1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/init.h>
28#include <linux/kd.h>
29#include <linux/kernel.h>
30#include <linux/tracehook.h>
31#include <linux/errno.h>
32#include <linux/sched/signal.h>
33#include <linux/sched/task.h>
34#include <linux/lsm_hooks.h>
35#include <linux/xattr.h>
36#include <linux/capability.h>
37#include <linux/unistd.h>
38#include <linux/mm.h>
39#include <linux/mman.h>
40#include <linux/slab.h>
41#include <linux/pagemap.h>
42#include <linux/proc_fs.h>
43#include <linux/swap.h>
44#include <linux/spinlock.h>
45#include <linux/syscalls.h>
46#include <linux/dcache.h>
47#include <linux/file.h>
48#include <linux/fdtable.h>
49#include <linux/namei.h>
50#include <linux/mount.h>
51#include <linux/netfilter_ipv4.h>
52#include <linux/netfilter_ipv6.h>
53#include <linux/tty.h>
54#include <net/icmp.h>
55#include <net/ip.h>
56#include <net/tcp.h>
57#include <net/inet_connection_sock.h>
58#include <net/net_namespace.h>
59#include <net/netlabel.h>
60#include <linux/uaccess.h>
61#include <asm/ioctls.h>
62#include <linux/atomic.h>
63#include <linux/bitops.h>
64#include <linux/interrupt.h>
65#include <linux/netdevice.h>
66#include <net/netlink.h>
67#include <linux/tcp.h>
68#include <linux/udp.h>
69#include <linux/dccp.h>
70#include <linux/quota.h>
71#include <linux/un.h>
72#include <net/af_unix.h>
73#include <linux/parser.h>
74#include <linux/nfs_mount.h>
75#include <net/ipv6.h>
76#include <linux/hugetlb.h>
77#include <linux/personality.h>
78#include <linux/audit.h>
79#include <linux/string.h>
80#include <linux/selinux.h>
81#include <linux/mutex.h>
82#include <linux/posix-timers.h>
83#include <linux/syslog.h>
84#include <linux/user_namespace.h>
85#include <linux/export.h>
86#include <linux/msg.h>
87#include <linux/shm.h>
88
89#include "avc.h"
90#include "objsec.h"
91#include "netif.h"
92#include "netnode.h"
93#include "netport.h"
94#include "ibpkey.h"
95#include "xfrm.h"
96#include "netlabel.h"
97#include "audit.h"
98#include "avc_ss.h"
99
100
101static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
102
103#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
104int selinux_enforcing;
105
106static int __init enforcing_setup(char *str)
107{
108 unsigned long enforcing;
109 if (!kstrtoul(str, 0, &enforcing))
110 selinux_enforcing = enforcing ? 1 : 0;
111 return 1;
112}
113__setup("enforcing=", enforcing_setup);
114#endif
115
116#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
117int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
118
119static int __init selinux_enabled_setup(char *str)
120{
121 unsigned long enabled;
122 if (!kstrtoul(str, 0, &enabled))
123 selinux_enabled = enabled ? 1 : 0;
124 return 1;
125}
126__setup("selinux=", selinux_enabled_setup);
127#else
128int selinux_enabled = 1;
129#endif
130
131static struct kmem_cache *sel_inode_cache;
132static struct kmem_cache *file_security_cache;
133
134
135
136
137
138
139
140
141
142
143
144
145static int selinux_secmark_enabled(void)
146{
147 return (selinux_policycap_alwaysnetwork || atomic_read(&selinux_secmark_refcount));
148}
149
150
151
152
153
154
155
156
157
158
159
160static int selinux_peerlbl_enabled(void)
161{
162 return (selinux_policycap_alwaysnetwork || netlbl_enabled() || selinux_xfrm_enabled());
163}
164
165static int selinux_netcache_avc_callback(u32 event)
166{
167 if (event == AVC_CALLBACK_RESET) {
168 sel_netif_flush();
169 sel_netnode_flush();
170 sel_netport_flush();
171 synchronize_net();
172 }
173 return 0;
174}
175
176static int selinux_lsm_notifier_avc_callback(u32 event)
177{
178 if (event == AVC_CALLBACK_RESET) {
179 sel_ib_pkey_flush();
180 call_lsm_notifier(LSM_POLICY_CHANGE, NULL);
181 }
182
183 return 0;
184}
185
186
187
188
189static void cred_init_security(void)
190{
191 struct cred *cred = (struct cred *) current->real_cred;
192 struct task_security_struct *tsec;
193
194 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
195 if (!tsec)
196 panic("SELinux: Failed to initialize initial task.\n");
197
198 tsec->osid = tsec->sid = SECINITSID_KERNEL;
199 cred->security = tsec;
200}
201
202
203
204
205static inline u32 cred_sid(const struct cred *cred)
206{
207 const struct task_security_struct *tsec;
208
209 tsec = cred->security;
210 return tsec->sid;
211}
212
213
214
215
216static inline u32 task_sid(const struct task_struct *task)
217{
218 u32 sid;
219
220 rcu_read_lock();
221 sid = cred_sid(__task_cred(task));
222 rcu_read_unlock();
223 return sid;
224}
225
226
227
228static int inode_alloc_security(struct inode *inode)
229{
230 struct inode_security_struct *isec;
231 u32 sid = current_sid();
232
233 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
234 if (!isec)
235 return -ENOMEM;
236
237 spin_lock_init(&isec->lock);
238 INIT_LIST_HEAD(&isec->list);
239 isec->inode = inode;
240 isec->sid = SECINITSID_UNLABELED;
241 isec->sclass = SECCLASS_FILE;
242 isec->task_sid = sid;
243 isec->initialized = LABEL_INVALID;
244 inode->i_security = isec;
245
246 return 0;
247}
248
249static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
250
251
252
253
254
255
256
257
258static int __inode_security_revalidate(struct inode *inode,
259 struct dentry *opt_dentry,
260 bool may_sleep)
261{
262 struct inode_security_struct *isec = inode->i_security;
263
264 might_sleep_if(may_sleep);
265
266 if (ss_initialized && isec->initialized != LABEL_INITIALIZED) {
267 if (!may_sleep)
268 return -ECHILD;
269
270
271
272
273
274
275 inode_doinit_with_dentry(inode, opt_dentry);
276 }
277 return 0;
278}
279
280static struct inode_security_struct *inode_security_novalidate(struct inode *inode)
281{
282 return inode->i_security;
283}
284
285static struct inode_security_struct *inode_security_rcu(struct inode *inode, bool rcu)
286{
287 int error;
288
289 error = __inode_security_revalidate(inode, NULL, !rcu);
290 if (error)
291 return ERR_PTR(error);
292 return inode->i_security;
293}
294
295
296
297
298static struct inode_security_struct *inode_security(struct inode *inode)
299{
300 __inode_security_revalidate(inode, NULL, true);
301 return inode->i_security;
302}
303
304static struct inode_security_struct *backing_inode_security_novalidate(struct dentry *dentry)
305{
306 struct inode *inode = d_backing_inode(dentry);
307
308 return inode->i_security;
309}
310
311
312
313
314static struct inode_security_struct *backing_inode_security(struct dentry *dentry)
315{
316 struct inode *inode = d_backing_inode(dentry);
317
318 __inode_security_revalidate(inode, dentry, true);
319 return inode->i_security;
320}
321
322static void inode_free_rcu(struct rcu_head *head)
323{
324 struct inode_security_struct *isec;
325
326 isec = container_of(head, struct inode_security_struct, rcu);
327 kmem_cache_free(sel_inode_cache, isec);
328}
329
330static void inode_free_security(struct inode *inode)
331{
332 struct inode_security_struct *isec = inode->i_security;
333 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
334
335
336
337
338
339
340
341
342
343
344
345 if (!list_empty_careful(&isec->list)) {
346 spin_lock(&sbsec->isec_lock);
347 list_del_init(&isec->list);
348 spin_unlock(&sbsec->isec_lock);
349 }
350
351
352
353
354
355
356
357
358
359
360 call_rcu(&isec->rcu, inode_free_rcu);
361}
362
363static int file_alloc_security(struct file *file)
364{
365 struct file_security_struct *fsec;
366 u32 sid = current_sid();
367
368 fsec = kmem_cache_zalloc(file_security_cache, GFP_KERNEL);
369 if (!fsec)
370 return -ENOMEM;
371
372 fsec->sid = sid;
373 fsec->fown_sid = sid;
374 file->f_security = fsec;
375
376 return 0;
377}
378
379static void file_free_security(struct file *file)
380{
381 struct file_security_struct *fsec = file->f_security;
382 file->f_security = NULL;
383 kmem_cache_free(file_security_cache, fsec);
384}
385
386static int superblock_alloc_security(struct super_block *sb)
387{
388 struct superblock_security_struct *sbsec;
389
390 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
391 if (!sbsec)
392 return -ENOMEM;
393
394 mutex_init(&sbsec->lock);
395 INIT_LIST_HEAD(&sbsec->isec_head);
396 spin_lock_init(&sbsec->isec_lock);
397 sbsec->sb = sb;
398 sbsec->sid = SECINITSID_UNLABELED;
399 sbsec->def_sid = SECINITSID_FILE;
400 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
401 sb->s_security = sbsec;
402
403 return 0;
404}
405
406static void superblock_free_security(struct super_block *sb)
407{
408 struct superblock_security_struct *sbsec = sb->s_security;
409 sb->s_security = NULL;
410 kfree(sbsec);
411}
412
413static inline int inode_doinit(struct inode *inode)
414{
415 return inode_doinit_with_dentry(inode, NULL);
416}
417
418enum {
419 Opt_error = -1,
420 Opt_context = 1,
421 Opt_fscontext = 2,
422 Opt_defcontext = 3,
423 Opt_rootcontext = 4,
424 Opt_labelsupport = 5,
425 Opt_nextmntopt = 6,
426};
427
428#define NUM_SEL_MNT_OPTS (Opt_nextmntopt - 1)
429
430static const match_table_t tokens = {
431 {Opt_context, CONTEXT_STR "%s"},
432 {Opt_fscontext, FSCONTEXT_STR "%s"},
433 {Opt_defcontext, DEFCONTEXT_STR "%s"},
434 {Opt_rootcontext, ROOTCONTEXT_STR "%s"},
435 {Opt_labelsupport, LABELSUPP_STR},
436 {Opt_error, NULL},
437};
438
439#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
440
441static int may_context_mount_sb_relabel(u32 sid,
442 struct superblock_security_struct *sbsec,
443 const struct cred *cred)
444{
445 const struct task_security_struct *tsec = cred->security;
446 int rc;
447
448 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
449 FILESYSTEM__RELABELFROM, NULL);
450 if (rc)
451 return rc;
452
453 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
454 FILESYSTEM__RELABELTO, NULL);
455 return rc;
456}
457
458static int may_context_mount_inode_relabel(u32 sid,
459 struct superblock_security_struct *sbsec,
460 const struct cred *cred)
461{
462 const struct task_security_struct *tsec = cred->security;
463 int rc;
464 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
465 FILESYSTEM__RELABELFROM, NULL);
466 if (rc)
467 return rc;
468
469 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
470 FILESYSTEM__ASSOCIATE, NULL);
471 return rc;
472}
473
474static int selinux_is_sblabel_mnt(struct super_block *sb)
475{
476 struct superblock_security_struct *sbsec = sb->s_security;
477
478 return sbsec->behavior == SECURITY_FS_USE_XATTR ||
479 sbsec->behavior == SECURITY_FS_USE_TRANS ||
480 sbsec->behavior == SECURITY_FS_USE_TASK ||
481 sbsec->behavior == SECURITY_FS_USE_NATIVE ||
482
483 !strcmp(sb->s_type->name, "sysfs") ||
484 !strcmp(sb->s_type->name, "pstore") ||
485 !strcmp(sb->s_type->name, "debugfs") ||
486 !strcmp(sb->s_type->name, "tracefs") ||
487 !strcmp(sb->s_type->name, "rootfs") ||
488 (selinux_policycap_cgroupseclabel &&
489 (!strcmp(sb->s_type->name, "cgroup") ||
490 !strcmp(sb->s_type->name, "cgroup2")));
491}
492
493static int sb_finish_set_opts(struct super_block *sb)
494{
495 struct superblock_security_struct *sbsec = sb->s_security;
496 struct dentry *root = sb->s_root;
497 struct inode *root_inode = d_backing_inode(root);
498 int rc = 0;
499
500 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
501
502
503
504
505
506 if (!(root_inode->i_opflags & IOP_XATTR)) {
507 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
508 "xattr support\n", sb->s_id, sb->s_type->name);
509 rc = -EOPNOTSUPP;
510 goto out;
511 }
512
513 rc = __vfs_getxattr(root, root_inode, XATTR_NAME_SELINUX, NULL, 0);
514 if (rc < 0 && rc != -ENODATA) {
515 if (rc == -EOPNOTSUPP)
516 printk(KERN_WARNING "SELinux: (dev %s, type "
517 "%s) has no security xattr handler\n",
518 sb->s_id, sb->s_type->name);
519 else
520 printk(KERN_WARNING "SELinux: (dev %s, type "
521 "%s) getxattr errno %d\n", sb->s_id,
522 sb->s_type->name, -rc);
523 goto out;
524 }
525 }
526
527 sbsec->flags |= SE_SBINITIALIZED;
528
529
530
531
532
533
534 if (selinux_is_sblabel_mnt(sb))
535 sbsec->flags |= SBLABEL_MNT;
536 else
537 sbsec->flags &= ~SBLABEL_MNT;
538
539
540 rc = inode_doinit_with_dentry(root_inode, root);
541
542
543
544
545
546 spin_lock(&sbsec->isec_lock);
547next_inode:
548 if (!list_empty(&sbsec->isec_head)) {
549 struct inode_security_struct *isec =
550 list_entry(sbsec->isec_head.next,
551 struct inode_security_struct, list);
552 struct inode *inode = isec->inode;
553 list_del_init(&isec->list);
554 spin_unlock(&sbsec->isec_lock);
555 inode = igrab(inode);
556 if (inode) {
557 if (!IS_PRIVATE(inode))
558 inode_doinit(inode);
559 iput(inode);
560 }
561 spin_lock(&sbsec->isec_lock);
562 goto next_inode;
563 }
564 spin_unlock(&sbsec->isec_lock);
565out:
566 return rc;
567}
568
569
570
571
572
573
574static int selinux_get_mnt_opts(const struct super_block *sb,
575 struct security_mnt_opts *opts)
576{
577 int rc = 0, i;
578 struct superblock_security_struct *sbsec = sb->s_security;
579 char *context = NULL;
580 u32 len;
581 char tmp;
582
583 security_init_mnt_opts(opts);
584
585 if (!(sbsec->flags & SE_SBINITIALIZED))
586 return -EINVAL;
587
588 if (!ss_initialized)
589 return -EINVAL;
590
591
592 BUILD_BUG_ON(SE_MNTMASK >= (1 << NUM_SEL_MNT_OPTS));
593
594 tmp = sbsec->flags & SE_MNTMASK;
595
596 for (i = 0; i < NUM_SEL_MNT_OPTS; i++) {
597 if (tmp & 0x01)
598 opts->num_mnt_opts++;
599 tmp >>= 1;
600 }
601
602 if (sbsec->flags & SBLABEL_MNT)
603 opts->num_mnt_opts++;
604
605 opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
606 if (!opts->mnt_opts) {
607 rc = -ENOMEM;
608 goto out_free;
609 }
610
611 opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);
612 if (!opts->mnt_opts_flags) {
613 rc = -ENOMEM;
614 goto out_free;
615 }
616
617 i = 0;
618 if (sbsec->flags & FSCONTEXT_MNT) {
619 rc = security_sid_to_context(sbsec->sid, &context, &len);
620 if (rc)
621 goto out_free;
622 opts->mnt_opts[i] = context;
623 opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
624 }
625 if (sbsec->flags & CONTEXT_MNT) {
626 rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
627 if (rc)
628 goto out_free;
629 opts->mnt_opts[i] = context;
630 opts->mnt_opts_flags[i++] = CONTEXT_MNT;
631 }
632 if (sbsec->flags & DEFCONTEXT_MNT) {
633 rc = security_sid_to_context(sbsec->def_sid, &context, &len);
634 if (rc)
635 goto out_free;
636 opts->mnt_opts[i] = context;
637 opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;
638 }
639 if (sbsec->flags & ROOTCONTEXT_MNT) {
640 struct dentry *root = sbsec->sb->s_root;
641 struct inode_security_struct *isec = backing_inode_security(root);
642
643 rc = security_sid_to_context(isec->sid, &context, &len);
644 if (rc)
645 goto out_free;
646 opts->mnt_opts[i] = context;
647 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
648 }
649 if (sbsec->flags & SBLABEL_MNT) {
650 opts->mnt_opts[i] = NULL;
651 opts->mnt_opts_flags[i++] = SBLABEL_MNT;
652 }
653
654 BUG_ON(i != opts->num_mnt_opts);
655
656 return 0;
657
658out_free:
659 security_free_mnt_opts(opts);
660 return rc;
661}
662
663static int bad_option(struct superblock_security_struct *sbsec, char flag,
664 u32 old_sid, u32 new_sid)
665{
666 char mnt_flags = sbsec->flags & SE_MNTMASK;
667
668
669 if (sbsec->flags & SE_SBINITIALIZED)
670 if (!(sbsec->flags & flag) ||
671 (old_sid != new_sid))
672 return 1;
673
674
675
676
677 if (!(sbsec->flags & SE_SBINITIALIZED))
678 if (mnt_flags & flag)
679 return 1;
680 return 0;
681}
682
683
684
685
686
687static int selinux_set_mnt_opts(struct super_block *sb,
688 struct security_mnt_opts *opts,
689 unsigned long kern_flags,
690 unsigned long *set_kern_flags)
691{
692 const struct cred *cred = current_cred();
693 int rc = 0, i;
694 struct superblock_security_struct *sbsec = sb->s_security;
695 const char *name = sb->s_type->name;
696 struct dentry *root = sbsec->sb->s_root;
697 struct inode_security_struct *root_isec;
698 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
699 u32 defcontext_sid = 0;
700 char **mount_options = opts->mnt_opts;
701 int *flags = opts->mnt_opts_flags;
702 int num_opts = opts->num_mnt_opts;
703
704 mutex_lock(&sbsec->lock);
705
706 if (!ss_initialized) {
707 if (!num_opts) {
708
709
710
711 goto out;
712 }
713 rc = -EINVAL;
714 printk(KERN_WARNING "SELinux: Unable to set superblock options "
715 "before the security server is initialized\n");
716 goto out;
717 }
718 if (kern_flags && !set_kern_flags) {
719
720
721 rc = -EINVAL;
722 goto out;
723 }
724
725
726
727
728
729
730
731
732
733
734
735
736 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
737 && (num_opts == 0))
738 goto out;
739
740 root_isec = backing_inode_security_novalidate(root);
741
742
743
744
745
746
747 for (i = 0; i < num_opts; i++) {
748 u32 sid;
749
750 if (flags[i] == SBLABEL_MNT)
751 continue;
752 rc = security_context_str_to_sid(mount_options[i], &sid, GFP_KERNEL);
753 if (rc) {
754 printk(KERN_WARNING "SELinux: security_context_str_to_sid"
755 "(%s) failed for (dev %s, type %s) errno=%d\n",
756 mount_options[i], sb->s_id, name, rc);
757 goto out;
758 }
759 switch (flags[i]) {
760 case FSCONTEXT_MNT:
761 fscontext_sid = sid;
762
763 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
764 fscontext_sid))
765 goto out_double_mount;
766
767 sbsec->flags |= FSCONTEXT_MNT;
768 break;
769 case CONTEXT_MNT:
770 context_sid = sid;
771
772 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
773 context_sid))
774 goto out_double_mount;
775
776 sbsec->flags |= CONTEXT_MNT;
777 break;
778 case ROOTCONTEXT_MNT:
779 rootcontext_sid = sid;
780
781 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
782 rootcontext_sid))
783 goto out_double_mount;
784
785 sbsec->flags |= ROOTCONTEXT_MNT;
786
787 break;
788 case DEFCONTEXT_MNT:
789 defcontext_sid = sid;
790
791 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
792 defcontext_sid))
793 goto out_double_mount;
794
795 sbsec->flags |= DEFCONTEXT_MNT;
796
797 break;
798 default:
799 rc = -EINVAL;
800 goto out;
801 }
802 }
803
804 if (sbsec->flags & SE_SBINITIALIZED) {
805
806 if ((sbsec->flags & SE_MNTMASK) && !num_opts)
807 goto out_double_mount;
808 rc = 0;
809 goto out;
810 }
811
812 if (strcmp(sb->s_type->name, "proc") == 0)
813 sbsec->flags |= SE_SBPROC | SE_SBGENFS;
814
815 if (!strcmp(sb->s_type->name, "debugfs") ||
816 !strcmp(sb->s_type->name, "tracefs") ||
817 !strcmp(sb->s_type->name, "sysfs") ||
818 !strcmp(sb->s_type->name, "pstore") ||
819 !strcmp(sb->s_type->name, "cgroup") ||
820 !strcmp(sb->s_type->name, "cgroup2"))
821 sbsec->flags |= SE_SBGENFS;
822
823 if (!sbsec->behavior) {
824
825
826
827
828 rc = security_fs_use(sb);
829 if (rc) {
830 printk(KERN_WARNING
831 "%s: security_fs_use(%s) returned %d\n",
832 __func__, sb->s_type->name, rc);
833 goto out;
834 }
835 }
836
837
838
839
840
841
842 if (sb->s_user_ns != &init_user_ns &&
843 strcmp(sb->s_type->name, "tmpfs") &&
844 strcmp(sb->s_type->name, "ramfs") &&
845 strcmp(sb->s_type->name, "devpts")) {
846 if (context_sid || fscontext_sid || rootcontext_sid ||
847 defcontext_sid) {
848 rc = -EACCES;
849 goto out;
850 }
851 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
852 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
853 rc = security_transition_sid(current_sid(), current_sid(),
854 SECCLASS_FILE, NULL,
855 &sbsec->mntpoint_sid);
856 if (rc)
857 goto out;
858 }
859 goto out_set_opts;
860 }
861
862
863 if (fscontext_sid) {
864 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
865 if (rc)
866 goto out;
867
868 sbsec->sid = fscontext_sid;
869 }
870
871
872
873
874
875
876 if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !context_sid) {
877 sbsec->behavior = SECURITY_FS_USE_NATIVE;
878 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
879 }
880
881 if (context_sid) {
882 if (!fscontext_sid) {
883 rc = may_context_mount_sb_relabel(context_sid, sbsec,
884 cred);
885 if (rc)
886 goto out;
887 sbsec->sid = context_sid;
888 } else {
889 rc = may_context_mount_inode_relabel(context_sid, sbsec,
