1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24#include <linux/init.h>
25#include <linux/kd.h>
26#include <linux/kernel.h>
27#include <linux/kernel_read_file.h>
28#include <linux/tracehook.h>
29#include <linux/errno.h>
30#include <linux/sched/signal.h>
31#include <linux/sched/task.h>
32#include <linux/lsm_hooks.h>
33#include <linux/xattr.h>
34#include <linux/capability.h>
35#include <linux/unistd.h>
36#include <linux/mm.h>
37#include <linux/mman.h>
38#include <linux/slab.h>
39#include <linux/pagemap.h>
40#include <linux/proc_fs.h>
41#include <linux/swap.h>
42#include <linux/spinlock.h>
43#include <linux/syscalls.h>
44#include <linux/dcache.h>
45#include <linux/file.h>
46#include <linux/fdtable.h>
47#include <linux/namei.h>
48#include <linux/mount.h>
49#include <linux/fs_context.h>
50#include <linux/fs_parser.h>
51#include <linux/netfilter_ipv4.h>
52#include <linux/netfilter_ipv6.h>
53#include <linux/tty.h>
54#include <net/icmp.h>
55#include <net/ip.h>
56#include <net/tcp.h>
57#include <net/inet_connection_sock.h>
58#include <net/net_namespace.h>
59#include <net/netlabel.h>
60#include <linux/uaccess.h>
61#include <asm/ioctls.h>
62#include <linux/atomic.h>
63#include <linux/bitops.h>
64#include <linux/interrupt.h>
65#include <linux/netdevice.h>
66#include <net/netlink.h>
67#include <linux/tcp.h>
68#include <linux/udp.h>
69#include <linux/dccp.h>
70#include <linux/sctp.h>
71#include <net/sctp/structs.h>
72#include <linux/quota.h>
73#include <linux/un.h>
74#include <net/af_unix.h>
75#include <linux/parser.h>
76#include <linux/nfs_mount.h>
77#include <net/ipv6.h>
78#include <linux/hugetlb.h>
79#include <linux/personality.h>
80#include <linux/audit.h>
81#include <linux/string.h>
82#include <linux/mutex.h>
83#include <linux/posix-timers.h>
84#include <linux/syslog.h>
85#include <linux/user_namespace.h>
86#include <linux/export.h>
87#include <linux/msg.h>
88#include <linux/shm.h>
89#include <linux/bpf.h>
90#include <linux/kernfs.h>
91#include <linux/stringhash.h>
92#include <uapi/linux/mount.h>
93#include <linux/fsnotify.h>
94#include <linux/fanotify.h>
95
96#include "avc.h"
97#include "objsec.h"
98#include "netif.h"
99#include "netnode.h"
100#include "netport.h"
101#include "ibpkey.h"
102#include "xfrm.h"
103#include "netlabel.h"
104#include "audit.h"
105#include "avc_ss.h"
106
107struct selinux_state selinux_state;
108
109
110static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
111
112#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
113static int selinux_enforcing_boot __initdata;
114
115static int __init enforcing_setup(char *str)
116{
117 unsigned long enforcing;
118 if (!kstrtoul(str, 0, &enforcing))
119 selinux_enforcing_boot = enforcing ? 1 : 0;
120 return 1;
121}
122__setup("enforcing=", enforcing_setup);
123#else
124#define selinux_enforcing_boot 1
125#endif
126
127int selinux_enabled_boot __initdata = 1;
128#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
129static int __init selinux_enabled_setup(char *str)
130{
131 unsigned long enabled;
132 if (!kstrtoul(str, 0, &enabled))
133 selinux_enabled_boot = enabled ? 1 : 0;
134 return 1;
135}
136__setup("selinux=", selinux_enabled_setup);
137#endif
138
139static unsigned int selinux_checkreqprot_boot =
140 CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE;
141
142static int __init checkreqprot_setup(char *str)
143{
144 unsigned long checkreqprot;
145
146 if (!kstrtoul(str, 0, &checkreqprot)) {
147 selinux_checkreqprot_boot = checkreqprot ? 1 : 0;
148 if (checkreqprot)
149 pr_warn("SELinux: checkreqprot set to 1 via kernel parameter. This is deprecated and will be rejected in a future kernel release.\n");
150 }
151 return 1;
152}
153__setup("checkreqprot=", checkreqprot_setup);
154
155
156
157
158
159
160
161
162
163
164
165
166static int selinux_secmark_enabled(void)
167{
168 return (selinux_policycap_alwaysnetwork() ||
169 atomic_read(&selinux_secmark_refcount));
170}
171
172
173
174
175
176
177
178
179
180
181
182static int selinux_peerlbl_enabled(void)
183{
184 return (selinux_policycap_alwaysnetwork() ||
185 netlbl_enabled() || selinux_xfrm_enabled());
186}
187
188static int selinux_netcache_avc_callback(u32 event)
189{
190 if (event == AVC_CALLBACK_RESET) {
191 sel_netif_flush();
192 sel_netnode_flush();
193 sel_netport_flush();
194 synchronize_net();
195 }
196 return 0;
197}
198
199static int selinux_lsm_notifier_avc_callback(u32 event)
200{
201 if (event == AVC_CALLBACK_RESET) {
202 sel_ib_pkey_flush();
203 call_blocking_lsm_notifier(LSM_POLICY_CHANGE, NULL);
204 }
205
206 return 0;
207}
208
209
210
211
212static void cred_init_security(void)
213{
214 struct cred *cred = (struct cred *) current->real_cred;
215 struct task_security_struct *tsec;
216
217 tsec = selinux_cred(cred);
218 tsec->osid = tsec->sid = SECINITSID_KERNEL;
219}
220
221
222
223
224static inline u32 cred_sid(const struct cred *cred)
225{
226 const struct task_security_struct *tsec;
227
228 tsec = selinux_cred(cred);
229 return tsec->sid;
230}
231
232
233
234
235static inline u32 task_sid_subj(const struct task_struct *task)
236{
237 u32 sid;
238
239 rcu_read_lock();
240 sid = cred_sid(rcu_dereference(task->cred));
241 rcu_read_unlock();
242 return sid;
243}
244
245
246
247
248static inline u32 task_sid_obj(const struct task_struct *task)
249{
250 u32 sid;
251
252 rcu_read_lock();
253 sid = cred_sid(__task_cred(task));
254 rcu_read_unlock();
255 return sid;
256}
257
258
259
260
261static inline u32 task_sid_binder(const struct task_struct *task)
262{
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278 return task_sid_obj(task);
279}
280
281static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
282
283
284
285
286
287
288
289static int __inode_security_revalidate(struct inode *inode,
290 struct dentry *dentry,
291 bool may_sleep)
292{
293 struct inode_security_struct *isec = selinux_inode(inode);
294
295 might_sleep_if(may_sleep);
296
297 if (selinux_initialized(&selinux_state) &&
298 isec->initialized != LABEL_INITIALIZED) {
299 if (!may_sleep)
300 return -ECHILD;
301
302
303
304
305
306
307 inode_doinit_with_dentry(inode, dentry);
308 }
309 return 0;
310}
311
312static struct inode_security_struct *inode_security_novalidate(struct inode *inode)
313{
314 return selinux_inode(inode);
315}
316
317static struct inode_security_struct *inode_security_rcu(struct inode *inode, bool rcu)
318{
319 int error;
320
321 error = __inode_security_revalidate(inode, NULL, !rcu);
322 if (error)
323 return ERR_PTR(error);
324 return selinux_inode(inode);
325}
326
327
328
329
330static struct inode_security_struct *inode_security(struct inode *inode)
331{
332 __inode_security_revalidate(inode, NULL, true);
333 return selinux_inode(inode);
334}
335
336static struct inode_security_struct *backing_inode_security_novalidate(struct dentry *dentry)
337{
338 struct inode *inode = d_backing_inode(dentry);
339
340 return selinux_inode(inode);
341}
342
343
344
345
346static struct inode_security_struct *backing_inode_security(struct dentry *dentry)
347{
348 struct inode *inode = d_backing_inode(dentry);
349
350 __inode_security_revalidate(inode, dentry, true);
351 return selinux_inode(inode);
352}
353
354static void inode_free_security(struct inode *inode)
355{
356 struct inode_security_struct *isec = selinux_inode(inode);
357 struct superblock_security_struct *sbsec;
358
359 if (!isec)
360 return;
361 sbsec = selinux_superblock(inode->i_sb);
362
363
364
365
366
367
368
369
370
371
372 if (!list_empty_careful(&isec->list)) {
373 spin_lock(&sbsec->isec_lock);
374 list_del_init(&isec->list);
375 spin_unlock(&sbsec->isec_lock);
376 }
377}
378
379struct selinux_mnt_opts {
380 const char *fscontext, *context, *rootcontext, *defcontext;
381};
382
383static void selinux_free_mnt_opts(void *mnt_opts)
384{
385 struct selinux_mnt_opts *opts = mnt_opts;
386 kfree(opts->fscontext);
387 kfree(opts->context);
388 kfree(opts->rootcontext);
389 kfree(opts->defcontext);
390 kfree(opts);
391}
392
393enum {
394 Opt_error = -1,
395 Opt_context = 0,
396 Opt_defcontext = 1,
397 Opt_fscontext = 2,
398 Opt_rootcontext = 3,
399 Opt_seclabel = 4,
400};
401
402#define A(s, has_arg) {#s, sizeof(#s) - 1, Opt_##s, has_arg}
403static struct {
404 const char *name;
405 int len;
406 int opt;
407 bool has_arg;
408} tokens[] = {
409 A(context, true),
410 A(fscontext, true),
411 A(defcontext, true),
412 A(rootcontext, true),
413 A(seclabel, false),
414};
415#undef A
416
417static int match_opt_prefix(char *s, int l, char **arg)
418{
419 int i;
420
421 for (i = 0; i < ARRAY_SIZE(tokens); i++) {
422 size_t len = tokens[i].len;
423 if (len > l || memcmp(s, tokens[i].name, len))
424 continue;
425 if (tokens[i].has_arg) {
426 if (len == l || s[len] != '=')
427 continue;
428 *arg = s + len + 1;
429 } else if (len != l)
430 continue;
431 return tokens[i].opt;
432 }
433 return Opt_error;
434}
435
436#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
437
438static int may_context_mount_sb_relabel(u32 sid,
439 struct superblock_security_struct *sbsec,
440 const struct cred *cred)
441{
442 const struct task_security_struct *tsec = selinux_cred(cred);
443 int rc;
444
445 rc = avc_has_perm(&selinux_state,
446 tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
447 FILESYSTEM__RELABELFROM, NULL);
448 if (rc)
449 return rc;
450
451 rc = avc_has_perm(&selinux_state,
452 tsec->sid, sid, SECCLASS_FILESYSTEM,
453 FILESYSTEM__RELABELTO, NULL);
454 return rc;
455}
456
457static int may_context_mount_inode_relabel(u32 sid,
458 struct superblock_security_struct *sbsec,
459 const struct cred *cred)
460{
461 const struct task_security_struct *tsec = selinux_cred(cred);
462 int rc;
463 rc = avc_has_perm(&selinux_state,
464 tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
465 FILESYSTEM__RELABELFROM, NULL);
466 if (rc)
467 return rc;
468
469 rc = avc_has_perm(&selinux_state,
470 sid, sbsec->sid, SECCLASS_FILESYSTEM,
471 FILESYSTEM__ASSOCIATE, NULL);
472 return rc;
473}
474
475static int selinux_is_genfs_special_handling(struct super_block *sb)
476{
477
478 return !strcmp(sb->s_type->name, "sysfs") ||
479 !strcmp(sb->s_type->name, "pstore") ||
480 !strcmp(sb->s_type->name, "debugfs") ||
481 !strcmp(sb->s_type->name, "tracefs") ||
482 !strcmp(sb->s_type->name, "rootfs") ||
483 (selinux_policycap_cgroupseclabel() &&
484 (!strcmp(sb->s_type->name, "cgroup") ||
485 !strcmp(sb->s_type->name, "cgroup2")));
486}
487
488static int selinux_is_sblabel_mnt(struct super_block *sb)
489{
490 struct superblock_security_struct *sbsec = selinux_superblock(sb);
491
492
493
494
495
496 BUILD_BUG_ON(SECURITY_FS_USE_MAX != 7);
497
498 switch (sbsec->behavior) {
499 case SECURITY_FS_USE_XATTR:
500 case SECURITY_FS_USE_TRANS:
501 case SECURITY_FS_USE_TASK:
502 case SECURITY_FS_USE_NATIVE:
503 return 1;
504
505 case SECURITY_FS_USE_GENFS:
506 return selinux_is_genfs_special_handling(sb);
507
508
509 case SECURITY_FS_USE_MNTPOINT:
510 case SECURITY_FS_USE_NONE:
511 default:
512 return 0;
513 }
514}
515
516static int sb_check_xattr_support(struct super_block *sb)
517{
518 struct superblock_security_struct *sbsec = sb->s_security;
519 struct dentry *root = sb->s_root;
520 struct inode *root_inode = d_backing_inode(root);
521 u32 sid;
522 int rc;
523
524
525
526
527
528
529
530
531 if (!(root_inode->i_opflags & IOP_XATTR)) {
532 pr_warn("SELinux: (dev %s, type %s) has no xattr support\n",
533 sb->s_id, sb->s_type->name);
534 goto fallback;
535 }
536
537 rc = __vfs_getxattr(root, root_inode, XATTR_NAME_SELINUX, NULL, 0);
538 if (rc < 0 && rc != -ENODATA) {
539 if (rc == -EOPNOTSUPP) {
540 pr_warn("SELinux: (dev %s, type %s) has no security xattr handler\n",
541 sb->s_id, sb->s_type->name);
542 goto fallback;
543 } else {
544 pr_warn("SELinux: (dev %s, type %s) getxattr errno %d\n",
545 sb->s_id, sb->s_type->name, -rc);
546 return rc;
547 }
548 }
549 return 0;
550
551fallback:
552
553 rc = security_genfs_sid(&selinux_state, sb->s_type->name, "/",
554 SECCLASS_DIR, &sid);
555 if (rc)
556 return -EOPNOTSUPP;
557
558 pr_warn("SELinux: (dev %s, type %s) falling back to genfs\n",
559 sb->s_id, sb->s_type->name);
560 sbsec->behavior = SECURITY_FS_USE_GENFS;
561 sbsec->sid = sid;
562 return 0;
563}
564
565static int sb_finish_set_opts(struct super_block *sb)
566{
567 struct superblock_security_struct *sbsec = selinux_superblock(sb);
568 struct dentry *root = sb->s_root;
569 struct inode *root_inode = d_backing_inode(root);
570 int rc = 0;
571
572 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
573 rc = sb_check_xattr_support(sb);
574 if (rc)
575 return rc;
576 }
577
578 sbsec->flags |= SE_SBINITIALIZED;
579
580
581
582
583
584
585 if (selinux_is_sblabel_mnt(sb))
586 sbsec->flags |= SBLABEL_MNT;
587 else
588 sbsec->flags &= ~SBLABEL_MNT;
589
590
591 rc = inode_doinit_with_dentry(root_inode, root);
592
593
594
595
596
597 spin_lock(&sbsec->isec_lock);
598 while (!list_empty(&sbsec->isec_head)) {
599 struct inode_security_struct *isec =
600 list_first_entry(&sbsec->isec_head,
601 struct inode_security_struct, list);
602 struct inode *inode = isec->inode;
603 list_del_init(&isec->list);
604 spin_unlock(&sbsec->isec_lock);
605 inode = igrab(inode);
606 if (inode) {
607 if (!IS_PRIVATE(inode))
608 inode_doinit_with_dentry(inode, NULL);
609 iput(inode);
610 }
611 spin_lock(&sbsec->isec_lock);
612 }
613 spin_unlock(&sbsec->isec_lock);
614 return rc;
615}
616
617static int bad_option(struct superblock_security_struct *sbsec, char flag,
618 u32 old_sid, u32 new_sid)
619{
620 char mnt_flags = sbsec->flags & SE_MNTMASK;
621
622
623 if (sbsec->flags & SE_SBINITIALIZED)
624 if (!(sbsec->flags & flag) ||
625 (old_sid != new_sid))
626 return 1;
627
628
629
630
631 if (!(sbsec->flags & SE_SBINITIALIZED))
632 if (mnt_flags & flag)
633 return 1;
634 return 0;
635}
636
637static int parse_sid(struct super_block *sb, const char *s, u32 *sid)
638{
639 int rc = security_context_str_to_sid(&selinux_state, s,
640 sid, GFP_KERNEL);
641 if (rc)
642 pr_warn("SELinux: security_context_str_to_sid"
643 "(%s) failed for (dev %s, type %s) errno=%d\n",
644 s, sb->s_id, sb->s_type->name, rc);
645 return rc;
646}
647
648
649
650
651
652static int selinux_set_mnt_opts(struct super_block *sb,
653 void *mnt_opts,
654 unsigned long kern_flags,
655 unsigned long *set_kern_flags)
656{
657 const struct cred *cred = current_cred();
658 struct superblock_security_struct *sbsec = selinux_superblock(sb);
659 struct dentry *root = sb->s_root;
660 struct selinux_mnt_opts *opts = mnt_opts;
661 struct inode_security_struct *root_isec;
662 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
663 u32 defcontext_sid = 0;
664 int rc = 0;
665
666 mutex_lock(&sbsec->lock);
667
668 if (!selinux_initialized(&selinux_state)) {
669 if (!opts) {
670
671
672
673 goto out;
674 }
675 rc = -EINVAL;
676 pr_warn("SELinux: Unable to set superblock options "
677 "before the security server is initialized\n");
678 goto out;
679 }
680 if (kern_flags && !set_kern_flags) {
681
682
683 rc = -EINVAL;
684 goto out;
685 }
686
687
688
689
690
691
692
693
694
695
696
697
698 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
699 && !opts)
700 goto out;
701
702 root_isec = backing_inode_security_novalidate(root);
703
704
705
706
707
708
709 if (opts) {
710 if (opts->fscontext) {
711 rc = parse_sid(sb, opts->fscontext, &fscontext_sid);
712 if (rc)
713 goto out;
714 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
715 fscontext_sid))
716 goto out_double_mount;
717 sbsec->flags |= FSCONTEXT_MNT;
718 }
719 if (opts->context) {
720 rc = parse_sid(sb, opts->context, &context_sid);
721 if (rc)
722 goto out;
723 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
724 context_sid))
725 goto out_double_mount;
726 sbsec->flags |= CONTEXT_MNT;
727 }
728 if (opts->rootcontext) {
