef CONFIG_KEYS
6013
6014static int selinux_key_alloc(struct key *k, const struct cred *cred,
6015 unsigned long flags)
6016{
6017 const struct task_security_struct *tsec;
6018 struct key_security_struct *ksec;
6019
6020 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
6021 if (!ksec)
6022 return -ENOMEM;
6023
6024 tsec = cred->security;
6025 if (tsec->keycreate_sid)
6026 ksec->sid = tsec->keycreate_sid;
6027 else
6028 ksec->sid = tsec->sid;
6029
6030 k->security = ksec;
6031 return 0;
6032}
6033
6034static void selinux_key_free(struct key *k)
6035{
6036 struct key_security_struct *ksec = k->security;
6037
6038 k->security = NULL;
6039 kfree(ksec);
6040}
6041
6042static int selinux_key_permission(key_ref_t key_ref,
6043 const struct cred *cred,
6044 unsigned perm)
6045{
6046 struct key *key;
6047 struct key_security_struct *ksec;
6048 u32 sid;
6049
6050
6051
6052
6053 if (perm == 0)
6054 return 0;
6055
6056 sid = cred_sid(cred);
6057
6058 key = key_ref_to_ptr(key_ref);
6059 ksec = key->security;
6060
6061 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL);
6062}
6063
6064static int selinux_key_getsecurity(struct key *key, char **_buffer)
6065{
6066 struct key_security_struct *ksec = key->security;
6067 char *context = NULL;
6068 unsigned len;
6069 int rc;
6070
6071 rc = security_sid_to_context(ksec->sid, &context, &len);
6072 if (!rc)
6073 rc = len;
6074 *_buffer = context;
6075 return rc;
6076}
6077
6078#endif
6079
6080static struct security_hook_list selinux_hooks[] = {
6081 LSM_HOOK_INIT(binder_set_context_mgr, selinux_binder_set_context_mgr),
6082 LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction),
6083 LSM_HOOK_INIT(binder_transfer_binder, selinux_binder_transfer_binder),
6084 LSM_HOOK_INIT(binder_transfer_file, selinux_binder_transfer_file),
6085
6086 LSM_HOOK_INIT(ptrace_access_check, selinux_ptrace_access_check),
6087 LSM_HOOK_INIT(ptrace_traceme, selinux_ptrace_traceme),
6088 LSM_HOOK_INIT(capget, selinux_capget),
6089 LSM_HOOK_INIT(capset, selinux_capset),
6090 LSM_HOOK_INIT(capable, selinux_capable),
6091 LSM_HOOK_INIT(quotactl, selinux_quotactl),
6092 LSM_HOOK_INIT(quota_on, selinux_quota_on),
6093 LSM_HOOK_INIT(syslog, selinux_syslog),
6094 LSM_HOOK_INIT(vm_enough_memory, selinux_vm_enough_memory),
6095
6096 LSM_HOOK_INIT(netlink_send, selinux_netlink_send),
6097
6098 LSM_HOOK_INIT(bprm_set_creds, selinux_bprm_set_creds),
6099 LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds),
6100 LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds),
6101 LSM_HOOK_INIT(bprm_secureexec, selinux_bprm_secureexec),
6102
6103 LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security),
6104 LSM_HOOK_INIT(sb_free_security, selinux_sb_free_security),
6105 LSM_HOOK_INIT(sb_copy_data, selinux_sb_copy_data),
6106 LSM_HOOK_INIT(sb_remount, selinux_sb_remount),
6107 LSM_HOOK_INIT(sb_kern_mount, selinux_sb_kern_mount),
6108 LSM_HOOK_INIT(sb_show_options, selinux_sb_show_options),
6109 LSM_HOOK_INIT(sb_statfs, selinux_sb_statfs),
6110 LSM_HOOK_INIT(sb_mount, selinux_mount),
6111 LSM_HOOK_INIT(sb_umount, selinux_umount),
6112 LSM_HOOK_INIT(sb_set_mnt_opts, selinux_set_mnt_opts),
6113 LSM_HOOK_INIT(sb_clone_mnt_opts, selinux_sb_clone_mnt_opts),
6114 LSM_HOOK_INIT(sb_parse_opts_str, selinux_parse_opts_str),
6115
6116 LSM_HOOK_INIT(dentry_init_security, selinux_dentry_init_security),
6117 LSM_HOOK_INIT(dentry_create_files_as, selinux_dentry_create_files_as),