890 cred);
891 if (rc)
892 goto out;
893 }
894 if (!rootcontext_sid)
895 rootcontext_sid = context_sid;
896
897 sbsec->mntpoint_sid = context_sid;
898 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
899 }
900
901 if (rootcontext_sid) {
902 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
903 cred);
904 if (rc)
905 goto out;
906
907 root_isec->sid = rootcontext_sid;
908 root_isec->initialized = LABEL_INITIALIZED;
909 }
910
911 if (defcontext_sid) {
912 if (sbsec->behavior != SECURITY_FS_USE_XATTR &&
913 sbsec->behavior != SECURITY_FS_USE_NATIVE) {
914 rc = -EINVAL;
915 printk(KERN_WARNING "SELinux: defcontext option is "
916 "invalid for this filesystem type\n");
917 goto out;
918 }
919
920 if (defcontext_sid != sbsec->def_sid) {
921 rc = may_context_mount_inode_relabel(defcontext_sid,
922 sbsec, cred);
923 if (rc)
924 goto out;
925 }
926
927 sbsec->def_sid = defcontext_sid;
928 }
929
930out_set_opts:
931 rc = sb_finish_set_opts(sb);
932out:
933 mutex_unlock(&sbsec->lock);
934 return rc;
935out_double_mount:
936 rc = -EINVAL;
937 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
938 "security settings for (dev %s, type %s)\n", sb->s_id, name);
939 goto out;
940}
941
942static int selinux_cmp_sb_context(const struct super_block *oldsb,
943 const struct super_block *newsb)
944{
945 struct superblock_security_struct *old = oldsb->s_security;
946 struct superblock_security_struct *new = newsb->s_security;
947 char oldflags = old->flags & SE_MNTMASK;
948 char newflags = new->flags & SE_MNTMASK;
949
950 if (oldflags != newflags)
951 goto mismatch;
952 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid)
953 goto mismatch;
954 if ((oldflags & CONTEXT_MNT) && old->mntpoint_sid != new->mntpoint_sid)
955 goto mismatch;
956 if ((oldflags & DEFCONTEXT_MNT) && old->def_sid != new->def_sid)
957 goto mismatch;
958 if (oldflags & ROOTCONTEXT_MNT) {
959 struct inode_security_struct *oldroot = backing_inode_security(oldsb->s_root);
960 struct inode_security_struct *newroot = backing_inode_security(newsb->s_root);
961 if (oldroot->sid != newroot->sid)
962 goto mismatch;
963 }
964 return 0;
965mismatch:
966 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, "
967 "different security settings for (dev %s, "
968 "type %s)\n", newsb->s_id, newsb->s_type->name);
969 return -EBUSY;
970}
971
972static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
973 struct super_block *newsb,
974 unsigned long kern_flags,
975 unsigned long *set_kern_flags)
976{
977 int rc = 0;
978 const struct superblock_security_struct *oldsbsec = oldsb->s_security;
979 struct superblock_security_struct *newsbsec = newsb->s_security;
980
981 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
982 int set_context = (oldsbsec->flags & CONTEXT_MNT);
983 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
984
985
986
987
988
989 if (!ss_initialized)
990 return 0;
991
992
993
994
995
996 if (kern_flags && !set_kern_flags)
997 return -EINVAL;
998
999
1000 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
1001
1002
1003 if (newsbsec->flags & SE_SBINITIALIZED)
1004 return selinux_cmp_sb_context(oldsb, newsb);
1005
1006 mutex_lock(&newsbsec->lock);
1007
1008 newsbsec->flags = oldsbsec->flags;
1009
1010 newsbsec->sid = oldsbsec->sid;
1011 newsbsec->def_sid = oldsbsec->def_sid;
1012 newsbsec->behavior = oldsbsec->behavior;
1013
1014 if (newsbsec->behavior == SECURITY_FS_USE_NATIVE &&
1015 !(kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context) {
1016 rc = security_fs_use(newsb);
1017 if (rc)
1018 goto out;
1019 }
1020
1021 if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !set_context) {
1022 newsbsec->behavior = SECURITY_FS_USE_NATIVE;
1023 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
1024 }
1025
1026 if (set_context) {
1027 u32 sid = oldsbsec->mntpoint_sid;
1028
1029 if (!set_fscontext)
1030 newsbsec->sid = sid;
1031 if (!set_rootcontext) {
1032 struct inode_security_struct *newisec = backing_inode_security(newsb->s_root);
1033 newisec->sid = sid;
1034 }
1035 newsbsec->mntpoint_sid = sid;
1036 }
1037 if (set_rootcontext) {
1038 const struct inode_security_struct *oldisec = backing_inode_security(oldsb->s_root);
1039 struct inode_security_struct *newisec = backing_inode_security(newsb->s_root);
1040
1041 newisec->sid = oldisec->sid;
1042 }
1043
1044 sb_finish_set_opts(newsb);
1045out:
1046 mutex_unlock(&newsbsec->lock);
1047 return rc;
1048}
1049
1050static int selinux_parse_opts_str(char *options,
1051 struct security_mnt_opts *opts)
1052{
1053 char *p;
1054 char *context = NULL, *defcontext = NULL;
1055 char *fscontext = NULL, *rootcontext = NULL;
1056 int rc, num_mnt_opts = 0;
1057
1058 opts->num_mnt_opts = 0;
1059
1060
1061 while ((p = strsep(&options, "|")) != NULL) {
1062 int token;
1063 substring_t args[MAX_OPT_ARGS];
1064
1065 if (!*p)
1066 continue;
1067
1068 token = match_token(p, tokens, args);
1069
1070 switch (token) {
1071 case Opt_context:
1072 if (context || defcontext) {
1073 rc = -EINVAL;
1074 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
1075 goto out_err;
1076 }
1077 context = match_strdup(&args[0]);
1078 if (!context) {
1079 rc = -ENOMEM;
1080 goto out_err;
1081 }
1082 break;
1083
1084 case Opt_fscontext:
1085 if (fscontext) {
1086 rc = -EINVAL;
1087 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
1088 goto out_err;
1089 }
1090 fscontext = match_strdup(&args[0]);
1091 if (!fscontext) {
1092 rc = -ENOMEM;
1093 goto out_err;
1094 }
1095 break;
1096
1097 case Opt_rootcontext:
1098 if (rootcontext) {
1099 rc = -EINVAL;
1100 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
1101 goto out_err;
1102 }
1103 rootcontext = match_strdup(&args[0]);
1104 if (!rootcontext) {
1105 rc = -ENOMEM;
1106 goto out_err;
1107 }
1108 break;
1109
1110 case Opt_defcontext:
1111 if (context || defcontext) {
1112 rc = -EINVAL;
1113 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
1114 goto out_err;
1115 }
1116 defcontext = match_strdup(&args[0]);
1117 if (!defcontext) {
1118 rc = -ENOMEM;
1119 goto out_err;
1120 }
1121 break;
1122 case Opt_labelsupport:
1123 break;
1124 default:
1125 rc = -EINVAL;
1126 printk(KERN_WARNING "SELinux: unknown mount option\n");
1127 goto out_err;
1128
1129 }
1130 }
1131
1132 rc = -ENOMEM;
1133 opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_KERNEL);
1134 if (!opts->mnt_opts)
1135 goto out_err;
1136
1137 opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int),
1138 GFP_KERNEL);
1139 if (!opts->mnt_opts_flags)
1140 goto out_err;
1141
1142 if (fscontext) {
1143 opts->mnt_opts[num_mnt_opts] = fscontext;
1144 opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;
1145 }
1146 if (context) {
1147 opts->mnt_opts[num_mnt_opts] = context;
1148 opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;
1149 }
1150 if (rootcontext) {
1151 opts->mnt_opts[num_mnt_opts] = rootcontext;
1152 opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;
1153 }
1154 if (defcontext) {
1155 opts->mnt_opts[num_mnt_opts] = defcontext;
1156 opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;
1157 }
1158
1159 opts->num_mnt_opts = num_mnt_opts;
1160 return 0;
1161
1162out_err:
1163 security_free_mnt_opts(opts);
1164 kfree(context);
1165 kfree(defcontext);
1166 kfree(fscontext);
1167 kfree(rootcontext);
1168 return rc;
1169}
1170
1171
1172
1173static int superblock_doinit(struct super_block *sb, void *data)
1174{
1175 int rc = 0;
1176 char *options = data;
1177 struct security_mnt_opts opts;
1178
1179 security_init_mnt_opts(&opts);
1180
1181 if (!data)
1182 goto out;
1183
1184 BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
1185
1186 rc = selinux_parse_opts_str(options, &opts);
1187 if (rc)
1188 goto out_err;
1189
1190out:
1191 rc = selinux_set_mnt_opts(sb, &opts, 0, NULL);
1192
1193out_err:
1194 security_free_mnt_opts(&opts);
1195 return rc;
1196}
1197
1198static void selinux_write_opts(struct seq_file *m,
1199 struct security_mnt_opts *opts)
1200{
1201 int i;
1202 char *prefix;
1203
1204 for (i = 0; i < opts->num_mnt_opts; i++) {
1205 char *has_comma;
1206
1207 if (opts->mnt_opts[i])
1208 has_comma = strchr(opts->mnt_opts[i], ',');
1209 else
1210 has_comma = NULL;
1211
1212 switch (opts->mnt_opts_flags[i]) {
1213 case CONTEXT_MNT:
1214 prefix = CONTEXT_STR;
1215 break;
1216 case FSCONTEXT_MNT:
1217 prefix = FSCONTEXT_STR;
1218 break;
1219 case ROOTCONTEXT_MNT:
1220 prefix = ROOTCONTEXT_STR;
1221 break;
1222 case DEFCONTEXT_MNT:
1223 prefix = DEFCONTEXT_STR;
1224 break;
1225 case SBLABEL_MNT:
1226 seq_putc(m, ',');
1227 seq_puts(m, LABELSUPP_STR);
1228 continue;
1229 default:
1230 BUG();
1231 return;
1232 };
1233
1234 seq_putc(m, ',');
1235 seq_puts(m, prefix);
1236 if (has_comma)
1237 seq_putc(m, '\"');
1238 seq_escape(m, opts->mnt_opts[i], "\"\n\\");
1239 if (has_comma)
1240 seq_putc(m, '\"');
1241 }
1242}
1243
1244static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
1245{
1246 struct security_mnt_opts opts;
1247 int rc;
1248
1249 rc = selinux_get_mnt_opts(sb, &opts);
1250 if (rc) {
1251
1252 if (rc == -EINVAL)
1253 rc = 0;
1254 return rc;
1255 }
1256
1257 selinux_write_opts(m, &opts);
1258
1259 security_free_mnt_opts(&opts);
1260
1261 return rc;
1262}
1263
1264static inline u16 inode_mode_to_security_class(umode_t mode)
1265{
1266 switch (mode & S_IFMT) {
1267 case S_IFSOCK:
1268 return SECCLASS_SOCK_FILE;
1269 case S_IFLNK:
1270 return SECCLASS_LNK_FILE;
1271 case S_IFREG:
1272 return SECCLASS_FILE;
1273 case S_IFBLK:
1274 return SECCLASS_BLK_FILE;
1275 case S_IFDIR:
1276 return SECCLASS_DIR;
1277 case S_IFCHR:
1278 return SECCLASS_CHR_FILE;
1279 case S_IFIFO:
1280 return SECCLASS_FIFO_FILE;
1281
1282 }
1283
1284 return SECCLASS_FILE;
1285}
1286
1287static inline int default_protocol_stream(int protocol)
1288{
1289 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
1290}
1291
1292static inline int default_protocol_dgram(int protocol)
1293{
1294 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
1295}
1296
1297static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1298{
1299 int extsockclass = selinux_policycap_extsockclass;
1300
1301 switch (family) {
1302 case PF_UNIX:
1303 switch (type) {
1304 case SOCK_STREAM:
1305 case SOCK_SEQPACKET:
1306 return SECCLASS_UNIX_STREAM_SOCKET;
1307 case SOCK_DGRAM:
1308 case SOCK_RAW:
1309 return SECCLASS_UNIX_DGRAM_SOCKET;
1310 }
1311 break;
1312 case PF_INET:
1313 case PF_INET6:
1314 switch (type) {
1315 case SOCK_STREAM:
1316 case SOCK_SEQPACKET:
1317 if (default_protocol_stream(protocol))
1318 return SECCLASS_TCP_SOCKET;
1319 else if (extsockclass && protocol == IPPROTO_SCTP)
1320 return SECCLASS_SCTP_SOCKET;
1321 else
1322 return SECCLASS_RAWIP_SOCKET;
1323 case SOCK_DGRAM:
1324 if (default_protocol_dgram(protocol))
1325 return SECCLASS_UDP_SOCKET;
1326 else if (extsockclass && (protocol == IPPROTO_ICMP ||
1327 protocol == IPPROTO_ICMPV6))
1328 return SECCLASS_ICMP_SOCKET;
1329 else
1330 return SECCLASS_RAWIP_SOCKET;
1331 case SOCK_DCCP:
1332 return SECCLASS_DCCP_SOCKET;
1333 default:
1334 return SECCLASS_RAWIP_SOCKET;
1335 }
1336 break;
1337 case PF_NETLINK:
1338 switch (protocol) {
1339 case NETLINK_ROUTE:
1340 return SECCLASS_NETLINK_ROUTE_SOCKET;
1341 case NETLINK_SOCK_DIAG:
1342 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1343 case NETLINK_NFLOG:
1344 return SECCLASS_NETLINK_NFLOG_SOCKET;
1345 case NETLINK_XFRM:
1346 return SECCLASS_NETLINK_XFRM_SOCKET;
1347 case NETLINK_SELINUX:
1348 return SECCLASS_NETLINK_SELINUX_SOCKET;
1349 case NETLINK_ISCSI:
1350 return SECCLASS_NETLINK_ISCSI_SOCKET;
1351 case NETLINK_AUDIT:
1352 return SECCLASS_NETLINK_AUDIT_SOCKET;
1353 case NETLINK_FIB_LOOKUP:
1354 return SECCLASS_NETLINK_FIB_LOOKUP_SOCKET;
1355 case NETLINK_CONNECTOR:
1356 return SECCLASS_NETLINK_CONNECTOR_SOCKET;
1357 case NETLINK_NETFILTER:
1358 return SECCLASS_NETLINK_NETFILTER_SOCKET;
1359 case NETLINK_DNRTMSG:
1360 return SECCLASS_NETLINK_DNRT_SOCKET;
1361 case NETLINK_KOBJECT_UEVENT:
1362 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1363 case NETLINK_GENERIC:
1364 return SECCLASS_NETLINK_GENERIC_SOCKET;
1365 case NETLINK_SCSITRANSPORT:
1366 return SECCLASS_NETLINK_SCSITRANSPORT_SOCKET;
1367 case NETLINK_RDMA:
1368 return SECCLASS_NETLINK_RDMA_SOCKET;
1369 case NETLINK_CRYPTO:
1370 return SECCLASS_NETLINK_CRYPTO_SOCKET;
1371 default:
1372 return SECCLASS_NETLINK_SOCKET;
1373 }
1374 case PF_PACKET:
1375 return SECCLASS_PACKET_SOCKET;
1376 case PF_KEY:
1377 return SECCLASS_KEY_SOCKET;
1378 case PF_APPLETALK:
1379 return SECCLASS_APPLETALK_SOCKET;
1380 }
1381
1382 if (extsockclass) {
1383 switch (family) {
1384 case PF_AX25:
1385 return SECCLASS_AX25_SOCKET;
1386 case PF_IPX:
1387 return SECCLASS_IPX_SOCKET;
1388 case PF_NETROM:
1389 return SECCLASS_NETROM_SOCKET;
1390 case PF_ATMPVC:
1391 return SECCLASS_ATMPVC_SOCKET;
1392 case PF_X25:
1393 return SECCLASS_X25_SOCKET;
1394 case PF_ROSE:
1395 return SECCLASS_ROSE_SOCKET;
1396 case PF_DECnet:
1397 return SECCLASS_DECNET_SOCKET;
1398 case PF_ATMSVC:
1399 return SECCLASS_ATMSVC_SOCKET;
1400 case PF_RDS:
1401 return SECCLASS_RDS_SOCKET;
1402 case PF_IRDA:
1403 return SECCLASS_IRDA_SOCKET;
1404 case PF_PPPOX:
1405 return SECCLASS_PPPOX_SOCKET;
1406 case PF_LLC:
1407 return SECCLASS_LLC_SOCKET;
1408 case PF_CAN:
1409 return SECCLASS_CAN_SOCKET;
1410 case PF_TIPC:
1411 return SECCLASS_TIPC_SOCKET;
1412 case PF_BLUETOOTH:
1413 return SECCLASS_BLUETOOTH_SOCKET;
1414 case PF_IUCV:
1415 return SECCLASS_IUCV_SOCKET;
1416 case PF_RXRPC:
1417 return SECCLASS_RXRPC_SOCKET;
1418 case PF_ISDN:
1419 return SECCLASS_ISDN_SOCKET;
1420 case PF_PHONET:
1421 return SECCLASS_PHONET_SOCKET;
1422 case PF_IEEE802154:
1423 return SECCLASS_IEEE802154_SOCKET;
1424 case PF_CAIF:
1425 return SECCLASS_CAIF_SOCKET;
1426 case PF_ALG:
1427 return SECCLASS_ALG_SOCKET;
1428 case PF_NFC:
1429 return SECCLASS_NFC_SOCKET;
1430 case PF_VSOCK:
1431 return SECCLASS_VSOCK_SOCKET;
1432 case PF_KCM:
1433 return SECCLASS_KCM_SOCKET;
1434 case PF_QIPCRTR:
1435 return SECCLASS_QIPCRTR_SOCKET;
1436 case PF_SMC:
1437 return SECCLASS_SMC_SOCKET;
1438#if PF_MAX > 44
1439#error New address family defined, please update this function.
1440#endif
1441 }
1442 }
1443
1444 return SECCLASS_SOCKET;
1445}
1446
1447static int selinux_genfs_get_sid(struct dentry *dentry,
1448 u16 tclass,
1449 u16 flags,
1450 u32 *sid)
1451{
1452 int rc;
1453 struct super_block *sb = dentry->d_sb;
1454 char *buffer, *path;
1455
1456 buffer = (char *)__get_free_page(GFP_KERNEL);
1457 if (!buffer)
1458 return -ENOMEM;
1459
1460 path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
1461 if (IS_ERR(path))
1462 rc = PTR_ERR(path);
1463 else {
1464 if (flags & SE_SBPROC) {
1465
1466
1467
1468 while (path[1] >= '0' && path[1] <= '9') {
1469 path[1] = '/';
1470 path++;
1471 }
1472 }
1473 rc = security_genfs_sid(sb->s_type->name, path, tclass, sid);
1474 }
1475 free_page((unsigned long)buffer);
1476 return rc;
1477}
1478
1479
1480static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1481{
1482 struct superblock_security_struct *sbsec = NULL;
1483 struct inode_security_struct *isec = inode->i_security;
1484 u32 task_sid, sid = 0;
1485 u16 sclass;
1486 struct dentry *dentry;
1487#define INITCONTEXTLEN 255
1488 char *context = NULL;
1489 unsigned len = 0;
1490 int rc = 0;
1491
1492 if (isec->initialized == LABEL_INITIALIZED)
1493 return 0;
1494
1495 spin_lock(&isec->lock);
1496 if (isec->initialized == LABEL_INITIALIZED)
1497 goto out_unlock;
1498
1499 if (isec->sclass == SECCLASS_FILE)
1500 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1501
1502 sbsec = inode->i_sb->s_security;
1503 if (!(sbsec->flags & SE_SBINITIALIZED)) {
1504
1505
1506
1507 spin_lock(&sbsec->isec_lock);
1508 if (list_empty(&isec->list))
1509 list_add(&isec->list, &sbsec->isec_head);
1510 spin_unlock(&sbsec->isec_lock);
1511 goto out_unlock;
1512 }
1513
1514 sclass = isec->sclass;
1515 task_sid = isec->task_sid;
1516 sid = isec->sid;
1517 isec->initialized = LABEL_PENDING;
1518 spin_unlock(&isec->lock);
1519
1520 switch (sbsec->behavior) {
1521 case SECURITY_FS_USE_NATIVE:
1522 break;
1523 case SECURITY_FS_USE_XATTR:
1524 if (!(inode->i_opflags & IOP_XATTR)) {
1525 sid = sbsec->def_sid;
1526 break;
1527 }
1528
1529
1530 if (opt_dentry) {
1531
1532 dentry = dget(opt_dentry);
1533 } else {
1534
1535 dentry = d_find_alias(inode);
1536 }
1537 if (!dentry) {
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547 goto out;
1548 }
1549
1550 len = INITCONTEXTLEN;
1551 context = kmalloc(len+1, GFP_NOFS);
1552 if (!context) {
1553 rc = -ENOMEM;
1554 dput(dentry);
1555 goto out;
1556 }
1557 context[len] = '\0';
1558 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len);
1559 if (rc == -ERANGE) {
1560 kfree(context);
1561
1562
1563 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, NULL, 0);
1564 if (rc < 0) {
1565 dput(dentry);
1566 goto out;
1567 }
1568 len = rc;
1569 context = kmalloc(len+1, GFP_NOFS);
1570 if (!context) {
1571 rc = -ENOMEM;
1572 dput(dentry);
1573 goto out;
1574 }
1575 context[len] = '\0';
1576 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len);
1577 }
1578 dput(dentry);
1579 if (rc < 0) {
1580 if (rc != -ENODATA) {
1581 printk(KERN_WARNING "SELinux: %s: getxattr returned "
1582 "%d for dev=%s ino=%ld\n", __func__,
1583 -rc, inode->i_sb->s_id, inode->i_ino);
1584 kfree(context);
1585 goto out;
1586 }
1587
1588 sid = sbsec->def_sid;
1589 rc = 0;
1590 } else {
1591 rc = security_context_to_sid_default(context, rc, &sid,
1592 sbsec->def_sid,
1593 GFP_NOFS);
1594 if (rc) {
1595 char *dev = inode->i_sb->s_id;
1596 unsigned long ino = inode->i_ino;
1597
1598 if (rc == -EINVAL) {
1599 if (printk_ratelimit())
1600 printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
1601 "context=%s. This indicates you may need to relabel the inode or the "
1602 "filesystem in question.\n", ino, dev, context);
1603 } else {
1604 printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
1605 "returned %d for dev=%s ino=%ld\n",
1606 __func__, context, -rc, dev, ino);
1607 }
1608 kfree(context);
1609
1610 rc = 0;
1611 break;
1612 }
1613 }
1614 kfree(context);
1615 break;
1616 case SECURITY_FS_USE_TASK:
1617 sid = task_sid;
1618 break;
1619 case SECURITY_FS_USE_TRANS:
1620
1621 sid = sbsec->sid;
1622
1623
1624 rc = security_transition_sid(task_sid, sid, sclass, NULL, &sid);
1625 if (rc)
1626 goto out;
1627 break;
1628 case SECURITY_FS_USE_MNTPOINT:
1629 sid = sbsec->mntpoint_sid;
1630 break;
1631 default:
1632
1633 sid = sbsec->sid;
1634
1635 if ((sbsec->flags & SE_SBGENFS) && !S_ISLNK(inode->i_mode)) {
1636
1637
1638 if (opt_dentry)
1639
1640
1641 dentry = dget(opt_dentry);
1642 else
1643
1644
1645 dentry = d_find_alias(inode);
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655 if (!dentry)
1656 goto out;
1657 rc = selinux_genfs_get_sid(dentry, sclass,
1658 sbsec->flags, &sid);
1659 dput(dentry);
1660 if (rc)
1661 goto out;
1662 }
1663 break;
1664 }
1665
1666out:
1667 spin_lock(&isec->lock);
1668 if (isec->initialized == LABEL_PENDING) {
1669 if (!sid || rc) {
1670 isec->initialized = LABEL_INVALID;
1671 goto out_unlock;
1672 }
1673
1674 isec->initialized = LABEL_INITIALIZED;
1675 isec->sid = sid;
1676 }
1677
1678out_unlock:
1679 spin_unlock(&isec->lock);
1680 return rc;
1681}
1682
1683
1684static inline u32 signal_to_av(int sig)
1685{
1686 u32 perm = 0;
1687
1688 switch (sig) {
1689 case SIGCHLD:
1690
1691 perm = PROCESS__SIGCHLD;
1692 break;
1693 case SIGKILL:
1694
1695 perm = PROCESS__SIGKILL;
1696 break;
1697 case SIGSTOP:
1698
1699 perm = PROCESS__SIGSTOP;
1700 break;
1701 default:
1702
1703 perm = PROCESS__SIGNAL;
1704 break;
1705 }
1706
1707 return perm;
1708}
1709
1710#if CAP_LAST_CAP > 63
1711#error Fix SELinux to handle capabilities > 63.