729 rc = parse_sid(sb, opts->rootcontext, &rootcontext_sid);
730 if (rc)
731 goto out;
732 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
733 rootcontext_sid))
734 goto out_double_mount;
735 sbsec->flags |= ROOTCONTEXT_MNT;
736 }
737 if (opts->defcontext) {
738 rc = parse_sid(sb, opts->defcontext, &defcontext_sid);
739 if (rc)
740 goto out;
741 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
742 defcontext_sid))
743 goto out_double_mount;
744 sbsec->flags |= DEFCONTEXT_MNT;
745 }
746 }
747
748 if (sbsec->flags & SE_SBINITIALIZED) {
749
750 if ((sbsec->flags & SE_MNTMASK) && !opts)
751 goto out_double_mount;
752 rc = 0;
753 goto out;
754 }
755
756 if (strcmp(sb->s_type->name, "proc") == 0)
757 sbsec->flags |= SE_SBPROC | SE_SBGENFS;
758
759 if (!strcmp(sb->s_type->name, "debugfs") ||
760 !strcmp(sb->s_type->name, "tracefs") ||
761 !strcmp(sb->s_type->name, "binder") ||
762 !strcmp(sb->s_type->name, "bpf") ||
763 !strcmp(sb->s_type->name, "pstore"))
764 sbsec->flags |= SE_SBGENFS;
765
766 if (!strcmp(sb->s_type->name, "sysfs") ||
767 !strcmp(sb->s_type->name, "cgroup") ||
768 !strcmp(sb->s_type->name, "cgroup2"))
769 sbsec->flags |= SE_SBGENFS | SE_SBGENFS_XATTR;
770
771 if (!sbsec->behavior) {
772
773
774
775
776 rc = security_fs_use(&selinux_state, sb);
777 if (rc) {
778 pr_warn("%s: security_fs_use(%s) returned %d\n",
779 __func__, sb->s_type->name, rc);
780 goto out;
781 }
782 }
783
784
785
786
787
788
789 if (sb->s_user_ns != &init_user_ns &&
790 strcmp(sb->s_type->name, "tmpfs") &&
791 strcmp(sb->s_type->name, "ramfs") &&
792 strcmp(sb->s_type->name, "devpts") &&
793 strcmp(sb->s_type->name, "overlay")) {
794 if (context_sid || fscontext_sid || rootcontext_sid ||
795 defcontext_sid) {
796 rc = -EACCES;
797 goto out;
798 }
799 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
800 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
801 rc = security_transition_sid(&selinux_state,
802 current_sid(),
803 current_sid(),
804 SECCLASS_FILE, NULL,
805 &sbsec->mntpoint_sid);
806 if (rc)
807 goto out;
808 }
809 goto out_set_opts;
810 }
811
812
813 if (fscontext_sid) {
814 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
815 if (rc)
816 goto out;
817
818 sbsec->sid = fscontext_sid;
819 }
820
821
822
823
824
825
826 if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !context_sid) {
827 sbsec->behavior = SECURITY_FS_USE_NATIVE;
828 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
829 }
830
831 if (context_sid) {
832 if (!fscontext_sid) {
833 rc = may_context_mount_sb_relabel(context_sid, sbsec,
834 cred);
835 if (rc)
836 goto out;
837 sbsec->sid = context_sid;
838 } else {
839 rc = may_context_mount_inode_relabel(context_sid, sbsec,
840 cred);
841 if (rc)
842 goto out;
843 }
844 if (!rootcontext_sid)
845 rootcontext_sid = context_sid;
846
847 sbsec->mntpoint_sid = context_sid;
848 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
849 }
850
851 if (rootcontext_sid) {
852 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
853 cred);
854 if (rc)
855 goto out;
856
857 root_isec->sid = rootcontext_sid;
858 root_isec->initialized = LABEL_INITIALIZED;
859 }
860
861 if (defcontext_sid) {
862 if (sbsec->behavior != SECURITY_FS_USE_XATTR &&
863 sbsec->behavior != SECURITY_FS_USE_NATIVE) {
864 rc = -EINVAL;
865 pr_warn("SELinux: defcontext option is "
866 "invalid for this filesystem type\n");
867 goto out;
868 }
869
870 if (defcontext_sid != sbsec->def_sid) {
871 rc = may_context_mount_inode_relabel(defcontext_sid,
872 sbsec, cred);
873 if (rc)
874 goto out;
875 }
876
877 sbsec->def_sid = defcontext_sid;
878 }
879
880out_set_opts:
881 rc = sb_finish_set_opts(sb);
882out:
883 mutex_unlock(&sbsec->lock);
884 return rc;
885out_double_mount:
886 rc = -EINVAL;
887 pr_warn("SELinux: mount invalid. Same superblock, different "
888 "security settings for (dev %s, type %s)\n", sb->s_id,
889 sb->s_type->name);
890 goto out;
891}
892
893static int selinux_cmp_sb_context(const struct super_block *oldsb,
894 const struct super_block *newsb)
895{
896 struct superblock_security_struct *old = selinux_superblock(oldsb);
897 struct superblock_security_struct *new = selinux_superblock(newsb);
898 char oldflags = old->flags & SE_MNTMASK;
899 char newflags = new->flags & SE_MNTMASK;
900
901 if (oldflags != newflags)
902 goto mismatch;
903 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid)
904 goto mismatch;
905 if ((oldflags & CONTEXT_MNT) && old->mntpoint_sid != new->mntpoint_sid)
906 goto mismatch;
907 if ((oldflags & DEFCONTEXT_MNT) && old->def_sid != new->def_sid)
908 goto mismatch;
909 if (oldflags & ROOTCONTEXT_MNT) {
910 struct inode_security_struct *oldroot = backing_inode_security(oldsb->s_root);
911 struct inode_security_struct *newroot = backing_inode_security(newsb->s_root);
912 if (oldroot->sid != newroot->sid)
913 goto mismatch;
914 }
915 return 0;
916mismatch:
917 pr_warn("SELinux: mount invalid. Same superblock, "
918 "different security settings for (dev %s, "
919 "type %s)\n", newsb->s_id, newsb->s_type->name);
920 return -EBUSY;
921}
922
923static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
924 struct super_block *newsb,
925 unsigned long kern_flags,
926 unsigned long *set_kern_flags)
927{
928 int rc = 0;
929 const struct superblock_security_struct *oldsbsec =
930 selinux_superblock(oldsb);
931 struct superblock_security_struct *newsbsec = selinux_superblock(newsb);
932
933 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
934 int set_context = (oldsbsec->flags & CONTEXT_MNT);
935 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
936
937
938
939
940
941 if (!selinux_initialized(&selinux_state))
942 return 0;
943
944
945
946
947
948 if (kern_flags && !set_kern_flags)
949 return -EINVAL;
950
951
952 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
953
954
955 if (newsbsec->flags & SE_SBINITIALIZED) {
956 if ((kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context)
957 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
958 return selinux_cmp_sb_context(oldsb, newsb);
959 }
960
961 mutex_lock(&newsbsec->lock);
962
963 newsbsec->flags = oldsbsec->flags;
964
965 newsbsec->sid = oldsbsec->sid;
966 newsbsec->def_sid = oldsbsec->def_sid;
967 newsbsec->behavior = oldsbsec->behavior;
968
969 if (newsbsec->behavior == SECURITY_FS_USE_NATIVE &&
970 !(kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context) {
971 rc = security_fs_use(&selinux_state, newsb);
972 if (rc)
973 goto out;
974 }
975
976 if (kern_flags & SECURITY_LSM_NATIVE_LABELS && !set_context) {
977 newsbsec->behavior = SECURITY_FS_USE_NATIVE;
978 *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
979 }
980
981 if (set_context) {
982 u32 sid = oldsbsec->mntpoint_sid;
983
984 if (!set_fscontext)
985 newsbsec->sid = sid;
986 if (!set_rootcontext) {
987 struct inode_security_struct *newisec = backing_inode_security(newsb->s_root);
988 newisec->sid = sid;
989 }
990 newsbsec->mntpoint_sid = sid;
991 }
992 if (set_rootcontext) {
993 const struct inode_security_struct *oldisec = backing_inode_security(oldsb->s_root);
994 struct inode_security_struct *newisec = backing_inode_security(newsb->s_root);
995
996 newisec->sid = oldisec->sid;
997 }
998
999 sb_finish_set_opts(newsb);
1000out:
1001 mutex_unlock(&newsbsec->lock);
1002 return rc;
1003}
1004
1005static int selinux_add_opt(int token, const char *s, void **mnt_opts)
1006{
1007 struct selinux_mnt_opts *opts = *mnt_opts;
1008
1009 if (token == Opt_seclabel)
1010 return 0;
1011
1012 if (!opts) {
1013 opts = kzalloc(sizeof(struct selinux_mnt_opts), GFP_KERNEL);
1014 if (!opts)
1015 return -ENOMEM;
1016 *mnt_opts = opts;
1017 }
1018 if (!s)
1019 return -ENOMEM;
1020 switch (token) {
1021 case Opt_context:
1022 if (opts->context || opts->defcontext)
1023 goto Einval;
1024 opts->context = s;
1025 break;
1026 case Opt_fscontext:
1027 if (opts->fscontext)
1028 goto Einval;
1029 opts->fscontext = s;
1030 break;
1031 case Opt_rootcontext:
1032 if (opts->rootcontext)
1033 goto Einval;
1034 opts->rootcontext = s;
1035 break;
1036 case Opt_defcontext:
1037 if (opts->context || opts->defcontext)
1038 goto Einval;
1039 opts->defcontext = s;
1040 break;
1041 }
1042 return 0;
1043Einval:
1044 pr_warn(SEL_MOUNT_FAIL_MSG);
1045 return -EINVAL;
1046}
1047
1048static int selinux_add_mnt_opt(const char *option, const char *val, int len,
1049 void **mnt_opts)
1050{
1051 int token = Opt_error;
1052 int rc, i;
1053
1054 for (i = 0; i < ARRAY_SIZE(tokens); i++) {
1055 if (strcmp(option, tokens[i].name) == 0) {
1056 token = tokens[i].opt;
1057 break;
1058 }
1059 }
1060
1061 if (token == Opt_error)
1062 return -EINVAL;
1063
1064 if (token != Opt_seclabel) {
1065 val = kmemdup_nul(val, len, GFP_KERNEL);
1066 if (!val) {
1067 rc = -ENOMEM;
1068 goto free_opt;
1069 }
1070 }
1071 rc = selinux_add_opt(token, val, mnt_opts);
1072 if (unlikely(rc)) {
1073 kfree(val);
1074 goto free_opt;
1075 }
1076 return rc;
1077
1078free_opt:
1079 if (*mnt_opts) {
1080 selinux_free_mnt_opts(*mnt_opts);
1081 *mnt_opts = NULL;
1082 }
1083 return rc;
1084}
1085
1086static int show_sid(struct seq_file *m, u32 sid)
1087{
1088 char *context = NULL;
1089 u32 len;
1090 int rc;
1091
1092 rc = security_sid_to_context(&selinux_state, sid,
1093 &context, &len);
1094 if (!rc) {
1095 bool has_comma = context && strchr(context, ',');
1096
1097 seq_putc(m, '=');
1098 if (has_comma)
1099 seq_putc(m, '\"');
1100 seq_escape(m, context, "\"\n\\");
1101 if (has_comma)
1102 seq_putc(m, '\"');
1103 }
1104 kfree(context);
1105 return rc;
1106}
1107
1108static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
1109{
1110 struct superblock_security_struct *sbsec = selinux_superblock(sb);
1111 int rc;
1112
1113 if (!(sbsec->flags & SE_SBINITIALIZED))
1114 return 0;
1115
1116 if (!selinux_initialized(&selinux_state))
1117 return 0;
1118
1119 if (sbsec->flags & FSCONTEXT_MNT) {
1120 seq_putc(m, ',');
1121 seq_puts(m, FSCONTEXT_STR);
1122 rc = show_sid(m, sbsec->sid);
1123 if (rc)
1124 return rc;
1125 }
1126 if (sbsec->flags & CONTEXT_MNT) {
1127 seq_putc(m, ',');
1128 seq_puts(m, CONTEXT_STR);
1129 rc = show_sid(m, sbsec->mntpoint_sid);
1130 if (rc)
1131 return rc;
1132 }
1133 if (sbsec->flags & DEFCONTEXT_MNT) {
1134 seq_putc(m, ',');
1135 seq_puts(m, DEFCONTEXT_STR);
1136 rc = show_sid(m, sbsec->def_sid);
1137 if (rc)
1138 return rc;
1139 }
1140 if (sbsec->flags & ROOTCONTEXT_MNT) {
1141 struct dentry *root = sb->s_root;
1142 struct inode_security_struct *isec = backing_inode_security(root);
1143 seq_putc(m, ',');
1144 seq_puts(m, ROOTCONTEXT_STR);
1145 rc = show_sid(m, isec->sid);
1146 if (rc)
1147 return rc;
1148 }
1149 if (sbsec->flags & SBLABEL_MNT) {
1150 seq_putc(m, ',');
1151 seq_puts(m, SECLABEL_STR);
1152 }
1153 return 0;
1154}
1155
1156static inline u16 inode_mode_to_security_class(umode_t mode)
1157{
1158 switch (mode & S_IFMT) {
1159 case S_IFSOCK:
1160 return SECCLASS_SOCK_FILE;
1161 case S_IFLNK:
1162 return SECCLASS_LNK_FILE;
1163 case S_IFREG:
1164 return SECCLASS_FILE;
1165 case S_IFBLK:
1166 return SECCLASS_BLK_FILE;
1167 case S_IFDIR:
1168 return SECCLASS_DIR;
1169 case S_IFCHR:
1170 return SECCLASS_CHR_FILE;
1171 case S_IFIFO:
1172 return SECCLASS_FIFO_FILE;
1173
1174 }
1175
1176 return SECCLASS_FILE;
1177}
1178
1179static inline int default_protocol_stream(int protocol)
1180{
1181 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP ||
1182 protocol == IPPROTO_MPTCP);
1183}
1184
1185static inline int default_protocol_dgram(int protocol)
1186{
1187 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
1188}
1189
1190static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1191{
1192 int extsockclass = selinux_policycap_extsockclass();
1193
1194 switch (family) {
1195 case PF_UNIX:
1196 switch (type) {
1197 case SOCK_STREAM:
1198 case SOCK_SEQPACKET:
1199 return SECCLASS_UNIX_STREAM_SOCKET;
1200 case SOCK_DGRAM:
1201 case SOCK_RAW:
1202 return SECCLASS_UNIX_DGRAM_SOCKET;
1203 }
1204 break;
1205 case PF_INET:
1206 case PF_INET6:
1207 switch (type) {
1208 case SOCK_STREAM:
1209 case SOCK_SEQPACKET:
1210 if (default_protocol_stream(protocol))
1211 return SECCLASS_TCP_SOCKET;
1212 else if (extsockclass && protocol == IPPROTO_SCTP)
1213 return SECCLASS_SCTP_SOCKET;
1214 else
1215 return SECCLASS_RAWIP_SOCKET;
1216 case SOCK_DGRAM:
1217 if (default_protocol_dgram(protocol))
1218 return SECCLASS_UDP_SOCKET;
1219 else if (extsockclass && (protocol == IPPROTO_ICMP ||
1220 protocol == IPPROTO_ICMPV6))
1221 return SECCLASS_ICMP_SOCKET;
1222 else
1223 return SECCLASS_RAWIP_SOCKET;
1224 case SOCK_DCCP:
1225 return SECCLASS_DCCP_SOCKET;
1226 default:
1227 return SECCLASS_RAWIP_SOCKET;
1228 }
1229 break;
1230 case PF_NETLINK:
1231 switch (protocol) {
1232 case NETLINK_ROUTE:
1233 return SECCLASS_NETLINK_ROUTE_SOCKET;
1234 case NETLINK_SOCK_DIAG:
1235 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1236 case NETLINK_NFLOG:
1237 return SECCLASS_NETLINK_NFLOG_SOCKET;
1238 case NETLINK_XFRM:
1239 return SECCLASS_NETLINK_XFRM_SOCKET;
1240 case NETLINK_SELINUX:
1241 return SECCLASS_NETLINK_SELINUX_SOCKET;
1242 case NETLINK_ISCSI:
1243 return SECCLASS_NETLINK_ISCSI_SOCKET;
1244 case NETLINK_AUDIT:
1245 return SECCLASS_NETLINK_AUDIT_SOCKET;
1246 case NETLINK_FIB_LOOKUP:
1247 return SECCLASS_NETLINK_FIB_LOOKUP_SOCKET;
1248 case NETLINK_CONNECTOR:
1249 return SECCLASS_NETLINK_CONNECTOR_SOCKET;
1250 case NETLINK_NETFILTER:
1251 return SECCLASS_NETLINK_NETFILTER_SOCKET;
1252 case NETLINK_DNRTMSG:
1253 return SECCLASS_NETLINK_DNRT_SOCKET;
1254 case NETLINK_KOBJECT_UEVENT:
1255 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1256 case NETLINK_GENERIC:
1257 return SECCLASS_NETLINK_GENERIC_SOCKET;
1258 case NETLINK_SCSITRANSPORT:
1259 return SECCLASS_NETLINK_SCSITRANSPORT_SOCKET;
1260 case NETLINK_RDMA:
1261 return SECCLASS_NETLINK_RDMA_SOCKET;
1262 case NETLINK_CRYPTO:
1263 return SECCLASS_NETLINK_CRYPTO_SOCKET;
1264 default:
1265 return SECCLASS_NETLINK_SOCKET;
1266 }
1267 case PF_PACKET:
1268 return SECCLASS_PACKET_SOCKET;
1269 case PF_KEY:
1270 return SECCLASS_KEY_SOCKET;
1271 case PF_APPLETALK:
1272 return SECCLASS_APPLETALK_SOCKET;
1273 }
1274
1275 if (extsockclass) {
1276 switch (family) {
1277 case PF_AX25:
1278 return SECCLASS_AX25_SOCKET;
1279 case PF_IPX:
1280 return SECCLASS_IPX_SOCKET;
1281 case PF_NETROM:
1282 return SECCLASS_NETROM_SOCKET;
1283 case PF_ATMPVC:
1284 return SECCLASS_ATMPVC_SOCKET;
1285 case PF_X25:
1286 return SECCLASS_X25_SOCKET;
1287 case PF_ROSE:
1288 return SECCLASS_ROSE_SOCKET;
1289 case PF_DECnet:
1290 return SECCLASS_DECNET_SOCKET;
1291 case PF_ATMSVC:
1292 return SECCLASS_ATMSVC_SOCKET;
1293 case PF_RDS:
1294 return SECCLASS_RDS_SOCKET;
1295 case PF_IRDA:
1296 return SECCLASS_IRDA_SOCKET;
1297 case PF_PPPOX:
1298 return SECCLASS_PPPOX_SOCKET;
1299 case PF_LLC:
1300 return SECCLASS_LLC_SOCKET;
1301 case PF_CAN:
1302 return SECCLASS_CAN_SOCKET;
1303 case PF_TIPC:
1304 return SECCLASS_TIPC_SOCKET;
1305 case PF_BLUETOOTH:
1306 return SECCLASS_BLUETOOTH_SOCKET;
1307 case PF_IUCV:
1308 return SECCLASS_IUCV_SOCKET;
1309 case PF_RXRPC:
1310 return SECCLASS_RXRPC_SOCKET;
1311 case PF_ISDN:
1312 return SECCLASS_ISDN_SOCKET;
1313 case PF_PHONET:
1314 return SECCLASS_PHONET_SOCKET;
1315 case PF_IEEE802154:
1316 return SECCLASS_IEEE802154_SOCKET;
1317 case PF_CAIF:
1318 return SECCLASS_CAIF_SOCKET;
1319 case PF_ALG:
1320 return SECCLASS_ALG_SOCKET;
1321 case PF_NFC:
1322 return SECCLASS_NFC_SOCKET;
1323 case PF_VSOCK:
1324 return SECCLASS_VSOCK_SOCKET;
1325 case PF_KCM:
1326 return SECCLASS_KCM_SOCKET;
1327 case PF_QIPCRTR:
1328 return SECCLASS_QIPCRTR_SOCKET;
1329 case PF_SMC:
1330 return SECCLASS_SMC_SOCKET;
1331 case PF_XDP:
1332 return SECCLASS_XDP_SOCKET;
1333 case PF_MCTP:
1334 return SECCLASS_MCTP_SOCKET;
1335#if PF_MAX > 46
1336#error New address family defined, please update this function.