6118
6119 LSM_HOOK_INIT(inode_alloc_security, selinux_inode_alloc_security),
6120 LSM_HOOK_INIT(inode_free_security, selinux_inode_free_security),
6121 LSM_HOOK_INIT(inode_init_security, selinux_inode_init_security),
6122 LSM_HOOK_INIT(inode_create, selinux_inode_create),
6123 LSM_HOOK_INIT(inode_link, selinux_inode_link),
6124 LSM_HOOK_INIT(inode_unlink, selinux_inode_unlink),
6125 LSM_HOOK_INIT(inode_symlink, selinux_inode_symlink),
6126 LSM_HOOK_INIT(inode_mkdir, selinux_inode_mkdir),
6127 LSM_HOOK_INIT(inode_rmdir, selinux_inode_rmdir),
6128 LSM_HOOK_INIT(inode_mknod, selinux_inode_mknod),
6129 LSM_HOOK_INIT(inode_rename, selinux_inode_rename),
6130 LSM_HOOK_INIT(inode_readlink, selinux_inode_readlink),
6131 LSM_HOOK_INIT(inode_follow_link, selinux_inode_follow_link),
6132 LSM_HOOK_INIT(inode_permission, selinux_inode_permission),
6133 LSM_HOOK_INIT(inode_setattr, selinux_inode_setattr),
6134 LSM_HOOK_INIT(inode_getattr, selinux_inode_getattr),
6135 LSM_HOOK_INIT(inode_setxattr, selinux_inode_setxattr),
6136 LSM_HOOK_INIT(inode_post_setxattr, selinux_inode_post_setxattr),
6137 LSM_HOOK_INIT(inode_getxattr, selinux_inode_getxattr),
6138 LSM_HOOK_INIT(inode_listxattr, selinux_inode_listxattr),
6139 LSM_HOOK_INIT(inode_removexattr, selinux_inode_removexattr),
6140 LSM_HOOK_INIT(inode_getsecurity, selinux_inode_getsecurity),
6141 LSM_HOOK_INIT(inode_setsecurity, selinux_inode_setsecurity),
6142 LSM_HOOK_INIT(inode_listsecurity, selinux_inode_listsecurity),
6143 LSM_HOOK_INIT(inode_getsecid, selinux_inode_getsecid),
6144 LSM_HOOK_INIT(inode_copy_up, selinux_inode_copy_up),
6145 LSM_HOOK_INIT(inode_copy_up_xattr, selinux_inode_copy_up_xattr),
6146
6147 LSM_HOOK_INIT(file_permission, selinux_file_permission),
6148 LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security),
6149 LSM_HOOK_INIT(file_free_security, selinux_file_free_security),
6150 LSM_HOOK_INIT(file_ioctl, selinux_file_ioctl),
6151 LSM_HOOK_INIT(mmap_file, selinux_mmap_file),
6152 LSM_HOOK_INIT(mmap_addr, selinux_mmap_addr),
6153 LSM_HOOK_INIT(file_mprotect, selinux_file_mprotect),
6154 LSM_HOOK_INIT(file_lock, selinux_file_lock),
6155 LSM_HOOK_INIT(file_fcntl, selinux_file_fcntl),
6156 LSM_HOOK_INIT(file_set_fowner, selinux_file_set_fowner),
6157 LSM_HOOK_INIT(file_send_sigiotask, selinux_file_send_sigiotask),
6158 LSM_HOOK_INIT(file_receive, selinux_file_receive),
6159
6160 LSM_HOOK_INIT(file_open, selinux_file_open),
6161
6162 LSM_HOOK_INIT(task_create, selinux_task_create),
6163 LSM_HOOK_INIT(cred_alloc_blank, selinux_cred_alloc_blank),
6164 LSM_HOOK_INIT(cred_free, selinux_cred_free),
6165 LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare),
6166 LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer),
6167 LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as),
6168 LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as),
6169 LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request),
6170 LSM_HOOK_INIT(kernel_read_file, selinux_kernel_read_file),
6171 LSM_HOOK_INIT(task_setpgid, selinux_task_setpgid),
6172 LSM_HOOK_INIT(task_getpgid, selinux_task_getpgid),
6173 LSM_HOOK_INIT(task_getsid, selinux_task_getsid),
6174 LSM_HOOK_INIT(task_getsecid, selinux_task_getsecid),
6175 LSM_HOOK_INIT(task_setnice, selinux_task_setnice),
6176 LSM_HOOK_INIT(task_setioprio, selinux_task_setioprio),
6177 LSM_HOOK_INIT(task_getioprio, selinux_task_getioprio),