1712#endif
1713
1714
1715static int cred_has_capability(const struct cred *cred,
1716 int cap, int audit, bool initns)
1717{
1718 struct common_audit_data ad;
1719 struct av_decision avd;
1720 u16 sclass;
1721 u32 sid = cred_sid(cred);
1722 u32 av = CAP_TO_MASK(cap);
1723 int rc;
1724
1725 ad.type = LSM_AUDIT_DATA_CAP;
1726 ad.u.cap = cap;
1727
1728 switch (CAP_TO_INDEX(cap)) {
1729 case 0:
1730 sclass = initns ? SECCLASS_CAPABILITY : SECCLASS_CAP_USERNS;
1731 break;
1732 case 1:
1733 sclass = initns ? SECCLASS_CAPABILITY2 : SECCLASS_CAP2_USERNS;
1734 break;
1735 default:
1736 printk(KERN_ERR
1737 "SELinux: out of range capability %d\n", cap);
1738 BUG();
1739 return -EINVAL;
1740 }
1741
1742 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
1743 if (audit == SECURITY_CAP_AUDIT) {
1744 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0);
1745 if (rc2)
1746 return rc2;
1747 }
1748 return rc;
1749}
1750
1751
1752
1753
1754static int inode_has_perm(const struct cred *cred,
1755 struct inode *inode,
1756 u32 perms,
1757 struct common_audit_data *adp)
1758{
1759 struct inode_security_struct *isec;
1760 u32 sid;
1761
1762 validate_creds(cred);
1763
1764 if (unlikely(IS_PRIVATE(inode)))
1765 return 0;
1766
1767 sid = cred_sid(cred);
1768 isec = inode->i_security;
1769
1770 return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);
1771}
1772
1773
1774
1775
1776static inline int dentry_has_perm(const struct cred *cred,
1777 struct dentry *dentry,
1778 u32 av)
1779{
1780 struct inode *inode = d_backing_inode(dentry);
1781 struct common_audit_data ad;
1782
1783 ad.type = LSM_AUDIT_DATA_DENTRY;
1784 ad.u.dentry = dentry;
1785 __inode_security_revalidate(inode, dentry, true);
1786 return inode_has_perm(cred, inode, av, &ad);
1787}
1788
1789
1790
1791
1792static inline int path_has_perm(const struct cred *cred,
1793 const struct path *path,
1794 u32 av)
1795{
1796 struct inode *inode = d_backing_inode(path->dentry);
1797 struct common_audit_data ad;
1798
1799 ad.type = LSM_AUDIT_DATA_PATH;
1800 ad.u.path = *path;
1801 __inode_security_revalidate(inode, path->dentry, true);
1802 return inode_has_perm(cred, inode, av, &ad);
1803}
1804
1805
1806static inline int file_path_has_perm(const struct cred *cred,
1807 struct file *file,
1808 u32 av)
1809{
1810 struct common_audit_data ad;
1811
1812 ad.type = LSM_AUDIT_DATA_FILE;
1813 ad.u.file = file;
1814 return inode_has_perm(cred, file_inode(file), av, &ad);
1815}
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825static int file_has_perm(const struct cred *cred,
1826 struct file *file,
1827 u32 av)
1828{
1829 struct file_security_struct *fsec = file->f_security;
1830 struct inode *inode = file_inode(file);
1831 struct common_audit_data ad;
1832 u32 sid = cred_sid(cred);
1833 int rc;
1834
1835 ad.type = LSM_AUDIT_DATA_FILE;
1836 ad.u.file = file;
1837
1838 if (sid != fsec->sid) {
1839 rc = avc_has_perm(sid, fsec->sid,
1840 SECCLASS_FD,
1841 FD__USE,
1842 &ad);
1843 if (rc)
1844 goto out;
1845 }
1846
1847
1848 rc = 0;
1849 if (av)
1850 rc = inode_has_perm(cred, inode, av, &ad);
1851
1852out:
1853 return rc;
1854}
1855
1856
1857
1858
1859static int
1860selinux_determine_inode_label(const struct task_security_struct *tsec,
1861 struct inode *dir,
1862 const struct qstr *name, u16 tclass,
1863 u32 *_new_isid)
1864{
1865 const struct superblock_security_struct *sbsec = dir->i_sb->s_security;
1866
1867 if ((sbsec->flags & SE_SBINITIALIZED) &&
1868 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) {
1869 *_new_isid = sbsec->mntpoint_sid;
1870 } else if ((sbsec->flags & SBLABEL_MNT) &&
1871 tsec->create_sid) {
1872 *_new_isid = tsec->create_sid;
1873 } else {
1874 const struct inode_security_struct *dsec = inode_security(dir);
1875 return security_transition_sid(tsec->sid, dsec->sid, tclass,
1876 name, _new_isid);
1877 }
1878
1879 return 0;
1880}
1881
1882
1883static int may_create(struct inode *dir,
1884 struct dentry *dentry,
1885 u16 tclass)
1886{
1887 const struct task_security_struct *tsec = current_security();
1888 struct inode_security_struct *dsec;
1889 struct superblock_security_struct *sbsec;
1890 u32 sid, newsid;
1891 struct common_audit_data ad;
1892 int rc;
1893
1894 dsec = inode_security(dir);
1895 sbsec = dir->i_sb->s_security;
1896
1897 sid = tsec->sid;
1898
1899 ad.type = LSM_AUDIT_DATA_DENTRY;
1900 ad.u.dentry = dentry;
1901
1902 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
1903 DIR__ADD_NAME | DIR__SEARCH,
1904 &ad);
1905 if (rc)
1906 return rc;
1907
1908 rc = selinux_determine_inode_label(current_security(), dir,
1909 &dentry->d_name, tclass, &newsid);
1910 if (rc)
1911 return rc;
1912
1913 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);
1914 if (rc)
1915 return rc;
1916
1917 return avc_has_perm(newsid, sbsec->sid,
1918 SECCLASS_FILESYSTEM,
1919 FILESYSTEM__ASSOCIATE, &ad);
1920}
1921
1922#define MAY_LINK 0
1923#define MAY_UNLINK 1
1924#define MAY_RMDIR 2
1925
1926
1927static int may_link(struct inode *dir,
1928 struct dentry *dentry,
1929 int kind)
1930
1931{
1932 struct inode_security_struct *dsec, *isec;
1933 struct common_audit_data ad;
1934 u32 sid = current_sid();
1935 u32 av;
1936 int rc;
1937
1938 dsec = inode_security(dir);
1939 isec = backing_inode_security(dentry);
1940
1941 ad.type = LSM_AUDIT_DATA_DENTRY;
1942 ad.u.dentry = dentry;
1943
1944 av = DIR__SEARCH;
1945 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1946 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);
1947 if (rc)
1948 return rc;
1949
1950 switch (kind) {
1951 case MAY_LINK:
1952 av = FILE__LINK;
1953 break;
1954 case MAY_UNLINK:
1955 av = FILE__UNLINK;
1956 break;
1957 case MAY_RMDIR:
1958 av = DIR__RMDIR;
1959 break;
1960 default:
1961 printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
1962 __func__, kind);
1963 return 0;
1964 }
1965
1966 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);
1967 return rc;
1968}
1969
1970static inline int may_rename(struct inode *old_dir,
1971 struct dentry *old_dentry,
1972 struct inode *new_dir,
1973 struct dentry *new_dentry)
1974{
1975 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1976 struct common_audit_data ad;
1977 u32 sid = current_sid();
1978 u32 av;
1979 int old_is_dir, new_is_dir;
1980 int rc;
1981
1982 old_dsec = inode_security(old_dir);
1983 old_isec = backing_inode_security(old_dentry);
1984 old_is_dir = d_is_dir(old_dentry);
1985 new_dsec = inode_security(new_dir);
1986
1987 ad.type = LSM_AUDIT_DATA_DENTRY;
1988
1989 ad.u.dentry = old_dentry;
1990 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
1991 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1992 if (rc)
1993 return rc;
1994 rc = avc_has_perm(sid, old_isec->sid,
1995 old_isec->sclass, FILE__RENAME, &ad);
1996 if (rc)
1997 return rc;
1998 if (old_is_dir && new_dir != old_dir) {
1999 rc = avc_has_perm(sid, old_isec->sid,
2000 old_isec->sclass, DIR__REPARENT, &ad);
2001 if (rc)
2002 return rc;
2003 }
2004
2005 ad.u.dentry = new_dentry;
2006 av = DIR__ADD_NAME | DIR__SEARCH;
2007 if (d_is_positive(new_dentry))
2008 av |= DIR__REMOVE_NAME;
2009 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
2010 if (rc)
2011 return rc;
2012 if (d_is_positive(new_dentry)) {
2013 new_isec = backing_inode_security(new_dentry);
2014 new_is_dir = d_is_dir(new_dentry);
2015 rc = avc_has_perm(sid, new_isec->sid,
2016 new_isec->sclass,
2017 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
2018 if (rc)
2019 return rc;
2020 }
2021
2022 return 0;
2023}
2024
2025
2026static int superblock_has_perm(const struct cred *cred,
2027 struct super_block *sb,
2028 u32 perms,
2029 struct common_audit_data *ad)
2030{
2031 struct superblock_security_struct *sbsec;
2032 u32 sid = cred_sid(cred);
2033
2034 sbsec = sb->s_security;
2035 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
2036}
2037
2038
2039static inline u32 file_mask_to_av(int mode, int mask)
2040{
2041 u32 av = 0;
2042
2043 if (!S_ISDIR(mode)) {
2044 if (mask & MAY_EXEC)
2045 av |= FILE__EXECUTE;
2046 if (mask & MAY_READ)
2047 av |= FILE__READ;
2048
2049 if (mask & MAY_APPEND)
2050 av |= FILE__APPEND;
2051 else if (mask & MAY_WRITE)
2052 av |= FILE__WRITE;
2053
2054 } else {
2055 if (mask & MAY_EXEC)
2056 av |= DIR__SEARCH;
2057 if (mask & MAY_WRITE)
2058 av |= DIR__WRITE;
2059 if (mask & MAY_READ)
2060 av |= DIR__READ;
2061 }
2062
2063 return av;
2064}
2065
2066
2067static inline u32 file_to_av(struct file *file)
2068{
2069 u32 av = 0;
2070
2071 if (file->f_mode & FMODE_READ)
2072 av |= FILE__READ;
2073 if (file->f_mode & FMODE_WRITE) {
2074 if (file->f_flags & O_APPEND)
2075 av |= FILE__APPEND;
2076 else
2077 av |= FILE__WRITE;
2078 }
2079 if (!av) {
2080
2081
2082
2083 av = FILE__IOCTL;
2084 }
2085
2086 return av;
2087}
2088
2089
2090
2091
2092
2093static inline u32 open_file_to_av(struct file *file)
2094{
2095 u32 av = file_to_av(file);
2096 struct inode *inode = file_inode(file);
2097
2098 if (selinux_policycap_openperm && inode->i_sb->s_magic != SOCKFS_MAGIC)
2099 av |= FILE__OPEN;
2100
2101 return av;
2102}
2103
2104
2105
2106static int selinux_binder_set_context_mgr(struct task_struct *mgr)
2107{
2108 u32 mysid = current_sid();
2109 u32 mgrsid = task_sid(mgr);
2110
2111 return avc_has_perm(mysid, mgrsid, SECCLASS_BINDER,
2112 BINDER__SET_CONTEXT_MGR, NULL);
2113}
2114
2115static int selinux_binder_transaction(struct task_struct *from,
2116 struct task_struct *to)
2117{
2118 u32 mysid = current_sid();
2119 u32 fromsid = task_sid(from);
2120 u32 tosid = task_sid(to);
2121 int rc;
2122
2123 if (mysid != fromsid) {
2124 rc = avc_has_perm(mysid, fromsid, SECCLASS_BINDER,
2125 BINDER__IMPERSONATE, NULL);
2126 if (rc)
2127 return rc;
2128 }
2129
2130 return avc_has_perm(fromsid, tosid, SECCLASS_BINDER, BINDER__CALL,
2131 NULL);
2132}
2133
2134static int selinux_binder_transfer_binder(struct task_struct *from,
2135 struct task_struct *to)
2136{
2137 u32 fromsid = task_sid(from);
2138 u32 tosid = task_sid(to);
2139
2140 return avc_has_perm(fromsid, tosid, SECCLASS_BINDER, BINDER__TRANSFER,
2141 NULL);
2142}
2143
2144static int selinux_binder_transfer_file(struct task_struct *from,
2145 struct task_struct *to,
2146 struct file *file)
2147{
2148 u32 sid = task_sid(to);
2149 struct file_security_struct *fsec = file->f_security;
2150 struct dentry *dentry = file->f_path.dentry;
2151 struct inode_security_struct *isec;
2152 struct common_audit_data ad;
2153 int rc;
2154
2155 ad.type = LSM_AUDIT_DATA_PATH;
2156 ad.u.path = file->f_path;
2157
2158 if (sid != fsec->sid) {
2159 rc = avc_has_perm(sid, fsec->sid,
2160 SECCLASS_FD,
2161 FD__USE,
2162 &ad);
2163 if (rc)
2164 return rc;
2165 }
2166
2167 if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2168 return 0;
2169
2170 isec = backing_inode_security(dentry);
2171 return avc_has_perm(sid, isec->sid, isec->sclass, file_to_av(file),
2172 &ad);
2173}
2174
2175static int selinux_ptrace_access_check(struct task_struct *child,
2176 unsigned int mode)
2177{
2178 u32 sid = current_sid();
2179 u32 csid = task_sid(child);
2180
2181 if (mode & PTRACE_MODE_READ)
2182 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
2183
2184 return avc_has_perm(sid, csid, SECCLASS_PROCESS, PROCESS__PTRACE, NULL);
2185}
2186
2187static int selinux_ptrace_traceme(struct task_struct *parent)
2188{
2189 return avc_has_perm(task_sid(parent), current_sid(), SECCLASS_PROCESS,
2190 PROCESS__PTRACE, NULL);
2191}
2192
2193static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
2194 kernel_cap_t *inheritable, kernel_cap_t *permitted)
2195{
2196 return avc_has_perm(current_sid(), task_sid(target), SECCLASS_PROCESS,
2197 PROCESS__GETCAP, NULL);
2198}
2199
2200static int selinux_capset(struct cred *new, const struct cred *old,
2201 const kernel_cap_t *effective,
2202 const kernel_cap_t *inheritable,
2203 const kernel_cap_t *permitted)
2204{
2205 return avc_has_perm(cred_sid(old), cred_sid(new), SECCLASS_PROCESS,
2206 PROCESS__SETCAP, NULL);
2207}
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
2220 int cap, int audit)
2221{
2222 return cred_has_capability(cred, cap, audit, ns == &init_user_ns);
2223}
2224
2225static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
2226{
2227 const struct cred *cred = current_cred();
2228 int rc = 0;
2229
2230 if (!sb)
2231 return 0;
2232
2233 switch (cmds) {
2234 case Q_SYNC:
2235 case Q_QUOTAON:
2236 case Q_QUOTAOFF:
2237 case Q_SETINFO:
2238 case Q_SETQUOTA:
2239 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
2240 break;
2241 case Q_GETFMT:
2242 case Q_GETINFO:
2243 case Q_GETQUOTA:
2244 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
2245 break;
2246 default:
2247 rc = 0;
2248 break;
2249 }
2250 return rc;
2251}
2252
2253static int selinux_quota_on(struct dentry *dentry)
2254{
2255 const struct cred *cred = current_cred();
2256
2257 return dentry_has_perm(cred, dentry, FILE__QUOTAON);
2258}
2259
2260static int selinux_syslog(int type)
2261{
2262 switch (type) {
2263 case SYSLOG_ACTION_READ_ALL:
2264 case SYSLOG_ACTION_SIZE_BUFFER:
2265 return avc_has_perm(current_sid(), SECINITSID_KERNEL,
2266 SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, NULL);
2267 case SYSLOG_ACTION_CONSOLE_OFF:
2268 case SYSLOG_ACTION_CONSOLE_ON:
2269
2270 case SYSLOG_ACTION_CONSOLE_LEVEL:
2271 return avc_has_perm(current_sid(), SECINITSID_KERNEL,
2272 SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE,
2273 NULL);
2274 }
2275
2276 return avc_has_perm(current_sid(), SECINITSID_KERNEL,
2277 SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, NULL);
2278}
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
2289{
2290 int rc, cap_sys_admin = 0;
2291
2292 rc = cred_has_capability(current_cred(), CAP_SYS_ADMIN,
2293 SECURITY_CAP_NOAUDIT, true);
2294 if (rc == 0)
2295 cap_sys_admin = 1;
2296
2297 return cap_sys_admin;
2298}
2299
2300
2301
2302static u32 ptrace_parent_sid(void)
2303{
2304 u32 sid = 0;
2305 struct task_struct *tracer;
2306
2307 rcu_read_lock();
2308 tracer = ptrace_parent(current);
2309 if (tracer)
2310 sid = task_sid(tracer);
2311 rcu_read_unlock();
2312
2313 return sid;
2314}
2315
2316static int check_nnp_nosuid(const struct linux_binprm *bprm,
2317 const struct task_security_struct *old_tsec,
2318 const struct task_security_struct *new_tsec)
2319{
2320 int nnp = (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS);
2321 int nosuid = !mnt_may_suid(bprm->file->f_path.mnt);
2322 int rc;
2323 u32 av;
2324
2325 if (!nnp && !nosuid)
2326 return 0;
2327
2328 if (new_tsec->sid == old_tsec->sid)
2329 return 0;
2330
2331
2332
2333
2334
2335
2336
2337 if (selinux_policycap_nnp_nosuid_transition) {
2338 av = 0;
2339 if (nnp)
2340 av |= PROCESS2__NNP_TRANSITION;
2341 if (nosuid)
2342 av |= PROCESS2__NOSUID_TRANSITION;
2343 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2344 SECCLASS_PROCESS2, av, NULL);
2345 if (!rc)
2346 return 0;
2347 }
2348
2349
2350
2351
2352
2353
2354 rc = security_bounded_transition(old_tsec->sid, new_tsec->sid);
2355 if (!rc)
2356 return 0;
2357
2358
2359
2360
2361
2362
2363 if (nnp)
2364 return -EPERM;
2365 return -EACCES;
2366}
2367
2368static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2369{
2370 const struct task_security_struct *old_tsec;
2371 struct task_security_struct *new_tsec;
2372 struct inode_security_struct *isec;
2373 struct common_audit_data ad;
2374 struct inode *inode = file_inode(bprm->file);
2375 int rc;
2376
2377
2378
2379 if (bprm->called_set_creds)
2380 return 0;
2381
2382 old_tsec = current_security();
2383 new_tsec = bprm->cred->security;
2384 isec = inode_security(inode);
2385
2386
2387 new_tsec->sid = old_tsec->sid;
2388 new_tsec->osid = old_tsec->sid;
2389
2390
2391 new_tsec->create_sid = 0;
2392 new_tsec->keycreate_sid = 0;
2393 new_tsec->sockcreate_sid = 0;
2394
2395 if (old_tsec->exec_sid) {
2396 new_tsec->sid = old_tsec->exec_sid;
2397
2398 new_tsec->exec_sid = 0;
2399
2400
2401 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec);
2402 if (rc)
2403 return rc;
2404 } else {
2405
2406 rc = security_transition_sid(old_tsec->sid, isec->sid,
2407 SECCLASS_PROCESS, NULL,
2408 &new_tsec->sid);
2409 if (rc)
2410 return rc;
2411
2412
2413
2414
2415
2416 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec);
2417 if (rc)
2418 new_tsec->sid = old_tsec->sid;
2419 }
2420
2421 ad.type = LSM_AUDIT_DATA_FILE;
2422 ad.u.file = bprm->file;
2423
2424 if (new_tsec->sid == old_tsec->sid) {
2425 rc = avc_has_perm(old_tsec->sid, isec->sid,
2426 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2427 if (rc)
2428 return rc;
2429 } else {
2430
2431 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2432 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2433 if (rc)
2434 return rc;
2435
2436 rc = avc_has_perm(new_tsec->sid, isec->sid,
2437 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2438 if (rc)
2439 return rc;
2440
2441
2442 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2443 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2444 SECCLASS_PROCESS, PROCESS__SHARE,
2445 NULL);
2446 if (rc)
2447 return -EPERM;
2448 }
2449
2450
2451
2452 if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
2453 u32 ptsid = ptrace_parent_sid();
2454 if (ptsid != 0) {
2455 rc = avc_has_perm(ptsid, new_tsec->sid,
2456 SECCLASS_PROCESS,
2457 PROCESS__PTRACE, NULL);
2458 if (rc)
2459 return -EPERM;
2460 }
2461 }
2462
2463
2464 bprm->per_clear |= PER_CLEAR_ON_SETID;
2465
2466
2467
2468
2469 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2470 SECCLASS_PROCESS, PROCESS__NOATSECURE,
2471 NULL);
2472 bprm->secureexec |= !!rc;
2473 }
2474
2475 return 0;
2476}
2477
2478static int match_file(const void *p, struct file *file, unsigned fd)
2479{
2480 return file_has_perm(p, file, file_to_av(file)) ? fd + 1 : 0;
2481}
2482
2483
2484static inline void flush_unauthorized_files(const struct cred *cred,
2485 struct files_struct *files)
2486{
2487 struct file *file, *devnull = NULL;
2488 struct tty_struct *tty;
2489 int drop_tty = 0;
2490 unsigned n;
2491
2492 tty = get_current_tty();
2493 if (tty) {
2494 spin_lock(&tty->files_lock);
2495 if (!list_empty(&tty->tty_files)) {
2496 struct tty_file_private *file_priv;
2497
2498
2499
2500
2501
2502
2503 file_priv = list_first_entry(&tty->tty_files,
2504 struct tty_file_private, list);
2505 file = file_priv->file;
2506 if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))
2507 drop_tty = 1;
2508 }
2509 spin_unlock(&tty->files_lock);
2510 tty_kref_put(tty);
2511 }
2512
2513 if (drop_tty)
2514 no_tty();
2515
2516
2517 n = iterate_fd(files, 0, match_file, cred);
2518 if (!n)
2519 return;
2520
2521 devnull = dentry_open(&selinux_null, O_RDWR, cred);
2522 if (IS_ERR(devnull))
2523 devnull = NULL;
2524
2525 do {
2526 replace_fd(n - 1, devnull, 0);
2527 } while ((n = iterate_fd(files, n, match_file, cred)) != 0);
2528 if (devnull)
2529 fput(devnull);
2530}
2531
2532
2533
2534
2535static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2536{
2537 struct task_security_struct *new_tsec;
2538 struct rlimit *rlim, *initrlim;
2539 int rc, i;
2540
2541 new_tsec = bprm->cred->security;
2542 if (new_tsec->sid == new_tsec->osid)
2543 return;
2544
2545
2546 flush_unauthorized_files(bprm->cred, current->files);
2547
2548
2549 current->pdeath_signal = 0;
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2562 PROCESS__RLIMITINH, NULL);
2563 if (rc) {
2564
2565 task_lock(current);
2566 for (i = 0; i < RLIM_NLIMITS; i++) {
2567 rlim = current->signal->rlim + i;
2568 initrlim = init_task.signal->rlim + i;
2569 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2570 }
2571 task_unlock(current);
2572 if (IS_ENABLED(CONFIG_POSIX_TIMERS))
2573 update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
2574 }
2575}
2576
2577
2578
2579
2580
2581static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2582{
2583 const struct task_security_struct *tsec = current_security();
2584 struct itimerval itimer;
2585 u32 osid, sid;
2586 int rc, i;
2587
2588 osid = tsec->osid;
2589 sid = tsec->sid;
2590
2591 if (sid == osid)
2592 return;
2593
2594
2595
2596
2597
2598
2599
2600
2601 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2602 if (rc) {
2603 if (IS_ENABLED(CONFIG_POSIX_TIMERS)) {
2604 memset(&itimer, 0, sizeof itimer);
2605 for (i = 0; i < 3; i++)
2606 do_setitimer(i, &itimer, NULL);
2607 }
2608 spin_lock_irq(¤t->sighand->siglock);
2609 if (!fatal_signal_pending(current)) {
2610 flush_sigqueue(¤t->pending);
2611 flush_sigqueue(¤t->signal->shared_pending);
2612 flush_signal_handlers(current, 1);
2613 sigemptyset(¤t->blocked);
2614 recalc_sigpending();
2615 }
2616 spin_unlock_irq(¤t->sighand->siglock);
2617 }
2618
2619
2620
2621 read_lock(&tasklist_lock);
2622 __wake_up_parent(current, current->real_parent);
2623 read_unlock(&tasklist_lock);
2624}
2625
2626
2627
2628static int selinux_sb_alloc_security(struct super_block *sb)
2629{
2630 return superblock_alloc_security(sb);
2631}
2632
2633static void selinux_sb_free_security(struct super_block *sb)
2634{
2635 superblock_free_security(sb);
2636}
2637
2638static inline int match_prefix(char *prefix, int plen, char *option, int olen)
2639{
2640 if (plen > olen)
2641 return 0;
2642
2643 return !memcmp(prefix, option, plen);
2644}
2645
2646static inline int selinux_option(char *option, int len)
2647{
2648 return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) ||
2649 match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) ||
2650 match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) ||
2651 match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) ||
2652 match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len));
2653}
2654
2655static inline void take_option(char **to, char *from, int *first, int len)
2656{
2657 if (!*first) {
2658 **to = ',';
2659 *to += 1;
2660 } else
2661 *first = 0;
2662 memcpy(*to, from, len);
2663 *to += len;
2664}
2665
2666static inline void take_selinux_option(char **to, char *from, int *first,
2667 int len)
2668{
2669 int current_size = 0;
2670
2671 if (!*first) {
2672 **to = '|';
2673 *to += 1;
2674 } else
2675 *first = 0;
2676
2677 while (current_size < len) {
2678 if (*from != '"') {
2679 **to = *from;
2680 *to += 1;
2681 }
2682 from += 1;