1337#endif
1338 }
1339 }
1340
1341 return SECCLASS_SOCKET;
1342}
1343
1344static int selinux_genfs_get_sid(struct dentry *dentry,
1345 u16 tclass,
1346 u16 flags,
1347 u32 *sid)
1348{
1349 int rc;
1350 struct super_block *sb = dentry->d_sb;
1351 char *buffer, *path;
1352
1353 buffer = (char *)__get_free_page(GFP_KERNEL);
1354 if (!buffer)
1355 return -ENOMEM;
1356
1357 path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
1358 if (IS_ERR(path))
1359 rc = PTR_ERR(path);
1360 else {
1361 if (flags & SE_SBPROC) {
1362
1363
1364
1365 while (path[1] >= '0' && path[1] <= '9') {
1366 path[1] = '/';
1367 path++;
1368 }
1369 }
1370 rc = security_genfs_sid(&selinux_state, sb->s_type->name,
1371 path, tclass, sid);
1372 if (rc == -ENOENT) {
1373
1374 *sid = SECINITSID_UNLABELED;
1375 rc = 0;
1376 }
1377 }
1378 free_page((unsigned long)buffer);
1379 return rc;
1380}
1381
1382static int inode_doinit_use_xattr(struct inode *inode, struct dentry *dentry,
1383 u32 def_sid, u32 *sid)
1384{
1385#define INITCONTEXTLEN 255
1386 char *context;
1387 unsigned int len;
1388 int rc;
1389
1390 len = INITCONTEXTLEN;
1391 context = kmalloc(len + 1, GFP_NOFS);
1392 if (!context)
1393 return -ENOMEM;
1394
1395 context[len] = '\0';
1396 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len);
1397 if (rc == -ERANGE) {
1398 kfree(context);
1399
1400
1401 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, NULL, 0);
1402 if (rc < 0)
1403 return rc;
1404
1405 len = rc;
1406 context = kmalloc(len + 1, GFP_NOFS);
1407 if (!context)
1408 return -ENOMEM;
1409
1410 context[len] = '\0';
1411 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX,
1412 context, len);
1413 }
1414 if (rc < 0) {
1415 kfree(context);
1416 if (rc != -ENODATA) {
1417 pr_warn("SELinux: %s: getxattr returned %d for dev=%s ino=%ld\n",
1418 __func__, -rc, inode->i_sb->s_id, inode->i_ino);
1419 return rc;
1420 }
1421 *sid = def_sid;
1422 return 0;
1423 }
1424
1425 rc = security_context_to_sid_default(&selinux_state, context, rc, sid,
1426 def_sid, GFP_NOFS);
1427 if (rc) {
1428 char *dev = inode->i_sb->s_id;
1429 unsigned long ino = inode->i_ino;
1430
1431 if (rc == -EINVAL) {
1432 pr_notice_ratelimited("SELinux: inode=%lu on dev=%s was found to have an invalid context=%s. This indicates you may need to relabel the inode or the filesystem in question.\n",
1433 ino, dev, context);
1434 } else {
1435 pr_warn("SELinux: %s: context_to_sid(%s) returned %d for dev=%s ino=%ld\n",
1436 __func__, context, -rc, dev, ino);
1437 }
1438 }
1439 kfree(context);
1440 return 0;
1441}
1442
1443
1444static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1445{
1446 struct superblock_security_struct *sbsec = NULL;
1447 struct inode_security_struct *isec = selinux_inode(inode);
1448 u32 task_sid, sid = 0;
1449 u16 sclass;
1450 struct dentry *dentry;
1451 int rc = 0;
1452
1453 if (isec->initialized == LABEL_INITIALIZED)
1454 return 0;
1455
1456 spin_lock(&isec->lock);
1457 if (isec->initialized == LABEL_INITIALIZED)
1458 goto out_unlock;
1459
1460 if (isec->sclass == SECCLASS_FILE)
1461 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1462
1463 sbsec = selinux_superblock(inode->i_sb);
1464 if (!(sbsec->flags & SE_SBINITIALIZED)) {
1465
1466
1467
1468 spin_lock(&sbsec->isec_lock);
1469 if (list_empty(&isec->list))
1470 list_add(&isec->list, &sbsec->isec_head);
1471 spin_unlock(&sbsec->isec_lock);
1472 goto out_unlock;
1473 }
1474
1475 sclass = isec->sclass;
1476 task_sid = isec->task_sid;
1477 sid = isec->sid;
1478 isec->initialized = LABEL_PENDING;
1479 spin_unlock(&isec->lock);
1480
1481 switch (sbsec->behavior) {
1482 case SECURITY_FS_USE_NATIVE:
1483 break;
1484 case SECURITY_FS_USE_XATTR:
1485 if (!(inode->i_opflags & IOP_XATTR)) {
1486 sid = sbsec->def_sid;
1487 break;
1488 }
1489
1490
1491 if (opt_dentry) {
1492
1493 dentry = dget(opt_dentry);
1494 } else {
1495
1496
1497
1498
1499
1500
1501 dentry = d_find_alias(inode);
1502 if (!dentry)
1503 dentry = d_find_any_alias(inode);
1504 }
1505 if (!dentry) {
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515 goto out_invalid;
1516 }
1517
1518 rc = inode_doinit_use_xattr(inode, dentry, sbsec->def_sid,
1519 &sid);
1520 dput(dentry);
1521 if (rc)
1522 goto out;
1523 break;
1524 case SECURITY_FS_USE_TASK:
1525 sid = task_sid;
1526 break;
1527 case SECURITY_FS_USE_TRANS:
1528
1529 sid = sbsec->sid;
1530
1531
1532 rc = security_transition_sid(&selinux_state, task_sid, sid,
1533 sclass, NULL, &sid);
1534 if (rc)
1535 goto out;
1536 break;
1537 case SECURITY_FS_USE_MNTPOINT:
1538 sid = sbsec->mntpoint_sid;
1539 break;
1540 default:
1541
1542 sid = sbsec->sid;
1543
1544 if ((sbsec->flags & SE_SBGENFS) &&
1545 (!S_ISLNK(inode->i_mode) ||
1546 selinux_policycap_genfs_seclabel_symlinks())) {
1547
1548
1549 if (opt_dentry) {
1550
1551
1552 dentry = dget(opt_dentry);
1553 } else {
1554
1555
1556
1557
1558 dentry = d_find_alias(inode);
1559 if (!dentry)
1560 dentry = d_find_any_alias(inode);
1561 }
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571 if (!dentry)
1572 goto out_invalid;
1573 rc = selinux_genfs_get_sid(dentry, sclass,
1574 sbsec->flags, &sid);
1575 if (rc) {
1576 dput(dentry);
1577 goto out;
1578 }
1579
1580 if ((sbsec->flags & SE_SBGENFS_XATTR) &&
1581 (inode->i_opflags & IOP_XATTR)) {
1582 rc = inode_doinit_use_xattr(inode, dentry,
1583 sid, &sid);
1584 if (rc) {
1585 dput(dentry);
1586 goto out;
1587 }
1588 }
1589 dput(dentry);
1590 }
1591 break;
1592 }
1593
1594out:
1595 spin_lock(&isec->lock);
1596 if (isec->initialized == LABEL_PENDING) {
1597 if (rc) {
1598 isec->initialized = LABEL_INVALID;
1599 goto out_unlock;
1600 }
1601 isec->initialized = LABEL_INITIALIZED;
1602 isec->sid = sid;
1603 }
1604
1605out_unlock:
1606 spin_unlock(&isec->lock);
1607 return rc;
1608
1609out_invalid:
1610 spin_lock(&isec->lock);
1611 if (isec->initialized == LABEL_PENDING) {
1612 isec->initialized = LABEL_INVALID;
1613 isec->sid = sid;
1614 }
1615 spin_unlock(&isec->lock);
1616 return 0;
1617}
1618
1619
1620static inline u32 signal_to_av(int sig)
1621{
1622 u32 perm = 0;
1623
1624 switch (sig) {
1625 case SIGCHLD:
1626
1627 perm = PROCESS__SIGCHLD;
1628 break;
1629 case SIGKILL:
1630
1631 perm = PROCESS__SIGKILL;
1632 break;
1633 case SIGSTOP:
1634
1635 perm = PROCESS__SIGSTOP;
1636 break;
1637 default:
1638
1639 perm = PROCESS__SIGNAL;
1640 break;
1641 }
1642
1643 return perm;
1644}
1645
1646#if CAP_LAST_CAP > 63
1647#error Fix SELinux to handle capabilities > 63.
1648#endif
1649
1650
1651static int cred_has_capability(const struct cred *cred,
1652 int cap, unsigned int opts, bool initns)
1653{
1654 struct common_audit_data ad;
1655 struct av_decision avd;
1656 u16 sclass;
1657 u32 sid = cred_sid(cred);
1658 u32 av = CAP_TO_MASK(cap);
1659 int rc;
1660
1661 ad.type = LSM_AUDIT_DATA_CAP;
1662 ad.u.cap = cap;
1663
1664 switch (CAP_TO_INDEX(cap)) {
1665 case 0:
1666 sclass = initns ? SECCLASS_CAPABILITY : SECCLASS_CAP_USERNS;
1667 break;
1668 case 1:
1669 sclass = initns ? SECCLASS_CAPABILITY2 : SECCLASS_CAP2_USERNS;
1670 break;
1671 default:
1672 pr_err("SELinux: out of range capability %d\n", cap);
1673 BUG();
1674 return -EINVAL;
1675 }
1676
1677 rc = avc_has_perm_noaudit(&selinux_state,
1678 sid, sid, sclass, av, 0, &avd);
1679 if (!(opts & CAP_OPT_NOAUDIT)) {
1680 int rc2 = avc_audit(&selinux_state,
1681 sid, sid, sclass, av, &avd, rc, &ad);
1682 if (rc2)
1683 return rc2;
1684 }
1685 return rc;
1686}
1687
1688
1689
1690
1691static int inode_has_perm(const struct cred *cred,
1692 struct inode *inode,
1693 u32 perms,
1694 struct common_audit_data *adp)
1695{
1696 struct inode_security_struct *isec;
1697 u32 sid;
1698
1699 validate_creds(cred);
1700
1701 if (unlikely(IS_PRIVATE(inode)))
1702 return 0;
1703
1704 sid = cred_sid(cred);
1705 isec = selinux_inode(inode);
1706
1707 return avc_has_perm(&selinux_state,
1708 sid, isec->sid, isec->sclass, perms, adp);
1709}
1710
1711
1712
1713
1714static inline int dentry_has_perm(const struct cred *cred,
1715 struct dentry *dentry,
1716 u32 av)
1717{
1718 struct inode *inode = d_backing_inode(dentry);
1719 struct common_audit_data ad;
1720
1721 ad.type = LSM_AUDIT_DATA_DENTRY;
1722 ad.u.dentry = dentry;
1723 __inode_security_revalidate(inode, dentry, true);
1724 return inode_has_perm(cred, inode, av, &ad);
1725}
1726
1727
1728
1729
1730static inline int path_has_perm(const struct cred *cred,
1731 const struct path *path,
1732 u32 av)
1733{
1734 struct inode *inode = d_backing_inode(path->dentry);
1735 struct common_audit_data ad;
1736
1737 ad.type = LSM_AUDIT_DATA_PATH;
1738 ad.u.path = *path;
1739 __inode_security_revalidate(inode, path->dentry, true);
1740 return inode_has_perm(cred, inode, av, &ad);
1741}
1742
1743
1744static inline int file_path_has_perm(const struct cred *cred,
1745 struct file *file,
1746 u32 av)
1747{
1748 struct common_audit_data ad;
1749
1750 ad.type = LSM_AUDIT_DATA_FILE;
1751 ad.u.file = file;
1752 return inode_has_perm(cred, file_inode(file), av, &ad);
1753}
1754
1755#ifdef CONFIG_BPF_SYSCALL
1756static int bpf_fd_pass(struct file *file, u32 sid);
1757#endif
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767static int file_has_perm(const struct cred *cred,
1768 struct file *file,
1769 u32 av)
1770{
1771 struct file_security_struct *fsec = selinux_file(file);
1772 struct inode *inode = file_inode(file);
1773 struct common_audit_data ad;
1774 u32 sid = cred_sid(cred);
1775 int rc;
1776
1777 ad.type = LSM_AUDIT_DATA_FILE;
1778 ad.u.file = file;
1779
1780 if (sid != fsec->sid) {
1781 rc = avc_has_perm(&selinux_state,
1782 sid, fsec->sid,
1783 SECCLASS_FD,
1784 FD__USE,
1785 &ad);
1786 if (rc)
1787 goto out;
1788 }
1789
1790#ifdef CONFIG_BPF_SYSCALL
1791 rc = bpf_fd_pass(file, cred_sid(cred));
1792 if (rc)
1793 return rc;
1794#endif
1795
1796
1797 rc = 0;
1798 if (av)
1799 rc = inode_has_perm(cred, inode, av, &ad);
1800
1801out:
1802 return rc;
1803}
1804
1805
1806
1807
1808static int
1809selinux_determine_inode_label(const struct task_security_struct *tsec,
1810 struct inode *dir,
1811 const struct qstr *name, u16 tclass,
1812 u32 *_new_isid)
1813{
1814 const struct superblock_security_struct *sbsec =
1815 selinux_superblock(dir->i_sb);
1816
1817 if ((sbsec->flags & SE_SBINITIALIZED) &&
1818 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) {
1819 *_new_isid = sbsec->mntpoint_sid;
1820 } else if ((sbsec->flags & SBLABEL_MNT) &&
1821 tsec->create_sid) {
1822 *_new_isid = tsec->create_sid;
1823 } else {
1824 const struct inode_security_struct *dsec = inode_security(dir);
1825 return security_transition_sid(&selinux_state, tsec->sid,
1826 dsec->sid, tclass,
1827 name, _new_isid);
1828 }
1829
1830 return 0;
1831}
1832
1833
1834static int may_create(struct inode *dir,
1835 struct dentry *dentry,
1836 u16 tclass)
1837{
1838 const struct task_security_struct *tsec = selinux_cred(current_cred());
1839 struct inode_security_struct *dsec;
1840 struct superblock_security_struct *sbsec;
1841 u32 sid, newsid;
1842 struct common_audit_data ad;
1843 int rc;
1844
1845 dsec = inode_security(dir);
1846 sbsec = selinux_superblock(dir->i_sb);
1847
1848 sid = tsec->sid;
1849
1850 ad.type = LSM_AUDIT_DATA_DENTRY;
1851 ad.u.dentry = dentry;
1852
1853 rc = avc_has_perm(&selinux_state,
1854 sid, dsec->sid, SECCLASS_DIR,
1855 DIR__ADD_NAME | DIR__SEARCH,
1856 &ad);
1857 if (rc)
1858 return rc;
1859
1860 rc = selinux_determine_inode_label(tsec, dir, &dentry->d_name, tclass,
1861 &newsid);
1862 if (rc)
1863 return rc;
1864
1865 rc = avc_has_perm(&selinux_state,
1866 sid, newsid, tclass, FILE__CREATE, &ad);
1867 if (rc)
1868 return rc;
1869
1870 return avc_has_perm(&selinux_state,
1871 newsid, sbsec->sid,
1872 SECCLASS_FILESYSTEM,
1873 FILESYSTEM__ASSOCIATE, &ad);
1874}
1875
1876#define MAY_LINK 0
1877#define MAY_UNLINK 1
1878#define MAY_RMDIR 2
1879
1880
1881static int may_link(struct inode *dir,
1882 struct dentry *dentry,
1883 int kind)
1884
1885{
1886 struct inode_security_struct *dsec, *isec;
1887 struct common_audit_data ad;
1888 u32 sid = current_sid();
1889 u32 av;
1890 int rc;
1891
1892 dsec = inode_security(dir);
1893 isec = backing_inode_security(dentry);
1894
1895 ad.type = LSM_AUDIT_DATA_DENTRY;
1896 ad.u.dentry = dentry;
1897
1898 av = DIR__SEARCH;
1899 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1900 rc = avc_has_perm(&selinux_state,
1901 sid, dsec->sid, SECCLASS_DIR, av, &ad);
1902 if (rc)
1903 return rc;
1904
1905 switch (kind) {
1906 case MAY_LINK:
1907 av = FILE__LINK;
1908 break;
1909 case MAY_UNLINK:
1910 av = FILE__UNLINK;
1911 break;
1912 case MAY_RMDIR:
1913 av = DIR__RMDIR;
1914 break;
1915 default:
1916 pr_warn("SELinux: %s: unrecognized kind %d\n",
1917 __func__, kind);
1918 return 0;
1919 }
1920
1921 rc = avc_has_perm(&selinux_state,
1922 sid, isec->sid, isec->sclass, av, &ad);
1923 return rc;
1924}
1925
1926static inline int may_rename(struct inode *old_dir,
1927 struct dentry *old_dentry,
1928 struct inode *new_dir,
1929 struct dentry *new_dentry)
1930{
1931 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1932 struct common_audit_data ad;
1933 u32 sid = current_sid();
1934 u32 av;
1935 int old_is_dir, new_is_dir;
1936 int rc;
1937
1938 old_dsec = inode_security(old_dir);
1939 old_isec = backing_inode_security(old_dentry);
1940 old_is_dir = d_is_dir(old_dentry);
1941 new_dsec = inode_security(new_dir);
1942
1943 ad.type = LSM_AUDIT_DATA_DENTRY;
1944
1945 ad.u.dentry = old_dentry;
1946 rc = avc_has_perm(&selinux_state,
1947 sid, old_dsec->sid, SECCLASS_DIR,
1948 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1949 if (rc)
1950 return rc;
1951 rc = avc_has_perm(&selinux_state,
1952 sid, old_isec->sid,
1953 old_isec->sclass, FILE__RENAME, &ad);
1954 if (rc)
1955 return rc;
1956 if (old_is_dir && new_dir != old_dir) {
1957 rc = avc_has_perm(&selinux_state,
1958 sid, old_isec->sid,
1959 old_isec->sclass, DIR__REPARENT, &ad);
1960 if (rc)
1961 return rc;
1962 }
1963
1964 ad.u.dentry = new_dentry;
1965 av = DIR__ADD_NAME | DIR__SEARCH;
1966 if (d_is_positive(new_dentry))
1967 av |= DIR__REMOVE_NAME;
1968 rc = avc_has_perm(&selinux_state,
1969 sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1970 if (rc)
1971 return rc;
1972 if (d_is_positive(new_dentry)) {
1973 new_isec = backing_inode_security(new_dentry);
1974 new_is_dir = d_is_dir(new_dentry);
1975 rc = avc_has_perm(&selinux_state,
1976 sid, new_isec->sid,
1977 new_isec->sclass,
1978 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1979 if (rc)
1980 return rc;
1981 }
1982
1983 return 0;
1984}
1985
1986
1987static int superblock_has_perm(const struct cred *cred,
1988 struct super_block *sb,
1989 u32 perms,
1990 struct common_audit_data *ad)
1991{
1992 struct superblock_security_struct *sbsec;
1993 u32 sid = cred_sid(cred);
1994
1995 sbsec = selinux_superblock(sb);
1996 return avc_has_perm(&selinux_state,
1997 sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
1998}
1999
2000
2001static inline u32 file_mask_to_av(int mode, int mask)
2002{
2003 u32 av = 0;
2004
2005 if (!S_ISDIR(mode)) {
2006 if (mask & MAY_EXEC)
2007 av |= FILE__EXECUTE;
2008 if (mask & MAY_READ)
2009 av |= FILE__READ;
2010
2011 if (mask & MAY_APPEND)
2012 av |= FILE__APPEND;
2013 else if (mask & MAY_WRITE)
2014 av |= FILE__WRITE;
2015
2016 } else {
2017 if (mask & MAY_EXEC)
2018 av |= DIR__SEARCH;
2019 if (mask & MAY_WRITE)
2020 av |= DIR__WRITE;
2021 if (mask & MAY_READ)
2022 av |= DIR__READ;
2023 }
2024
2025 return av;
2026}
2027
2028
2029static inline u32 file_to_av(struct file *file)
2030{
2031 u32 av = 0;
2032
2033 if (file->f_mode & FMODE_READ)
2034 av |= FILE__READ;
2035 if (file->f_mode & FMODE_WRITE) {
2036 if (file->f_flags & O_APPEND)
2037 av |= FILE__APPEND;
2038 else
2039 av |= FILE__WRITE;
2040 }
2041 if (!av) {
2042
2043
2044
2045 av = FILE__IOCTL;
2046 }
2047
2048 return av;
2049}
2050
2051
2052
2053
2054
2055static inline u32 open_file_to_av(struct file *file)
2056{
2057 u32 av = file_to_av(file);
2058 struct inode *inode = file_inode(file);
2059
2060 if (selinux_policycap_openperm() &&
2061 inode->i_sb->s_magic != SOCKFS_MAGIC)
2062 av |= FILE__OPEN;
2063
2064 return av;
2065}
2066
2067
2068
2069static int selinux_binder_set_context_mgr(struct task_struct *mgr)
2070{
2071 return avc_has_perm(&selinux_state,
2072 current_sid(), task_sid_binder(mgr), SECCLASS_BINDER,
2073 BINDER__SET_CONTEXT_MGR, NULL);
2074}
2075
2076static int selinux_binder_transaction(struct task_struct *from,
2077 struct task_struct *to)
2078{
2079 u32 mysid = current_sid();
2080 u32 fromsid = task_sid_binder(from);
2081 int rc;
2082
2083 if (mysid != fromsid) {
2084 rc = avc_has_perm(&selinux_state,
2085 mysid, fromsid, SECCLASS_BINDER,
2086 BINDER__IMPERSONATE, NULL);
2087 if (rc)
2088 return rc;
2089 }
2090
2091 return avc_has_perm(&selinux_state, fromsid, task_sid_binder(to),
2092 SECCLASS_BINDER, BINDER__CALL, NULL);
2093}
2094
2095static int selinux_binder_transfer_binder(struct task_struct *from,
2096 struct task_struct *to)
2097{
2098 return avc_has_perm(&selinux_state,
2099 task_sid_binder(from), task_sid_binder(to),
2100 SECCLASS_BINDER, BINDER__TRANSFER,
2101 NULL);
2102}
2103
2104static int selinux_binder_transfer_file(struct task_struct *from,
2105 struct task_struct *to,
2106 struct file *file)
2107{
2108 u32 sid = task_sid_binder(to);
2109 struct file_security_struct *fsec = selinux_file(file);
2110 struct dentry *dentry = file->f_path.dentry;
2111 struct inode_security_struct *isec;
2112 struct common_audit_data ad;
2113 int rc;
2114
2115 ad.type = LSM_AUDIT_DATA_PATH;
2116 ad.u.path = file->f_path;
2117
2118 if (sid != fsec->sid) {
2119 rc = avc_has_perm(&selinux_state,
2120 sid, fsec->sid,
2121 SECCLASS_FD,
2122 FD__USE,
2123 &ad);
2124 if (rc)
2125 return rc;
2126 }
2127
2128#ifdef CONFIG_BPF_SYSCALL
2129 rc = bpf_fd_pass(file, sid);
2130 if (rc)
2131 return rc;
2132#endif
2133
2134 if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2135 return 0;
2136