6178 LSM_HOOK_INIT(task_setrlimit, selinux_task_setrlimit),
6179 LSM_HOOK_INIT(task_setscheduler, selinux_task_setscheduler),
6180 LSM_HOOK_INIT(task_getscheduler, selinux_task_getscheduler),
6181 LSM_HOOK_INIT(task_movememory, selinux_task_movememory),
6182 LSM_HOOK_INIT(task_kill, selinux_task_kill),
6183 LSM_HOOK_INIT(task_wait, selinux_task_wait),
6184 LSM_HOOK_INIT(task_to_inode, selinux_task_to_inode),
6185
6186 LSM_HOOK_INIT(ipc_permission, selinux_ipc_permission),
6187 LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid),
6188
6189 LSM_HOOK_INIT(msg_msg_alloc_security, selinux_msg_msg_alloc_security),
6190 LSM_HOOK_INIT(msg_msg_free_security, selinux_msg_msg_free_security),
6191
6192 LSM_HOOK_INIT(msg_queue_alloc_security,
6193 selinux_msg_queue_alloc_security),
6194 LSM_HOOK_INIT(msg_queue_free_security, selinux_msg_queue_free_security),
6195 LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate),
6196 LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl),
6197 LSM_HOOK_INIT(msg_queue_msgsnd, selinux_msg_queue_msgsnd),
6198 LSM_HOOK_INIT(msg_queue_msgrcv, selinux_msg_queue_msgrcv),
6199
6200 LSM_HOOK_INIT(shm_alloc_security, selinux_shm_alloc_security),
6201 LSM_HOOK_INIT(shm_free_security, selinux_shm_free_security),
6202 LSM_HOOK_INIT(shm_associate, selinux_shm_associate),
6203 LSM_HOOK_INIT(shm_shmctl, selinux_shm_shmctl),
6204 LSM_HOOK_INIT(shm_shmat, selinux_shm_shmat),
6205
6206 LSM_HOOK_INIT(sem_alloc_security, selinux_sem_alloc_security),
6207 LSM_HOOK_INIT(sem_free_security, selinux_sem_free_security),
6208 LSM_HOOK_INIT(sem_associate, selinux_sem_associate),
6209 LSM_HOOK_INIT(sem_semctl, selinux_sem_semctl),
6210 LSM_HOOK_INIT(sem_semop, selinux_sem_semop),
6211
6212 LSM_HOOK_INIT(d_instantiate, selinux_d_instantiate),
6213
6214 LSM_HOOK_INIT(getprocattr, selinux_getprocattr),
6215 LSM_HOOK_INIT(setprocattr, selinux_setprocattr),
6216
6217 LSM_HOOK_INIT(ismaclabel, selinux_ismaclabel),
6218 LSM_HOOK_INIT(secid_to_secctx, selinux_secid_to_secctx),
6219 LSM_HOOK_INIT(secctx_to_secid, selinux_secctx_to_secid),
6220 LSM_HOOK_INIT(release_secctx, selinux_release_secctx),
6221 LSM_HOOK_INIT(inode_invalidate_secctx, selinux_inode_invalidate_secctx),
6222 LSM_HOOK_INIT(inode_notifysecctx, selinux_inode_notifysecctx),
6223 LSM_HOOK_INIT(inode_setsecctx, selinux_inode_setsecctx),
6224 LSM_HOOK_INIT(inode_getsecctx, selinux_inode_getsecctx),
6225
6226 LSM_HOOK_INIT(unix_stream_connect, selinux_socket_unix_stream_connect),
6227 LSM_HOOK_INIT(unix_may_send, selinux_socket_unix_may_send),
6228
6229 LSM_HOOK_INIT(socket_create, selinux_socket_create),
6230 LSM_HOOK_INIT(socket_post_create, selinux_socket_post_create),
6231 LSM_HOOK_INIT(socket_bind, selinux_socket_bind),
6232 LSM_HOOK_INIT(socket_connect, selinux_socket_connect),
6233 LSM_HOOK_INIT(socket_listen, selinux_socket_listen),
6234 LSM_HOOK_INIT(socket_accept, selinux_socket_accept),
6235 LSM_HOOK_INIT(socket_sendmsg, selinux_socket_sendmsg),
6236 LSM_HOOK_INIT(socket_recvmsg, selinux_socket_recvmsg),
6237 LSM_HOOK_INIT(socket_getsockname, selinux_socket_getsockname),
6238 LSM_HOOK_INIT(socket_getpeername, selinux_socket_getpeername),
6239 LSM_HOOK_INIT(socket_getsockopt, selinux_socket_getsockopt),
6240 LSM_HOOK_INIT(socket_setsockopt, selinux_socket_setsockopt),
6241 LSM_HOOK_INIT(socket_shutdown, selinux_socket_shutdown),