2683 current_size += 1;
2684 }
2685}
2686
2687static int selinux_sb_copy_data(char *orig, char *copy)
2688{
2689 int fnosec, fsec, rc = 0;
2690 char *in_save, *in_curr, *in_end;
2691 char *sec_curr, *nosec_save, *nosec;
2692 int open_quote = 0;
2693
2694 in_curr = orig;
2695 sec_curr = copy;
2696
2697 nosec = (char *)get_zeroed_page(GFP_KERNEL);
2698 if (!nosec) {
2699 rc = -ENOMEM;
2700 goto out;
2701 }
2702
2703 nosec_save = nosec;
2704 fnosec = fsec = 1;
2705 in_save = in_end = orig;
2706
2707 do {
2708 if (*in_end == '"')
2709 open_quote = !open_quote;
2710 if ((*in_end == ',' && open_quote == 0) ||
2711 *in_end == '\0') {
2712 int len = in_end - in_curr;
2713
2714 if (selinux_option(in_curr, len))
2715 take_selinux_option(&sec_curr, in_curr, &fsec, len);
2716 else
2717 take_option(&nosec, in_curr, &fnosec, len);
2718
2719 in_curr = in_end + 1;
2720 }
2721 } while (*in_end++);
2722
2723 strcpy(in_save, nosec_save);
2724 free_page((unsigned long)nosec_save);
2725out:
2726 return rc;
2727}
2728
2729static int selinux_sb_remount(struct super_block *sb, void *data)
2730{
2731 int rc, i, *flags;
2732 struct security_mnt_opts opts;
2733 char *secdata, **mount_options;
2734 struct superblock_security_struct *sbsec = sb->s_security;
2735
2736 if (!(sbsec->flags & SE_SBINITIALIZED))
2737 return 0;
2738
2739 if (!data)
2740 return 0;
2741
2742 if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
2743 return 0;
2744
2745 security_init_mnt_opts(&opts);
2746 secdata = alloc_secdata();
2747 if (!secdata)
2748 return -ENOMEM;
2749 rc = selinux_sb_copy_data(data, secdata);
2750 if (rc)
2751 goto out_free_secdata;
2752
2753 rc = selinux_parse_opts_str(secdata, &opts);
2754 if (rc)
2755 goto out_free_secdata;
2756
2757 mount_options = opts.mnt_opts;
2758 flags = opts.mnt_opts_flags;
2759
2760 for (i = 0; i < opts.num_mnt_opts; i++) {
2761 u32 sid;
2762
2763 if (flags[i] == SBLABEL_MNT)
2764 continue;
2765 rc = security_context_str_to_sid(mount_options[i], &sid, GFP_KERNEL);
2766 if (rc) {
2767 printk(KERN_WARNING "SELinux: security_context_str_to_sid"
2768 "(%s) failed for (dev %s, type %s) errno=%d\n",
2769 mount_options[i], sb->s_id, sb->s_type->name, rc);
2770 goto out_free_opts;
2771 }
2772 rc = -EINVAL;
2773 switch (flags[i]) {
2774 case FSCONTEXT_MNT:
2775 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
2776 goto out_bad_option;
2777 break;
2778 case CONTEXT_MNT:
2779 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
2780 goto out_bad_option;
2781 break;
2782 case ROOTCONTEXT_MNT: {
2783 struct inode_security_struct *root_isec;
2784 root_isec = backing_inode_security(sb->s_root);
2785
2786 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
2787 goto out_bad_option;
2788 break;
2789 }
2790 case DEFCONTEXT_MNT:
2791 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
2792 goto out_bad_option;
2793 break;
2794 default:
2795 goto out_free_opts;
2796 }
2797 }
2798
2799 rc = 0;
2800out_free_opts:
2801 security_free_mnt_opts(&opts);
2802out_free_secdata:
2803 free_secdata(secdata);
2804 return rc;
2805out_bad_option:
2806 printk(KERN_WARNING "SELinux: unable to change security options "
2807 "during remount (dev %s, type=%s)\n", sb->s_id,
2808 sb->s_type->name);
2809 goto out_free_opts;
2810}
2811
2812static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2813{
2814 const struct cred *cred = current_cred();
2815 struct common_audit_data ad;
2816 int rc;
2817
2818 rc = superblock_doinit(sb, data);
2819 if (rc)
2820 return rc;
2821
2822
2823 if (flags & MS_KERNMOUNT)
2824 return 0;
2825
2826 ad.type = LSM_AUDIT_DATA_DENTRY;
2827 ad.u.dentry = sb->s_root;
2828 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2829}
2830
2831static int selinux_sb_statfs(struct dentry *dentry)
2832{
2833 const struct cred *cred = current_cred();
2834 struct common_audit_data ad;
2835
2836 ad.type = LSM_AUDIT_DATA_DENTRY;
2837 ad.u.dentry = dentry->d_sb->s_root;
2838 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2839}
2840
2841static int selinux_mount(const char *dev_name,
2842 const struct path *path,
2843 const char *type,
2844 unsigned long flags,
2845 void *data)
2846{
2847 const struct cred *cred = current_cred();
2848
2849 if (flags & MS_REMOUNT)
2850 return superblock_has_perm(cred, path->dentry->d_sb,
2851 FILESYSTEM__REMOUNT, NULL);
2852 else
2853 return path_has_perm(cred, path, FILE__MOUNTON);
2854}
2855
2856static int selinux_umount(struct vfsmount *mnt, int flags)
2857{
2858 const struct cred *cred = current_cred();
2859
2860 return superblock_has_perm(cred, mnt->mnt_sb,
2861 FILESYSTEM__UNMOUNT, NULL);
2862}
2863
2864
2865
2866static int selinux_inode_alloc_security(struct inode *inode)
2867{
2868 return inode_alloc_security(inode);
2869}
2870
2871static void selinux_inode_free_security(struct inode *inode)
2872{
2873 inode_free_security(inode);
2874}
2875
2876static int selinux_dentry_init_security(struct dentry *dentry, int mode,
2877 const struct qstr *name, void **ctx,
2878 u32 *ctxlen)
2879{
2880 u32 newsid;
2881 int rc;
2882
2883 rc = selinux_determine_inode_label(current_security(),
2884 d_inode(dentry->d_parent), name,
2885 inode_mode_to_security_class(mode),
2886 &newsid);
2887 if (rc)
2888 return rc;
2889
2890 return security_sid_to_context(newsid, (char **)ctx, ctxlen);
2891}
2892
2893static int selinux_dentry_create_files_as(struct dentry *dentry, int mode,
2894 struct qstr *name,
2895 const struct cred *old,
2896 struct cred *new)
2897{
2898 u32 newsid;
2899 int rc;
2900 struct task_security_struct *tsec;
2901
2902 rc = selinux_determine_inode_label(old->security,
2903 d_inode(dentry->d_parent), name,
2904 inode_mode_to_security_class(mode),
2905 &newsid);
2906 if (rc)
2907 return rc;
2908
2909 tsec = new->security;
2910 tsec->create_sid = newsid;
2911 return 0;
2912}
2913
2914static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2915 const struct qstr *qstr,
2916 const char **name,
2917 void **value, size_t *len)
2918{
2919 const struct task_security_struct *tsec = current_security();
2920 struct superblock_security_struct *sbsec;
2921 u32 sid, newsid, clen;
2922 int rc;
2923 char *context;
2924
2925 sbsec = dir->i_sb->s_security;
2926
2927 sid = tsec->sid;
2928 newsid = tsec->create_sid;
2929
2930 rc = selinux_determine_inode_label(current_security(),
2931 dir, qstr,
2932 inode_mode_to_security_class(inode->i_mode),
2933 &newsid);
2934 if (rc)
2935 return rc;
2936
2937
2938 if (sbsec->flags & SE_SBINITIALIZED) {
2939 struct inode_security_struct *isec = inode->i_security;
2940 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2941 isec->sid = newsid;
2942 isec->initialized = LABEL_INITIALIZED;
2943 }
2944
2945 if (!ss_initialized || !(sbsec->flags & SBLABEL_MNT))
2946 return -EOPNOTSUPP;
2947
2948 if (name)
2949 *name = XATTR_SELINUX_SUFFIX;
2950
2951 if (value && len) {
2952 rc = security_sid_to_context_force(newsid, &context, &clen);
2953 if (rc)
2954 return rc;
2955 *value = context;
2956 *len = clen;
2957 }
2958
2959 return 0;
2960}
2961
2962static int selinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
2963{
2964 return may_create(dir, dentry, SECCLASS_FILE);
2965}
2966
2967static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2968{
2969 return may_link(dir, old_dentry, MAY_LINK);
2970}
2971
2972static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2973{
2974 return may_link(dir, dentry, MAY_UNLINK);
2975}
2976
2977static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2978{
2979 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2980}
2981
2982static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask)
2983{
2984 return may_create(dir, dentry, SECCLASS_DIR);
2985}
2986
2987static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2988{
2989 return may_link(dir, dentry, MAY_RMDIR);
2990}
2991
2992static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
2993{
2994 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2995}
2996
2997static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2998 struct inode *new_inode, struct dentry *new_dentry)
2999{
3000 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
3001}
3002
3003static int selinux_inode_readlink(struct dentry *dentry)
3004{
3005 const struct cred *cred = current_cred();
3006
3007 return dentry_has_perm(cred, dentry, FILE__READ);
3008}
3009
3010static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
3011 bool rcu)
3012{
3013 const struct cred *cred = current_cred();
3014 struct common_audit_data ad;
3015 struct inode_security_struct *isec;
3016 u32 sid;
3017
3018 validate_creds(cred);
3019
3020 ad.type = LSM_AUDIT_DATA_DENTRY;
3021 ad.u.dentry = dentry;
3022 sid = cred_sid(cred);
3023 isec = inode_security_rcu(inode, rcu);
3024 if (IS_ERR(isec))
3025 return PTR_ERR(isec);
3026
3027 return avc_has_perm_flags(sid, isec->sid, isec->sclass, FILE__READ, &ad,
3028 rcu ? MAY_NOT_BLOCK : 0);
3029}
3030
3031static noinline int audit_inode_permission(struct inode *inode,
3032 u32 perms, u32 audited, u32 denied,
3033 int result,
3034 unsigned flags)
3035{
3036 struct common_audit_data ad;
3037 struct inode_security_struct *isec = inode->i_security;
3038 int rc;
3039
3040 ad.type = LSM_AUDIT_DATA_INODE;
3041 ad.u.inode = inode;
3042
3043 rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms,
3044 audited, denied, result, &ad, flags);
3045 if (rc)
3046 return rc;
3047 return 0;
3048}
3049
3050static int selinux_inode_permission(struct inode *inode, int mask)
3051{
3052 const struct cred *cred = current_cred();
3053 u32 perms;
3054 bool from_access;
3055 unsigned flags = mask & MAY_NOT_BLOCK;
3056 struct inode_security_struct *isec;
3057 u32 sid;
3058 struct av_decision avd;
3059 int rc, rc2;
3060 u32 audited, denied;
3061
3062 from_access = mask & MAY_ACCESS;
3063 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
3064
3065
3066 if (!mask)
3067 return 0;
3068
3069 validate_creds(cred);
3070
3071 if (unlikely(IS_PRIVATE(inode)))
3072 return 0;
3073
3074 perms = file_mask_to_av(inode->i_mode, mask);
3075
3076 sid = cred_sid(cred);
3077 isec = inode_security_rcu(inode, flags & MAY_NOT_BLOCK);
3078 if (IS_ERR(isec))
3079 return PTR_ERR(isec);
3080
3081 rc = avc_has_perm_noaudit(sid, isec->sid, isec->sclass, perms, 0, &avd);
3082 audited = avc_audit_required(perms, &avd, rc,
3083 from_access ? FILE__AUDIT_ACCESS : 0,
3084 &denied);
3085 if (likely(!audited))
3086 return rc;
3087
3088 rc2 = audit_inode_permission(inode, perms, audited, denied, rc, flags);
3089 if (rc2)
3090 return rc2;
3091 return rc;
3092}
3093
3094static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
3095{
3096 const struct cred *cred = current_cred();
3097 struct inode *inode = d_backing_inode(dentry);
3098 unsigned int ia_valid = iattr->ia_valid;
3099 __u32 av = FILE__WRITE;
3100
3101
3102 if (ia_valid & ATTR_FORCE) {
3103 ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE |
3104 ATTR_FORCE);
3105 if (!ia_valid)
3106 return 0;
3107 }
3108
3109 if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
3110 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
3111 return dentry_has_perm(cred, dentry, FILE__SETATTR);
3112
3113 if (selinux_policycap_openperm &&
3114 inode->i_sb->s_magic != SOCKFS_MAGIC &&
3115 (ia_valid & ATTR_SIZE) &&
3116 !(ia_valid & ATTR_FILE))
3117 av |= FILE__OPEN;
3118
3119 return dentry_has_perm(cred, dentry, av);
3120}
3121
3122static int selinux_inode_getattr(const struct path *path)
3123{
3124 return path_has_perm(current_cred(), path, FILE__GETATTR);
3125}
3126
3127static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
3128{
3129 const struct cred *cred = current_cred();
3130
3131 if (!strncmp(name, XATTR_SECURITY_PREFIX,
3132 sizeof XATTR_SECURITY_PREFIX - 1)) {
3133 if (!strcmp(name, XATTR_NAME_CAPS)) {
3134 if (!capable(CAP_SETFCAP))
3135 return -EPERM;
3136 } else if (!capable(CAP_SYS_ADMIN)) {
3137
3138
3139 return -EPERM;
3140 }
3141 }
3142
3143
3144
3145 return dentry_has_perm(cred, dentry, FILE__SETATTR);
3146}
3147
3148static bool has_cap_mac_admin(bool audit)
3149{
3150 const struct cred *cred = current_cred();
3151 int cap_audit = audit ? SECURITY_CAP_AUDIT : SECURITY_CAP_NOAUDIT;
3152
3153 if (cap_capable(cred, &init_user_ns, CAP_MAC_ADMIN, cap_audit))
3154 return false;
3155 if (cred_has_capability(cred, CAP_MAC_ADMIN, cap_audit, true))
3156 return false;
3157 return true;
3158}
3159
3160static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
3161 const void *value, size_t size, int flags)
3162{
3163 struct inode *inode = d_backing_inode(dentry);
3164 struct inode_security_struct *isec;
3165 struct superblock_security_struct *sbsec;
3166 struct common_audit_data ad;
3167 u32 newsid, sid = current_sid();
3168 int rc = 0;
3169
3170 if (strcmp(name, XATTR_NAME_SELINUX))
3171 return selinux_inode_setotherxattr(dentry, name);
3172
3173 sbsec = inode->i_sb->s_security;
3174 if (!(sbsec->flags & SBLABEL_MNT))
3175 return -EOPNOTSUPP;
3176
3177 if (!inode_owner_or_capable(inode))
3178 return -EPERM;
3179
3180 ad.type = LSM_AUDIT_DATA_DENTRY;
3181 ad.u.dentry = dentry;
3182
3183 isec = backing_inode_security(dentry);
3184 rc = avc_has_perm(sid, isec->sid, isec->sclass,
3185 FILE__RELABELFROM, &ad);
3186 if (rc)
3187 return rc;
3188
3189 rc = security_context_to_sid(value, size, &newsid, GFP_KERNEL);
3190 if (rc == -EINVAL) {
3191 if (!has_cap_mac_admin(true)) {
3192 struct audit_buffer *ab;
3193 size_t audit_size;
3194 const char *str;
3195
3196
3197
3198 if (value) {
3199 str = value;
3200 if (str[size - 1] == '\0')
3201 audit_size = size - 1;
3202 else
3203 audit_size = size;
3204 } else {
3205 str = "";
3206 audit_size = 0;
3207 }
3208 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
3209 audit_log_format(ab, "op=setxattr invalid_context=");
3210 audit_log_n_untrustedstring(ab, value, audit_size);
3211 audit_log_end(ab);
3212
3213 return rc;
3214 }
3215 rc = security_context_to_sid_force(value, size, &newsid);
3216 }
3217 if (rc)
3218 return rc;
3219
3220 rc = avc_has_perm(sid, newsid, isec->sclass,
3221 FILE__RELABELTO, &ad);
3222 if (rc)
3223 return rc;
3224
3225 rc = security_validate_transition(isec->sid, newsid, sid,
3226 isec->sclass);
3227 if (rc)
3228 return rc;
3229
3230 return avc_has_perm(newsid,
3231 sbsec->sid,
3232 SECCLASS_FILESYSTEM,
3233 FILESYSTEM__ASSOCIATE,
3234 &ad);
3235}
3236
3237static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
3238 const void *value, size_t size,
3239 int flags)
3240{
3241 struct inode *inode = d_backing_inode(dentry);
3242 struct inode_security_struct *isec;
3243 u32 newsid;
3244 int rc;
3245
3246 if (strcmp(name, XATTR_NAME_SELINUX)) {
3247
3248 return;
3249 }
3250
3251 rc = security_context_to_sid_force(value, size, &newsid);
3252 if (rc) {
3253 printk(KERN_ERR "SELinux: unable to map context to SID"
3254 "for (%s, %lu), rc=%d\n",
3255 inode->i_sb->s_id, inode->i_ino, -rc);
3256 return;
3257 }
3258
3259 isec = backing_inode_security(dentry);
3260 spin_lock(&isec->lock);
3261 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3262 isec->sid = newsid;
3263 isec->initialized = LABEL_INITIALIZED;
3264 spin_unlock(&isec->lock);
3265
3266 return;
3267}
3268
3269static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
3270{
3271 const struct cred *cred = current_cred();
3272
3273 return dentry_has_perm(cred, dentry, FILE__GETATTR);
3274}
3275
3276static int selinux_inode_listxattr(struct dentry *dentry)
3277{
3278 const struct cred *cred = current_cred();
3279
3280 return dentry_has_perm(cred, dentry, FILE__GETATTR);
3281}
3282
3283static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
3284{
3285 if (strcmp(name, XATTR_NAME_SELINUX))
3286 return selinux_inode_setotherxattr(dentry, name);
3287
3288
3289
3290 return -EACCES;
3291}
3292
3293
3294
3295
3296
3297
3298static int selinux_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)
3299{
3300 u32 size;
3301 int error;
3302 char *context = NULL;
3303 struct inode_security_struct *isec;
3304
3305 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3306 return -EOPNOTSUPP;
3307
3308
3309
3310
3311
3312
3313
3314
3315
3316
3317 isec = inode_security(inode);
3318 if (has_cap_mac_admin(false))
3319 error = security_sid_to_context_force(isec->sid, &context,
3320 &size);
3321 else
3322 error = security_sid_to_context(isec->sid, &context, &size);
3323 if (error)
3324 return error;
3325 error = size;
3326 if (alloc) {
3327 *buffer = context;
3328 goto out_nofree;
3329 }
3330 kfree(context);
3331out_nofree:
3332 return error;
3333}
3334
3335static int selinux_inode_setsecurity(struct inode *inode, const char *name,
3336 const void *value, size_t size, int flags)
3337{
3338 struct inode_security_struct *isec = inode_security_novalidate(inode);
3339 u32 newsid;
3340 int rc;
3341
3342 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3343 return -EOPNOTSUPP;
3344
3345 if (!value || !size)
3346 return -EACCES;
3347
3348 rc = security_context_to_sid(value, size, &newsid, GFP_KERNEL);
3349 if (rc)
3350 return rc;
3351
3352 spin_lock(&isec->lock);
3353 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3354 isec->sid = newsid;
3355 isec->initialized = LABEL_INITIALIZED;
3356 spin_unlock(&isec->lock);
3357 return 0;
3358}
3359
3360static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
3361{
3362 const int len = sizeof(XATTR_NAME_SELINUX);
3363 if (buffer && len <= buffer_size)
3364 memcpy(buffer, XATTR_NAME_SELINUX, len);
3365 return len;
3366}
3367
3368static void selinux_inode_getsecid(struct inode *inode, u32 *secid)
3369{
3370 struct inode_security_struct *isec = inode_security_novalidate(inode);
3371 *secid = isec->sid;
3372}
3373
3374static int selinux_inode_copy_up(struct dentry *src, struct cred **new)
3375{
3376 u32 sid;
3377 struct task_security_struct *tsec;
3378 struct cred *new_creds = *new;
3379
3380 if (new_creds == NULL) {
3381 new_creds = prepare_creds();
3382 if (!new_creds)
3383 return -ENOMEM;
3384 }
3385
3386 tsec = new_creds->security;
3387
3388 selinux_inode_getsecid(d_inode(src), &sid);
3389 tsec->create_sid = sid;
3390 *new = new_creds;
3391 return 0;
3392}
3393
3394static int selinux_inode_copy_up_xattr(const char *name)
3395{
3396
3397
3398
3399
3400 if (strcmp(name, XATTR_NAME_SELINUX) == 0)
3401 return 1;
3402
3403
3404
3405
3406 return -EOPNOTSUPP;
3407}
3408
3409
3410
3411static int selinux_revalidate_file_permission(struct file *file, int mask)
3412{
3413 const struct cred *cred = current_cred();
3414 struct inode *inode = file_inode(file);
3415
3416
3417 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
3418 mask |= MAY_APPEND;
3419
3420 return file_has_perm(cred, file,
3421 file_mask_to_av(inode->i_mode, mask));
3422}
3423
3424static int selinux_file_permission(struct file *file, int mask)
3425{
3426 struct inode *inode = file_inode(file);
3427 struct file_security_struct *fsec = file->f_security;
3428 struct inode_security_struct *isec;
3429 u32 sid = current_sid();
3430
3431 if (!mask)
3432
3433 return 0;
3434
3435 isec = inode_security(inode);
3436 if (sid == fsec->sid && fsec->isid == isec->sid &&
3437 fsec->pseqno == avc_policy_seqno())
3438
3439 return 0;
3440
3441 return selinux_revalidate_file_permission(file, mask);
3442}
3443
3444static int selinux_file_alloc_security(struct file *file)
3445{
3446 return file_alloc_security(file);
3447}
3448
3449static void selinux_file_free_security(struct file *file)
3450{
3451 file_free_security(file);
3452}
3453
3454
3455
3456
3457
3458static int ioctl_has_perm(const struct cred *cred, struct file *file,
3459 u32 requested, u16 cmd)
3460{
3461 struct common_audit_data ad;
3462 struct file_security_struct *fsec = file->f_security;
3463 struct inode *inode = file_inode(file);
3464 struct inode_security_struct *isec;
3465 struct lsm_ioctlop_audit ioctl;
3466 u32 ssid = cred_sid(cred);
3467 int rc;
3468 u8 driver = cmd >> 8;
3469 u8 xperm = cmd & 0xff;
3470
3471 ad.type = LSM_AUDIT_DATA_IOCTL_OP;
3472 ad.u.op = &ioctl;
3473 ad.u.op->cmd = cmd;
3474 ad.u.op->path = file->f_path;
3475
3476 if (ssid != fsec->sid) {
3477 rc = avc_has_perm(ssid, fsec->sid,
3478 SECCLASS_FD,
3479 FD__USE,
3480 &ad);
3481 if (rc)
3482 goto out;
3483 }
3484
3485 if (unlikely(IS_PRIVATE(inode)))
3486 return 0;
3487
3488 isec = inode_security(inode);
3489 rc = avc_has_extended_perms(ssid, isec->sid, isec->sclass,
3490 requested, driver, xperm, &ad);
3491out:
3492 return rc;
3493}
3494
3495static int selinux_file_ioctl(struct file *file, unsigned int cmd,
3496 unsigned long arg)
3497{
3498 const struct cred *cred = current_cred();
3499 int error = 0;
3500
3501 switch (cmd) {
3502 case FIONREAD:
3503
3504 case FIBMAP:
3505
3506 case FIGETBSZ:
3507
3508 case FS_IOC_GETFLAGS:
3509
3510 case FS_IOC_GETVERSION:
3511 error = file_has_perm(cred, file, FILE__GETATTR);
3512 break;
3513
3514 case FS_IOC_SETFLAGS:
3515
3516 case FS_IOC_SETVERSION:
3517 error = file_has_perm(cred, file, FILE__SETATTR);
3518 break;
3519
3520
3521 case FIONBIO:
3522
3523 case FIOASYNC:
3524 error = file_has_perm(cred, file, 0);
3525 break;
3526
3527 case KDSKBENT:
3528 case KDSKBSENT:
3529 error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG,
3530 SECURITY_CAP_AUDIT, true);
3531 break;
3532
3533
3534
3535
3536 default:
3537 error = ioctl_has_perm(cred, file, FILE__IOCTL, (u16) cmd);
3538 }
3539 return error;
3540}
3541
3542static int default_noexec;
3543
3544static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
3545{
3546 const struct cred *cred = current_cred();
3547 u32 sid = cred_sid(cred);
3548 int rc = 0;
3549
3550 if (default_noexec &&
3551 (prot & PROT_EXEC) && (!file || IS_PRIVATE(file_inode(file)) ||
3552 (!shared && (prot & PROT_WRITE)))) {
3553
3554
3555
3556
3557
3558 rc = avc_has_perm(sid, sid, SECCLASS_PROCESS,
3559 PROCESS__EXECMEM, NULL);
3560 if (rc)
3561 goto error;
3562 }
3563
3564 if (file) {
3565
3566 u32 av = FILE__READ;
3567
3568
3569 if (shared && (prot & PROT_WRITE))
3570 av |= FILE__WRITE;
3571
3572 if (prot & PROT_EXEC)
3573 av |= FILE__EXECUTE;
3574
3575 return file_has_perm(cred, file, av);
3576 }
3577
3578error:
3579 return rc;
3580}
3581
3582static int selinux_mmap_addr(unsigned long addr)
3583{
3584 int rc = 0;
3585