2137 isec = backing_inode_security(dentry);
2138 return avc_has_perm(&selinux_state,
2139 sid, isec->sid, isec->sclass, file_to_av(file),
2140 &ad);
2141}
2142
2143static int selinux_ptrace_access_check(struct task_struct *child,
2144 unsigned int mode)
2145{
2146 u32 sid = current_sid();
2147 u32 csid = task_sid_obj(child);
2148
2149 if (mode & PTRACE_MODE_READ)
2150 return avc_has_perm(&selinux_state,
2151 sid, csid, SECCLASS_FILE, FILE__READ, NULL);
2152
2153 return avc_has_perm(&selinux_state,
2154 sid, csid, SECCLASS_PROCESS, PROCESS__PTRACE, NULL);
2155}
2156
2157static int selinux_ptrace_traceme(struct task_struct *parent)
2158{
2159 return avc_has_perm(&selinux_state,
2160 task_sid_obj(parent), task_sid_obj(current),
2161 SECCLASS_PROCESS, PROCESS__PTRACE, NULL);
2162}
2163
2164static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
2165 kernel_cap_t *inheritable, kernel_cap_t *permitted)
2166{
2167 return avc_has_perm(&selinux_state,
2168 current_sid(), task_sid_obj(target), SECCLASS_PROCESS,
2169 PROCESS__GETCAP, NULL);
2170}
2171
2172static int selinux_capset(struct cred *new, const struct cred *old,
2173 const kernel_cap_t *effective,
2174 const kernel_cap_t *inheritable,
2175 const kernel_cap_t *permitted)
2176{
2177 return avc_has_perm(&selinux_state,
2178 cred_sid(old), cred_sid(new), SECCLASS_PROCESS,
2179 PROCESS__SETCAP, NULL);
2180}
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
2193 int cap, unsigned int opts)
2194{
2195 return cred_has_capability(cred, cap, opts, ns == &init_user_ns);
2196}
2197
2198static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
2199{
2200 const struct cred *cred = current_cred();
2201 int rc = 0;
2202
2203 if (!sb)
2204 return 0;
2205
2206 switch (cmds) {
2207 case Q_SYNC:
2208 case Q_QUOTAON:
2209 case Q_QUOTAOFF:
2210 case Q_SETINFO:
2211 case Q_SETQUOTA:
2212 case Q_XQUOTAOFF:
2213 case Q_XQUOTAON:
2214 case Q_XSETQLIM:
2215 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
2216 break;
2217 case Q_GETFMT:
2218 case Q_GETINFO:
2219 case Q_GETQUOTA:
2220 case Q_XGETQUOTA:
2221 case Q_XGETQSTAT:
2222 case Q_XGETQSTATV:
2223 case Q_XGETNEXTQUOTA:
2224 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
2225 break;
2226 default:
2227 rc = 0;
2228 break;
2229 }
2230 return rc;
2231}
2232
2233static int selinux_quota_on(struct dentry *dentry)
2234{
2235 const struct cred *cred = current_cred();
2236
2237 return dentry_has_perm(cred, dentry, FILE__QUOTAON);
2238}
2239
2240static int selinux_syslog(int type)
2241{
2242 switch (type) {
2243 case SYSLOG_ACTION_READ_ALL:
2244 case SYSLOG_ACTION_SIZE_BUFFER:
2245 return avc_has_perm(&selinux_state,
2246 current_sid(), SECINITSID_KERNEL,
2247 SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, NULL);
2248 case SYSLOG_ACTION_CONSOLE_OFF:
2249 case SYSLOG_ACTION_CONSOLE_ON:
2250
2251 case SYSLOG_ACTION_CONSOLE_LEVEL:
2252 return avc_has_perm(&selinux_state,
2253 current_sid(), SECINITSID_KERNEL,
2254 SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE,
2255 NULL);
2256 }
2257
2258 return avc_has_perm(&selinux_state,
2259 current_sid(), SECINITSID_KERNEL,
2260 SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, NULL);
2261}
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
2272{
2273 int rc, cap_sys_admin = 0;
2274
2275 rc = cred_has_capability(current_cred(), CAP_SYS_ADMIN,
2276 CAP_OPT_NOAUDIT, true);
2277 if (rc == 0)
2278 cap_sys_admin = 1;
2279
2280 return cap_sys_admin;
2281}
2282
2283
2284
2285static u32 ptrace_parent_sid(void)
2286{
2287 u32 sid = 0;
2288 struct task_struct *tracer;
2289
2290 rcu_read_lock();
2291 tracer = ptrace_parent(current);
2292 if (tracer)
2293 sid = task_sid_obj(tracer);
2294 rcu_read_unlock();
2295
2296 return sid;
2297}
2298
2299static int check_nnp_nosuid(const struct linux_binprm *bprm,
2300 const struct task_security_struct *old_tsec,
2301 const struct task_security_struct *new_tsec)
2302{
2303 int nnp = (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS);
2304 int nosuid = !mnt_may_suid(bprm->file->f_path.mnt);
2305 int rc;
2306 u32 av;
2307
2308 if (!nnp && !nosuid)
2309 return 0;
2310
2311 if (new_tsec->sid == old_tsec->sid)
2312 return 0;
2313
2314
2315
2316
2317
2318
2319
2320 if (selinux_policycap_nnp_nosuid_transition()) {
2321 av = 0;
2322 if (nnp)
2323 av |= PROCESS2__NNP_TRANSITION;
2324 if (nosuid)
2325 av |= PROCESS2__NOSUID_TRANSITION;
2326 rc = avc_has_perm(&selinux_state,
2327 old_tsec->sid, new_tsec->sid,
2328 SECCLASS_PROCESS2, av, NULL);
2329 if (!rc)
2330 return 0;
2331 }
2332
2333
2334
2335
2336
2337
2338 rc = security_bounded_transition(&selinux_state, old_tsec->sid,
2339 new_tsec->sid);
2340 if (!rc)
2341 return 0;
2342
2343
2344
2345
2346
2347
2348 if (nnp)
2349 return -EPERM;
2350 return -EACCES;
2351}
2352
2353static int selinux_bprm_creds_for_exec(struct linux_binprm *bprm)
2354{
2355 const struct task_security_struct *old_tsec;
2356 struct task_security_struct *new_tsec;
2357 struct inode_security_struct *isec;
2358 struct common_audit_data ad;
2359 struct inode *inode = file_inode(bprm->file);
2360 int rc;
2361
2362
2363
2364
2365 old_tsec = selinux_cred(current_cred());
2366 new_tsec = selinux_cred(bprm->cred);
2367 isec = inode_security(inode);
2368
2369
2370 new_tsec->sid = old_tsec->sid;
2371 new_tsec->osid = old_tsec->sid;
2372
2373
2374 new_tsec->create_sid = 0;
2375 new_tsec->keycreate_sid = 0;
2376 new_tsec->sockcreate_sid = 0;
2377
2378 if (old_tsec->exec_sid) {
2379 new_tsec->sid = old_tsec->exec_sid;
2380
2381 new_tsec->exec_sid = 0;
2382
2383
2384 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec);
2385 if (rc)
2386 return rc;
2387 } else {
2388
2389 rc = security_transition_sid(&selinux_state, old_tsec->sid,
2390 isec->sid, SECCLASS_PROCESS, NULL,
2391 &new_tsec->sid);
2392 if (rc)
2393 return rc;
2394
2395
2396
2397
2398
2399 rc = check_nnp_nosuid(bprm, old_tsec, new_tsec);
2400 if (rc)
2401 new_tsec->sid = old_tsec->sid;
2402 }
2403
2404 ad.type = LSM_AUDIT_DATA_FILE;
2405 ad.u.file = bprm->file;
2406
2407 if (new_tsec->sid == old_tsec->sid) {
2408 rc = avc_has_perm(&selinux_state,
2409 old_tsec->sid, isec->sid,
2410 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2411 if (rc)
2412 return rc;
2413 } else {
2414
2415 rc = avc_has_perm(&selinux_state,
2416 old_tsec->sid, new_tsec->sid,
2417 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2418 if (rc)
2419 return rc;
2420
2421 rc = avc_has_perm(&selinux_state,
2422 new_tsec->sid, isec->sid,
2423 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2424 if (rc)
2425 return rc;
2426
2427
2428 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2429 rc = avc_has_perm(&selinux_state,
2430 old_tsec->sid, new_tsec->sid,
2431 SECCLASS_PROCESS, PROCESS__SHARE,
2432 NULL);
2433 if (rc)
2434 return -EPERM;
2435 }
2436
2437
2438
2439 if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
2440 u32 ptsid = ptrace_parent_sid();
2441 if (ptsid != 0) {
2442 rc = avc_has_perm(&selinux_state,
2443 ptsid, new_tsec->sid,
2444 SECCLASS_PROCESS,
2445 PROCESS__PTRACE, NULL);
2446 if (rc)
2447 return -EPERM;
2448 }
2449 }
2450
2451
2452 bprm->per_clear |= PER_CLEAR_ON_SETID;
2453
2454
2455
2456
2457 rc = avc_has_perm(&selinux_state,
2458 old_tsec->sid, new_tsec->sid,
2459 SECCLASS_PROCESS, PROCESS__NOATSECURE,
2460 NULL);
2461 bprm->secureexec |= !!rc;
2462 }
2463
2464 return 0;
2465}
2466
2467static int match_file(const void *p, struct file *file, unsigned fd)
2468{
2469 return file_has_perm(p, file, file_to_av(file)) ? fd + 1 : 0;
2470}
2471
2472
2473static inline void flush_unauthorized_files(const struct cred *cred,
2474 struct files_struct *files)
2475{
2476 struct file *file, *devnull = NULL;
2477 struct tty_struct *tty;
2478 int drop_tty = 0;
2479 unsigned n;
2480
2481 tty = get_current_tty();
2482 if (tty) {
2483 spin_lock(&tty->files_lock);
2484 if (!list_empty(&tty->tty_files)) {
2485 struct tty_file_private *file_priv;
2486
2487
2488
2489
2490
2491
2492 file_priv = list_first_entry(&tty->tty_files,
2493 struct tty_file_private, list);
2494 file = file_priv->file;
2495 if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))
2496 drop_tty = 1;
2497 }
2498 spin_unlock(&tty->files_lock);
2499 tty_kref_put(tty);
2500 }
2501
2502 if (drop_tty)
2503 no_tty();
2504
2505
2506 n = iterate_fd(files, 0, match_file, cred);
2507 if (!n)
2508 return;
2509
2510 devnull = dentry_open(&selinux_null, O_RDWR, cred);
2511 if (IS_ERR(devnull))
2512 devnull = NULL;
2513
2514 do {
2515 replace_fd(n - 1, devnull, 0);
2516 } while ((n = iterate_fd(files, n, match_file, cred)) != 0);
2517 if (devnull)
2518 fput(devnull);
2519}
2520
2521
2522
2523
2524static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2525{
2526 struct task_security_struct *new_tsec;
2527 struct rlimit *rlim, *initrlim;
2528 int rc, i;
2529
2530 new_tsec = selinux_cred(bprm->cred);
2531 if (new_tsec->sid == new_tsec->osid)
2532 return;
2533
2534
2535 flush_unauthorized_files(bprm->cred, current->files);
2536
2537
2538 current->pdeath_signal = 0;
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550 rc = avc_has_perm(&selinux_state,
2551 new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2552 PROCESS__RLIMITINH, NULL);
2553 if (rc) {
2554
2555 task_lock(current);
2556 for (i = 0; i < RLIM_NLIMITS; i++) {
2557 rlim = current->signal->rlim + i;
2558 initrlim = init_task.signal->rlim + i;
2559 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2560 }
2561 task_unlock(current);
2562 if (IS_ENABLED(CONFIG_POSIX_TIMERS))
2563 update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
2564 }
2565}
2566
2567
2568
2569
2570
2571static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2572{
2573 const struct task_security_struct *tsec = selinux_cred(current_cred());
2574 u32 osid, sid;
2575 int rc;
2576
2577 osid = tsec->osid;
2578 sid = tsec->sid;
2579
2580 if (sid == osid)
2581 return;
2582
2583
2584
2585
2586
2587
2588
2589
2590 rc = avc_has_perm(&selinux_state,
2591 osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2592 if (rc) {
2593 clear_itimer();
2594
2595 spin_lock_irq(¤t->sighand->siglock);
2596 if (!fatal_signal_pending(current)) {
2597 flush_sigqueue(¤t->pending);
2598 flush_sigqueue(¤t->signal->shared_pending);
2599 flush_signal_handlers(current, 1);
2600 sigemptyset(¤t->blocked);
2601 recalc_sigpending();
2602 }
2603 spin_unlock_irq(¤t->sighand->siglock);
2604 }
2605
2606
2607
2608 read_lock(&tasklist_lock);
2609 __wake_up_parent(current, current->real_parent);
2610 read_unlock(&tasklist_lock);
2611}
2612
2613
2614
2615static int selinux_sb_alloc_security(struct super_block *sb)
2616{
2617 struct superblock_security_struct *sbsec = selinux_superblock(sb);
2618
2619 mutex_init(&sbsec->lock);
2620 INIT_LIST_HEAD(&sbsec->isec_head);
2621 spin_lock_init(&sbsec->isec_lock);
2622 sbsec->sid = SECINITSID_UNLABELED;
2623 sbsec->def_sid = SECINITSID_FILE;
2624 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
2625
2626 return 0;
2627}
2628
2629static inline int opt_len(const char *s)
2630{
2631 bool open_quote = false;
2632 int len;
2633 char c;
2634
2635 for (len = 0; (c = s[len]) != '\0'; len++) {
2636 if (c == '"')
2637 open_quote = !open_quote;
2638 if (c == ',' && !open_quote)
2639 break;
2640 }
2641 return len;
2642}
2643
2644static int selinux_sb_eat_lsm_opts(char *options, void **mnt_opts)
2645{
2646 char *from = options;
2647 char *to = options;
2648 bool first = true;
2649 int rc;
2650
2651 while (1) {
2652 int len = opt_len(from);
2653 int token;
2654 char *arg = NULL;
2655
2656 token = match_opt_prefix(from, len, &arg);
2657
2658 if (token != Opt_error) {
2659 char *p, *q;
2660
2661
2662 if (arg) {
2663 for (p = q = arg; p < from + len; p++) {
2664 char c = *p;
2665 if (c != '"')
2666 *q++ = c;
2667 }
2668 arg = kmemdup_nul(arg, q - arg, GFP_KERNEL);
2669 if (!arg) {
2670 rc = -ENOMEM;
2671 goto free_opt;
2672 }
2673 }
2674 rc = selinux_add_opt(token, arg, mnt_opts);
2675 if (unlikely(rc)) {
2676 kfree(arg);
2677 goto free_opt;
2678 }
2679 } else {
2680 if (!first) {
2681 from--;
2682 len++;
2683 }
2684 if (to != from)
2685 memmove(to, from, len);
2686 to += len;
2687 first = false;
2688 }
2689 if (!from[len])
2690 break;
2691 from += len + 1;
2692 }
2693 *to = '\0';
2694 return 0;
2695
2696free_opt:
2697 if (*mnt_opts) {
2698 selinux_free_mnt_opts(*mnt_opts);
2699 *mnt_opts = NULL;
2700 }
2701 return rc;
2702}
2703
2704static int selinux_sb_mnt_opts_compat(struct super_block *sb, void *mnt_opts)
2705{
2706 struct selinux_mnt_opts *opts = mnt_opts;
2707 struct superblock_security_struct *sbsec = sb->s_security;
2708 u32 sid;
2709 int rc;
2710
2711
2712
2713
2714
2715 if (!(sbsec->flags & SE_SBINITIALIZED))
2716 return opts ? 1 : 0;
2717
2718
2719
2720
2721
2722 if (!opts)
2723 return (sbsec->flags & SE_MNTMASK) ? 1 : 0;
2724
2725 if (opts->fscontext) {
2726 rc = parse_sid(sb, opts->fscontext, &sid);
2727 if (rc)
2728 return 1;
2729 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
2730 return 1;
2731 }
2732 if (opts->context) {
2733 rc = parse_sid(sb, opts->context, &sid);
2734 if (rc)
2735 return 1;
2736 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
2737 return 1;
2738 }
2739 if (opts->rootcontext) {
2740 struct inode_security_struct *root_isec;
2741
2742 root_isec = backing_inode_security(sb->s_root);
2743 rc = parse_sid(sb, opts->rootcontext, &sid);
2744 if (rc)
2745 return 1;
2746 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
2747 return 1;
2748 }
2749 if (opts->defcontext) {
2750 rc = parse_sid(sb, opts->defcontext, &sid);
2751 if (rc)
2752 return 1;
2753 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
2754 return 1;
2755 }
2756 return 0;
2757}
2758
2759static int selinux_sb_remount(struct super_block *sb, void *mnt_opts)
2760{
2761 struct selinux_mnt_opts *opts = mnt_opts;
2762 struct superblock_security_struct *sbsec = selinux_superblock(sb);
2763 u32 sid;
2764 int rc;
2765
2766 if (!(sbsec->flags & SE_SBINITIALIZED))
2767 return 0;
2768
2769 if (!opts)
2770 return 0;
2771
2772 if (opts->fscontext) {
2773 rc = parse_sid(sb, opts->fscontext, &sid);
2774 if (rc)
2775 return rc;
2776 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
2777 goto out_bad_option;
2778 }
2779 if (opts->context) {
2780 rc = parse_sid(sb, opts->context, &sid);
2781 if (rc)
2782 return rc;
2783 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
2784 goto out_bad_option;
2785 }
2786 if (opts->rootcontext) {
2787 struct inode_security_struct *root_isec;
2788 root_isec = backing_inode_security(sb->s_root);
2789 rc = parse_sid(sb, opts->rootcontext, &sid);
2790 if (rc)
2791 return rc;
2792 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
2793 goto out_bad_option;
2794 }
2795 if (opts->defcontext) {
2796 rc = parse_sid(sb, opts->defcontext, &sid);
2797 if (rc)
2798 return rc;
2799 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
2800 goto out_bad_option;
2801 }
2802 return 0;
2803
2804out_bad_option:
2805 pr_warn("SELinux: unable to change security options "
2806 "during remount (dev %s, type=%s)\n", sb->s_id,
2807 sb->s_type->name);
2808 return -EINVAL;
2809}
2810
2811static int selinux_sb_kern_mount(struct super_block *sb)
2812{
2813 const struct cred *cred = current_cred();
2814 struct common_audit_data ad;
2815
2816 ad.type = LSM_AUDIT_DATA_DENTRY;
2817 ad.u.dentry = sb->s_root;
2818 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2819}
2820
2821static int selinux_sb_statfs(struct dentry *dentry)
2822{
2823 const struct cred *cred = current_cred();
2824 struct common_audit_data ad;
2825
2826 ad.type = LSM_AUDIT_DATA_DENTRY;
2827 ad.u.dentry = dentry->d_sb->s_root;
2828 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2829}
2830
2831static int selinux_mount(const char *dev_name,
2832 const struct path *path,
2833 const char *type,
2834 unsigned long flags,
2835 void *data)
2836{
2837 const struct cred *cred = current_cred();
2838
2839 if (flags & MS_REMOUNT)
2840 return superblock_has_perm(cred, path->dentry->d_sb,
2841 FILESYSTEM__REMOUNT, NULL);
2842 else
2843 return path_has_perm(cred, path, FILE__MOUNTON);
2844}
2845
2846static int selinux_move_mount(const struct path *from_path,
2847 const struct path *to_path)
2848{
2849 const struct cred *cred = current_cred();
2850
2851 return path_has_perm(cred, to_path, FILE__MOUNTON);
2852}
2853
2854static int selinux_umount(struct vfsmount *mnt, int flags)
2855{
2856 const struct cred *cred = current_cred();
2857
2858 return superblock_has_perm(cred, mnt->mnt_sb,
2859 FILESYSTEM__UNMOUNT, NULL);
2860}
2861
2862static int selinux_fs_context_dup(struct fs_context *fc,
2863 struct fs_context *src_fc)
2864{
2865 const struct selinux_mnt_opts *src = src_fc->security;
2866 struct selinux_mnt_opts *opts;
2867
2868 if (!src)
2869 return 0;
2870
2871 fc->security = kzalloc(sizeof(struct selinux_mnt_opts), GFP_KERNEL);
2872 if (!fc->security)
2873 return -ENOMEM;
2874
2875 opts = fc->security;
2876
2877 if (src->fscontext) {
2878 opts->fscontext = kstrdup(src->fscontext, GFP_KERNEL);
2879 if (!opts->fscontext)
2880 return -ENOMEM;
2881 }
2882 if (src->context) {
2883 opts->context = kstrdup(src->context, GFP_KERNEL);
2884 if (!opts->context)
2885 return -ENOMEM;
2886 }
2887 if (src->rootcontext) {
2888 opts->rootcontext = kstrdup(src->rootcontext, GFP_KERNEL);
2889 if (!opts->rootcontext)
2890 return -ENOMEM;
2891 }
2892 if (src->defcontext) {
2893 opts->defcontext = kstrdup(src->defcontext, GFP_KERNEL);
2894 if (!opts->defcontext)
2895 return -ENOMEM;
2896 }
2897 return 0;
2898}
2899
2900static const struct fs_parameter_spec selinux_fs_parameters[] = {
2901 fsparam_string(CONTEXT_STR, Opt_context),
2902 fsparam_string(DEFCONTEXT_STR, Opt_defcontext),
2903 fsparam_string(FSCONTEXT_STR, Opt_fscontext),
2904 fsparam_string(ROOTCONTEXT_STR, Opt_rootcontext),
2905 fsparam_flag (SECLABEL_STR, Opt_seclabel),
2906 {}
2907};
2908
2909static int selinux_fs_context_parse_param(struct fs_context *fc,