6242 LSM_HOOK_INIT(socket_sock_rcv_skb, selinux_socket_sock_rcv_skb),
6243 LSM_HOOK_INIT(socket_getpeersec_stream,
6244 selinux_socket_getpeersec_stream),
6245 LSM_HOOK_INIT(socket_getpeersec_dgram, selinux_socket_getpeersec_dgram),
6246 LSM_HOOK_INIT(sk_alloc_security, selinux_sk_alloc_security),
6247 LSM_HOOK_INIT(sk_free_security, selinux_sk_free_security),
6248 LSM_HOOK_INIT(sk_clone_security, selinux_sk_clone_security),
6249 LSM_HOOK_INIT(sk_getsecid, selinux_sk_getsecid),
6250 LSM_HOOK_INIT(sock_graft, selinux_sock_graft),
6251 LSM_HOOK_INIT(inet_conn_request, selinux_inet_conn_request),
6252 LSM_HOOK_INIT(inet_csk_clone, selinux_inet_csk_clone),
6253 LSM_HOOK_INIT(inet_conn_established, selinux_inet_conn_established),
6254 LSM_HOOK_INIT(secmark_relabel_packet, selinux_secmark_relabel_packet),
6255 LSM_HOOK_INIT(secmark_refcount_inc, selinux_secmark_refcount_inc),
6256 LSM_HOOK_INIT(secmark_refcount_dec, selinux_secmark_refcount_dec),
6257 LSM_HOOK_INIT(req_classify_flow, selinux_req_classify_flow),
6258 LSM_HOOK_INIT(tun_dev_alloc_security, selinux_tun_dev_alloc_security),
6259 LSM_HOOK_INIT(tun_dev_free_security, selinux_tun_dev_free_security),
6260 LSM_HOOK_INIT(tun_dev_create, selinux_tun_dev_create),
6261 LSM_HOOK_INIT(tun_dev_attach_queue, selinux_tun_dev_attach_queue),
6262 LSM_HOOK_INIT(tun_dev_attach, selinux_tun_dev_attach),
6263 LSM_HOOK_INIT(tun_dev_open, selinux_tun_dev_open),
6264
6265#ifdef CONFIG_SECURITY_NETWORK_XFRM
6266 LSM_HOOK_INIT(xfrm_policy_alloc_security, selinux_xfrm_policy_alloc),
6267 LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone),
6268 LSM_HOOK_INIT(xfrm_policy_free_security, selinux_xfrm_policy_free),
6269 LSM_HOOK_INIT(xfrm_policy_delete_security, selinux_xfrm_policy_delete),
6270 LSM_HOOK_INIT(xfrm_state_alloc, selinux_xfrm_state_alloc),
6271 LSM_HOOK_INIT(xfrm_state_alloc_acquire,
6272 selinux_xfrm_state_alloc_acquire),
6273 LSM_HOOK_INIT(xfrm_state_free_security, selinux_xfrm_state_free),
6274 LSM_HOOK_INIT(xfrm_state_delete_security, selinux_xfrm_state_delete),
6275 LSM_HOOK_INIT(xfrm_policy_lookup, selinux_xfrm_policy_lookup),
6276 LSM_HOOK_INIT(xfrm_state_pol_flow_match,
6277 selinux_xfrm_state_pol_flow_match),
6278 LSM_HOOK_INIT(xfrm_decode_session, selinux_xfrm_decode_session),
6279#endif
6280
6281#ifdef CONFIG_KEYS
6282 LSM_HOOK_INIT(key_alloc, selinux_key_alloc),
6283 LSM_HOOK_INIT(key_free, selinux_key_free),
6284 LSM_HOOK_INIT(key_permission, selinux_key_permission),
6285 LSM_HOOK_INIT(key_getsecurity, selinux_key_getsecurity),
6286#endif
6287
6288#ifdef CONFIG_AUDIT
6289 LSM_HOOK_INIT(audit_rule_init, selinux_audit_rule_init),
6290 LSM_HOOK_INIT(audit_rule_known, selinux_audit_rule_known),
6291 LSM_HOOK_INIT(audit_rule_match, selinux_audit_rule_match),
6292 LSM_HOOK_INIT(audit_rule_free, selinux_audit_rule_free),
6293#endif
6294};
6295
6296static __init int selinux_init(void)
6297{
6298 if (!security_module_enable("selinux")) {
6299 selinux_enabled = 0;
6300 return 0;
6301 }
6302
6303 if (!selinux_enabled) {
6304 printk(KERN_INFO "SELinux: Disabled at boot.\n");
6305 return 0;
6306 }
6307
6308 printk(KERN_INFO "SELinux: Initializing.\n");
6309
6310
6311 cred_init_security();
6312
6313 default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
6314
6315 sel_inode_cache = kmem_cache_create("selinux_inode_security",
6316 sizeof(struct inode_security_struct),
6317 0, SLAB_PANIC, NULL);