3586 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
3587 u32 sid = current_sid();
3588 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
3589 MEMPROTECT__MMAP_ZERO, NULL);
3590 }
3591
3592 return rc;
3593}
3594
3595static int selinux_mmap_file(struct file *file, unsigned long reqprot,
3596 unsigned long prot, unsigned long flags)
3597{
3598 struct common_audit_data ad;
3599 int rc;
3600
3601 if (file) {
3602 ad.type = LSM_AUDIT_DATA_FILE;
3603 ad.u.file = file;
3604 rc = inode_has_perm(current_cred(), file_inode(file),
3605 FILE__MAP, &ad);
3606 if (rc)
3607 return rc;
3608 }
3609
3610 if (selinux_checkreqprot)
3611 prot = reqprot;
3612
3613 return file_map_prot_check(file, prot,
3614 (flags & MAP_TYPE) == MAP_SHARED);
3615}
3616
3617static int selinux_file_mprotect(struct vm_area_struct *vma,
3618 unsigned long reqprot,
3619 unsigned long prot)
3620{
3621 const struct cred *cred = current_cred();
3622 u32 sid = cred_sid(cred);
3623
3624 if (selinux_checkreqprot)
3625 prot = reqprot;
3626
3627 if (default_noexec &&
3628 (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3629 int rc = 0;
3630 if (vma->vm_start >= vma->vm_mm->start_brk &&
3631 vma->vm_end <= vma->vm_mm->brk) {
3632 rc = avc_has_perm(sid, sid, SECCLASS_PROCESS,
3633 PROCESS__EXECHEAP, NULL);
3634 } else if (!vma->vm_file &&
3635 ((vma->vm_start <= vma->vm_mm->start_stack &&
3636 vma->vm_end >= vma->vm_mm->start_stack) ||
3637 vma_is_stack_for_current(vma))) {
3638 rc = avc_has_perm(sid, sid, SECCLASS_PROCESS,
3639 PROCESS__EXECSTACK, NULL);
3640 } else if (vma->vm_file && vma->anon_vma) {
3641
3642
3643
3644
3645
3646
3647
3648 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3649 }
3650 if (rc)
3651 return rc;
3652 }
3653
3654 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3655}
3656
3657static int selinux_file_lock(struct file *file, unsigned int cmd)
3658{
3659 const struct cred *cred = current_cred();
3660
3661 return file_has_perm(cred, file, FILE__LOCK);
3662}
3663
3664static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3665 unsigned long arg)
3666{
3667 const struct cred *cred = current_cred();
3668 int err = 0;
3669
3670 switch (cmd) {
3671 case F_SETFL:
3672 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3673 err = file_has_perm(cred, file, FILE__WRITE);
3674 break;
3675 }
3676
3677 case F_SETOWN:
3678 case F_SETSIG:
3679 case F_GETFL:
3680 case F_GETOWN:
3681 case F_GETSIG:
3682 case F_GETOWNER_UIDS:
3683
3684 err = file_has_perm(cred, file, 0);
3685 break;
3686 case F_GETLK:
3687 case F_SETLK:
3688 case F_SETLKW:
3689 case F_OFD_GETLK:
3690 case F_OFD_SETLK:
3691 case F_OFD_SETLKW:
3692#if BITS_PER_LONG == 32
3693 case F_GETLK64:
3694 case F_SETLK64:
3695 case F_SETLKW64:
3696#endif
3697 err = file_has_perm(cred, file, FILE__LOCK);
3698 break;
3699 }
3700
3701 return err;
3702}
3703
3704static void selinux_file_set_fowner(struct file *file)
3705{
3706 struct file_security_struct *fsec;
3707
3708 fsec = file->f_security;
3709 fsec->fown_sid = current_sid();
3710}
3711
3712static int selinux_file_send_sigiotask(struct task_struct *tsk,
3713 struct fown_struct *fown, int signum)
3714{
3715 struct file *file;
3716 u32 sid = task_sid(tsk);
3717 u32 perm;
3718 struct file_security_struct *fsec;
3719
3720
3721 file = container_of(fown, struct file, f_owner);
3722
3723 fsec = file->f_security;
3724
3725 if (!signum)
3726 perm = signal_to_av(SIGIO);
3727 else
3728 perm = signal_to_av(signum);
3729
3730 return avc_has_perm(fsec->fown_sid, sid,
3731 SECCLASS_PROCESS, perm, NULL);
3732}
3733
3734static int selinux_file_receive(struct file *file)
3735{
3736 const struct cred *cred = current_cred();
3737
3738 return file_has_perm(cred, file, file_to_av(file));
3739}
3740
3741static int selinux_file_open(struct file *file, const struct cred *cred)
3742{
3743 struct file_security_struct *fsec;
3744 struct inode_security_struct *isec;
3745
3746 fsec = file->f_security;
3747 isec = inode_security(file_inode(file));
3748
3749
3750
3751
3752
3753
3754
3755 fsec->isid = isec->sid;
3756 fsec->pseqno = avc_policy_seqno();
3757
3758
3759
3760
3761
3762
3763
3764
3765 return file_path_has_perm(cred, file, open_file_to_av(file));
3766}
3767
3768
3769
3770static int selinux_task_alloc(struct task_struct *task,
3771 unsigned long clone_flags)
3772{
3773 u32 sid = current_sid();
3774
3775 return avc_has_perm(sid, sid, SECCLASS_PROCESS, PROCESS__FORK, NULL);
3776}
3777
3778
3779
3780
3781static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp)
3782{
3783 struct task_security_struct *tsec;
3784
3785 tsec = kzalloc(sizeof(struct task_security_struct), gfp);
3786 if (!tsec)
3787 return -ENOMEM;
3788
3789 cred->security = tsec;
3790 return 0;
3791}
3792
3793
3794
3795
3796static void selinux_cred_free(struct cred *cred)
3797{
3798 struct task_security_struct *tsec = cred->security;
3799
3800
3801
3802
3803
3804 BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE);
3805 cred->security = (void *) 0x7UL;
3806 kfree(tsec);
3807}
3808
3809
3810
3811
3812static int selinux_cred_prepare(struct cred *new, const struct cred *old,
3813 gfp_t gfp)
3814{
3815 const struct task_security_struct *old_tsec;
3816 struct task_security_struct *tsec;
3817
3818 old_tsec = old->security;
3819
3820 tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp);
3821 if (!tsec)
3822 return -ENOMEM;
3823
3824 new->security = tsec;
3825 return 0;
3826}
3827
3828
3829
3830
3831static void selinux_cred_transfer(struct cred *new, const struct cred *old)
3832{
3833 const struct task_security_struct *old_tsec = old->security;
3834 struct task_security_struct *tsec = new->security;
3835
3836 *tsec = *old_tsec;
3837}
3838
3839
3840
3841
3842
3843static int selinux_kernel_act_as(struct cred *new, u32 secid)
3844{
3845 struct task_security_struct *tsec = new->security;
3846 u32 sid = current_sid();
3847 int ret;
3848
3849 ret = avc_has_perm(sid, secid,
3850 SECCLASS_KERNEL_SERVICE,
3851 KERNEL_SERVICE__USE_AS_OVERRIDE,
3852 NULL);
3853 if (ret == 0) {
3854 tsec->sid = secid;
3855 tsec->create_sid = 0;
3856 tsec->keycreate_sid = 0;
3857 tsec->sockcreate_sid = 0;
3858 }
3859 return ret;
3860}
3861
3862
3863
3864
3865
3866static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3867{
3868 struct inode_security_struct *isec = inode_security(inode);
3869 struct task_security_struct *tsec = new->security;
3870 u32 sid = current_sid();
3871 int ret;
3872
3873 ret = avc_has_perm(sid, isec->sid,
3874 SECCLASS_KERNEL_SERVICE,
3875 KERNEL_SERVICE__CREATE_FILES_AS,
3876 NULL);
3877
3878 if (ret == 0)
3879 tsec->create_sid = isec->sid;
3880 return ret;
3881}
3882
3883static int selinux_kernel_module_request(char *kmod_name)
3884{
3885 struct common_audit_data ad;
3886
3887 ad.type = LSM_AUDIT_DATA_KMOD;
3888 ad.u.kmod_name = kmod_name;
3889
3890 return avc_has_perm(current_sid(), SECINITSID_KERNEL, SECCLASS_SYSTEM,
3891 SYSTEM__MODULE_REQUEST, &ad);
3892}
3893
3894static int selinux_kernel_module_from_file(struct file *file)
3895{
3896 struct common_audit_data ad;
3897 struct inode_security_struct *isec;
3898 struct file_security_struct *fsec;
3899 u32 sid = current_sid();
3900 int rc;
3901
3902
3903 if (file == NULL)
3904 return avc_has_perm(sid, sid, SECCLASS_SYSTEM,
3905 SYSTEM__MODULE_LOAD, NULL);
3906
3907
3908
3909 ad.type = LSM_AUDIT_DATA_FILE;
3910 ad.u.file = file;
3911
3912 fsec = file->f_security;
3913 if (sid != fsec->sid) {
3914 rc = avc_has_perm(sid, fsec->sid, SECCLASS_FD, FD__USE, &ad);
3915 if (rc)
3916 return rc;
3917 }
3918
3919 isec = inode_security(file_inode(file));
3920 return avc_has_perm(sid, isec->sid, SECCLASS_SYSTEM,
3921 SYSTEM__MODULE_LOAD, &ad);
3922}
3923
3924static int selinux_kernel_read_file(struct file *file,
3925 enum kernel_read_file_id id)
3926{
3927 int rc = 0;
3928
3929 switch (id) {
3930 case READING_MODULE:
3931 rc = selinux_kernel_module_from_file(file);
3932 break;
3933 default:
3934 break;
3935 }
3936
3937 return rc;
3938}
3939
3940static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
3941{
3942 return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,
3943 PROCESS__SETPGID, NULL);
3944}
3945
3946static int selinux_task_getpgid(struct task_struct *p)
3947{
3948 return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,
3949 PROCESS__GETPGID, NULL);
3950}
3951
3952static int selinux_task_getsid(struct task_struct *p)
3953{
3954 return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,
3955 PROCESS__GETSESSION, NULL);
3956}
3957
3958static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
3959{
3960 *secid = task_sid(p);
3961}
3962
3963static int selinux_task_setnice(struct task_struct *p, int nice)
3964{
3965 return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,
3966 PROCESS__SETSCHED, NULL);
3967}
3968
3969static int selinux_task_setioprio(struct task_struct *p, int ioprio)
3970{
3971 return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,
3972 PROCESS__SETSCHED, NULL);
3973}
3974
3975static int selinux_task_getioprio(struct task_struct *p)
3976{
3977 return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,
3978 PROCESS__GETSCHED, NULL);
3979}
3980
3981int selinux_task_prlimit(const struct cred *cred, const struct cred *tcred,
3982 unsigned int flags)
3983{
3984 u32 av = 0;
3985
3986 if (!flags)
3987 return 0;
3988 if (flags & LSM_PRLIMIT_WRITE)
3989 av |= PROCESS__SETRLIMIT;
3990 if (flags & LSM_PRLIMIT_READ)
3991 av |= PROCESS__GETRLIMIT;
3992 return avc_has_perm(cred_sid(cred), cred_sid(tcred),
3993 SECCLASS_PROCESS, av, NULL);
3994}
3995
3996static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
3997 struct rlimit *new_rlim)
3998{
3999 struct rlimit *old_rlim = p->signal->rlim + resource;
4000
4001
4002
4003
4004
4005 if (old_rlim->rlim_max != new_rlim->rlim_max)
4006 return avc_has_perm(current_sid(), task_sid(p),
4007 SECCLASS_PROCESS, PROCESS__SETRLIMIT, NULL);
4008
4009 return 0;
4010}
4011
4012static int selinux_task_setscheduler(struct task_struct *p)
4013{
4014 return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,
4015 PROCESS__SETSCHED, NULL);
4016}
4017
4018static int selinux_task_getscheduler(struct task_struct *p)
4019{
4020 return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,
4021 PROCESS__GETSCHED, NULL);
4022}
4023
4024static int selinux_task_movememory(struct task_struct *p)
4025{
4026 return avc_has_perm(current_sid(), task_sid(p), SECCLASS_PROCESS,
4027 PROCESS__SETSCHED, NULL);
4028}
4029
4030static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
4031 int sig, u32 secid)
4032{
4033 u32 perm;
4034
4035 if (!sig)
4036 perm = PROCESS__SIGNULL;
4037 else
4038 perm = signal_to_av(sig);
4039 if (!secid)
4040 secid = current_sid();
4041 return avc_has_perm(secid, task_sid(p), SECCLASS_PROCESS, perm, NULL);
4042}
4043
4044static void selinux_task_to_inode(struct task_struct *p,
4045 struct inode *inode)
4046{
4047 struct inode_security_struct *isec = inode->i_security;
4048 u32 sid = task_sid(p);
4049
4050 spin_lock(&isec->lock);
4051 isec->sclass = inode_mode_to_security_class(inode->i_mode);
4052 isec->sid = sid;
4053 isec->initialized = LABEL_INITIALIZED;
4054 spin_unlock(&isec->lock);
4055}
4056
4057
4058static int selinux_parse_skb_ipv4(struct sk_buff *skb,
4059 struct common_audit_data *ad, u8 *proto)
4060{
4061 int offset, ihlen, ret = -EINVAL;
4062 struct iphdr _iph, *ih;
4063
4064 offset = skb_network_offset(skb);
4065 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
4066 if (ih == NULL)
4067 goto out;
4068
4069 ihlen = ih->ihl * 4;
4070 if (ihlen < sizeof(_iph))
4071 goto out;
4072
4073 ad->u.net->v4info.saddr = ih->saddr;
4074 ad->u.net->v4info.daddr = ih->daddr;
4075 ret = 0;
4076
4077 if (proto)
4078 *proto = ih->protocol;
4079
4080 switch (ih->protocol) {
4081 case IPPROTO_TCP: {
4082 struct tcphdr _tcph, *th;
4083
4084 if (ntohs(ih->frag_off) & IP_OFFSET)
4085 break;
4086
4087 offset += ihlen;
4088 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
4089 if (th == NULL)
4090 break;
4091
4092 ad->u.net->sport = th->source;
4093 ad->u.net->dport = th->dest;
4094 break;
4095 }
4096
4097 case IPPROTO_UDP: {
4098 struct udphdr _udph, *uh;
4099
4100 if (ntohs(ih->frag_off) & IP_OFFSET)
4101 break;
4102
4103 offset += ihlen;
4104 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
4105 if (uh == NULL)
4106 break;
4107
4108 ad->u.net->sport = uh->source;
4109 ad->u.net->dport = uh->dest;
4110 break;
4111 }
4112
4113 case IPPROTO_DCCP: {
4114 struct dccp_hdr _dccph, *dh;
4115
4116 if (ntohs(ih->frag_off) & IP_OFFSET)
4117 break;
4118
4119 offset += ihlen;
4120 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
4121 if (dh == NULL)
4122 break;
4123
4124 ad->u.net->sport = dh->dccph_sport;
4125 ad->u.net->dport = dh->dccph_dport;
4126 break;
4127 }
4128
4129 default:
4130 break;
4131 }
4132out:
4133 return ret;
4134}
4135
4136#if IS_ENABLED(CONFIG_IPV6)
4137
4138
4139static int selinux_parse_skb_ipv6(struct sk_buff *skb,
4140 struct common_audit_data *ad, u8 *proto)
4141{
4142 u8 nexthdr;
4143 int ret = -EINVAL, offset;
4144 struct ipv6hdr _ipv6h, *ip6;
4145 __be16 frag_off;
4146
4147 offset = skb_network_offset(skb);
4148 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
4149 if (ip6 == NULL)
4150 goto out;
4151
4152 ad->u.net->v6info.saddr = ip6->saddr;
4153 ad->u.net->v6info.daddr = ip6->daddr;
4154 ret = 0;
4155
4156 nexthdr = ip6->nexthdr;
4157 offset += sizeof(_ipv6h);
4158 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
4159 if (offset < 0)
4160 goto out;
4161
4162 if (proto)
4163 *proto = nexthdr;
4164
4165 switch (nexthdr) {
4166 case IPPROTO_TCP: {
4167 struct tcphdr _tcph, *th;
4168
4169 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
4170 if (th == NULL)
4171 break;
4172
4173 ad->u.net->sport = th->source;
4174 ad->u.net->dport = th->dest;
4175 break;
4176 }
4177
4178 case IPPROTO_UDP: {
4179 struct udphdr _udph, *uh;
4180
4181 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
4182 if (uh == NULL)
4183 break;
4184
4185 ad->u.net->sport = uh->source;
4186 ad->u.net->dport = uh->dest;
4187 break;
4188 }
4189
4190 case IPPROTO_DCCP: {
4191 struct dccp_hdr _dccph, *dh;
4192
4193 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
4194 if (dh == NULL)
4195 break;
4196
4197 ad->u.net->sport = dh->dccph_sport;
4198 ad->u.net->dport = dh->dccph_dport;
4199 break;
4200 }
4201
4202
4203 default:
4204 break;
4205 }
4206out:
4207 return ret;
4208}
4209
4210#endif
4211
4212static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
4213 char **_addrp, int src, u8 *proto)
4214{
4215 char *addrp;
4216 int ret;
4217
4218 switch (ad->u.net->family) {
4219 case PF_INET:
4220 ret = selinux_parse_skb_ipv4(skb, ad, proto);
4221 if (ret)
4222 goto parse_error;
4223 addrp = (char *)(src ? &ad->u.net->v4info.saddr :
4224 &ad->u.net->v4info.daddr);
4225 goto okay;
4226
4227#if IS_ENABLED(CONFIG_IPV6)
4228 case PF_INET6:
4229 ret = selinux_parse_skb_ipv6(skb, ad, proto);
4230 if (ret)
4231 goto parse_error;
4232 addrp = (char *)(src ? &ad->u.net->v6info.saddr :
4233 &ad->u.net->v6info.daddr);
4234 goto okay;
4235#endif
4236 default:
4237 addrp = NULL;
4238 goto okay;
4239 }
4240
4241parse_error:
4242 printk(KERN_WARNING
4243 "SELinux: failure in selinux_parse_skb(),"
4244 " unable to parse packet\n");
4245 return ret;
4246
4247okay:
4248 if (_addrp)
4249 *_addrp = addrp;
4250 return 0;
4251}
4252
4253
4254
4255
4256
4257
4258
4259
4260
4261
4262
4263
4264
4265
4266
4267
4268static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
4269{
4270 int err;
4271 u32 xfrm_sid;
4272 u32 nlbl_sid;
4273 u32 nlbl_type;
4274
4275 err = selinux_xfrm_skb_sid(skb, &xfrm_sid);
4276 if (unlikely(err))
4277 return -EACCES;
4278 err = selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
4279 if (unlikely(err))
4280 return -EACCES;
4281
4282 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
4283 if (unlikely(err)) {
4284 printk(KERN_WARNING
4285 "SELinux: failure in selinux_skb_peerlbl_sid(),"
4286 " unable to determine packet's peer label\n");
4287 return -EACCES;
4288 }
4289
4290 return 0;
4291}
4292
4293
4294
4295
4296
4297
4298
4299
4300
4301
4302
4303
4304
4305static int selinux_conn_sid(u32 sk_sid, u32 skb_sid, u32 *conn_sid)
4306{
4307 int err = 0;
4308
4309 if (skb_sid != SECSID_NULL)
4310 err = security_sid_mls_copy(sk_sid, skb_sid, conn_sid);
4311 else
4312 *conn_sid = sk_sid;
4313
4314 return err;
4315}
4316
4317
4318
4319static int socket_sockcreate_sid(const struct task_security_struct *tsec,
4320 u16 secclass, u32 *socksid)
4321{
4322 if (tsec->sockcreate_sid > SECSID_NULL) {
4323 *socksid = tsec->sockcreate_sid;
4324 return 0;
4325 }
4326
4327 return security_transition_sid(tsec->sid, tsec->sid, secclass, NULL,
4328 socksid);
4329}
4330
4331static int sock_has_perm(struct sock *sk, u32 perms)
4332{
4333 struct sk_security_struct *sksec = sk->sk_security;
4334 struct common_audit_data ad;
4335 struct lsm_network_audit net = {0,};
4336
4337 if (sksec->sid == SECINITSID_KERNEL)
4338 return 0;
4339
4340 ad.type = LSM_AUDIT_DATA_NET;
4341 ad.u.net = &net;
4342 ad.u.net->sk = sk;
4343
4344 return avc_has_perm(current_sid(), sksec->sid, sksec->sclass, perms,
4345 &ad);
4346}
4347
4348static int selinux_socket_create(int family, int type,
4349 int protocol, int kern)
4350{
4351 const struct task_security_struct *tsec = current_security();
4352 u32 newsid;
4353 u16 secclass;
4354 int rc;
4355
4356 if (kern)
4357 return 0;
4358
4359 secclass = socket_type_to_security_class(family, type, protocol);
4360 rc = socket_sockcreate_sid(tsec, secclass, &newsid);
4361 if (rc)
4362 return rc;
4363
4364 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
4365}
4366
4367static int selinux_socket_post_create(struct socket *sock, int family,
4368 int type, int protocol, int kern)
4369{
4370 const struct task_security_struct *tsec = current_security();
4371 struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(sock));
4372 struct sk_security_struct *sksec;
4373 u16 sclass = socket_type_to_security_class(family, type, protocol);
4374 u32 sid = SECINITSID_KERNEL;
4375 int err = 0;
4376
4377 if (!kern) {
4378 err = socket_sockcreate_sid(tsec, sclass, &sid);
4379 if (err)
4380 return err;
4381 }
4382
4383 isec->sclass = sclass;
4384 isec->sid = sid;
4385 isec->initialized = LABEL_INITIALIZED;
4386
4387 if (sock->sk) {
4388 sksec = sock->sk->sk_security;
4389 sksec->sclass = sclass;
4390 sksec->sid = sid;
4391 err = selinux_netlbl_socket_post_create(sock->sk, family);
4392 }
4393
4394 return err;
4395}
4396
4397
4398
4399
4400
4401static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
4402{
4403 struct sock *sk = sock->sk;
4404 u16 family;
4405 int err;
4406
4407 err = sock_has_perm(sk, SOCKET__BIND);
4408 if (err)
4409 goto out;
4410
4411
4412
4413
4414
4415
4416 family = sk->sk_family;
4417 if (family == PF_INET || family == PF_INET6) {
4418 char *addrp;
4419 struct sk_security_struct *sksec = sk->sk_security;
4420 struct common_audit_data ad;
4421 struct lsm_network_audit net = {0,};
4422 struct sockaddr_in *addr4 = NULL;
4423 struct sockaddr_in6 *addr6 = NULL;
4424 unsigned short snum;
4425 u32 sid, node_perm;
4426
4427 if (family == PF_INET) {
4428 if (addrlen < sizeof(struct sockaddr_in)) {
4429 err = -EINVAL;
4430 goto out;
4431 }
4432 addr4 = (struct sockaddr_in *)address;
4433 snum = ntohs(addr4->sin_port);
4434 addrp = (char *)&addr4->sin_addr.s_addr;
4435 } else {
4436 if (addrlen < SIN6_LEN_RFC2133) {
4437 err = -EINVAL;
4438 goto out;
4439 }
4440 addr6 = (struct sockaddr_in6 *)address;
4441 snum = ntohs(addr6->sin6_port);
4442 addrp = (char *)&addr6->sin6_addr.s6_addr;
4443 }
4444
4445 if (snum) {
4446 int low, high;
4447
4448 inet_get_local_port_range(sock_net(sk), &low, &high);
4449
4450 if (snum < max(inet_prot_sock(sock_net(sk)), low) ||
4451 snum > high) {
4452 err = sel_netport_sid(sk->sk_protocol,
4453 snum, &sid);
4454 if (err)
4455 goto out;
4456 ad.type = LSM_AUDIT_DATA_NET;
4457 ad.u.net = &net;
4458 ad.u.net->sport = htons(snum);
4459 ad.u.net->family = family;
4460 err = avc_has_perm(sksec->sid, sid,
4461 sksec->sclass,
4462 SOCKET__NAME_BIND, &ad);
4463 if (err)
4464 goto out;
4465 }
4466 }
4467
4468 switch (sksec->sclass) {
4469 case SECCLASS_TCP_SOCKET:
4470 node_perm = TCP_SOCKET__NODE_BIND;
4471 break;
4472
4473 case SECCLASS_UDP_SOCKET:
4474 node_perm = UDP_SOCKET__NODE_BIND;
4475 break;
4476
4477 case SECCLASS_DCCP_SOCKET:
4478 node_perm = DCCP_SOCKET__NODE_BIND;
4479 break;
4480
4481 default:
4482 node_perm = RAWIP_SOCKET__NODE_BIND;
4483 break;
4484 }
4485
4486 err = sel_netnode_sid(addrp, family, &sid);
4487 if (err)
4488 goto out;
4489
4490 ad.type = LSM_AUDIT_DATA_NET;
4491 ad.u.net = &net;
4492 ad.u.net->sport = htons(snum);
4493 ad.u.net->family = family;
4494
4495 if (family == PF_INET)
4496 ad.u.net->v4info.saddr = addr4->sin_addr.s_addr;
4497 else
4498 ad.u.net->v6info.saddr = addr6->sin6_addr;
4499
4500 err = avc_has_perm(sksec->sid, sid,
4501 sksec->sclass, node_perm, &ad);
4502 if (err)
4503 goto out;
4504 }
4505out:
4506 return err;
4507}
4508
4509static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
4510{
4511 struct sock *sk = sock->sk;
4512 struct sk_security_struct *sksec = sk->sk_security;
4513 int err;
4514
4515 err = sock_has_perm(sk, SOCKET__CONNECT);
4516 if (err)
4517 return err;
4518
4519
4520
4521
4522 if (sksec->sclass == SECCLASS_TCP_SOCKET ||
4523 sksec->sclass == SECCLASS_DCCP_SOCKET) {
4524 struct common_audit_data ad;
4525 struct lsm_network_audit net = {0,};
4526 struct sockaddr_in *addr4 = NULL;
4527 struct sockaddr_in6 *addr6 = NULL;
4528 unsigned short snum;
4529 u32 sid, perm;
4530
4531 if (sk->sk_family == PF_INET) {
4532 addr4 = (struct sockaddr_in *)address;
4533 if (addrlen < sizeof(struct sockaddr_in))
4534 return -EINVAL;
4535 snum = ntohs(addr4->sin_port);
4536 } else {
4537 addr6 = (struct sockaddr_in6 *)address;
4538 if (addrlen < SIN6_LEN_RFC2133)
4539 return -EINVAL;
4540 snum = ntohs(addr6->sin6_port);
4541 }
4542
4543 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
4544 if (err)
4545 goto out;
4546
4547 perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ?