2910 struct fs_parameter *param)
2911{
2912 struct fs_parse_result result;
2913 int opt, rc;
2914
2915 opt = fs_parse(fc, selinux_fs_parameters, param, &result);
2916 if (opt < 0)
2917 return opt;
2918
2919 rc = selinux_add_opt(opt, param->string, &fc->security);
2920 if (!rc) {
2921 param->string = NULL;
2922 rc = 1;
2923 }
2924 return rc;
2925}
2926
2927
2928
2929static int selinux_inode_alloc_security(struct inode *inode)
2930{
2931 struct inode_security_struct *isec = selinux_inode(inode);
2932 u32 sid = current_sid();
2933
2934 spin_lock_init(&isec->lock);
2935 INIT_LIST_HEAD(&isec->list);
2936 isec->inode = inode;
2937 isec->sid = SECINITSID_UNLABELED;
2938 isec->sclass = SECCLASS_FILE;
2939 isec->task_sid = sid;
2940 isec->initialized = LABEL_INVALID;
2941
2942 return 0;
2943}
2944
2945static void selinux_inode_free_security(struct inode *inode)
2946{
2947 inode_free_security(inode);
2948}
2949
2950static int selinux_dentry_init_security(struct dentry *dentry, int mode,
2951 const struct qstr *name, void **ctx,
2952 u32 *ctxlen)
2953{
2954 u32 newsid;
2955 int rc;
2956
2957 rc = selinux_determine_inode_label(selinux_cred(current_cred()),
2958 d_inode(dentry->d_parent), name,
2959 inode_mode_to_security_class(mode),
2960 &newsid);
2961 if (rc)
2962 return rc;
2963
2964 return security_sid_to_context(&selinux_state, newsid, (char **)ctx,
2965 ctxlen);
2966}
2967
2968static int selinux_dentry_create_files_as(struct dentry *dentry, int mode,
2969 struct qstr *name,
2970 const struct cred *old,
2971 struct cred *new)
2972{
2973 u32 newsid;
2974 int rc;
2975 struct task_security_struct *tsec;
2976
2977 rc = selinux_determine_inode_label(selinux_cred(old),
2978 d_inode(dentry->d_parent), name,
2979 inode_mode_to_security_class(mode),
2980 &newsid);
2981 if (rc)
2982 return rc;
2983
2984 tsec = selinux_cred(new);
2985 tsec->create_sid = newsid;
2986 return 0;
2987}
2988
2989static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2990 const struct qstr *qstr,
2991 const char **name,
2992 void **value, size_t *len)
2993{
2994 const struct task_security_struct *tsec = selinux_cred(current_cred());
2995 struct superblock_security_struct *sbsec;
2996 u32 newsid, clen;
2997 int rc;
2998 char *context;
2999
3000 sbsec = selinux_superblock(dir->i_sb);
3001
3002 newsid = tsec->create_sid;
3003
3004 rc = selinux_determine_inode_label(tsec, dir, qstr,
3005 inode_mode_to_security_class(inode->i_mode),
3006 &newsid);
3007 if (rc)
3008 return rc;
3009
3010
3011 if (sbsec->flags & SE_SBINITIALIZED) {
3012 struct inode_security_struct *isec = selinux_inode(inode);
3013 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3014 isec->sid = newsid;
3015 isec->initialized = LABEL_INITIALIZED;
3016 }
3017
3018 if (!selinux_initialized(&selinux_state) ||
3019 !(sbsec->flags & SBLABEL_MNT))
3020 return -EOPNOTSUPP;
3021
3022 if (name)
3023 *name = XATTR_SELINUX_SUFFIX;
3024
3025 if (value && len) {
3026 rc = security_sid_to_context_force(&selinux_state, newsid,
3027 &context, &clen);
3028 if (rc)
3029 return rc;
3030 *value = context;
3031 *len = clen;
3032 }
3033
3034 return 0;
3035}
3036
3037static int selinux_inode_init_security_anon(struct inode *inode,
3038 const struct qstr *name,
3039 const struct inode *context_inode)
3040{
3041 const struct task_security_struct *tsec = selinux_cred(current_cred());
3042 struct common_audit_data ad;
3043 struct inode_security_struct *isec;
3044 int rc;
3045
3046 if (unlikely(!selinux_initialized(&selinux_state)))
3047 return 0;
3048
3049 isec = selinux_inode(inode);
3050
3051
3052
3053
3054
3055
3056
3057 if (context_inode) {
3058 struct inode_security_struct *context_isec =
3059 selinux_inode(context_inode);
3060 if (context_isec->initialized != LABEL_INITIALIZED) {
3061 pr_err("SELinux: context_inode is not initialized");
3062 return -EACCES;
3063 }
3064
3065 isec->sclass = context_isec->sclass;
3066 isec->sid = context_isec->sid;
3067 } else {
3068 isec->sclass = SECCLASS_ANON_INODE;
3069 rc = security_transition_sid(
3070 &selinux_state, tsec->sid, tsec->sid,
3071 isec->sclass, name, &isec->sid);
3072 if (rc)
3073 return rc;
3074 }
3075
3076 isec->initialized = LABEL_INITIALIZED;
3077
3078
3079
3080
3081
3082 ad.type = LSM_AUDIT_DATA_INODE;
3083 ad.u.inode = inode;
3084
3085 return avc_has_perm(&selinux_state,
3086 tsec->sid,
3087 isec->sid,
3088 isec->sclass,
3089 FILE__CREATE,
3090 &ad);
3091}
3092
3093static int selinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
3094{
3095 return may_create(dir, dentry, SECCLASS_FILE);
3096}
3097
3098static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
3099{
3100 return may_link(dir, old_dentry, MAY_LINK);
3101}
3102
3103static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
3104{
3105 return may_link(dir, dentry, MAY_UNLINK);
3106}
3107
3108static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
3109{
3110 return may_create(dir, dentry, SECCLASS_LNK_FILE);
3111}
3112
3113static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask)
3114{
3115 return may_create(dir, dentry, SECCLASS_DIR);
3116}
3117
3118static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
3119{
3120 return may_link(dir, dentry, MAY_RMDIR);
3121}
3122
3123static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
3124{
3125 return may_create(dir, dentry, inode_mode_to_security_class(mode));
3126}
3127
3128static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
3129 struct inode *new_inode, struct dentry *new_dentry)
3130{
3131 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
3132}
3133
3134static int selinux_inode_readlink(struct dentry *dentry)
3135{
3136 const struct cred *cred = current_cred();
3137
3138 return dentry_has_perm(cred, dentry, FILE__READ);
3139}
3140
3141static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
3142 bool rcu)
3143{
3144 const struct cred *cred = current_cred();
3145 struct common_audit_data ad;
3146 struct inode_security_struct *isec;
3147 u32 sid;
3148
3149 validate_creds(cred);
3150
3151 ad.type = LSM_AUDIT_DATA_DENTRY;
3152 ad.u.dentry = dentry;
3153 sid = cred_sid(cred);
3154 isec = inode_security_rcu(inode, rcu);
3155 if (IS_ERR(isec))
3156 return PTR_ERR(isec);
3157
3158 return avc_has_perm(&selinux_state,
3159 sid, isec->sid, isec->sclass, FILE__READ, &ad);
3160}
3161
3162static noinline int audit_inode_permission(struct inode *inode,
3163 u32 perms, u32 audited, u32 denied,
3164 int result)
3165{
3166 struct common_audit_data ad;
3167 struct inode_security_struct *isec = selinux_inode(inode);
3168
3169 ad.type = LSM_AUDIT_DATA_INODE;
3170 ad.u.inode = inode;
3171
3172 return slow_avc_audit(&selinux_state,
3173 current_sid(), isec->sid, isec->sclass, perms,
3174 audited, denied, result, &ad);
3175}
3176
3177static int selinux_inode_permission(struct inode *inode, int mask)
3178{
3179 const struct cred *cred = current_cred();
3180 u32 perms;
3181 bool from_access;
3182 bool no_block = mask & MAY_NOT_BLOCK;
3183 struct inode_security_struct *isec;
3184 u32 sid;
3185 struct av_decision avd;
3186 int rc, rc2;
3187 u32 audited, denied;
3188
3189 from_access = mask & MAY_ACCESS;
3190 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
3191
3192
3193 if (!mask)
3194 return 0;
3195
3196 validate_creds(cred);
3197
3198 if (unlikely(IS_PRIVATE(inode)))
3199 return 0;
3200
3201 perms = file_mask_to_av(inode->i_mode, mask);
3202
3203 sid = cred_sid(cred);
3204 isec = inode_security_rcu(inode, no_block);
3205 if (IS_ERR(isec))
3206 return PTR_ERR(isec);
3207
3208 rc = avc_has_perm_noaudit(&selinux_state,
3209 sid, isec->sid, isec->sclass, perms, 0,
3210 &avd);
3211 audited = avc_audit_required(perms, &avd, rc,
3212 from_access ? FILE__AUDIT_ACCESS : 0,
3213 &denied);
3214 if (likely(!audited))
3215 return rc;
3216
3217 rc2 = audit_inode_permission(inode, perms, audited, denied, rc);
3218 if (rc2)
3219 return rc2;
3220 return rc;
3221}
3222
3223static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
3224{
3225 const struct cred *cred = current_cred();
3226 struct inode *inode = d_backing_inode(dentry);
3227 unsigned int ia_valid = iattr->ia_valid;
3228 __u32 av = FILE__WRITE;
3229
3230
3231 if (ia_valid & ATTR_FORCE) {
3232 ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE |
3233 ATTR_FORCE);
3234 if (!ia_valid)
3235 return 0;
3236 }
3237
3238 if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
3239 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
3240 return dentry_has_perm(cred, dentry, FILE__SETATTR);
3241
3242 if (selinux_policycap_openperm() &&
3243 inode->i_sb->s_magic != SOCKFS_MAGIC &&
3244 (ia_valid & ATTR_SIZE) &&
3245 !(ia_valid & ATTR_FILE))
3246 av |= FILE__OPEN;
3247
3248 return dentry_has_perm(cred, dentry, av);
3249}
3250
3251static int selinux_inode_getattr(const struct path *path)
3252{
3253 return path_has_perm(current_cred(), path, FILE__GETATTR);
3254}
3255
3256static bool has_cap_mac_admin(bool audit)
3257{
3258 const struct cred *cred = current_cred();
3259 unsigned int opts = audit ? CAP_OPT_NONE : CAP_OPT_NOAUDIT;
3260
3261 if (cap_capable(cred, &init_user_ns, CAP_MAC_ADMIN, opts))
3262 return false;
3263 if (cred_has_capability(cred, CAP_MAC_ADMIN, opts, true))
3264 return false;
3265 return true;
3266}
3267
3268static int selinux_inode_setxattr(struct user_namespace *mnt_userns,
3269 struct dentry *dentry, const char *name,
3270 const void *value, size_t size, int flags)
3271{
3272 struct inode *inode = d_backing_inode(dentry);
3273 struct inode_security_struct *isec;
3274 struct superblock_security_struct *sbsec;
3275 struct common_audit_data ad;
3276 u32 newsid, sid = current_sid();
3277 int rc = 0;
3278
3279 if (strcmp(name, XATTR_NAME_SELINUX)) {
3280 rc = cap_inode_setxattr(dentry, name, value, size, flags);
3281 if (rc)
3282 return rc;
3283
3284
3285
3286 return dentry_has_perm(current_cred(), dentry, FILE__SETATTR);
3287 }
3288
3289 if (!selinux_initialized(&selinux_state))
3290 return (inode_owner_or_capable(mnt_userns, inode) ? 0 : -EPERM);
3291
3292 sbsec = selinux_superblock(inode->i_sb);
3293 if (!(sbsec->flags & SBLABEL_MNT))
3294 return -EOPNOTSUPP;
3295
3296 if (!inode_owner_or_capable(mnt_userns, inode))
3297 return -EPERM;
3298
3299 ad.type = LSM_AUDIT_DATA_DENTRY;
3300 ad.u.dentry = dentry;
3301
3302 isec = backing_inode_security(dentry);
3303 rc = avc_has_perm(&selinux_state,
3304 sid, isec->sid, isec->sclass,
3305 FILE__RELABELFROM, &ad);
3306 if (rc)
3307 return rc;
3308
3309 rc = security_context_to_sid(&selinux_state, value, size, &newsid,
3310 GFP_KERNEL);
3311 if (rc == -EINVAL) {
3312 if (!has_cap_mac_admin(true)) {
3313 struct audit_buffer *ab;
3314 size_t audit_size;
3315
3316
3317
3318 if (value) {
3319 const char *str = value;
3320
3321 if (str[size - 1] == '\0')
3322 audit_size = size - 1;
3323 else
3324 audit_size = size;
3325 } else {
3326 audit_size = 0;
3327 }
3328 ab = audit_log_start(audit_context(),
3329 GFP_ATOMIC, AUDIT_SELINUX_ERR);
3330 if (!ab)
3331 return rc;
3332 audit_log_format(ab, "op=setxattr invalid_context=");
3333 audit_log_n_untrustedstring(ab, value, audit_size);
3334 audit_log_end(ab);
3335
3336 return rc;
3337 }
3338 rc = security_context_to_sid_force(&selinux_state, value,
3339 size, &newsid);
3340 }
3341 if (rc)
3342 return rc;
3343
3344 rc = avc_has_perm(&selinux_state,
3345 sid, newsid, isec->sclass,
3346 FILE__RELABELTO, &ad);
3347 if (rc)
3348 return rc;
3349
3350 rc = security_validate_transition(&selinux_state, isec->sid, newsid,
3351 sid, isec->sclass);
3352 if (rc)
3353 return rc;
3354
3355 return avc_has_perm(&selinux_state,
3356 newsid,
3357 sbsec->sid,
3358 SECCLASS_FILESYSTEM,
3359 FILESYSTEM__ASSOCIATE,
3360 &ad);
3361}
3362
3363static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
3364 const void *value, size_t size,
3365 int flags)
3366{
3367 struct inode *inode = d_backing_inode(dentry);
3368 struct inode_security_struct *isec;
3369 u32 newsid;
3370 int rc;
3371
3372 if (strcmp(name, XATTR_NAME_SELINUX)) {
3373
3374 return;
3375 }
3376
3377 if (!selinux_initialized(&selinux_state)) {
3378
3379
3380
3381
3382
3383 return;
3384 }
3385
3386 rc = security_context_to_sid_force(&selinux_state, value, size,
3387 &newsid);
3388 if (rc) {
3389 pr_err("SELinux: unable to map context to SID"
3390 "for (%s, %lu), rc=%d\n",
3391 inode->i_sb->s_id, inode->i_ino, -rc);
3392 return;
3393 }
3394
3395 isec = backing_inode_security(dentry);
3396 spin_lock(&isec->lock);
3397 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3398 isec->sid = newsid;
3399 isec->initialized = LABEL_INITIALIZED;
3400 spin_unlock(&isec->lock);
3401
3402 return;
3403}
3404
3405static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
3406{
3407 const struct cred *cred = current_cred();
3408
3409 return dentry_has_perm(cred, dentry, FILE__GETATTR);
3410}
3411
3412static int selinux_inode_listxattr(struct dentry *dentry)
3413{
3414 const struct cred *cred = current_cred();
3415
3416 return dentry_has_perm(cred, dentry, FILE__GETATTR);
3417}
3418
3419static int selinux_inode_removexattr(struct user_namespace *mnt_userns,
3420 struct dentry *dentry, const char *name)
3421{
3422 if (strcmp(name, XATTR_NAME_SELINUX)) {
3423 int rc = cap_inode_removexattr(mnt_userns, dentry, name);
3424 if (rc)
3425 return rc;
3426
3427
3428
3429 return dentry_has_perm(current_cred(), dentry, FILE__SETATTR);
3430 }
3431
3432 if (!selinux_initialized(&selinux_state))
3433 return 0;
3434
3435
3436
3437 return -EACCES;
3438}
3439
3440static int selinux_path_notify(const struct path *path, u64 mask,
3441 unsigned int obj_type)
3442{
3443 int ret;
3444 u32 perm;
3445
3446 struct common_audit_data ad;
3447
3448 ad.type = LSM_AUDIT_DATA_PATH;
3449 ad.u.path = *path;
3450
3451
3452
3453
3454
3455 switch (obj_type) {
3456 case FSNOTIFY_OBJ_TYPE_VFSMOUNT:
3457 perm = FILE__WATCH_MOUNT;
3458 break;
3459 case FSNOTIFY_OBJ_TYPE_SB:
3460 perm = FILE__WATCH_SB;
3461 ret = superblock_has_perm(current_cred(), path->dentry->d_sb,
3462 FILESYSTEM__WATCH, &ad);
3463 if (ret)
3464 return ret;
3465 break;
3466 case FSNOTIFY_OBJ_TYPE_INODE:
3467 perm = FILE__WATCH;
3468 break;
3469 default:
3470 return -EINVAL;
3471 }
3472
3473
3474 if (mask & (ALL_FSNOTIFY_PERM_EVENTS))
3475 perm |= FILE__WATCH_WITH_PERM;
3476
3477
3478 if (mask & (FS_ACCESS | FS_ACCESS_PERM | FS_CLOSE_NOWRITE))
3479 perm |= FILE__WATCH_READS;
3480
3481 return path_has_perm(current_cred(), path, perm);
3482}
3483
3484
3485
3486
3487
3488
3489static int selinux_inode_getsecurity(struct user_namespace *mnt_userns,
3490 struct inode *inode, const char *name,
3491 void **buffer, bool alloc)
3492{
3493 u32 size;
3494 int error;
3495 char *context = NULL;
3496 struct inode_security_struct *isec;
3497
3498
3499
3500
3501
3502 if (!selinux_initialized(&selinux_state) ||
3503 strcmp(name, XATTR_SELINUX_SUFFIX))
3504 return -EOPNOTSUPP;
3505
3506
3507
3508
3509
3510
3511
3512
3513
3514
3515 isec = inode_security(inode);
3516 if (has_cap_mac_admin(false))
3517 error = security_sid_to_context_force(&selinux_state,
3518 isec->sid, &context,
3519 &size);
3520 else
3521 error = security_sid_to_context(&selinux_state, isec->sid,
3522 &context, &size);
3523 if (error)
3524 return error;
3525 error = size;
3526 if (alloc) {
3527 *buffer = context;
3528 goto out_nofree;
3529 }
3530 kfree(context);
3531out_nofree:
3532 return error;
3533}
3534
3535static int selinux_inode_setsecurity(struct inode *inode, const char *name,
3536 const void *value, size_t size, int flags)
3537{
3538 struct inode_security_struct *isec = inode_security_novalidate(inode);
3539 struct superblock_security_struct *sbsec;
3540 u32 newsid;
3541 int rc;
3542
3543 if (strcmp(name, XATTR_SELINUX_SUFFIX))
3544 return -EOPNOTSUPP;
3545
3546 sbsec = selinux_superblock(inode->i_sb);
3547 if (!(sbsec->flags & SBLABEL_MNT))
3548 return -EOPNOTSUPP;
3549
3550 if (!value || !size)
3551 return -EACCES;
3552
3553 rc = security_context_to_sid(&selinux_state, value, size, &newsid,
3554 GFP_KERNEL);
3555 if (rc)
3556 return rc;
3557
3558 spin_lock(&isec->lock);
3559 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3560 isec->sid = newsid;
3561 isec->initialized = LABEL_INITIALIZED;
3562 spin_unlock(&isec->lock);
3563 return 0;
3564}
3565
3566static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
3567{
3568 const int len = sizeof(XATTR_NAME_SELINUX);
3569
3570 if (!selinux_initialized(&selinux_state))
3571 return 0;
3572
3573 if (buffer && len <= buffer_size)
3574 memcpy(buffer, XATTR_NAME_SELINUX, len);
3575 return len;
3576}
3577
3578static void selinux_inode_getsecid(struct inode *inode, u32 *secid)
3579{
3580 struct inode_security_struct *isec = inode_security_novalidate(inode);
3581 *secid = isec->sid;
3582}
3583
3584static int selinux_inode_copy_up(struct dentry *src, struct cred **new)
3585{
3586 u32 sid;
3587 struct task_security_struct *tsec;
3588 struct cred *new_creds = *new;
3589
3590 if (new_creds == NULL) {
3591 new_creds = prepare_creds();
3592 if (!new_creds)
3593 return -ENOMEM;
3594 }
3595
3596 tsec = selinux_cred(new_creds);
3597
3598 selinux_inode_getsecid(d_inode(src), &sid);
3599 tsec->create_sid = sid;
3600 *new = new_creds;
3601 return 0;
3602}
3603
3604static int selinux_inode_copy_up_xattr(const char *name)
3605{
3606
3607
3608
3609
3610 if (strcmp(name, XATTR_NAME_SELINUX) == 0)
3611 return 1;
3612
3613
3614
3615
3616 return -EOPNOTSUPP;
3617}
3618
3619
3620
3621static int selinux_kernfs_init_security(struct kernfs_node *kn_dir,
3622 struct kernfs_node *kn)
3623{
3624 const struct task_security_struct *tsec = selinux_cred(current_cred());
3625 u32 parent_sid, newsid, clen;
3626 int rc;
3627 char *context;
3628
3629 rc = kernfs_xattr_get(kn_dir, XATTR_NAME_SELINUX, NULL, 0);
3630 if (rc == -ENODATA)
3631 return 0;
3632 else if (rc < 0)
3633 return rc;
3634
3635 clen = (u32)rc;
3636 context = kmalloc(clen, GFP_KERNEL);
3637 if (!context)
3638 return -ENOMEM;
3639
3640 rc = kernfs_xattr_get(kn_dir, XATTR_NAME_SELINUX, context, clen);