6318 file_security_cache = kmem_cache_create("selinux_file_security",
6319 sizeof(struct file_security_struct),
6320 0, SLAB_PANIC, NULL);
6321 avc_init();
6322
6323 security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks));
6324
6325 if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET))
6326 panic("SELinux: Unable to register AVC netcache callback\n");
6327
6328 if (selinux_enforcing)
6329 printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
6330 else
6331 printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
6332
6333 return 0;
6334}
6335
6336static void delayed_superblock_init(struct super_block *sb, void *unused)
6337{
6338 superblock_doinit(sb, NULL);
6339}
6340
6341void selinux_complete_init(void)
6342{
6343 printk(KERN_DEBUG "SELinux: Completing initialization.\n");
6344
6345
6346 printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
6347 iterate_supers(delayed_superblock_init, NULL);
6348}
6349
6350
6351
6352security_initcall(selinux_init);
6353
6354#if defined(CONFIG_NETFILTER)
6355
6356static struct nf_hook_ops selinux_nf_ops[] = {
6357 {
6358 .hook = selinux_ipv4_postroute,
6359 .pf = NFPROTO_IPV4,
6360 .hooknum = NF_INET_POST_ROUTING,
6361 .priority = NF_IP_PRI_SELINUX_LAST,
6362 },
6363 {
6364 .hook = selinux_ipv4_forward,
6365 .pf = NFPROTO_IPV4,
6366 .hooknum = NF_INET_FORWARD,
6367 .priority = NF_IP_PRI_SELINUX_FIRST,
6368 },
6369 {
6370 .hook = selinux_ipv4_output,
6371 .pf = NFPROTO_IPV4,
6372 .hooknum = NF_INET_LOCAL_OUT,
6373 .priority = NF_IP_PRI_SELINUX_FIRST,
6374 },
6375#if IS_ENABLED(CONFIG_IPV6)
6376 {
6377 .hook = selinux_ipv6_postroute,
6378 .pf = NFPROTO_IPV6,
6379 .hooknum = NF_INET_POST_ROUTING,
6380 .priority = NF_IP6_PRI_SELINUX_LAST,
6381 },
6382 {
6383 .hook = selinux_ipv6_forward,
6384 .pf = NFPROTO_IPV6,
6385 .hooknum = NF_INET_FORWARD,
6386 .priority = NF_IP6_PRI_SELINUX_FIRST,
6387 },
6388 {
6389 .hook = selinux_ipv6_output,
6390 .pf = NFPROTO_IPV6,
6391 .hooknum = NF_INET_LOCAL_OUT,
6392 .priority = NF_IP6_PRI_SELINUX_FIRST,
6393 },
6394#endif
6395};
6396
6397static int __init selinux_nf_ip_init(void)
6398{
6399 int err;
6400
6401 if (!selinux_enabled)
6402 return 0;
6403
6404 printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
6405
6406 err = nf_register_hooks(selinux_nf_ops, ARRAY_SIZE(selinux_nf_ops));
6407 if (err)
6408 panic("SELinux: nf_register_hooks: error %d\n", err);
6409
6410 return 0;
6411}
6412
6413__initcall(selinux_nf_ip_init);
6414
6415#ifdef CONFIG_SECURITY_SELINUX_DISABLE
6416static void selinux_nf_ip_exit(void)
6417{
6418 printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
6419
6420 nf_unregister_hooks(selinux_nf_ops, ARRAY_SIZE(selinux_nf_ops));
6421}
6422#endif
6423
6424#else
6425
6426#ifdef CONFIG_SECURITY_SELINUX_DISABLE
6427#define selinux_nf_ip_exit()
6428#endif
6429
6430#endif
6431
6432#ifdef CONFIG_SECURITY_SELINUX_DISABLE
6433static int selinux_disabled;
6434
6435int selinux_disable(void)
6436{
6437 if (ss_initialized) {
6438
6439 return -EINVAL;
6440 }
6441
6442 if (selinux_disabled) {
6443
6444 return -EINVAL;
6445 }
6446
6447 printk(KERN_INFO "SELinux: Disabled at runtime.\n");
6448
6449 selinux_disabled = 1;
6450 selinux_enabled = 0;
6451
6452 security_delete_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks));
6453
6454
6455 avc_disable();
6456
6457
6458 selinux_nf_ip_exit();
6459
6460
6461 exit_sel_fs();
6462
6463 return 0;
6464}
6465#endif
6466