4548 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
4549
4550 ad.type = LSM_AUDIT_DATA_NET;
4551 ad.u.net = &net;
4552 ad.u.net->dport = htons(snum);
4553 ad.u.net->family = sk->sk_family;
4554 err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad);
4555 if (err)
4556 goto out;
4557 }
4558
4559 err = selinux_netlbl_socket_connect(sk, address);
4560
4561out:
4562 return err;
4563}
4564
4565static int selinux_socket_listen(struct socket *sock, int backlog)
4566{
4567 return sock_has_perm(sock->sk, SOCKET__LISTEN);
4568}
4569
4570static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
4571{
4572 int err;
4573 struct inode_security_struct *isec;
4574 struct inode_security_struct *newisec;
4575 u16 sclass;
4576 u32 sid;
4577
4578 err = sock_has_perm(sock->sk, SOCKET__ACCEPT);
4579 if (err)
4580 return err;
4581
4582 isec = inode_security_novalidate(SOCK_INODE(sock));
4583 spin_lock(&isec->lock);
4584 sclass = isec->sclass;
4585 sid = isec->sid;
4586 spin_unlock(&isec->lock);
4587
4588 newisec = inode_security_novalidate(SOCK_INODE(newsock));
4589 newisec->sclass = sclass;
4590 newisec->sid = sid;
4591 newisec->initialized = LABEL_INITIALIZED;
4592
4593 return 0;
4594}
4595
4596static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
4597 int size)
4598{
4599 return sock_has_perm(sock->sk, SOCKET__WRITE);
4600}
4601
4602static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
4603 int size, int flags)
4604{
4605 return sock_has_perm(sock->sk, SOCKET__READ);
4606}
4607
4608static int selinux_socket_getsockname(struct socket *sock)
4609{
4610 return sock_has_perm(sock->sk, SOCKET__GETATTR);
4611}
4612
4613static int selinux_socket_getpeername(struct socket *sock)
4614{
4615 return sock_has_perm(sock->sk, SOCKET__GETATTR);
4616}
4617
4618static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
4619{
4620 int err;
4621
4622 err = sock_has_perm(sock->sk, SOCKET__SETOPT);
4623 if (err)
4624 return err;
4625
4626 return selinux_netlbl_socket_setsockopt(sock, level, optname);
4627}
4628
4629static int selinux_socket_getsockopt(struct socket *sock, int level,
4630 int optname)
4631{
4632 return sock_has_perm(sock->sk, SOCKET__GETOPT);
4633}
4634
4635static int selinux_socket_shutdown(struct socket *sock, int how)
4636{
4637 return sock_has_perm(sock->sk, SOCKET__SHUTDOWN);
4638}
4639
4640static int selinux_socket_unix_stream_connect(struct sock *sock,
4641 struct sock *other,
4642 struct sock *newsk)
4643{
4644 struct sk_security_struct *sksec_sock = sock->sk_security;
4645 struct sk_security_struct *sksec_other = other->sk_security;
4646 struct sk_security_struct *sksec_new = newsk->sk_security;
4647 struct common_audit_data ad;
4648 struct lsm_network_audit net = {0,};
4649 int err;
4650
4651 ad.type = LSM_AUDIT_DATA_NET;
4652 ad.u.net = &net;
4653 ad.u.net->sk = other;
4654
4655 err = avc_has_perm(sksec_sock->sid, sksec_other->sid,
4656 sksec_other->sclass,
4657 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
4658 if (err)
4659 return err;
4660
4661
4662 sksec_new->peer_sid = sksec_sock->sid;
4663 err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid,
4664 &sksec_new->sid);
4665 if (err)
4666 return err;
4667
4668
4669 sksec_sock->peer_sid = sksec_new->sid;
4670
4671 return 0;
4672}
4673
4674static int selinux_socket_unix_may_send(struct socket *sock,
4675 struct socket *other)
4676{
4677 struct sk_security_struct *ssec = sock->sk->sk_security;
4678 struct sk_security_struct *osec = other->sk->sk_security;
4679 struct common_audit_data ad;
4680 struct lsm_network_audit net = {0,};
4681
4682 ad.type = LSM_AUDIT_DATA_NET;
4683 ad.u.net = &net;
4684 ad.u.net->sk = other->sk;
4685
4686 return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
4687 &ad);
4688}
4689
4690static int selinux_inet_sys_rcv_skb(struct net *ns, int ifindex,
4691 char *addrp, u16 family, u32 peer_sid,
4692 struct common_audit_data *ad)
4693{
4694 int err;
4695 u32 if_sid;
4696 u32 node_sid;
4697
4698 err = sel_netif_sid(ns, ifindex, &if_sid);
4699 if (err)
4700 return err;
4701 err = avc_has_perm(peer_sid, if_sid,
4702 SECCLASS_NETIF, NETIF__INGRESS, ad);
4703 if (err)
4704 return err;
4705
4706 err = sel_netnode_sid(addrp, family, &node_sid);
4707 if (err)
4708 return err;
4709 return avc_has_perm(peer_sid, node_sid,
4710 SECCLASS_NODE, NODE__RECVFROM, ad);
4711}
4712
4713static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4714 u16 family)
4715{
4716 int err = 0;
4717 struct sk_security_struct *sksec = sk->sk_security;
4718 u32 sk_sid = sksec->sid;
4719 struct common_audit_data ad;
4720 struct lsm_network_audit net = {0,};
4721 char *addrp;
4722
4723 ad.type = LSM_AUDIT_DATA_NET;
4724 ad.u.net = &net;
4725 ad.u.net->netif = skb->skb_iif;
4726 ad.u.net->family = family;
4727 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4728 if (err)
4729 return err;
4730
4731 if (selinux_secmark_enabled()) {
4732 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4733 PACKET__RECV, &ad);
4734 if (err)
4735 return err;
4736 }
4737
4738 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
4739 if (err)
4740 return err;
4741 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
4742
4743 return err;
4744}
4745
4746static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4747{
4748 int err;
4749 struct sk_security_struct *sksec = sk->sk_security;
4750 u16 family = sk->sk_family;
4751 u32 sk_sid = sksec->sid;
4752 struct common_audit_data ad;
4753 struct lsm_network_audit net = {0,};
4754 char *addrp;
4755 u8 secmark_active;
4756 u8 peerlbl_active;
4757
4758 if (family != PF_INET && family != PF_INET6)
4759 return 0;
4760
4761
4762 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4763 family = PF_INET;
4764
4765
4766
4767
4768
4769 if (!selinux_policycap_netpeer)
4770 return selinux_sock_rcv_skb_compat(sk, skb, family);
4771
4772 secmark_active = selinux_secmark_enabled();
4773 peerlbl_active = selinux_peerlbl_enabled();
4774 if (!secmark_active && !peerlbl_active)
4775 return 0;
4776
4777 ad.type = LSM_AUDIT_DATA_NET;
4778 ad.u.net = &net;
4779 ad.u.net->netif = skb->skb_iif;
4780 ad.u.net->family = family;
4781 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4782 if (err)
4783 return err;
4784
4785 if (peerlbl_active) {
4786 u32 peer_sid;
4787
4788 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4789 if (err)
4790 return err;
4791 err = selinux_inet_sys_rcv_skb(sock_net(sk), skb->skb_iif,
4792 addrp, family, peer_sid, &ad);
4793 if (err) {
4794 selinux_netlbl_err(skb, family, err, 0);
4795 return err;
4796 }
4797 err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
4798 PEER__RECV, &ad);
4799 if (err) {
4800 selinux_netlbl_err(skb, family, err, 0);
4801 return err;
4802 }
4803 }
4804
4805 if (secmark_active) {
4806 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4807 PACKET__RECV, &ad);
4808 if (err)
4809 return err;
4810 }
4811
4812 return err;
4813}
4814
4815static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
4816 int __user *optlen, unsigned len)
4817{
4818 int err = 0;
4819 char *scontext;
4820 u32 scontext_len;
4821 struct sk_security_struct *sksec = sock->sk->sk_security;
4822 u32 peer_sid = SECSID_NULL;
4823
4824 if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
4825 sksec->sclass == SECCLASS_TCP_SOCKET)
4826 peer_sid = sksec->peer_sid;
4827 if (peer_sid == SECSID_NULL)
4828 return -ENOPROTOOPT;
4829
4830 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
4831 if (err)
4832 return err;
4833
4834 if (scontext_len > len) {
4835 err = -ERANGE;
4836 goto out_len;
4837 }
4838
4839 if (copy_to_user(optval, scontext, scontext_len))
4840 err = -EFAULT;
4841
4842out_len:
4843 if (put_user(scontext_len, optlen))
4844 err = -EFAULT;
4845 kfree(scontext);
4846 return err;
4847}
4848
4849static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
4850{
4851 u32 peer_secid = SECSID_NULL;
4852 u16 family;
4853 struct inode_security_struct *isec;
4854
4855 if (skb && skb->protocol == htons(ETH_P_IP))
4856 family = PF_INET;
4857 else if (skb && skb->protocol == htons(ETH_P_IPV6))
4858 family = PF_INET6;
4859 else if (sock)
4860 family = sock->sk->sk_family;
4861 else
4862 goto out;
4863
4864 if (sock && family == PF_UNIX) {
4865 isec = inode_security_novalidate(SOCK_INODE(sock));
4866 peer_secid = isec->sid;
4867 } else if (skb)
4868 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
4869
4870out:
4871 *secid = peer_secid;
4872 if (peer_secid == SECSID_NULL)
4873 return -EINVAL;
4874 return 0;
4875}
4876
4877static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
4878{
4879 struct sk_security_struct *sksec;
4880
4881 sksec = kzalloc(sizeof(*sksec), priority);
4882 if (!sksec)
4883 return -ENOMEM;
4884
4885 sksec->peer_sid = SECINITSID_UNLABELED;
4886 sksec->sid = SECINITSID_UNLABELED;
4887 sksec->sclass = SECCLASS_SOCKET;
4888 selinux_netlbl_sk_security_reset(sksec);
4889 sk->sk_security = sksec;
4890
4891 return 0;
4892}
4893
4894static void selinux_sk_free_security(struct sock *sk)
4895{
4896 struct sk_security_struct *sksec = sk->sk_security;
4897
4898 sk->sk_security = NULL;
4899 selinux_netlbl_sk_security_free(sksec);
4900 kfree(sksec);
4901}
4902
4903static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
4904{
4905 struct sk_security_struct *sksec = sk->sk_security;
4906 struct sk_security_struct *newsksec = newsk->sk_security;
4907
4908 newsksec->sid = sksec->sid;
4909 newsksec->peer_sid = sksec->peer_sid;
4910 newsksec->sclass = sksec->sclass;
4911
4912 selinux_netlbl_sk_security_reset(newsksec);
4913}
4914
4915static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
4916{
4917 if (!sk)
4918 *secid = SECINITSID_ANY_SOCKET;
4919 else {
4920 struct sk_security_struct *sksec = sk->sk_security;
4921
4922 *secid = sksec->sid;
4923 }
4924}
4925
4926static void selinux_sock_graft(struct sock *sk, struct socket *parent)
4927{
4928 struct inode_security_struct *isec =
4929 inode_security_novalidate(SOCK_INODE(parent));
4930 struct sk_security_struct *sksec = sk->sk_security;
4931
4932 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
4933 sk->sk_family == PF_UNIX)
4934 isec->sid = sksec->sid;
4935 sksec->sclass = isec->sclass;
4936}
4937
4938static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4939 struct request_sock *req)
4940{
4941 struct sk_security_struct *sksec = sk->sk_security;
4942 int err;
4943 u16 family = req->rsk_ops->family;
4944 u32 connsid;
4945 u32 peersid;
4946
4947 err = selinux_skb_peerlbl_sid(skb, family, &peersid);
4948 if (err)
4949 return err;
4950 err = selinux_conn_sid(sksec->sid, peersid, &connsid);
4951 if (err)
4952 return err;
4953 req->secid = connsid;
4954 req->peer_secid = peersid;
4955
4956 return selinux_netlbl_inet_conn_request(req, family);
4957}
4958
4959static void selinux_inet_csk_clone(struct sock *newsk,
4960 const struct request_sock *req)
4961{
4962 struct sk_security_struct *newsksec = newsk->sk_security;
4963
4964 newsksec->sid = req->secid;
4965 newsksec->peer_sid = req->peer_secid;
4966
4967
4968
4969
4970
4971
4972
4973 selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
4974}
4975
4976static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
4977{
4978 u16 family = sk->sk_family;
4979 struct sk_security_struct *sksec = sk->sk_security;
4980
4981
4982 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4983 family = PF_INET;
4984
4985 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
4986}
4987
4988static int selinux_secmark_relabel_packet(u32 sid)
4989{
4990 const struct task_security_struct *__tsec;
4991 u32 tsid;
4992
4993 __tsec = current_security();
4994 tsid = __tsec->sid;
4995
4996 return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL);
4997}
4998
4999static void selinux_secmark_refcount_inc(void)
5000{
5001 atomic_inc(&selinux_secmark_refcount);
5002}
5003
5004static void selinux_secmark_refcount_dec(void)
5005{
5006 atomic_dec(&selinux_secmark_refcount);
5007}
5008
5009static void selinux_req_classify_flow(const struct request_sock *req,
5010 struct flowi *fl)
5011{
5012 fl->flowi_secid = req->secid;
5013}
5014
5015static int selinux_tun_dev_alloc_security(void **security)
5016{
5017 struct tun_security_struct *tunsec;
5018
5019 tunsec = kzalloc(sizeof(*tunsec), GFP_KERNEL);
5020 if (!tunsec)
5021 return -ENOMEM;
5022 tunsec->sid = current_sid();
5023
5024 *security = tunsec;
5025 return 0;
5026}
5027
5028static void selinux_tun_dev_free_security(void *security)
5029{
5030 kfree(security);
5031}
5032
5033static int selinux_tun_dev_create(void)
5034{
5035 u32 sid = current_sid();
5036
5037
5038
5039
5040
5041
5042
5043
5044 return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
5045 NULL);
5046}
5047
5048static int selinux_tun_dev_attach_queue(void *security)
5049{
5050 struct tun_security_struct *tunsec = security;
5051
5052 return avc_has_perm(current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET,
5053 TUN_SOCKET__ATTACH_QUEUE, NULL);
5054}
5055
5056static int selinux_tun_dev_attach(struct sock *sk, void *security)
5057{
5058 struct tun_security_struct *tunsec = security;
5059 struct sk_security_struct *sksec = sk->sk_security;
5060
5061
5062
5063
5064
5065
5066
5067
5068 sksec->sid = tunsec->sid;
5069 sksec->sclass = SECCLASS_TUN_SOCKET;
5070
5071 return 0;
5072}
5073
5074static int selinux_tun_dev_open(void *security)
5075{
5076 struct tun_security_struct *tunsec = security;
5077 u32 sid = current_sid();
5078 int err;
5079
5080 err = avc_has_perm(sid, tunsec->sid, SECCLASS_TUN_SOCKET,
5081 TUN_SOCKET__RELABELFROM, NULL);
5082 if (err)
5083 return err;
5084 err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET,
5085 TUN_SOCKET__RELABELTO, NULL);
5086 if (err)
5087 return err;
5088 tunsec->sid = sid;
5089
5090 return 0;
5091}
5092
5093static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
5094{
5095 int err = 0;
5096 u32 perm;
5097 struct nlmsghdr *nlh;
5098 struct sk_security_struct *sksec = sk->sk_security;
5099
5100 if (skb->len < NLMSG_HDRLEN) {
5101 err = -EINVAL;
5102 goto out;
5103 }
5104 nlh = nlmsg_hdr(skb);
5105
5106 err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);
5107 if (err) {
5108 if (err == -EINVAL) {
5109 pr_warn_ratelimited("SELinux: unrecognized netlink"
5110 " message: protocol=%hu nlmsg_type=%hu sclass=%s"
5111 " pig=%d comm=%s\n",
5112 sk->sk_protocol, nlh->nlmsg_type,
5113 secclass_map[sksec->sclass - 1].name,
5114 task_pid_nr(current), current->comm);
5115 if (!selinux_enforcing || security_get_allow_unknown())
5116 err = 0;
5117 }
5118
5119
5120 if (err == -ENOENT)
5121 err = 0;
5122 goto out;
5123 }
5124
5125 err = sock_has_perm(sk, perm);
5126out:
5127 return err;
5128}
5129
5130#ifdef CONFIG_NETFILTER
5131
5132static unsigned int selinux_ip_forward(struct sk_buff *skb,
5133 const struct net_device *indev,
5134 u16 family)
5135{
5136 int err;
5137 char *addrp;
5138 u32 peer_sid;
5139 struct common_audit_data ad;
5140 struct lsm_network_audit net = {0,};
5141 u8 secmark_active;
5142 u8 netlbl_active;
5143 u8 peerlbl_active;
5144
5145 if (!selinux_policycap_netpeer)
5146 return NF_ACCEPT;
5147
5148 secmark_active = selinux_secmark_enabled();
5149 netlbl_active = netlbl_enabled();
5150 peerlbl_active = selinux_peerlbl_enabled();
5151 if (!secmark_active && !peerlbl_active)
5152 return NF_ACCEPT;
5153
5154 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
5155 return NF_DROP;
5156
5157 ad.type = LSM_AUDIT_DATA_NET;
5158 ad.u.net = &net;
5159 ad.u.net->netif = indev->ifindex;
5160 ad.u.net->family = family;
5161 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
5162 return NF_DROP;
5163
5164 if (peerlbl_active) {
5165 err = selinux_inet_sys_rcv_skb(dev_net(indev), indev->ifindex,
5166 addrp, family, peer_sid, &ad);
5167 if (err) {
5168 selinux_netlbl_err(skb, family, err, 1);
5169 return NF_DROP;
5170 }
5171 }
5172
5173 if (secmark_active)
5174 if (avc_has_perm(peer_sid, skb->secmark,
5175 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
5176 return NF_DROP;
5177
5178 if (netlbl_active)
5179
5180
5181
5182
5183 if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
5184 return NF_DROP;
5185
5186 return NF_ACCEPT;
5187}
5188
5189static unsigned int selinux_ipv4_forward(void *priv,
5190 struct sk_buff *skb,
5191 const struct nf_hook_state *state)
5192{
5193 return selinux_ip_forward(skb, state->in, PF_INET);
5194}
5195
5196#if IS_ENABLED(CONFIG_IPV6)
5197static unsigned int selinux_ipv6_forward(void *priv,
5198 struct sk_buff *skb,
5199 const struct nf_hook_state *state)
5200{
5201 return selinux_ip_forward(skb, state->in, PF_INET6);
5202}
5203#endif
5204
5205static unsigned int selinux_ip_output(struct sk_buff *skb,
5206 u16 family)
5207{
5208 struct sock *sk;
5209 u32 sid;
5210
5211 if (!netlbl_enabled())
5212 return NF_ACCEPT;
5213
5214
5215
5216
5217 sk = skb->sk;
5218 if (sk) {
5219 struct sk_security_struct *sksec;
5220
5221 if (sk_listener(sk))
5222
5223
5224
5225
5226
5227
5228
5229
5230
5231
5232
5233
5234 return NF_ACCEPT;
5235
5236
5237 sksec = sk->sk_security;
5238 sid = sksec->sid;
5239 } else
5240 sid = SECINITSID_KERNEL;
5241 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
5242 return NF_DROP;
5243
5244 return NF_ACCEPT;
5245}
5246
5247static unsigned int selinux_ipv4_output(void *priv,
5248 struct sk_buff *skb,
5249 const struct nf_hook_state *state)
5250{
5251 return selinux_ip_output(skb, PF_INET);
5252}
5253
5254#if IS_ENABLED(CONFIG_IPV6)
5255static unsigned int selinux_ipv6_output(void *priv,
5256 struct sk_buff *skb,
5257 const struct nf_hook_state *state)
5258{
5259 return selinux_ip_output(skb, PF_INET6);
5260}
5261#endif
5262
5263static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
5264 int ifindex,
5265 u16 family)
5266{
5267 struct sock *sk = skb_to_full_sk(skb);
5268 struct sk_security_struct *sksec;
5269 struct common_audit_data ad;
5270 struct lsm_network_audit net = {0,};
5271 char *addrp;
5272 u8 proto;
5273
5274 if (sk == NULL)
5275 return NF_ACCEPT;
5276 sksec = sk->sk_security;
5277
5278 ad.type = LSM_AUDIT_DATA_NET;
5279 ad.u.net = &net;
5280 ad.u.net->netif = ifindex;
5281 ad.u.net->family = family;
5282 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
5283 return NF_DROP;
5284
5285 if (selinux_secmark_enabled())
5286 if (avc_has_perm(sksec->sid, skb->secmark,
5287 SECCLASS_PACKET, PACKET__SEND, &ad))
5288 return NF_DROP_ERR(-ECONNREFUSED);
5289
5290 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
5291 return NF_DROP_ERR(-ECONNREFUSED);
5292
5293 return NF_ACCEPT;
5294}
5295
5296static unsigned int selinux_ip_postroute(struct sk_buff *skb,
5297 const struct net_device *outdev,
5298 u16 family)
5299{
5300 u32 secmark_perm;
5301 u32 peer_sid;
5302 int ifindex = outdev->ifindex;
5303 struct sock *sk;
5304 struct common_audit_data ad;
5305 struct lsm_network_audit net = {0,};
5306 char *addrp;
5307 u8 secmark_active;
5308 u8 peerlbl_active;
5309
5310
5311
5312
5313
5314 if (!selinux_policycap_netpeer)
5315 return selinux_ip_postroute_compat(skb, ifindex, family);
5316
5317 secmark_active = selinux_secmark_enabled();
5318 peerlbl_active = selinux_peerlbl_enabled();