3641 if (rc < 0) {
3642 kfree(context);
3643 return rc;
3644 }
3645
3646 rc = security_context_to_sid(&selinux_state, context, clen, &parent_sid,
3647 GFP_KERNEL);
3648 kfree(context);
3649 if (rc)
3650 return rc;
3651
3652 if (tsec->create_sid) {
3653 newsid = tsec->create_sid;
3654 } else {
3655 u16 secclass = inode_mode_to_security_class(kn->mode);
3656 struct qstr q;
3657
3658 q.name = kn->name;
3659 q.hash_len = hashlen_string(kn_dir, kn->name);
3660
3661 rc = security_transition_sid(&selinux_state, tsec->sid,
3662 parent_sid, secclass, &q,
3663 &newsid);
3664 if (rc)
3665 return rc;
3666 }
3667
3668 rc = security_sid_to_context_force(&selinux_state, newsid,
3669 &context, &clen);
3670 if (rc)
3671 return rc;
3672
3673 rc = kernfs_xattr_set(kn, XATTR_NAME_SELINUX, context, clen,
3674 XATTR_CREATE);
3675 kfree(context);
3676 return rc;
3677}
3678
3679
3680
3681
3682static int selinux_revalidate_file_permission(struct file *file, int mask)
3683{
3684 const struct cred *cred = current_cred();
3685 struct inode *inode = file_inode(file);
3686
3687
3688 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
3689 mask |= MAY_APPEND;
3690
3691 return file_has_perm(cred, file,
3692 file_mask_to_av(inode->i_mode, mask));
3693}
3694
3695static int selinux_file_permission(struct file *file, int mask)
3696{
3697 struct inode *inode = file_inode(file);
3698 struct file_security_struct *fsec = selinux_file(file);
3699 struct inode_security_struct *isec;
3700 u32 sid = current_sid();
3701
3702 if (!mask)
3703
3704 return 0;
3705
3706 isec = inode_security(inode);
3707 if (sid == fsec->sid && fsec->isid == isec->sid &&
3708 fsec->pseqno == avc_policy_seqno(&selinux_state))
3709
3710 return 0;
3711
3712 return selinux_revalidate_file_permission(file, mask);
3713}
3714
3715static int selinux_file_alloc_security(struct file *file)
3716{
3717 struct file_security_struct *fsec = selinux_file(file);
3718 u32 sid = current_sid();
3719
3720 fsec->sid = sid;
3721 fsec->fown_sid = sid;
3722
3723 return 0;
3724}
3725
3726
3727
3728
3729
3730static int ioctl_has_perm(const struct cred *cred, struct file *file,
3731 u32 requested, u16 cmd)
3732{
3733 struct common_audit_data ad;
3734 struct file_security_struct *fsec = selinux_file(file);
3735 struct inode *inode = file_inode(file);
3736 struct inode_security_struct *isec;
3737 struct lsm_ioctlop_audit ioctl;
3738 u32 ssid = cred_sid(cred);
3739 int rc;
3740 u8 driver = cmd >> 8;
3741 u8 xperm = cmd & 0xff;
3742
3743 ad.type = LSM_AUDIT_DATA_IOCTL_OP;
3744 ad.u.op = &ioctl;
3745 ad.u.op->cmd = cmd;
3746 ad.u.op->path = file->f_path;
3747
3748 if (ssid != fsec->sid) {
3749 rc = avc_has_perm(&selinux_state,
3750 ssid, fsec->sid,
3751 SECCLASS_FD,
3752 FD__USE,
3753 &ad);
3754 if (rc)
3755 goto out;
3756 }
3757
3758 if (unlikely(IS_PRIVATE(inode)))
3759 return 0;
3760
3761 isec = inode_security(inode);
3762 rc = avc_has_extended_perms(&selinux_state,
3763 ssid, isec->sid, isec->sclass,
3764 requested, driver, xperm, &ad);
3765out:
3766 return rc;
3767}
3768
3769static int selinux_file_ioctl(struct file *file, unsigned int cmd,
3770 unsigned long arg)
3771{
3772 const struct cred *cred = current_cred();
3773 int error = 0;
3774
3775 switch (cmd) {
3776 case FIONREAD:
3777 case FIBMAP:
3778 case FIGETBSZ:
3779 case FS_IOC_GETFLAGS:
3780 case FS_IOC_GETVERSION:
3781 error = file_has_perm(cred, file, FILE__GETATTR);
3782 break;
3783
3784 case FS_IOC_SETFLAGS:
3785 case FS_IOC_SETVERSION:
3786 error = file_has_perm(cred, file, FILE__SETATTR);
3787 break;
3788
3789
3790 case FIONBIO:
3791 case FIOASYNC:
3792 error = file_has_perm(cred, file, 0);
3793 break;
3794
3795 case KDSKBENT:
3796 case KDSKBSENT:
3797 error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG,
3798 CAP_OPT_NONE, true);
3799 break;
3800
3801
3802
3803
3804 default:
3805 error = ioctl_has_perm(cred, file, FILE__IOCTL, (u16) cmd);
3806 }
3807 return error;
3808}
3809
3810static int default_noexec __ro_after_init;
3811
3812static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
3813{
3814 const struct cred *cred = current_cred();
3815 u32 sid = cred_sid(cred);
3816 int rc = 0;
3817
3818 if (default_noexec &&
3819 (prot & PROT_EXEC) && (!file || IS_PRIVATE(file_inode(file)) ||
3820 (!shared && (prot & PROT_WRITE)))) {
3821
3822
3823
3824
3825
3826 rc = avc_has_perm(&selinux_state,
3827 sid, sid, SECCLASS_PROCESS,
3828 PROCESS__EXECMEM, NULL);
3829 if (rc)
3830 goto error;
3831 }
3832
3833 if (file) {
3834
3835 u32 av = FILE__READ;
3836
3837
3838 if (shared && (prot & PROT_WRITE))
3839 av |= FILE__WRITE;
3840
3841 if (prot & PROT_EXEC)
3842 av |= FILE__EXECUTE;
3843
3844 return file_has_perm(cred, file, av);
3845 }
3846
3847error:
3848 return rc;
3849}
3850
3851static int selinux_mmap_addr(unsigned long addr)
3852{
3853 int rc = 0;
3854
3855 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
3856 u32 sid = current_sid();
3857 rc = avc_has_perm(&selinux_state,
3858 sid, sid, SECCLASS_MEMPROTECT,
3859 MEMPROTECT__MMAP_ZERO, NULL);
3860 }
3861
3862 return rc;
3863}
3864
3865static int selinux_mmap_file(struct file *file, unsigned long reqprot,
3866 unsigned long prot, unsigned long flags)
3867{
3868 struct common_audit_data ad;
3869 int rc;
3870
3871 if (file) {
3872 ad.type = LSM_AUDIT_DATA_FILE;
3873 ad.u.file = file;
3874 rc = inode_has_perm(current_cred(), file_inode(file),
3875 FILE__MAP, &ad);
3876 if (rc)
3877 return rc;
3878 }
3879
3880 if (checkreqprot_get(&selinux_state))
3881 prot = reqprot;
3882
3883 return file_map_prot_check(file, prot,
3884 (flags & MAP_TYPE) == MAP_SHARED);
3885}
3886
3887static int selinux_file_mprotect(struct vm_area_struct *vma,
3888 unsigned long reqprot,
3889 unsigned long prot)
3890{
3891 const struct cred *cred = current_cred();
3892 u32 sid = cred_sid(cred);
3893
3894 if (checkreqprot_get(&selinux_state))
3895 prot = reqprot;
3896
3897 if (default_noexec &&
3898 (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3899 int rc = 0;
3900 if (vma->vm_start >= vma->vm_mm->start_brk &&
3901 vma->vm_end <= vma->vm_mm->brk) {
3902 rc = avc_has_perm(&selinux_state,
3903 sid, sid, SECCLASS_PROCESS,
3904 PROCESS__EXECHEAP, NULL);
3905 } else if (!vma->vm_file &&
3906 ((vma->vm_start <= vma->vm_mm->start_stack &&
3907 vma->vm_end >= vma->vm_mm->start_stack) ||
3908 vma_is_stack_for_current(vma))) {
3909 rc = avc_has_perm(&selinux_state,
3910 sid, sid, SECCLASS_PROCESS,
3911 PROCESS__EXECSTACK, NULL);
3912 } else if (vma->vm_file && vma->anon_vma) {
3913
3914
3915
3916
3917
3918
3919
3920 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3921 }
3922 if (rc)
3923 return rc;
3924 }
3925
3926 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3927}
3928
3929static int selinux_file_lock(struct file *file, unsigned int cmd)
3930{
3931 const struct cred *cred = current_cred();
3932
3933 return file_has_perm(cred, file, FILE__LOCK);
3934}
3935
3936static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3937 unsigned long arg)
3938{
3939 const struct cred *cred = current_cred();
3940 int err = 0;
3941
3942 switch (cmd) {
3943 case F_SETFL:
3944 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3945 err = file_has_perm(cred, file, FILE__WRITE);
3946 break;
3947 }
3948 fallthrough;
3949 case F_SETOWN:
3950 case F_SETSIG:
3951 case F_GETFL:
3952 case F_GETOWN:
3953 case F_GETSIG:
3954 case F_GETOWNER_UIDS:
3955
3956 err = file_has_perm(cred, file, 0);
3957 break;
3958 case F_GETLK:
3959 case F_SETLK:
3960 case F_SETLKW:
3961 case F_OFD_GETLK:
3962 case F_OFD_SETLK:
3963 case F_OFD_SETLKW:
3964#if BITS_PER_LONG == 32
3965 case F_GETLK64:
3966 case F_SETLK64:
3967 case F_SETLKW64:
3968#endif
3969 err = file_has_perm(cred, file, FILE__LOCK);
3970 break;
3971 }
3972
3973 return err;
3974}
3975
3976static void selinux_file_set_fowner(struct file *file)
3977{
3978 struct file_security_struct *fsec;
3979
3980 fsec = selinux_file(file);
3981 fsec->fown_sid = current_sid();
3982}
3983
3984static int selinux_file_send_sigiotask(struct task_struct *tsk,
3985 struct fown_struct *fown, int signum)
3986{
3987 struct file *file;
3988 u32 sid = task_sid_obj(tsk);
3989 u32 perm;
3990 struct file_security_struct *fsec;
3991
3992
3993 file = container_of(fown, struct file, f_owner);
3994
3995 fsec = selinux_file(file);
3996
3997 if (!signum)
3998 perm = signal_to_av(SIGIO);
3999 else
4000 perm = signal_to_av(signum);
4001
4002 return avc_has_perm(&selinux_state,
4003 fsec->fown_sid, sid,
4004 SECCLASS_PROCESS, perm, NULL);
4005}
4006
4007static int selinux_file_receive(struct file *file)
4008{
4009 const struct cred *cred = current_cred();
4010
4011 return file_has_perm(cred, file, file_to_av(file));
4012}
4013
4014static int selinux_file_open(struct file *file)
4015{
4016 struct file_security_struct *fsec;
4017 struct inode_security_struct *isec;
4018
4019 fsec = selinux_file(file);
4020 isec = inode_security(file_inode(file));
4021
4022
4023
4024
4025
4026
4027
4028 fsec->isid = isec->sid;
4029 fsec->pseqno = avc_policy_seqno(&selinux_state);
4030
4031
4032
4033
4034
4035
4036
4037
4038 return file_path_has_perm(file->f_cred, file, open_file_to_av(file));
4039}
4040
4041
4042
4043static int selinux_task_alloc(struct task_struct *task,
4044 unsigned long clone_flags)
4045{
4046 u32 sid = current_sid();
4047
4048 return avc_has_perm(&selinux_state,
4049 sid, sid, SECCLASS_PROCESS, PROCESS__FORK, NULL);
4050}
4051
4052
4053
4054
4055static int selinux_cred_prepare(struct cred *new, const struct cred *old,
4056 gfp_t gfp)
4057{
4058 const struct task_security_struct *old_tsec = selinux_cred(old);
4059 struct task_security_struct *tsec = selinux_cred(new);
4060
4061 *tsec = *old_tsec;
4062 return 0;
4063}
4064
4065
4066
4067
4068static void selinux_cred_transfer(struct cred *new, const struct cred *old)
4069{
4070 const struct task_security_struct *old_tsec = selinux_cred(old);
4071 struct task_security_struct *tsec = selinux_cred(new);
4072
4073 *tsec = *old_tsec;
4074}
4075
4076static void selinux_cred_getsecid(const struct cred *c, u32 *secid)
4077{
4078 *secid = cred_sid(c);
4079}
4080
4081
4082
4083
4084
4085static int selinux_kernel_act_as(struct cred *new, u32 secid)
4086{
4087 struct task_security_struct *tsec = selinux_cred(new);
4088 u32 sid = current_sid();
4089 int ret;
4090
4091 ret = avc_has_perm(&selinux_state,
4092 sid, secid,
4093 SECCLASS_KERNEL_SERVICE,
4094 KERNEL_SERVICE__USE_AS_OVERRIDE,
4095 NULL);
4096 if (ret == 0) {
4097 tsec->sid = secid;
4098 tsec->create_sid = 0;
4099 tsec->keycreate_sid = 0;
4100 tsec->sockcreate_sid = 0;
4101 }
4102 return ret;
4103}
4104
4105
4106
4107
4108
4109static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
4110{
4111 struct inode_security_struct *isec = inode_security(inode);
4112 struct task_security_struct *tsec = selinux_cred(new);
4113 u32 sid = current_sid();
4114 int ret;
4115
4116 ret = avc_has_perm(&selinux_state,
4117 sid, isec->sid,
4118 SECCLASS_KERNEL_SERVICE,
4119 KERNEL_SERVICE__CREATE_FILES_AS,
4120 NULL);
4121
4122 if (ret == 0)
4123 tsec->create_sid = isec->sid;
4124 return ret;
4125}
4126
4127static int selinux_kernel_module_request(char *kmod_name)
4128{
4129 struct common_audit_data ad;
4130
4131 ad.type = LSM_AUDIT_DATA_KMOD;
4132 ad.u.kmod_name = kmod_name;
4133
4134 return avc_has_perm(&selinux_state,
4135 current_sid(), SECINITSID_KERNEL, SECCLASS_SYSTEM,
4136 SYSTEM__MODULE_REQUEST, &ad);
4137}
4138
4139static int selinux_kernel_module_from_file(struct file *file)
4140{
4141 struct common_audit_data ad;
4142 struct inode_security_struct *isec;
4143 struct file_security_struct *fsec;
4144 u32 sid = current_sid();
4145 int rc;
4146
4147
4148 if (file == NULL)
4149 return avc_has_perm(&selinux_state,
4150 sid, sid, SECCLASS_SYSTEM,
4151 SYSTEM__MODULE_LOAD, NULL);
4152
4153
4154
4155 ad.type = LSM_AUDIT_DATA_FILE;
4156 ad.u.file = file;
4157
4158 fsec = selinux_file(file);
4159 if (sid != fsec->sid) {
4160 rc = avc_has_perm(&selinux_state,
4161 sid, fsec->sid, SECCLASS_FD, FD__USE, &ad);
4162 if (rc)
4163 return rc;
4164 }
4165
4166 isec = inode_security(file_inode(file));
4167 return avc_has_perm(&selinux_state,
4168 sid, isec->sid, SECCLASS_SYSTEM,
4169 SYSTEM__MODULE_LOAD, &ad);
4170}
4171
4172static int selinux_kernel_read_file(struct file *file,
4173 enum kernel_read_file_id id,
4174 bool contents)
4175{
4176 int rc = 0;
4177
4178 switch (id) {
4179 case READING_MODULE:
4180 rc = selinux_kernel_module_from_file(contents ? file : NULL);
4181 break;
4182 default:
4183 break;
4184 }
4185
4186 return rc;
4187}
4188
4189static int selinux_kernel_load_data(enum kernel_load_data_id id, bool contents)
4190{
4191 int rc = 0;
4192
4193 switch (id) {
4194 case LOADING_MODULE:
4195 rc = selinux_kernel_module_from_file(NULL);
4196 break;
4197 default:
4198 break;
4199 }
4200
4201 return rc;
4202}
4203
4204static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
4205{
4206 return avc_has_perm(&selinux_state,
4207 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4208 PROCESS__SETPGID, NULL);
4209}
4210
4211static int selinux_task_getpgid(struct task_struct *p)
4212{
4213 return avc_has_perm(&selinux_state,
4214 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4215 PROCESS__GETPGID, NULL);
4216}
4217
4218static int selinux_task_getsid(struct task_struct *p)
4219{
4220 return avc_has_perm(&selinux_state,
4221 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4222 PROCESS__GETSESSION, NULL);
4223}
4224
4225static void selinux_task_getsecid_subj(struct task_struct *p, u32 *secid)
4226{
4227 *secid = task_sid_subj(p);
4228}
4229
4230static void selinux_task_getsecid_obj(struct task_struct *p, u32 *secid)
4231{
4232 *secid = task_sid_obj(p);
4233}
4234
4235static int selinux_task_setnice(struct task_struct *p, int nice)
4236{
4237 return avc_has_perm(&selinux_state,
4238 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4239 PROCESS__SETSCHED, NULL);
4240}
4241
4242static int selinux_task_setioprio(struct task_struct *p, int ioprio)
4243{
4244 return avc_has_perm(&selinux_state,
4245 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4246 PROCESS__SETSCHED, NULL);
4247}
4248
4249static int selinux_task_getioprio(struct task_struct *p)
4250{
4251 return avc_has_perm(&selinux_state,
4252 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4253 PROCESS__GETSCHED, NULL);
4254}
4255
4256static int selinux_task_prlimit(const struct cred *cred, const struct cred *tcred,
4257 unsigned int flags)
4258{
4259 u32 av = 0;
4260
4261 if (!flags)
4262 return 0;
4263 if (flags & LSM_PRLIMIT_WRITE)
4264 av |= PROCESS__SETRLIMIT;
4265 if (flags & LSM_PRLIMIT_READ)
4266 av |= PROCESS__GETRLIMIT;
4267 return avc_has_perm(&selinux_state,
4268 cred_sid(cred), cred_sid(tcred),
4269 SECCLASS_PROCESS, av, NULL);
4270}
4271
4272static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
4273 struct rlimit *new_rlim)
4274{
4275 struct rlimit *old_rlim = p->signal->rlim + resource;
4276
4277
4278
4279
4280
4281 if (old_rlim->rlim_max != new_rlim->rlim_max)
4282 return avc_has_perm(&selinux_state,
4283 current_sid(), task_sid_obj(p),
4284 SECCLASS_PROCESS, PROCESS__SETRLIMIT, NULL);
4285
4286 return 0;
4287}
4288
4289static int selinux_task_setscheduler(struct task_struct *p)
4290{
4291 return avc_has_perm(&selinux_state,
4292 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4293 PROCESS__SETSCHED, NULL);
4294}
4295
4296static int selinux_task_getscheduler(struct task_struct *p)
4297{
4298 return avc_has_perm(&selinux_state,
4299 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4300 PROCESS__GETSCHED, NULL);
4301}
4302
4303static int selinux_task_movememory(struct task_struct *p)
4304{
4305 return avc_has_perm(&selinux_state,
4306 current_sid(), task_sid_obj(p), SECCLASS_PROCESS,
4307 PROCESS__SETSCHED, NULL);
4308}
4309
4310static int selinux_task_kill(struct task_struct *p, struct kernel_siginfo *info,
4311 int sig, const struct cred *cred)
4312{
4313 u32 secid;
4314 u32 perm;
4315
4316 if (!sig)
4317 perm = PROCESS__SIGNULL;
4318 else
4319 perm = signal_to_av(sig);
4320 if (!cred)
4321 secid = current_sid();
4322 else
4323 secid = cred_sid(cred);
4324 return avc_has_perm(&selinux_state,
4325 secid, task_sid_obj(p), SECCLASS_PROCESS, perm, NULL);
4326}
4327
4328static void selinux_task_to_inode(struct task_struct *p,
4329 struct inode *inode)
4330{
4331 struct inode_security_struct *isec = selinux_inode(inode);
4332 u32 sid = task_sid_obj(p);
4333
4334 spin_lock(&isec->lock);
4335 isec->sclass = inode_mode_to_security_class(inode->i_mode);
4336 isec->sid = sid;
4337 isec->initialized = LABEL_INITIALIZED;
4338 spin_unlock(&isec->lock);
4339}
4340
4341
4342static int selinux_parse_skb_ipv4(struct sk_buff *skb,
4343 struct common_audit_data *ad, u8 *proto)
4344{
4345 int offset, ihlen, ret = -EINVAL;
4346 struct iphdr _iph, *ih;
4347
4348 offset = skb_network_offset(skb);
4349 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
4350 if (ih == NULL)
4351 goto out;
4352
4353 ihlen = ih->ihl * 4;
4354 if (ihlen < sizeof(_iph))
4355 goto out;
4356
4357 ad->u.net->v4info.saddr = ih->saddr;
4358 ad->u.net->v4info.daddr = ih->daddr;
4359 ret = 0;
4360
4361 if (proto)
4362 *proto = ih->protocol;
4363
4364 switch (ih->protocol) {
4365 case IPPROTO_TCP: {
4366 struct tcphdr _tcph, *th;
4367
4368 if (ntohs(ih->frag_off) & IP_OFFSET)
4369 break;
4370
4371 offset += ihlen;
4372 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
4373 if (th == NULL)
4374 break;
4375
4376 ad->u.net->sport = th->source;
4377 ad->u.net->dport = th->dest;
4378 break;
4379 }
4380
4381 case IPPROTO_UDP: {
4382 struct udphdr _udph, *uh;
4383
4384 if (ntohs(ih->frag_off) & IP_OFFSET)
4385 break;
4386
4387 offset += ihlen;
4388 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
4389 if (uh == NULL)
4390 break;
4391
4392 ad->u.net->sport = uh->source;
4393 ad->u.net->dport = uh->dest;
4394 break;
4395 }
4396
4397 case IPPROTO_DCCP: {
4398 struct dccp_hdr _dccph, *dh;
4399
4400 if (ntohs(ih->frag_off) & IP_OFFSET)
4401 break;
4402
4403 offset += ihlen;
4404 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
4405 if (dh == NULL)
4406 break;
4407
4408 ad->u.net->sport = dh->dccph_sport;
4409 ad->u.net->dport = dh->dccph_dport;
4410 break;
4411 }
4412
4413#if IS_ENABLED(CONFIG_IP_SCTP)
4414 case IPPROTO_SCTP: {
4415 struct sctphdr _sctph, *sh;
4416
4417 if (ntohs(ih->frag_off) & IP_OFFSET)
4418 break;
4419
4420 offset += ihlen;
4421 sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);
4422 if (sh == NULL)
4423 break;
4424
4425 ad->u.net->sport = sh->source;
4426 ad->u.net->dport = sh->dest;
4427 break;
4428 }
4429#endif
4430 default:
4431 break;
4432 }
4433out:
4434 return ret;
4435}
4436
4437#if IS_ENABLED(CONFIG_IPV6)
4438
4439
4440static int selinux_parse_skb_ipv6(struct sk_buff *skb,
4441 struct common_audit_data *ad, u8 *proto)
4442{
4443 u8 nexthdr;
4444 int ret = -EINVAL, offset;
4445 struct ipv6hdr _ipv6h, *ip6;
4446 __be16 frag_off;
4447
4448 offset = skb_network_offset(skb);
4449 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
4450 if (ip6 == NULL)
4451 goto out;
4452
4453 ad->u.net->v6info.saddr = ip6->saddr;
4454 ad->u.net->v6info.daddr = ip6->daddr;
4455 ret = 0;
4456
4457 nexthdr = ip6->nexthdr;
4458 offset += sizeof(_ipv6h);
4459 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
4460 if (offset < 0)
4461 goto out;
4462
4463 if (proto)
4464 *proto = nexthdr;
4465
4466 switch (nexthdr) {
4467 case IPPROTO_TCP: {
4468 struct tcphdr _tcph, *th;
4469
4470 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
4471 if (th == NULL)
4472 break;
4473
4474 ad->u.net->sport = th->source;
4475 ad->u.net->dport = th->dest;
4476 break;
4477 }
4478
4479 case IPPROTO_UDP: {
4480 struct udphdr _udph, *uh;
4481
4482 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
4483 if (uh == NULL)
4484 break;
4485
4486 ad->u.net->sport = uh->source;
4487 ad->u.net->dport = uh->dest;
4488 break;
4489 }
4490
4491 case IPPROTO_DCCP: {
4492 struct dccp_hdr _dccph, *dh;
4493
4494 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
4495 if (dh == NULL)
4496 break;
4497
4498 ad->u.net->sport = dh->dccph_sport;
4499 ad->u.net->dport = dh->dccph_dport;
4500 break;
4501 }
4502
4503#if IS_ENABLED(CONFIG_IP_SCTP)
4504 case IPPROTO_SCTP: {
4505 struct sctphdr _sctph, *sh;
4506
4507 sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);
4508 if (sh == NULL)
4509 break;
4510
4511 ad->u.net->sport = sh->source;
4512 ad->u.net->dport = sh->dest;
4513 break;
4514 }
4515#endif
4516
4517 default:
4518 break;
4519 }
4520out:
4521 return ret;
4522}
4523
4524#endif
4525
4526static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
4527 char **_addrp, int src, u8 *proto)
4528{
4529 char *addrp;
4530 int ret;
4531
4532 switch (ad->u.net->family) {
4533 case PF_INET:
4534 ret = selinux_parse_skb_ipv4(skb, ad, proto);
4535 if (ret)
4536 goto parse_error;
4537 addrp = (char *)(src ? &ad->u.net->v4info.saddr :
4538 &ad->u.net->v4info.daddr);
4539 goto okay;
4540
4541#if IS_ENABLED(CONFIG_IPV6)
4542 case PF_INET6:
4543 ret = selinux_parse_skb_ipv6(skb, ad, proto);
4544 if (ret)
4545 goto parse_error;
4546 addrp = (char *)(src ? &ad->u.net->v6info.saddr :
4547 &ad->u.net->v6info.daddr);
4548 goto okay;
4549#endif
4550 default:
4551 addrp = NULL;
4552 goto okay;
4553 }
4554
4555parse_error:
4556 pr_warn(
4557 "SELinux: failure in selinux_parse_skb(),"
4558 " unable to parse packet\n");
4559 return ret;
4560
4561okay:
4562 if (_addrp)
4563 *_addrp = addrp;
4564 return 0;
4565}
4566
4567
4568
4569
4570
4571
4572
4573
4574
4575
4576
4577
4578
4579
4580
4581
4582static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
4583{
4584 int err;
4585 u32 xfrm_sid;
4586 u32 nlbl_sid;
4587 u32 nlbl_type;
4588
4589 err = selinux_xfrm_skb_sid(skb, &xfrm_sid);
4590 if (unlikely(err))
4591 return -EACCES;
4592 err = selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
4593 if (unlikely(err))
4594 return -EACCES;
4595
4596 err = security_net_peersid_resolve(&selinux_state, nlbl_sid,
4597 nlbl_type, xfrm_sid, sid);
4598 if (unlikely(err)) {
4599 pr_warn(
4600 "SELinux: failure in selinux_skb_peerlbl_sid(),"
4601 " unable to determine packet's peer label\n");
4602 return -EACCES;
4603 }
4604
4605 return 0;
4606}
4607
4608
4609
4610
4611
4612
4613
4614
4615
4616
4617
4618
4619
4620static int selinux_conn_sid(u32 sk_sid, u32 skb_sid, u32 *conn_sid)
4621{
4622 int err = 0;
4623
4624 if (skb_sid != SECSID_NULL)
4625 err = security_sid_mls_copy(&selinux_state, sk_sid, skb_sid,
4626 conn_sid);
4627 else
4628 *conn_sid = sk_sid;
4629
4630 return err;
4631}
4632
4633
4634
4635static int socket_sockcreate_sid(const struct task_security_struct *tsec,
4636 u16 secclass, u32 *socksid)
4637{
4638 if (tsec->sockcreate_sid > SECSID_NULL) {
4639 *socksid = tsec->sockcreate_sid;
4640 return 0;
4641 }
4642
4643 return security_transition_sid(&selinux_state, tsec->sid, tsec->sid,
4644 secclass, NULL, socksid);
4645}
4646
4647static int sock_has_perm(struct sock *sk, u32 perms)
4648{
4649 struct sk_security_struct *sksec = sk->sk_security;
4650 struct common_audit_data ad;
4651 struct lsm_network_audit net = {0,};
4652
4653 if (sksec->sid == SECINITSID_KERNEL)
4654 return 0;
4655
4656 ad.type = LSM_AUDIT_DATA_NET;
4657 ad.u.net = &net;
4658 ad.u.net->sk = sk;
4659
4660 return avc_has_perm(&selinux_state,
4661 current_sid(), sksec->sid, sksec->sclass, perms,
4662 &ad);
4663}
4664
4665static int selinux_socket_create(int family, int type,
4666 int protocol, int kern)
4667{
4668 const struct task_security_struct *tsec = selinux_cred(current_cred());
4669 u32 newsid;
4670 u16 secclass;
4671 int rc;
4672
4673 if (kern)
4674 return 0;
4675
4676 secclass = socket_type_to_security_class(family, type, protocol);
4677 rc = socket_sockcreate_sid(tsec, secclass, &newsid);
4678 if (rc)
4679 return rc;
4680
4681 return avc_has_perm(&selinux_state,
4682 tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
4683}
4684
4685static int selinux_socket_post_create(struct socket *sock, int family,
4686 int type, int protocol, int kern)
4687{
4688 const struct task_security_struct *tsec = selinux_cred(current_cred());
4689 struct inode_security_struct *isec = inode_security_novalidate(SOCK_INODE(sock));
4690 struct sk_security_struct *sksec;
4691 u16 sclass = socket_type_to_security_class(family, type, protocol);
4692 u32 sid = SECINITSID_KERNEL;
4693 int err = 0;
4694
4695 if (!kern) {
4696 err = socket_sockcreate_sid(tsec, sclass, &sid);
4697 if (err)
4698 return err;
4699 }
4700
4701 isec->sclass = sclass;
4702 isec->sid = sid;
4703 isec->initialized = LABEL_INITIALIZED;
4704
4705 if (sock->sk) {
4706 sksec = sock->sk->sk_security;
4707 sksec->sclass = sclass;
4708 sksec->sid = sid;
4709
4710 if (sksec->sclass == SECCLASS_SCTP_SOCKET)
4711 sksec->sctp_assoc_state = SCTP_ASSOC_UNSET;
4712
4713 err = selinux_netlbl_socket_post_create(sock->sk, family);
4714 }
4715
4716 return err;
4717}
4718
4719static int selinux_socket_socketpair(struct socket *socka,
4720 struct socket *sockb)
4721{
4722 struct sk_security_struct *sksec_a = socka->sk->sk_security;
4723 struct sk_security_struct *sksec_b = sockb->sk->sk_security;
4724
4725 sksec_a->peer_sid = sksec_b->sid;
4726 sksec_b->peer_sid = sksec_a->sid;
4727
4728 return 0;
4729}
4730
4731
4732
4733
4734
4735static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
4736{
4737 struct sock *sk = sock->sk;
4738 struct sk_security_struct *sksec = sk->sk_security;
4739 u16 family;
4740 int err;
4741
4742 err = sock_has_perm(sk, SOCKET__BIND);
4743 if (err)
4744 goto out;
4745
4746
4747 family = sk->sk_family;
4748 if (family == PF_INET || family == PF_INET6) {
4749 char *addrp;
4750 struct common_audit_data ad;
4751 struct lsm_network_audit net = {0,};
4752 struct sockaddr_in *addr4 = NULL;
4753 struct sockaddr_in6 *addr6 = NULL;
4754 u16 family_sa;
4755 unsigned short snum;
4756 u32 sid, node_perm;
4757
4758
4759
4760
4761
4762
4763
4764 if (addrlen < offsetofend(struct sockaddr, sa_family))
4765 return -EINVAL;
4766 family_sa = address->sa_family;
4767 switch (family_sa) {
4768 case AF_UNSPEC:
4769 case AF_INET:
4770 if (addrlen < sizeof(struct sockaddr_in))
4771 return -EINVAL;
4772 addr4 = (struct sockaddr_in *)address;
4773 if (family_sa == AF_UNSPEC) {
4774
4775
4776
4777 if (addr4->sin_addr.s_addr != htonl(INADDR_ANY))
4778 goto err_af;
4779 family_sa = AF_INET;
4780 }
4781 snum = ntohs(addr4->sin_port);
4782 addrp = (char *)&addr4->sin_addr.s_addr;
4783 break;
4784 case AF_INET6:
4785 if (addrlen < SIN6_LEN_RFC2133)
4786 return -EINVAL;
4787 addr6 = (struct sockaddr_in6 *)address;
4788 snum = ntohs(addr6->sin6_port);
4789 addrp = (char *)&addr6->sin6_addr.s6_addr;
4790 break;
4791 default:
4792 goto err_af;
4793 }
4794
4795 ad.type = LSM_AUDIT_DATA_NET;
4796 ad.u.net = &net;
4797 ad.u.net->sport = htons(snum);
4798 ad.u.net->family = family_sa;
4799
4800 if (snum) {
4801 int low, high;
4802
4803 inet_get_local_port_range(sock_net(sk), &low, &high);
4804
4805 if (inet_port_requires_bind_service(sock_net(sk), snum) ||
4806 snum < low || snum > high) {
4807 err = sel_netport_sid(sk->sk_protocol,
4808 snum, &sid);
4809 if (err)
4810 goto out;
4811 err = avc_has_perm(&selinux_state,
4812 sksec->sid, sid,
4813 sksec->sclass,
4814 SOCKET__NAME_BIND, &ad);
4815 if (err)
4816 goto out;
4817 }
4818 }
4819
4820 switch (sksec->sclass) {
4821 case SECCLASS_TCP_SOCKET:
4822 node_perm = TCP_SOCKET__NODE_BIND;
4823 break;
4824
4825 case SECCLASS_UDP_SOCKET:
4826 node_perm = UDP_SOCKET__NODE_BIND;
4827 break;
4828
4829 case SECCLASS_DCCP_SOCKET:
4830 node_perm = DCCP_SOCKET__NODE_BIND;
4831 break;
4832
4833 case SECCLASS_SCTP_SOCKET:
4834 node_perm = SCTP_SOCKET__NODE_BIND;
4835 break;
4836
4837 default:
4838 node_perm = RAWIP_SOCKET__NODE_BIND;
4839 break;
4840 }
4841
4842 err = sel_netnode_sid(addrp, family_sa, &sid);
4843 if (err)
4844 goto out;
4845
4846 if (family_sa == AF_INET)
4847 ad.u.net->v4info.saddr = addr4->sin_addr.s_addr;
4848 else
4849 ad.u.net->v6info.saddr = addr6->sin6_addr;
4850
4851 err = avc_has_perm(&selinux_state,
4852 sksec->sid, sid,
4853 sksec->sclass, node_perm, &ad);
4854 if (err)
4855 goto out;
4856 }
4857out:
4858 return err;
4859err_af:
4860
4861 if (sksec->sclass == SECCLASS_SCTP_SOCKET)
4862 return -EINVAL;
4863 return -EAFNOSUPPORT;
4864}
4865
4866
4867
4868
4869static int selinux_socket_connect_helper(struct socket *sock,
4870 struct sockaddr *address, int addrlen)
4871{
4872 struct sock *sk = sock->sk;
4873 struct sk_security_struct *sksec = sk->sk_security;
4874 int err;
4875
4876 err = sock_has_perm(sk, SOCKET__CONNECT);
4877 if (err)
4878 return err;
4879 if (addrlen < offsetofend(struct sockaddr, sa_family))
4880 return -EINVAL;
4881
4882
4883
4884
4885 if (address->sa_family == AF_UNSPEC)
4886 return 0;
4887
4888
4889
4890
4891
4892 if (sksec->sclass == SECCLASS_TCP_SOCKET ||
4893 sksec->sclass == SECCLASS_DCCP_SOCKET ||
4894 sksec->sclass == SECCLASS_SCTP_SOCKET) {
4895 struct common_audit_data ad;
4896 struct lsm_network_audit net = {0,};
4897 struct sockaddr_in *addr4 = NULL;
4898 struct sockaddr_in6 *addr6 = NULL;
4899 unsigned short snum;
4900 u32 sid, perm;
4901
4902
4903
4904
4905
4906
4907 switch (address->sa_family) {
4908 case AF_INET:
4909 addr4 = (struct sockaddr_in *)address;
4910 if (addrlen < sizeof(struct sockaddr_in))
4911 return -EINVAL;
4912 snum = ntohs(addr4->sin_port);
4913 break;
4914 case AF_INET6:
4915 addr6 = (struct sockaddr_in6 *)address;
4916 if (addrlen < SIN6_LEN_RFC2133)
4917 return -EINVAL;
4918 snum = ntohs(addr6->sin6_port);
4919 break;
4920 default:
4921
4922
4923
4924 if (sksec->sclass == SECCLASS_SCTP_SOCKET)
4925 return -EINVAL;
4926 else
4927 return -EAFNOSUPPORT;
4928 }
4929
4930 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
4931 if (err)
4932 return err;
4933
4934 switch (sksec->sclass) {
4935 case SECCLASS_TCP_SOCKET:
4936 perm = TCP_SOCKET__NAME_CONNECT;
4937 break;
4938 case SECCLASS_DCCP_SOCKET:
4939 perm = DCCP_SOCKET__NAME_CONNECT;
4940 break;
4941 case SECCLASS_SCTP_SOCKET:
4942 perm = SCTP_SOCKET__NAME_CONNECT;
4943 break;
4944 }
4945
4946 ad.type = LSM_AUDIT_DATA_NET;
4947 ad.u.net = &net;
4948 ad.u.net->dport = htons(snum);
4949 ad.u.net->family = address->sa_family;
4950 err = avc_has_perm(&selinux_state,
4951 sksec->sid, sid, sksec->sclass, perm, &ad);
4952 if (err)
4953 return err;
4954 }
4955
4956 return 0;
4957}
4958
4959
4960static int selinux_socket_connect(struct socket *sock,
4961 struct sockaddr *address, int addrlen)
4962{
4963 int err;
4964 struct sock *sk = sock->sk;
4965
4966 err = selinux_socket_connect_helper(sock, address, addrlen);
4967 if (err)
4968 return err;
4969
4970 return selinux_netlbl_socket_connect(sk, address);
4971}
4972
4973static int selinux_socket_listen(struct socket *sock, int backlog)
4974{
4975 return sock_has_perm(sock->sk, SOCKET__LISTEN);
4976}
4977
4978static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
4979{
4980 int err;
4981 struct inode_security_struct *isec;
4982 struct inode_security_struct *newisec;
4983 u16 sclass;
4984 u32 sid;
4985
4986 err = sock_has_perm(sock->sk, SOCKET__ACCEPT);
4987 if (err)
4988 return err;
4989
4990 isec = inode_security_novalidate(SOCK_INODE(sock));
4991 spin_lock(&isec->lock);
4992 sclass = isec->sclass;
4993 sid = isec->sid;
4994 spin_unlock(&isec->lock);
4995
4996 newisec = inode_security_novalidate(SOCK_INODE(newsock));
4997 newisec->sclass = sclass;
4998 newisec->sid = sid;
4999 newisec->initialized = LABEL_INITIALIZED;
5000
5001 return 0;
5002}
5003
5004static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
5005 int size)
5006{
5007 return sock_has_perm(sock->sk, SOCKET__WRITE);
5008}
5009
5010static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
5011 int size, int flags)
5012{
5013 return sock_has_perm(sock->sk, SOCKET__READ);
5014}
5015
5016static int selinux_socket_getsockname(struct socket *sock)
5017{
5018 return sock_has_perm(sock->sk, SOCKET__GETATTR);
5019}
5020
5021static int selinux_socket_getpeername(struct socket *sock)
5022{
5023 return sock_has_perm(sock->sk, SOCKET__GETATTR);
5024}
5025
5026static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
5027{
5028 int err;
5029
5030 err = sock_has_perm(sock->sk, SOCKET__SETOPT);
5031 if (err)
5032 return err;
5033
5034 return selinux_netlbl_socket_setsockopt(sock, level, optname);
5035}
5036
5037static int selinux_socket_getsockopt(struct socket *sock, int level,
5038 int optname)
5039{
5040 return sock_has_perm(sock->sk, SOCKET__GETOPT);
5041}
5042
5043static int selinux_socket_shutdown(struct socket *sock, int how)
5044{
5045 return sock_has_perm(sock->sk, SOCKET__SHUTDOWN);
5046}
5047
5048static int selinux_socket_unix_stream_connect(struct sock *sock,
5049 struct sock *other,
5050 struct sock *newsk)
5051{
5052 struct sk_security_struct *sksec_sock = sock->sk_security;
5053 struct sk_security_struct *sksec_other = other->sk_security;
5054 struct sk_security_struct *sksec_new = newsk->sk_security;
5055 struct common_audit_data ad;
5056 struct lsm_network_audit net = {0,};
5057 int err;
5058
5059 ad.type = LSM_AUDIT_DATA_NET;
5060 ad.u.net = &net;
5061 ad.u.net->sk = other;
5062
5063 err = avc_has_perm(&selinux_state,
5064 sksec_sock->sid, sksec_other->sid,
5065 sksec_other->sclass,
5066 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
5067 if (err)
5068 return err;
5069
5070
5071 sksec_new->peer_sid = sksec_sock->sid;
5072 err = security_sid_mls_copy(&selinux_state, sksec_other->sid,
5073 sksec_sock->sid, &sksec_new->sid);
5074 if (err)
5075 return err;
5076
5077
5078 sksec_sock->peer_sid = sksec_new->sid;
5079
5080 return 0;
5081}
5082
5083static int selinux_socket_unix_may_send(struct socket *sock,
5084 struct socket *other)
5085{
5086 struct sk_security_struct *ssec = sock->sk->sk_security;
5087 struct sk_security_struct *osec = other->sk->sk_security;
5088 struct common_audit_data ad;
5089 struct lsm_network_audit net = {0,};
5090
5091 ad.type = LSM_AUDIT_DATA_NET;
5092 ad.u.net = &net;
5093 ad.u.net->sk = other->sk;
5094
5095 return avc_has_perm(&selinux_state,
5096 ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
5097 &ad);
5098}
5099
5100static int selinux_inet_sys_rcv_skb(struct net *ns, int ifindex,
5101 char *addrp, u16 family, u32 peer_sid,
5102 struct common_audit_data *ad)
5103{
5104 int err;
5105 u32 if_sid;
5106 u32 node_sid;
5107
5108 err = sel_netif_sid(ns, ifindex, &if_sid);
5109 if (err)
5110 return err;
5111 err = avc_has_perm(&selinux_state,
5112 peer_sid, if_sid,
5113 SECCLASS_NETIF, NETIF__INGRESS, ad);
5114 if (err)
5115 return err;
5116
5117 err = sel_netnode_sid(addrp, family, &node_sid);
5118 if (err)
5119 return err;
5120 return avc_has_perm(&selinux_state,
5121 peer_sid, node_sid,
5122 SECCLASS_NODE, NODE__RECVFROM, ad);
5123}
5124
5125static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
5126 u16 family)
5127{
5128 int err = 0;
5129 struct sk_security_struct *sksec = sk->sk_security;
5130 u32 sk_sid = sksec->sid;
5131 struct common_audit_data ad;
5132 struct lsm_network_audit net = {0,};
5133 char *addrp;
5134
5135 ad.type = LSM_AUDIT_DATA_NET;
5136 ad.u.net = &net;
5137 ad.u.net->netif = skb->skb_iif;
5138 ad.u.net->family = family;
5139 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
5140 if (err)
5141 return err;
5142
5143 if (selinux_secmark_enabled()) {
5144 err = avc_has_perm(&selinux_state,
5145 sk_sid, skb->secmark, SECCLASS_PACKET,
5146 PACKET__RECV, &ad);
5147 if (err)
5148 return err;
5149 }
5150
5151 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
5152 if (err)
5153 return err;
5154 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
5155
5156 return err;
5157}
5158
5159static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
5160{
5161 int err;
5162 struct sk_security_struct *sksec = sk->sk_security;