5319 if (!secmark_active && !peerlbl_active)
5320 return NF_ACCEPT;
5321
5322 sk = skb_to_full_sk(skb);
5323
5324#ifdef CONFIG_XFRM
5325
5326
5327
5328
5329
5330
5331
5332
5333
5334
5335
5336 if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL &&
5337 !(sk && sk_listener(sk)))
5338 return NF_ACCEPT;
5339#endif
5340
5341 if (sk == NULL) {
5342
5343
5344
5345
5346 if (skb->skb_iif) {
5347 secmark_perm = PACKET__FORWARD_OUT;
5348 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
5349 return NF_DROP;
5350 } else {
5351 secmark_perm = PACKET__SEND;
5352 peer_sid = SECINITSID_KERNEL;
5353 }
5354 } else if (sk_listener(sk)) {
5355
5356
5357
5358
5359
5360
5361
5362
5363
5364 u32 skb_sid;
5365 struct sk_security_struct *sksec;
5366
5367 sksec = sk->sk_security;
5368 if (selinux_skb_peerlbl_sid(skb, family, &skb_sid))
5369 return NF_DROP;
5370
5371
5372
5373
5374
5375
5376 if (skb_sid == SECSID_NULL) {
5377 switch (family) {
5378 case PF_INET:
5379 if (IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED)
5380 return NF_ACCEPT;
5381 break;
5382 case PF_INET6:
5383 if (IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED)
5384 return NF_ACCEPT;
5385 break;
5386 default:
5387 return NF_DROP_ERR(-ECONNREFUSED);
5388 }
5389 }
5390 if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid))
5391 return NF_DROP;
5392 secmark_perm = PACKET__SEND;
5393 } else {
5394
5395
5396 struct sk_security_struct *sksec = sk->sk_security;
5397 peer_sid = sksec->sid;
5398 secmark_perm = PACKET__SEND;
5399 }
5400
5401 ad.type = LSM_AUDIT_DATA_NET;
5402 ad.u.net = &net;
5403 ad.u.net->netif = ifindex;
5404 ad.u.net->family = family;
5405 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
5406 return NF_DROP;
5407
5408 if (secmark_active)
5409 if (avc_has_perm(peer_sid, skb->secmark,
5410 SECCLASS_PACKET, secmark_perm, &ad))
5411 return NF_DROP_ERR(-ECONNREFUSED);
5412
5413 if (peerlbl_active) {
5414 u32 if_sid;
5415 u32 node_sid;
5416
5417 if (sel_netif_sid(dev_net(outdev), ifindex, &if_sid))
5418 return NF_DROP;
5419 if (avc_has_perm(peer_sid, if_sid,
5420 SECCLASS_NETIF, NETIF__EGRESS, &ad))
5421 return NF_DROP_ERR(-ECONNREFUSED);
5422
5423 if (sel_netnode_sid(addrp, family, &node_sid))
5424 return NF_DROP;
5425 if (avc_has_perm(peer_sid, node_sid,
5426 SECCLASS_NODE, NODE__SENDTO, &ad))
5427 return NF_DROP_ERR(-ECONNREFUSED);
5428 }
5429
5430 return NF_ACCEPT;
5431}
5432
5433static unsigned int selinux_ipv4_postroute(void *priv,
5434 struct sk_buff *skb,
5435 const struct nf_hook_state *state)
5436{
5437 return selinux_ip_postroute(skb, state->out, PF_INET);
5438}
5439
5440#if IS_ENABLED(CONFIG_IPV6)
5441static unsigned int selinux_ipv6_postroute(void *priv,
5442 struct sk_buff *skb,
5443 const struct nf_hook_state *state)
5444{
5445 return selinux_ip_postroute(skb, state->out, PF_INET6);
5446}
5447#endif
5448
5449#endif
5450
5451static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
5452{
5453 return selinux_nlmsg_perm(sk, skb);
5454}
5455
5456static int ipc_alloc_security(struct kern_ipc_perm *perm,
5457 u16 sclass)
5458{
5459 struct ipc_security_struct *isec;
5460
5461 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
5462 if (!isec)
5463 return -ENOMEM;
5464
5465 isec->sclass = sclass;
5466 isec->sid = current_sid();
5467 perm->security = isec;
5468
5469 return 0;
5470}
5471
5472static void ipc_free_security(struct kern_ipc_perm *perm)
5473{
5474 struct ipc_security_struct *isec = perm->security;
5475 perm->security = NULL;
5476 kfree(isec);
5477}
5478
5479static int msg_msg_alloc_security(struct msg_msg *msg)
5480{
5481 struct msg_security_struct *msec;
5482
5483 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
5484 if (!msec)
5485 return -ENOMEM;
5486
5487 msec->sid = SECINITSID_UNLABELED;
5488 msg->security = msec;
5489
5490 return 0;
5491}
5492
5493static void msg_msg_free_security(struct msg_msg *msg)
5494{
5495 struct msg_security_struct *msec = msg->security;
5496
5497 msg->security = NULL;
5498 kfree(msec);
5499}
5500
5501static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
5502 u32 perms)
5503{
5504 struct ipc_security_struct *isec;
5505 struct common_audit_data ad;
5506 u32 sid = current_sid();
5507
5508 isec = ipc_perms->security;
5509
5510 ad.type = LSM_AUDIT_DATA_IPC;
5511 ad.u.ipc_id = ipc_perms->key;
5512
5513 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
5514}
5515
5516static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
5517{
5518 return msg_msg_alloc_security(msg);
5519}
5520
5521static void selinux_msg_msg_free_security(struct msg_msg *msg)
5522{
5523 msg_msg_free_security(msg);
5524}
5525
5526
5527static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
5528{
5529 struct ipc_security_struct *isec;
5530 struct common_audit_data ad;
5531 u32 sid = current_sid();
5532 int rc;
5533
5534 rc = ipc_alloc_security(&msq->q_perm, SECCLASS_MSGQ);
5535 if (rc)
5536 return rc;
5537
5538 isec = msq->q_perm.security;
5539
5540 ad.type = LSM_AUDIT_DATA_IPC;
5541 ad.u.ipc_id = msq->q_perm.key;
5542
5543 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5544 MSGQ__CREATE, &ad);
5545 if (rc) {
5546 ipc_free_security(&msq->q_perm);
5547 return rc;
5548 }
5549 return 0;
5550}
5551
5552static void selinux_msg_queue_free_security(struct msg_queue *msq)
5553{
5554 ipc_free_security(&msq->q_perm);
5555}
5556
5557static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
5558{
5559 struct ipc_security_struct *isec;
5560 struct common_audit_data ad;
5561 u32 sid = current_sid();
5562
5563 isec = msq->q_perm.security;
5564
5565 ad.type = LSM_AUDIT_DATA_IPC;
5566 ad.u.ipc_id = msq->q_perm.key;
5567
5568 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5569 MSGQ__ASSOCIATE, &ad);
5570}
5571
5572static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
5573{
5574 int err;
5575 int perms;
5576
5577 switch (cmd) {
5578 case IPC_INFO:
5579 case MSG_INFO:
5580
5581 return avc_has_perm(current_sid(), SECINITSID_KERNEL,
5582 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
5583 case IPC_STAT:
5584 case MSG_STAT:
5585 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
5586 break;
5587 case IPC_SET:
5588 perms = MSGQ__SETATTR;
5589 break;
5590 case IPC_RMID:
5591 perms = MSGQ__DESTROY;
5592 break;
5593 default:
5594 return 0;
5595 }
5596
5597 err = ipc_has_perm(&msq->q_perm, perms);
5598 return err;
5599}
5600
5601static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
5602{
5603 struct ipc_security_struct *isec;
5604 struct msg_security_struct *msec;
5605 struct common_audit_data ad;
5606 u32 sid = current_sid();
5607 int rc;
5608
5609 isec = msq->q_perm.security;
5610 msec = msg->security;
5611
5612
5613
5614
5615 if (msec->sid == SECINITSID_UNLABELED) {
5616
5617
5618
5619
5620 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG,
5621 NULL, &msec->sid);
5622 if (rc)
5623 return rc;
5624 }
5625
5626 ad.type = LSM_AUDIT_DATA_IPC;
5627 ad.u.ipc_id = msq->q_perm.key;
5628
5629
5630 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5631 MSGQ__WRITE, &ad);
5632 if (!rc)
5633
5634 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG,
5635 MSG__SEND, &ad);
5636 if (!rc)
5637
5638 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ,
5639 MSGQ__ENQUEUE, &ad);
5640
5641 return rc;
5642}
5643
5644static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
5645 struct task_struct *target,
5646 long type, int mode)
5647{
5648 struct ipc_security_struct *isec;
5649 struct msg_security_struct *msec;
5650 struct common_audit_data ad;
5651 u32 sid = task_sid(target);
5652 int rc;
5653
5654 isec = msq->q_perm.security;
5655 msec = msg->security;
5656
5657 ad.type = LSM_AUDIT_DATA_IPC;
5658 ad.u.ipc_id = msq->q_perm.key;
5659
5660 rc = avc_has_perm(sid, isec->sid,
5661 SECCLASS_MSGQ, MSGQ__READ, &ad);
5662 if (!rc)
5663 rc = avc_has_perm(sid, msec->sid,
5664 SECCLASS_MSG, MSG__RECEIVE, &ad);
5665 return rc;
5666}
5667
5668
5669static int selinux_shm_alloc_security(struct shmid_kernel *shp)
5670{
5671 struct ipc_security_struct *isec;
5672 struct common_audit_data ad;
5673 u32 sid = current_sid();
5674 int rc;
5675
5676 rc = ipc_alloc_security(&shp->shm_perm, SECCLASS_SHM);
5677 if (rc)
5678 return rc;
5679
5680 isec = shp->shm_perm.security;
5681
5682 ad.type = LSM_AUDIT_DATA_IPC;
5683 ad.u.ipc_id = shp->shm_perm.key;
5684
5685 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5686 SHM__CREATE, &ad);
5687 if (rc) {
5688 ipc_free_security(&shp->shm_perm);
5689 return rc;
5690 }
5691 return 0;
5692}
5693
5694static void selinux_shm_free_security(struct shmid_kernel *shp)
5695{
5696 ipc_free_security(&shp->shm_perm);
5697}
5698
5699static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
5700{
5701 struct ipc_security_struct *isec;
5702 struct common_audit_data ad;
5703 u32 sid = current_sid();
5704
5705 isec = shp->shm_perm.security;
5706
5707 ad.type = LSM_AUDIT_DATA_IPC;
5708 ad.u.ipc_id = shp->shm_perm.key;
5709
5710 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5711 SHM__ASSOCIATE, &ad);
5712}
5713
5714
5715static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
5716{
5717 int perms;
5718 int err;
5719
5720 switch (cmd) {
5721 case IPC_INFO:
5722 case SHM_INFO:
5723
5724 return avc_has_perm(current_sid(), SECINITSID_KERNEL,
5725 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
5726 case IPC_STAT:
5727 case SHM_STAT:
5728 perms = SHM__GETATTR | SHM__ASSOCIATE;
5729 break;
5730 case IPC_SET:
5731 perms = SHM__SETATTR;
5732 break;
5733 case SHM_LOCK:
5734 case SHM_UNLOCK:
5735 perms = SHM__LOCK;
5736 break;
5737 case IPC_RMID:
5738 perms = SHM__DESTROY;
5739 break;
5740 default:
5741 return 0;
5742 }
5743
5744 err = ipc_has_perm(&shp->shm_perm, perms);
5745 return err;
5746}
5747
5748static int selinux_shm_shmat(struct shmid_kernel *shp,
5749 char __user *shmaddr, int shmflg)
5750{
5751 u32 perms;
5752
5753 if (shmflg & SHM_RDONLY)
5754 perms = SHM__READ;
5755 else
5756 perms = SHM__READ | SHM__WRITE;
5757
5758 return ipc_has_perm(&shp->shm_perm, perms);
5759}
5760
5761
5762static int selinux_sem_alloc_security(struct sem_array *sma)
5763{
5764 struct ipc_security_struct *isec;
5765 struct common_audit_data ad;
5766 u32 sid = current_sid();
5767 int rc;
5768
5769 rc = ipc_alloc_security(&sma->sem_perm, SECCLASS_SEM);
5770 if (rc)
5771 return rc;
5772
5773 isec = sma->sem_perm.security;
5774
5775 ad.type = LSM_AUDIT_DATA_IPC;
5776 ad.u.ipc_id = sma->sem_perm.key;
5777
5778 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5779 SEM__CREATE, &ad);
5780 if (rc) {
5781 ipc_free_security(&sma->sem_perm);
5782 return rc;
5783 }
5784 return 0;
5785}
5786
5787static void selinux_sem_free_security(struct sem_array *sma)
5788{
5789 ipc_free_security(&sma->sem_perm);
5790}
5791
5792static int selinux_sem_associate(struct sem_array *sma, int semflg)
5793{
5794 struct ipc_security_struct *isec;
5795 struct common_audit_data ad;
5796 u32 sid = current_sid();
5797
5798 isec = sma->sem_perm.security;
5799
5800 ad.type = LSM_AUDIT_DATA_IPC;
5801 ad.u.ipc_id = sma->sem_perm.key;
5802
5803 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5804 SEM__ASSOCIATE, &ad);
5805}
5806
5807
5808static int selinux_sem_semctl(struct sem_array *sma, int cmd)
5809{
5810 int err;
5811 u32 perms;
5812
5813 switch (cmd) {
5814 case IPC_INFO:
5815 case SEM_INFO:
5816
5817 return avc_has_perm(current_sid(), SECINITSID_KERNEL,
5818 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
5819 case GETPID:
5820 case GETNCNT:
5821 case GETZCNT:
5822 perms = SEM__GETATTR;
5823 break;
5824 case GETVAL:
5825 case GETALL:
5826 perms = SEM__READ;
5827 break;
5828 case SETVAL:
5829 case SETALL:
5830 perms = SEM__WRITE;
5831 break;
5832 case IPC_RMID:
5833 perms = SEM__DESTROY;
5834 break;
5835 case IPC_SET:
5836 perms = SEM__SETATTR;
5837 break;
5838 case IPC_STAT:
5839 case SEM_STAT:
5840 perms = SEM__GETATTR | SEM__ASSOCIATE;
5841 break;
5842 default:
5843 return 0;
5844 }
5845
5846 err = ipc_has_perm(&sma->sem_perm, perms);
5847 return err;
5848}
5849
5850static int selinux_sem_semop(struct sem_array *sma,
5851 struct sembuf *sops, unsigned nsops, int alter)
5852{
5853 u32 perms;
5854
5855 if (alter)
5856 perms = SEM__READ | SEM__WRITE;
5857 else
5858 perms = SEM__READ;
5859
5860 return ipc_has_perm(&sma->sem_perm, perms);
5861}
5862
5863static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
5864{
5865 u32 av = 0;
5866
5867 av = 0;
5868 if (flag & S_IRUGO)
5869 av |= IPC__UNIX_READ;
5870 if (flag & S_IWUGO)
5871 av |= IPC__UNIX_WRITE;
5872
5873 if (av == 0)
5874 return 0;
5875
5876 return ipc_has_perm(ipcp, av);
5877}
5878
5879static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
5880{
5881 struct ipc_security_struct *isec = ipcp->security;
5882 *secid = isec->sid;
5883}
5884
5885static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
5886{
5887 if (inode)
5888 inode_doinit_with_dentry(inode, dentry);
5889}
5890
5891static int selinux_getprocattr(struct task_struct *p,
5892 char *name, char **value)
5893{
5894 const struct task_security_struct *__tsec;
5895 u32 sid;
5896 int error;
5897 unsigned len;
5898
5899 rcu_read_lock();
5900 __tsec = __task_cred(p)->security;
5901
5902 if (current != p) {
5903 error = avc_has_perm(current_sid(), __tsec->sid,
5904 SECCLASS_PROCESS, PROCESS__GETATTR, NULL);
5905 if (error)
5906 goto bad;
5907 }
5908
5909 if (!strcmp(name, "current"))
5910 sid = __tsec->sid;
5911 else if (!strcmp(name, "prev"))
5912 sid = __tsec->osid;
5913 else if (!strcmp(name, "exec"))
5914 sid = __tsec->exec_sid;
5915 else if (!strcmp(name, "fscreate"))
5916 sid = __tsec->create_sid;
5917 else if (!strcmp(name, "keycreate"))
5918 sid = __tsec->keycreate_sid;
5919 else if (!strcmp(name, "sockcreate"))
5920 sid = __tsec->sockcreate_sid;
5921 else {
5922 error = -EINVAL;
5923 goto bad;
5924 }
5925 rcu_read_unlock();
5926
5927 if (!sid)
5928 return 0;
5929
5930 error = security_sid_to_context(sid, value, &len);
5931 if (error)
5932 return error;
5933 return len;
5934
5935bad:
5936 rcu_read_unlock();
5937 return error;
5938}
5939
5940static int selinux_setprocattr(const char *name, void *value, size_t size)
5941{
5942 struct task_security_struct *tsec;
5943 struct cred *new;
5944 u32 mysid = current_sid(), sid = 0, ptsid;
5945 int error;
5946 char *str = value;
5947
5948
5949
5950
5951 if (!strcmp(name, "exec"))
5952 error = avc_has_perm(mysid, mysid, SECCLASS_PROCESS,
5953 PROCESS__SETEXEC, NULL);
5954 else if (!strcmp(name, "fscreate"))
5955 error = avc_has_perm(mysid, mysid, SECCLASS_PROCESS,
5956 PROCESS__SETFSCREATE, NULL);
5957 else if (!strcmp(name, "keycreate"))
5958 error = avc_has_perm(mysid, mysid, SECCLASS_PROCESS,
5959 PROCESS__SETKEYCREATE, NULL);
5960 else if (!strcmp(name, "sockcreate"))
5961 error = avc_has_perm(mysid, mysid, SECCLASS_PROCESS,
5962 PROCESS__SETSOCKCREATE, NULL);
5963 else if (!strcmp(name, "current"))
5964 error = avc_has_perm(mysid, mysid, SECCLASS_PROCESS,
5965 PROCESS__SETCURRENT, NULL);
5966 else
5967 error = -EINVAL;
5968 if (error)
5969 return error;
5970
5971
5972 if (size && str[0] && str[0] != '\n') {
5973 if (str[size-1] == '\n') {
5974 str[size-1] = 0;
5975 size--;
5976 }
5977 error = security_context_to_sid(value, size, &sid, GFP_KERNEL);
5978 if (error == -EINVAL && !strcmp(name, "fscreate")) {
5979 if (!has_cap_mac_admin(true)) {
5980 struct audit_buffer *ab;
5981 size_t audit_size;
5982
5983
5984
5985 if (str[size - 1] == '\0')
5986 audit_size = size - 1;
5987 else
5988 audit_size = size;
5989 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
5990 audit_log_format(ab, "op=fscreate invalid_context=");
5991 audit_log_n_untrustedstring(ab, value, audit_size);
5992 audit_log_end(ab);
5993
5994 return error;
5995 }
5996 error = security_context_to_sid_force(value, size,
5997 &sid);
5998 }
5999 if (error)
6000 return error;
6001 }
6002
6003 new = prepare_creds();
6004 if (!new)
6005 return -ENOMEM;
6006
6007
6008
6009
6010
6011
6012
6013 tsec = new->security;
6014 if (!strcmp(name, "exec")) {
6015 tsec->exec_sid = sid;
6016 } else if (!strcmp(name, "fscreate")) {
6017 tsec->create_sid = sid;
6018 } else if (!strcmp(name, "keycreate")) {
6019 error = avc_has_perm(mysid, sid, SECCLASS_KEY, KEY__CREATE,
6020 NULL);
6021 if (error)
6022 goto abort_change;
6023 tsec->keycreate_sid = sid;
6024 } else if (!strcmp(name, "sockcreate")) {
6025 tsec->sockcreate_sid = sid;
6026 } else if (!strcmp(name, "current")) {
6027 error = -EINVAL;
6028 if (sid == 0)
6029 goto abort_change;
6030
6031
6032 error = -EPERM;
6033 if (!current_is_single_threaded()) {
6034 error = security_bounded_transition(tsec->sid, sid);
6035 if (error)
6036 goto abort_change;
6037 }
6038
6039
6040 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
6041 PROCESS__DYNTRANSITION, NULL);
6042 if (error)
6043 goto abort_change;
6044
6045
6046
6047 ptsid = ptrace_parent_sid();
6048 if (ptsid != 0) {
6049 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
6050 PROCESS__PTRACE, NULL);
6051 if (error)
6052 goto abort_change;
6053 }
6054
6055 tsec->sid = sid;
6056 } else {
6057 error = -EINVAL;
6058 goto abort_change;
6059 }
6060
6061 commit_creds(new);
6062 return size;
6063
6064abort_change:
6065 abort_creds(new);
6066 return error;
6067}
6068
6069static int selinux_ismaclabel(const char *name)
6070{
6071 return (strcmp(name, XATTR_SELINUX_SUFFIX) == 0);
6072}
6073
6074static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
6075{
6076 return security_sid_to_context(secid, secdata, seclen);
6077}
6078
6079static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
6080{
6081 return security_context_to_sid(secdata, seclen, secid, GFP_KERNEL);
6082}
6083
6084static void selinux_release_secctx(char *secdata, u32 seclen)
6085{
6086 kfree(secdata);
6087}
6088
6089static void selinux_inode_invalidate_secctx(struct inode *inode)
6090{
6091 struct inode_security_struct *isec = inode->i_security;
6092
6093 spin_lock(&isec->lock);
6094 isec->initialized = LABEL_INVALID;
6095 spin_unlock(&isec->lock);
6096}
6097
6098
6099
6100
6101static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
6102{
6103 return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0);
6104}
6105
6106
6107
6108
6109static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
6110{
6111 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
6112}
6113
6114static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
6115{
6116 int len = 0;
6117 len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,
6118 ctx, true);
6119 if (len < 0)
6120 return len;
6121 *ctxlen = len;
6122 return 0;
6123}
6124#ifdef CONFIG_KEYS
6125
6126static int selinux_key_alloc(struct key *k, const struct cred *cred,
6127 unsigned long flags)
6128{
6129 const struct task_security_struct *tsec;
6130 struct key_security_struct *ksec;
6131
6132 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
6133 if (!ksec)
6134 return -ENOMEM;
6135
6136 tsec = cred->security;
6137 if (tsec->keycreate_sid)
6138 ksec->sid = tsec->keycreate_sid;
6139 else
6140 ksec->sid = tsec->sid;
6141
6142 k->security = ksec;
6143 return 0;
6144}
6145
6146static void selinux_key_free(struct key *k)
6147{
6148 struct key_security_struct *ksec = k->security;
6149
6150 k->security = NULL;
6151 kfree(ksec);
6152}
6153
6154static int selinux_key_permission(key_ref_t key_ref,
6155 const struct cred *cred,
6156 unsigned perm)
6157{
6158 struct key *key;
6159 struct key_security_struct *ksec;
6160 u32 sid;
6161
6162
6163
6164
6165 if (perm == 0)
6166 return 0;
6167
6168 sid = cred_sid(cred);
6169
6170 key = key_ref_to_ptr(key_ref);
6171 ksec = key->security;
6172
6173 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL);
6174}
6175
6176static int selinux_key_getsecurity(struct key *key, char **_buffer)
6177{
6178 struct key_security_struct *ksec = key->security;
6179 char *context = NULL;
6180 unsigned len;
6181 int rc;
6182
6183 rc = security_sid_to_context(ksec->sid, &context, &len);
6184 if (!rc)
6185 rc = len;
6186 *_buffer = context;
6187 return rc;
6188}
6189#endif
6190
6191#ifdef CONFIG_SECURITY_INFINIBAND
6192static int selinux_ib_pkey_access(void *ib_sec, u64 subnet_prefix, u16 pkey_val)
6193{
6194 struct common_audit_data ad;
6195 int err;
6196 u32 sid = 0;
6197 struct ib_security_struct *sec = ib_sec;
6198 struct lsm_ibpkey_audit ibpkey;
6199
6200 err = sel_ib_pkey_sid(subnet_prefix, pkey_val, &sid);
6201 if (err)
6202 return err;
6203
6204 ad.type = LSM_AUDIT_DATA_IBPKEY;
6205 ibpkey.subnet_prefix = subnet_prefix;
6206 ibpkey.pkey = pkey_val;
6207 ad.u.ibpkey = &ibpkey;
6208 return avc_has_perm(sec->sid, sid,
6209 SECCLASS_INFINIBAND_PKEY,
6210 INFINIBAND_PKEY__ACCESS, &ad);
6211}
6212
6213static int selinux_ib_endport_manage_subnet(void *ib_sec, const char *dev_name,
6214 u8 port_num)
6215{
6216 struct common_audit_data ad;
6217 int err;
6218 u32 sid = 0;
6219 struct ib_security_struct *sec = ib_sec;
6220 struct lsm_ibendport_audit ibendport;
6221
6222 err = security_ib_endport_sid(dev_name, port_num, &sid);
6223
6224 if (err)
6225 return err;
6226
6227 ad.type = LSM_AUDIT_DATA_IBENDPORT;
6228 strncpy(ibendport.dev_name, dev_name, sizeof(ibendport.dev_name));
6229 ibendport.port = port_num;
6230 ad.u.ibendport = &ibendport;
6231 return avc_has_perm(sec->sid, sid,
6232 SECCLASS_INFINIBAND_ENDPORT,
6233 INFINIBAND_ENDPORT__MANAGE_SUBNET, &ad);
6234}
6235
6236static int selinux_ib_alloc_security(void **ib_sec)
6237{
6238 struct ib_security_struct *sec;
6239
6240 sec = kzalloc(sizeof(*sec), GFP_KERNEL);
6241 if (!sec)
6242 return -ENOMEM;
6243 sec->sid = current_sid();
6244
6245 *ib_sec = sec;
6246 return 0;
6247}
6248
6249static void selinux_ib_free_security(void *ib_sec)
6250{
6251 kfree(ib_sec);
6252}
6253#endif
6254
6255static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
6256 LSM_HOOK_INIT(binder_set_context_mgr, selinux_binder_set_context_mgr),
6257 LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction),
6258 LSM_HOOK_INIT(binder_transfer_binder, selinux_binder_transfer_binder),
6259 LSM_HOOK_INIT(binder_transfer_file, selinux_binder_transfer_file),
6260
6261 LSM_HOOK_INIT(ptrace_access_check, selinux_ptrace_access_check),
6262 LSM_HOOK_INIT(ptrace_traceme, selinux_ptrace_traceme),
6263 LSM_HOOK_INIT(capget, selinux_capget),
6264 LSM_HOOK_INIT(capset, selinux_capset),
6265 LSM_HOOK_INIT(capable, selinux_capable),
6266 LSM_HOOK_INIT(quotactl, selinux_quotactl),
6267 LSM_HOOK_INIT(quota_on, selinux_quota_on),
6268 LSM_HOOK_INIT(syslog, selinux_syslog),
6269 LSM_HOOK_INIT(vm_enough_memory, selinux_vm_enough_memory),
6270
6271 LSM_HOOK_INIT(netlink_send, selinux_netlink_send),
6272
6273 LSM_HOOK_INIT(bprm_set_creds, selinux_bprm_set_creds),
6274 LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds),
6275 LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds),
6276
6277 LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security),
6278 LSM_HOOK_INIT(sb_free_security, selinux_sb_free_security),
6279 LSM_HOOK_INIT(sb_copy_data, selinux_sb_copy_data),
6280 LSM_HOOK_INIT(sb_remount, selinux_sb_remount),
6281 LSM_HOOK_INIT(sb_kern_mount, selinux_sb_kern_mount),
6282 LSM_HOOK_INIT(sb_show_options, selinux_sb_show_options),
6283 LSM_HOOK_INIT(sb_statfs, selinux_sb_statfs),
6284 LSM_HOOK_INIT(sb_mount, selinux_mount),
6285 LSM_HOOK_INIT(sb_umount, selinux_umount),
6286 LSM_HOOK_INIT(sb_set_mnt_opts, selinux_set_mnt_opts),
6287 LSM_HOOK_INIT(sb_clone_mnt_opts, selinux_sb_clone_mnt_opts),
6288 LSM_HOOK_INIT(sb_parse_opts_str, selinux_parse_opts_str),
6289
6290 LSM_HOOK_INIT(dentry_init_security, selinux_dentry_init_security),
6291 LSM_HOOK_INIT(dentry_create_files_as, selinux_dentry_create_files_as),
6292
6293 LSM_HOOK_INIT(inode_alloc_security, selinux_inode_alloc_security),
6294 LSM_HOOK_INIT(inode_free_security, selinux_inode_free_security),
6295 LSM_HOOK_INIT(inode_init_security, selinux_inode_init_security),
6296 LSM_HOOK_INIT(inode_create, selinux_inode_create),
6297 LSM_HOOK_INIT(inode_link, selinux_inode_link),
6298 LSM_HOOK_INIT(inode_unlink, selinux_inode_unlink),
6299 LSM_HOOK_INIT(inode_symlink, selinux_inode_symlink),
6300 LSM_HOOK_INIT(inode_mkdir, selinux_inode_mkdir),
6301 LSM_HOOK_INIT(inode_rmdir, selinux_inode_rmdir),
6302 LSM_HOOK_INIT(inode_mknod, selinux_inode_mknod),
6303 LSM_HOOK_INIT(inode_rename, selinux_inode_rename),
6304 LSM_HOOK_INIT(inode_readlink, selinux_inode_readlink),
6305 LSM_HOOK_INIT(inode_follow_link, selinux_inode_follow_link),
6306 LSM_HOOK_INIT(inode_permission, selinux_inode_permission),
6307 LSM_HOOK_INIT(inode_setattr, selinux_inode_setattr),
6308 LSM_HOOK_INIT(inode_getattr, selinux_inode_getattr),
6309 LSM_HOOK_INIT(inode_setxattr, selinux_inode_setxattr),
6310 LSM_HOOK_INIT(inode_post_setxattr, selinux_inode_post_setxattr),
6311 LSM_HOOK_INIT(inode_getxattr, selinux_inode_getxattr),
6312 LSM_HOOK_INIT(inode_listxattr, selinux_inode_listxattr),
6313 LSM_HOOK_INIT(inode_removexattr, selinux_inode_removexattr),
6314 LSM_HOOK_INIT(inode_getsecurity, selinux_inode_getsecurity),
6315 LSM_HOOK_INIT(inode_setsecurity, selinux_inode_setsecurity),
6316 LSM_HOOK_INIT(inode_listsecurity, selinux_inode_listsecurity),
6317 LSM_HOOK_INIT(inode_getsecid, selinux_inode_getsecid),
6318 LSM_HOOK_INIT(inode_copy_up, selinux_inode_copy_up),
6319 LSM_HOOK_INIT(inode_copy_up_xattr, selinux_inode_copy_up_xattr),
6320
6321 LSM_HOOK_INIT(file_permission, selinux_file_permission),
6322 LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security),
6323 LSM_HOOK_INIT(file_free_security, selinux_file_free_security),
6324 LSM_HOOK_INIT(file_ioctl, selinux_file_ioctl),
6325 LSM_HOOK_INIT(mmap_file, selinux_mmap_file),
6326 LSM_HOOK_INIT(mmap_addr, selinux_mmap_addr),
6327 LSM_HOOK_INIT(file_mprotect, selinux_file_mprotect),
6328 LSM_HOOK_INIT(file_lock, selinux_file_lock),
6329 LSM_HOOK_INIT(file_fcntl, selinux_file_fcntl),
6330 LSM_HOOK_INIT(file_set_fowner, selinux_file_set_fowner),
6331 LSM_HOOK_INIT(file_send_sigiotask, selinux_file_send_sigiotask),
6332 LSM_HOOK_INIT(file_receive, selinux_file_receive),
6333
6334 LSM_HOOK_INIT(file_open, selinux_file_open),
6335
6336 LSM_HOOK_INIT(task_alloc, selinux_task_alloc),
6337 LSM_HOOK_INIT(cred_alloc_blank, selinux_cred_alloc_blank),
6338 LSM_HOOK_INIT(cred_free, selinux_cred_free),
6339 LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare),
6340 LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer),
6341 LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as),
6342 LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as),
6343 LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request),
6344 LSM_HOOK_INIT(kernel_read_file, selinux_kernel_read_file),
6345 LSM_HOOK_INIT(task_setpgid, selinux_task_setpgid),
6346 LSM_HOOK_INIT(task_getpgid, selinux_task_getpgid),
6347 LSM_HOOK_INIT(task_getsid, selinux_task_getsid),
6348 LSM_HOOK_INIT(task_getsecid, selinux_task_getsecid),
6349 LSM_HOOK_INIT(task_setnice, selinux_task_setnice),
6350 LSM_HOOK_INIT(task_setioprio, selinux_task_setioprio),
6351 LSM_HOOK_INIT(task_getioprio, selinux_task_getioprio),
6352 LSM_HOOK_INIT(task_prlimit, selinux_task_prlimit),
6353 LSM_HOOK_INIT(task_setrlimit, selinux_task_setrlimit),
6354 LSM_HOOK_INIT(task_setscheduler, selinux_task_setscheduler),
6355 LSM_HOOK_INIT(task_getscheduler, selinux_task_getscheduler),
6356 LSM_HOOK_INIT(task_movememory, selinux_task_movememory),
6357 LSM_HOOK_INIT(task_kill, selinux_task_kill),
6358 LSM_HOOK_INIT(task_to_inode, selinux_task_to_inode),
6359
6360 LSM_HOOK_INIT(ipc_permission, selinux_ipc_permission),
6361 LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid),
6362
6363 LSM_HOOK_INIT(msg_msg_alloc_security, selinux_msg_msg_alloc_security),
6364 LSM_HOOK_INIT(msg_msg_free_security, selinux_msg_msg_free_security),
6365
6366 LSM_HOOK_INIT(msg_queue_alloc_security,
6367 selinux_msg_queue_alloc_security),
6368 LSM_HOOK_INIT(msg_queue_free_security, selinux_msg_queue_free_security),
6369 LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate),
6370 LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl),
6371 LSM_HOOK_INIT(msg_queue_msgsnd, selinux_msg_queue_msgsnd),
6372 LSM_HOOK_INIT(msg_queue_msgrcv, selinux_msg_queue_msgrcv),
6373
6374 LSM_HOOK_INIT(shm_alloc_security, selinux_shm_alloc_security),
6375 LSM_HOOK_INIT(shm_free_security, selinux_shm_free_security),
6376 LSM_HOOK_INIT(shm_associate, selinux_shm_associate),
6377 LSM_HOOK_INIT(shm_shmctl, selinux_shm_shmctl),
6378 LSM_HOOK_INIT(shm_shmat, selinux_shm_shmat),
6379
6380 LSM_HOOK_INIT(sem_alloc_security, selinux_sem_alloc_security),
6381 LSM_HOOK_INIT(sem_free_security, selinux_sem_free_security),
6382 LSM_HOOK_INIT(sem_associate, selinux_sem_associate),
6383 LSM_HOOK_INIT(sem_semctl, selinux_sem_semctl),
6384 LSM_HOOK_INIT(sem_semop, selinux_sem_semop),
6385
6386 LSM_HOOK_INIT(d_instantiate, selinux_d_instantiate),
6387
6388 LSM_HOOK_INIT(getprocattr, selinux_getprocattr),
6389 LSM_HOOK_INIT(setprocattr, selinux_setprocattr),
6390
6391 LSM_HOOK_INIT(ismaclabel, selinux_ismaclabel),
6392 LSM_HOOK_INIT(secid_to_secctx, selinux_secid_to_secctx),
6393 LSM_HOOK_INIT(secctx_to_secid, selinux_secctx_to_secid),
6394 LSM_HOOK_INIT(release_secctx, selinux_release_secctx),
6395 LSM_HOOK_INIT(inode_invalidate_secctx, selinux_inode_invalidate_secctx),
6396 LSM_HOOK_INIT(inode_notifysecctx, selinux_inode_notifysecctx),
6397 LSM_HOOK_INIT(inode_setsecctx, selinux_inode_setsecctx),
6398 LSM_HOOK_INIT(inode_getsecctx, selinux_inode_getsecctx),
6399
6400 LSM_HOOK_INIT(unix_stream_connect, selinux_socket_unix_stream_connect),
6401 LSM_HOOK_INIT(unix_may_send, selinux_socket_unix_may_send),
6402
6403 LSM_HOOK_INIT(socket_create, selinux_socket_create),
6404 LSM_HOOK_INIT(socket_post_create, selinux_socket_post_create),
6405 LSM_HOOK_INIT(socket_bind, selinux_socket_bind),
6406 LSM_HOOK_INIT(socket_connect, selinux_socket_connect),
6407 LSM_HOOK_INIT(socket_listen, selinux_socket_listen),
6408 LSM_HOOK_INIT(socket_accept, selinux_socket_accept),
6409 LSM_HOOK_INIT(socket_sendmsg, selinux_socket_sendmsg),
6410 LSM_HOOK_INIT(socket_recvmsg, selinux_socket_recvmsg),
6411 LSM_HOOK_INIT(socket_getsockname, selinux_socket_getsockname),
6412 LSM_HOOK_INIT(socket_getpeername, selinux_socket_getpeername),
6413 LSM_HOOK_INIT(socket_getsockopt, selinux_socket_getsockopt),
6414 LSM_HOOK_INIT(socket_setsockopt, selinux_socket_setsockopt),
6415 LSM_HOOK_INIT(socket_shutdown, selinux_socket_shutdown),
6416 LSM_HOOK_INIT(socket_sock_rcv_skb, selinux_socket_sock_rcv_skb),
6417 LSM_HOOK_INIT(socket_getpeersec_stream,
6418 selinux_socket_getpeersec_stream),
6419 LSM_HOOK_INIT(socket_getpeersec_dgram, selinux_socket_getpeersec_dgram),
6420 LSM_HOOK_INIT(sk_alloc_security, selinux_sk_alloc_security),
6421 LSM_HOOK_INIT(sk_free_security, selinux_sk_free_security),
6422 LSM_HOOK_INIT(sk_clone_security, selinux_sk_clone_security),
6423 LSM_HOOK_INIT(sk_getsecid, selinux_sk_getsecid),
6424 LSM_HOOK_INIT(sock_graft, selinux_sock_graft),
6425 LSM_HOOK_INIT(inet_conn_request, selinux_inet_conn_request),
6426 LSM_HOOK_INIT(inet_csk_clone, selinux_inet_csk_clone),
6427 LSM_HOOK_INIT(inet_conn_established, selinux_inet_conn_established),
6428 LSM_HOOK_INIT(secmark_relabel_packet, selinux_secmark_relabel_packet),
6429 LSM_HOOK_INIT(secmark_refcount_inc, selinux_secmark_refcount_inc),
6430 LSM_HOOK_INIT(secmark_refcount_dec, selinux_secmark_refcount_dec),
6431 LSM_HOOK_INIT(req_classify_flow, selinux_req_classify_flow),
6432 LSM_HOOK_INIT(tun_dev_alloc_security, selinux_tun_dev_alloc_security),
6433 LSM_HOOK_INIT(tun_dev_free_security, selinux_tun_dev_free_security),
6434 LSM_HOOK_INIT(tun_dev_create, selinux_tun_dev_create),
6435 LSM_HOOK_INIT(tun_dev_attach_queue, selinux_tun_dev_attach_queue),
6436 LSM_HOOK_INIT(tun_dev_attach, selinux_tun_dev_attach),
6437 LSM_HOOK_INIT(tun_dev_open, selinux_tun_dev_open),
6438#ifdef CONFIG_SECURITY_INFINIBAND
6439 LSM_HOOK_INIT(ib_pkey_access, selinux_ib_pkey_access),
6440 LSM_HOOK_INIT(ib_endport_manage_subnet,
6441 selinux_ib_endport_manage_subnet),
6442 LSM_HOOK_INIT(ib_alloc_security, selinux_ib_alloc_security),
6443 LSM_HOOK_INIT(ib_free_security, selinux_ib_free_security),
6444#endif
6445#ifdef CONFIG_SECURITY_NETWORK_XFRM
6446 LSM_HOOK_INIT(xfrm_policy_alloc_security, selinux_xfrm_policy_alloc),
6447 LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone),
6448 LSM_HOOK_INIT(xfrm_policy_free_security, selinux_xfrm_policy_free),
6449 LSM_HOOK_INIT(xfrm_policy_delete_security, selinux_xfrm_policy_delete),
6450 LSM_HOOK_INIT(xfrm_state_alloc, selinux_xfrm_state_alloc),
6451 LSM_HOOK_INIT(xfrm_state_alloc_acquire,
6452 selinux_xfrm_state_alloc_acquire),
6453 LSM_HOOK_INIT(xfrm_state_free_security, selinux_xfrm_state_free),
6454 LSM_HOOK_INIT(xfrm_state_delete_security, selinux_xfrm_state_delete),
6455 LSM_HOOK_INIT(xfrm_policy_lookup, selinux_xfrm_policy_lookup),
6456 LSM_HOOK_INIT(xfrm_state_pol_flow_match,
6457 selinux_xfrm_state_pol_flow_match),
6458 LSM_HOOK_INIT(xfrm_decode_session, selinux_xfrm_decode_session),
6459#endif
6460
6461#ifdef CONFIG_KEYS
6462 LSM_HOOK_INIT(key_alloc, selinux_key_alloc),
6463 LSM_HOOK_INIT(key_free, selinux_key_free),
6464 LSM_HOOK_INIT(key_permission, selinux_key_permission),
6465 LSM_HOOK_INIT(key_getsecurity, selinux_key_getsecurity),
6466#endif
6467
6468#ifdef CONFIG_AUDIT
6469 LSM_HOOK_INIT(audit_rule_init, selinux_audit_rule_init),
6470 LSM_HOOK_INIT(audit_rule_known, selinux_audit_rule_known),
6471 LSM_HOOK_INIT(audit_rule_match, selinux_audit_rule_match),
6472 LSM_HOOK_INIT(audit_rule_free, selinux_audit_rule_free),
6473#endif
6474};
6475
6476static __init int selinux_init(void)
6477{
6478 if (!security_module_enable("selinux")) {
6479 selinux_enabled = 0;
6480 return 0;
6481 }
6482
6483 if (!selinux_enabled) {
6484 printk(KERN_INFO "SELinux: Disabled at boot.\n");
6485 return 0;
6486 }
6487
6488 printk(KERN_INFO "SELinux: Initializing.\n");
6489
6490
6491 cred_init_security();
6492
6493 default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
6494
6495 sel_inode_cache = kmem_cache_create("selinux_inode_security",
6496 sizeof(struct inode_security_struct),
6497 0, SLAB_PANIC, NULL);
6498 file_security_cache = kmem_cache_create("selinux_file_security",
6499 sizeof(struct file_security_struct),
6500 0, SLAB_PANIC, NULL);
6501 avc_init();
6502
6503 security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux");
6504
6505 if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET))
6506 panic("SELinux: Unable to register AVC netcache callback\n");
6507
6508 if (avc_add_callback(selinux_lsm_notifier_avc_callback, AVC_CALLBACK_RESET))
6509 panic("SELinux: Unable to register AVC LSM notifier callback\n");
6510
6511 if (selinux_enforcing)
6512 printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
6513 else
6514 printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
6515
6516 return 0;
6517}
6518
6519static void delayed_superblock_init(struct super_block *sb, void *unused)
6520{
6521 superblock_doinit(sb, NULL);
6522}
6523
6524void selinux_complete_init(void)
6525{
6526 printk(KERN_DEBUG "SELinux: Completing initialization.\n");
6527
6528
6529 printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
6530 iterate_supers(delayed_superblock_init, NULL);
6531}
6532
6533
6534
6535security_initcall(selinux_init);
6536
6537#if defined(CONFIG_NETFILTER)
6538
6539static const struct nf_hook_ops selinux_nf_ops[] = {
6540 {
6541 .hook = selinux_ipv4_postroute,
6542 .pf = NFPROTO_IPV4,
6543 .hooknum = NF_INET_POST_ROUTING,
6544 .priority = NF_IP_PRI_SELINUX_LAST,
6545 },
6546 {
6547 .hook = selinux_ipv4_forward,
6548 .pf = NFPROTO_IPV4,
6549 .hooknum = NF_INET_FORWARD,
6550 .priority = NF_IP_PRI_SELINUX_FIRST,
6551 },
6552 {
6553 .hook = selinux_ipv4_output,
6554 .pf = NFPROTO_IPV4,
6555 .hooknum = NF_INET_LOCAL_OUT,
6556 .priority = NF_IP_PRI_SELINUX_FIRST,
6557 },
6558#if IS_ENABLED(CONFIG_IPV6)
6559 {
6560 .hook = selinux_ipv6_postroute,
6561 .pf = NFPROTO_IPV6,
6562 .hooknum = NF_INET_POST_ROUTING,
6563 .priority = NF_IP6_PRI_SELINUX_LAST,
6564 },
6565 {
6566 .hook = selinux_ipv6_forward,
6567 .pf = NFPROTO_IPV6,
6568 .hooknum = NF_INET_FORWARD,
6569 .priority = NF_IP6_PRI_SELINUX_FIRST,
6570 },
6571 {
6572 .hook = selinux_ipv6_output,
6573 .pf = NFPROTO_IPV6,
6574 .hooknum = NF_INET_LOCAL_OUT,
6575 .priority = NF_IP6_PRI_SELINUX_FIRST,
6576 },
6577#endif
6578};
6579
6580static int __net_init selinux_nf_register(struct net *net)
6581{
6582 return nf_register_net_hooks(net, selinux_nf_ops,
6583 ARRAY_SIZE(selinux_nf_ops));
6584}
6585
6586static void __net_exit selinux_nf_unregister(struct net *net)
6587{
6588 nf_unregister_net_hooks(net, selinux_nf_ops,
6589 ARRAY_SIZE(selinux_nf_ops));
6590}
6591
6592static struct pernet_operations selinux_net_ops = {
6593 .init = selinux_nf_register,
6594 .exit = selinux_nf_unregister,
6595};
6596
6597static int __init selinux_nf_ip_init(void)
6598{
6599 int err;
6600
6601 if (!selinux_enabled)
6602 return 0;
6603
6604 printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
6605
6606 err = register_pernet_subsys(&selinux_net_ops);
6607 if (err)
6608 panic("SELinux: register_pernet_subsys: error %d\n", err);
6609
6610 return 0;
6611}
6612__initcall(selinux_nf_ip_init);
6613
6614#ifdef CONFIG_SECURITY_SELINUX_DISABLE
6615static void selinux_nf_ip_exit(void)
6616{
6617 printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
6618
6619 unregister_pernet_subsys(&selinux_net_ops);
6620}
6621#endif
6622
6623#else
6624
6625#ifdef CONFIG_SECURITY_SELINUX_DISABLE
6626#define selinux_nf_ip_exit()
6627#endif
6628
6629#endif
6630
6631#ifdef CONFIG_SECURITY_SELINUX_DISABLE
6632static int selinux_disabled;
6633
6634int selinux_disable(void)
6635{
6636 if (ss_initialized) {
6637
6638 return -EINVAL;
6639 }
6640
6641 if (selinux_disabled) {
6642
6643 return -EINVAL;
6644 }
6645
6646 printk(KERN_INFO "SELinux: Disabled at runtime.\n");
6647
6648 selinux_disabled = 1;
6649 selinux_enabled = 0;
6650
6651 security_delete_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks));
6652
6653
6654 avc_disable();
6655
6656
6657 selinux_nf_ip_exit();
6658
6659
6660 exit_sel_fs();
6661
6662 return 0;
6663}
6664#endif
6665