5163 u16 family = sk->sk_family;
5164 u32 sk_sid = sksec->sid;
5165 struct common_audit_data ad;
5166 struct lsm_network_audit net = {0,};
5167 char *addrp;
5168 u8 secmark_active;
5169 u8 peerlbl_active;
5170
5171 if (family != PF_INET && family != PF_INET6)
5172 return 0;
5173
5174
5175 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
5176 family = PF_INET;
5177
5178
5179
5180
5181
5182 if (!selinux_policycap_netpeer())
5183 return selinux_sock_rcv_skb_compat(sk, skb, family);
5184
5185 secmark_active = selinux_secmark_enabled();
5186 peerlbl_active = selinux_peerlbl_enabled();
5187 if (!secmark_active && !peerlbl_active)
5188 return 0;
5189
5190 ad.type = LSM_AUDIT_DATA_NET;
5191 ad.u.net = &net;
5192 ad.u.net->netif = skb->skb_iif;
5193 ad.u.net->family = family;
5194 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
5195 if (err)
5196 return err;
5197
5198 if (peerlbl_active) {
5199 u32 peer_sid;
5200
5201 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
5202 if (err)
5203 return err;
5204 err = selinux_inet_sys_rcv_skb(sock_net(sk), skb->skb_iif,
5205 addrp, family, peer_sid, &ad);
5206 if (err) {
5207 selinux_netlbl_err(skb, family, err, 0);
5208 return err;
5209 }
5210 err = avc_has_perm(&selinux_state,
5211 sk_sid, peer_sid, SECCLASS_PEER,
5212 PEER__RECV, &ad);
5213 if (err) {
5214 selinux_netlbl_err(skb, family, err, 0);
5215 return err;
5216 }
5217 }
5218
5219 if (secmark_active) {
5220 err = avc_has_perm(&selinux_state,
5221 sk_sid, skb->secmark, SECCLASS_PACKET,
5222 PACKET__RECV, &ad);
5223 if (err)
5224 return err;
5225 }
5226
5227 return err;
5228}
5229
5230static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
5231 int __user *optlen, unsigned len)
5232{
5233 int err = 0;
5234 char *scontext;
5235 u32 scontext_len;
5236 struct sk_security_struct *sksec = sock->sk->sk_security;
5237 u32 peer_sid = SECSID_NULL;
5238
5239 if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
5240 sksec->sclass == SECCLASS_TCP_SOCKET ||
5241 sksec->sclass == SECCLASS_SCTP_SOCKET)
5242 peer_sid = sksec->peer_sid;
5243 if (peer_sid == SECSID_NULL)
5244 return -ENOPROTOOPT;
5245
5246 err = security_sid_to_context(&selinux_state, peer_sid, &scontext,
5247 &scontext_len);
5248 if (err)
5249 return err;
5250
5251 if (scontext_len > len) {
5252 err = -ERANGE;
5253 goto out_len;
5254 }
5255
5256 if (copy_to_user(optval, scontext, scontext_len))
5257 err = -EFAULT;
5258
5259out_len:
5260 if (put_user(scontext_len, optlen))
5261 err = -EFAULT;
5262 kfree(scontext);
5263 return err;
5264}
5265
5266static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
5267{
5268 u32 peer_secid = SECSID_NULL;
5269 u16 family;
5270 struct inode_security_struct *isec;
5271
5272 if (skb && skb->protocol == htons(ETH_P_IP))
5273 family = PF_INET;
5274 else if (skb && skb->protocol == htons(ETH_P_IPV6))
5275 family = PF_INET6;
5276 else if (sock)
5277 family = sock->sk->sk_family;
5278 else
5279 goto out;
5280
5281 if (sock && family == PF_UNIX) {
5282 isec = inode_security_novalidate(SOCK_INODE(sock));
5283 peer_secid = isec->sid;
5284 } else if (skb)
5285 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
5286
5287out:
5288 *secid = peer_secid;
5289 if (peer_secid == SECSID_NULL)
5290 return -EINVAL;
5291 return 0;
5292}
5293
5294static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
5295{
5296 struct sk_security_struct *sksec;
5297
5298 sksec = kzalloc(sizeof(*sksec), priority);
5299 if (!sksec)
5300 return -ENOMEM;
5301
5302 sksec->peer_sid = SECINITSID_UNLABELED;
5303 sksec->sid = SECINITSID_UNLABELED;
5304 sksec->sclass = SECCLASS_SOCKET;
5305 selinux_netlbl_sk_security_reset(sksec);
5306 sk->sk_security = sksec;
5307
5308 return 0;
5309}
5310
5311static void selinux_sk_free_security(struct sock *sk)
5312{
5313 struct sk_security_struct *sksec = sk->sk_security;
5314
5315 sk->sk_security = NULL;
5316 selinux_netlbl_sk_security_free(sksec);
5317 kfree(sksec);
5318}
5319
5320static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
5321{
5322 struct sk_security_struct *sksec = sk->sk_security;
5323 struct sk_security_struct *newsksec = newsk->sk_security;
5324
5325 newsksec->sid = sksec->sid;
5326 newsksec->peer_sid = sksec->peer_sid;
5327 newsksec->sclass = sksec->sclass;
5328
5329 selinux_netlbl_sk_security_reset(newsksec);
5330}
5331
5332static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
5333{
5334 if (!sk)
5335 *secid = SECINITSID_ANY_SOCKET;
5336 else {
5337 struct sk_security_struct *sksec = sk->sk_security;
5338
5339 *secid = sksec->sid;
5340 }
5341}
5342
5343static void selinux_sock_graft(struct sock *sk, struct socket *parent)
5344{
5345 struct inode_security_struct *isec =
5346 inode_security_novalidate(SOCK_INODE(parent));
5347 struct sk_security_struct *sksec = sk->sk_security;
5348
5349 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
5350 sk->sk_family == PF_UNIX)
5351 isec->sid = sksec->sid;
5352 sksec->sclass = isec->sclass;
5353}
5354
5355
5356
5357
5358
5359static int selinux_sctp_assoc_request(struct sctp_endpoint *ep,
5360 struct sk_buff *skb)
5361{
5362 struct sk_security_struct *sksec = ep->base.sk->sk_security;
5363 struct common_audit_data ad;
5364 struct lsm_network_audit net = {0,};
5365 u8 peerlbl_active;
5366 u32 peer_sid = SECINITSID_UNLABELED;
5367 u32 conn_sid;
5368 int err = 0;
5369
5370 if (!selinux_policycap_extsockclass())
5371 return 0;
5372
5373 peerlbl_active = selinux_peerlbl_enabled();
5374
5375 if (peerlbl_active) {
5376
5377
5378
5379 err = selinux_skb_peerlbl_sid(skb, ep->base.sk->sk_family,
5380 &peer_sid);
5381 if (err)
5382 return err;
5383
5384 if (peer_sid == SECSID_NULL)
5385 peer_sid = SECINITSID_UNLABELED;
5386 }
5387
5388 if (sksec->sctp_assoc_state == SCTP_ASSOC_UNSET) {
5389 sksec->sctp_assoc_state = SCTP_ASSOC_SET;
5390
5391
5392
5393
5394
5395
5396 sksec->peer_sid = peer_sid;
5397 } else if (sksec->peer_sid != peer_sid) {
5398
5399
5400
5401 ad.type = LSM_AUDIT_DATA_NET;
5402 ad.u.net = &net;
5403 ad.u.net->sk = ep->base.sk;
5404 err = avc_has_perm(&selinux_state,
5405 sksec->peer_sid, peer_sid, sksec->sclass,
5406 SCTP_SOCKET__ASSOCIATION, &ad);
5407 if (err)
5408 return err;
5409 }
5410
5411
5412
5413
5414
5415
5416
5417 err = selinux_conn_sid(sksec->sid, peer_sid, &conn_sid);
5418 if (err)
5419 return err;
5420
5421 ep->secid = conn_sid;
5422 ep->peer_secid = peer_sid;
5423
5424
5425 return selinux_netlbl_sctp_assoc_request(ep, skb);
5426}
5427
5428
5429
5430
5431static int selinux_sctp_bind_connect(struct sock *sk, int optname,
5432 struct sockaddr *address,
5433 int addrlen)
5434{
5435 int len, err = 0, walk_size = 0;
5436 void *addr_buf;
5437 struct sockaddr *addr;
5438 struct socket *sock;
5439
5440 if (!selinux_policycap_extsockclass())
5441 return 0;
5442
5443
5444 sock = sk->sk_socket;
5445 addr_buf = address;
5446
5447 while (walk_size < addrlen) {
5448 if (walk_size + sizeof(sa_family_t) > addrlen)
5449 return -EINVAL;
5450
5451 addr = addr_buf;
5452 switch (addr->sa_family) {
5453 case AF_UNSPEC:
5454 case AF_INET:
5455 len = sizeof(struct sockaddr_in);
5456 break;
5457 case AF_INET6:
5458 len = sizeof(struct sockaddr_in6);
5459 break;
5460 default:
5461 return -EINVAL;
5462 }
5463
5464 if (walk_size + len > addrlen)
5465 return -EINVAL;
5466
5467 err = -EINVAL;
5468 switch (optname) {
5469
5470 case SCTP_PRIMARY_ADDR:
5471 case SCTP_SET_PEER_PRIMARY_ADDR:
5472 case SCTP_SOCKOPT_BINDX_ADD:
5473 err = selinux_socket_bind(sock, addr, len);
5474 break;
5475
5476 case SCTP_SOCKOPT_CONNECTX:
5477 case SCTP_PARAM_SET_PRIMARY:
5478 case SCTP_PARAM_ADD_IP:
5479 case SCTP_SENDMSG_CONNECT:
5480 err = selinux_socket_connect_helper(sock, addr, len);
5481 if (err)
5482 return err;
5483
5484
5485
5486
5487
5488
5489
5490
5491
5492
5493
5494
5495 err = selinux_netlbl_socket_connect_locked(sk, addr);
5496 break;
5497 }
5498
5499 if (err)
5500 return err;
5501
5502 addr_buf += len;
5503 walk_size += len;
5504 }
5505
5506 return 0;
5507}
5508
5509
5510static void selinux_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk,
5511 struct sock *newsk)
5512{
5513 struct sk_security_struct *sksec = sk->sk_security;
5514 struct sk_security_struct *newsksec = newsk->sk_security;
5515
5516
5517
5518
5519 if (!selinux_policycap_extsockclass())
5520 return selinux_sk_clone_security(sk, newsk);
5521
5522 newsksec->sid = ep->secid;
5523 newsksec->peer_sid = ep->peer_secid;
5524 newsksec->sclass = sksec->sclass;
5525 selinux_netlbl_sctp_sk_clone(sk, newsk);
5526}
5527
5528static int selinux_inet_conn_request(const struct sock *sk, struct sk_buff *skb,
5529 struct request_sock *req)
5530{
5531 struct sk_security_struct *sksec = sk->sk_security;
5532 int err;
5533 u16 family = req->rsk_ops->family;
5534 u32 connsid;
5535 u32 peersid;
5536
5537 err = selinux_skb_peerlbl_sid(skb, family, &peersid);
5538 if (err)
5539 return err;
5540 err = selinux_conn_sid(sksec->sid, peersid, &connsid);
5541 if (err)
5542 return err;
5543 req->secid = connsid;
5544 req->peer_secid = peersid;
5545
5546 return selinux_netlbl_inet_conn_request(req, family);
5547}
5548
5549static void selinux_inet_csk_clone(struct sock *newsk,
5550 const struct request_sock *req)
5551{
5552 struct sk_security_struct *newsksec = newsk->sk_security;
5553
5554 newsksec->sid = req->secid;
5555 newsksec->peer_sid = req->peer_secid;
5556
5557
5558
5559
5560
5561
5562
5563 selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
5564}
5565
5566static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
5567{
5568 u16 family = sk->sk_family;
5569 struct sk_security_struct *sksec = sk->sk_security;
5570
5571
5572 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
5573 family = PF_INET;
5574
5575 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
5576}
5577
5578static int selinux_secmark_relabel_packet(u32 sid)
5579{
5580 const struct task_security_struct *__tsec;
5581 u32 tsid;
5582
5583 __tsec = selinux_cred(current_cred());
5584 tsid = __tsec->sid;
5585
5586 return avc_has_perm(&selinux_state,
5587 tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO,
5588 NULL);
5589}
5590
5591static void selinux_secmark_refcount_inc(void)
5592{
5593 atomic_inc(&selinux_secmark_refcount);
5594}
5595
5596static void selinux_secmark_refcount_dec(void)
5597{
5598 atomic_dec(&selinux_secmark_refcount);
5599}
5600
5601static void selinux_req_classify_flow(const struct request_sock *req,
5602 struct flowi_common *flic)
5603{
5604 flic->flowic_secid = req->secid;
5605}
5606
5607static int selinux_tun_dev_alloc_security(void **security)
5608{
5609 struct tun_security_struct *tunsec;
5610
5611 tunsec = kzalloc(sizeof(*tunsec), GFP_KERNEL);
5612 if (!tunsec)
5613 return -ENOMEM;
5614 tunsec->sid = current_sid();
5615
5616 *security = tunsec;
5617 return 0;
5618}
5619
5620static void selinux_tun_dev_free_security(void *security)
5621{
5622 kfree(security);
5623}
5624
5625static int selinux_tun_dev_create(void)
5626{
5627 u32 sid = current_sid();
5628
5629
5630
5631
5632
5633
5634
5635
5636 return avc_has_perm(&selinux_state,
5637 sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
5638 NULL);
5639}
5640
5641static int selinux_tun_dev_attach_queue(void *security)
5642{
5643 struct tun_security_struct *tunsec = security;
5644
5645 return avc_has_perm(&selinux_state,
5646 current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET,
5647 TUN_SOCKET__ATTACH_QUEUE, NULL);
5648}
5649
5650static int selinux_tun_dev_attach(struct sock *sk, void *security)
5651{
5652 struct tun_security_struct *tunsec = security;
5653 struct sk_security_struct *sksec = sk->sk_security;
5654
5655
5656
5657
5658
5659
5660
5661
5662 sksec->sid = tunsec->sid;
5663 sksec->sclass = SECCLASS_TUN_SOCKET;
5664
5665 return 0;
5666}
5667
5668static int selinux_tun_dev_open(void *security)
5669{
5670 struct tun_security_struct *tunsec = security;
5671 u32 sid = current_sid();
5672 int err;
5673
5674 err = avc_has_perm(&selinux_state,
5675 sid, tunsec->sid, SECCLASS_TUN_SOCKET,
5676 TUN_SOCKET__RELABELFROM, NULL);
5677 if (err)
5678 return err;
5679 err = avc_has_perm(&selinux_state,
5680 sid, sid, SECCLASS_TUN_SOCKET,
5681 TUN_SOCKET__RELABELTO, NULL);
5682 if (err)
5683 return err;
5684 tunsec->sid = sid;
5685
5686 return 0;
5687}
5688
5689#ifdef CONFIG_NETFILTER
5690
5691static unsigned int selinux_ip_forward(struct sk_buff *skb,
5692 const struct net_device *indev,
5693 u16 family)
5694{
5695 int err;
5696 char *addrp;
5697 u32 peer_sid;
5698 struct common_audit_data ad;
5699 struct lsm_network_audit net = {0,};
5700 u8 secmark_active;
5701 u8 netlbl_active;
5702 u8 peerlbl_active;
5703
5704 if (!selinux_policycap_netpeer())
5705 return NF_ACCEPT;
5706
5707 secmark_active = selinux_secmark_enabled();
5708 netlbl_active = netlbl_enabled();
5709 peerlbl_active = selinux_peerlbl_enabled();
5710 if (!secmark_active && !peerlbl_active)
5711 return NF_ACCEPT;
5712
5713 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
5714 return NF_DROP;
5715
5716 ad.type = LSM_AUDIT_DATA_NET;
5717 ad.u.net = &net;
5718 ad.u.net->netif = indev->ifindex;
5719 ad.u.net->family = family;
5720 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
5721 return NF_DROP;
5722
5723 if (peerlbl_active) {
5724 err = selinux_inet_sys_rcv_skb(dev_net(indev), indev->ifindex,
5725 addrp, family, peer_sid, &ad);
5726 if (err) {
5727 selinux_netlbl_err(skb, family, err, 1);
5728 return NF_DROP;
5729 }
5730 }
5731
5732 if (secmark_active)
5733 if (avc_has_perm(&selinux_state,
5734 peer_sid, skb->secmark,
5735 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
5736 return NF_DROP;
5737
5738 if (netlbl_active)
5739
5740
5741
5742
5743 if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
5744 return NF_DROP;
5745
5746 return NF_ACCEPT;
5747}
5748
5749static unsigned int selinux_ipv4_forward(void *priv,
5750 struct sk_buff *skb,
5751 const struct nf_hook_state *state)
5752{
5753 return selinux_ip_forward(skb, state->in, PF_INET);
5754}
5755
5756#if IS_ENABLED(CONFIG_IPV6)
5757static unsigned int selinux_ipv6_forward(void *priv,
5758 struct sk_buff *skb,
5759 const struct nf_hook_state *state)
5760{
5761 return selinux_ip_forward(skb, state->in, PF_INET6);
5762}
5763#endif
5764
5765static unsigned int selinux_ip_output(struct sk_buff *skb,
5766 u16 family)
5767{
5768 struct sock *sk;
5769 u32 sid;
5770
5771 if (!netlbl_enabled())
5772 return NF_ACCEPT;
5773
5774
5775
5776
5777 sk = skb->sk;
5778 if (sk) {
5779 struct sk_security_struct *sksec;
5780
5781 if (sk_listener(sk))
5782
5783
5784
5785
5786
5787
5788
5789
5790
5791
5792
5793
5794 return NF_ACCEPT;
5795
5796
5797 sksec = sk->sk_security;
5798 sid = sksec->sid;
5799 } else
5800 sid = SECINITSID_KERNEL;
5801 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
5802 return NF_DROP;
5803
5804 return NF_ACCEPT;
5805}
5806
5807static unsigned int selinux_ipv4_output(void *priv,
5808 struct sk_buff *skb,
5809 const struct nf_hook_state *state)
5810{
5811 return selinux_ip_output(skb, PF_INET);
5812}
5813
5814#if IS_ENABLED(CONFIG_IPV6)
5815static unsigned int selinux_ipv6_output(void *priv,
5816 struct sk_buff *skb,
5817 const struct nf_hook_state *state)
5818{
5819 return selinux_ip_output(skb, PF_INET6);
5820}
5821#endif
5822
5823static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
5824 int ifindex,
5825 u16 family)
5826{
5827 struct sock *sk = skb_to_full_sk(skb);
5828 struct sk_security_struct *sksec;
5829 struct common_audit_data ad;
5830 struct lsm_network_audit net = {0,};
5831 char *addrp;
5832 u8 proto;
5833
5834 if (sk == NULL)
5835 return NF_ACCEPT;
5836 sksec = sk->sk_security;
5837
5838 ad.type = LSM_AUDIT_DATA_NET;
5839 ad.u.net = &net;
5840 ad.u.net->netif = ifindex;
5841 ad.u.net->family = family;
5842 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
5843 return NF_DROP;
5844
5845 if (selinux_secmark_enabled())
5846 if (avc_has_perm(&selinux_state,
5847 sksec->sid, skb->secmark,
5848 SECCLASS_PACKET, PACKET__SEND, &ad))
5849 return NF_DROP_ERR(-ECONNREFUSED);
5850
5851 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
5852 return NF_DROP_ERR(-ECONNREFUSED);
5853
5854 return NF_ACCEPT;
5855}
5856
5857static unsigned int selinux_ip_postroute(struct sk_buff *skb,
5858 const struct net_device *outdev,
5859 u16 family)
5860{
5861 u32 secmark_perm;
5862 u32 peer_sid;
5863 int ifindex = outdev->ifindex;
5864 struct sock *sk;
5865 struct common_audit_data ad;
5866 struct lsm_network_audit net = {0,};
5867 char *addrp;
5868 u8 secmark_active;
5869 u8 peerlbl_active;
5870
5871
5872
5873
5874
5875 if (!selinux_policycap_netpeer())
5876 return selinux_ip_postroute_compat(skb, ifindex, family);
5877
5878 secmark_active = selinux_secmark_enabled();
5879 peerlbl_active = selinux_peerlbl_enabled();
5880 if (!secmark_active && !peerlbl_active)
5881 return NF_ACCEPT;
5882
5883 sk = skb_to_full_sk(skb);
5884
5885#ifdef CONFIG_XFRM
5886
5887
5888
5889
5890
5891
5892
5893
5894
5895
5896
5897 if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL &&
5898 !(sk && sk_listener(sk)))
5899 return NF_ACCEPT;
5900#endif
5901
5902 if (sk == NULL) {
5903
5904
5905
5906
5907 if (skb->skb_iif) {
5908 secmark_perm = PACKET__FORWARD_OUT;
5909 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
5910 return NF_DROP;
5911 } else {
5912 secmark_perm = PACKET__SEND;
5913 peer_sid = SECINITSID_KERNEL;
5914 }
5915 } else if (sk_listener(sk)) {
5916
5917
5918
5919
5920
5921
5922
5923
5924
5925 u32 skb_sid;
5926 struct sk_security_struct *sksec;
5927
5928 sksec = sk->sk_security;
5929 if (selinux_skb_peerlbl_sid(skb, family, &skb_sid))
5930 return NF_DROP;
5931
5932
5933
5934
5935
5936
5937 if (skb_sid == SECSID_NULL) {
5938 switch (family) {
5939 case PF_INET:
5940 if (IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED)
5941 return NF_ACCEPT;
5942 break;
5943 case PF_INET6:
5944 if (IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED)
5945 return NF_ACCEPT;
5946 break;
5947 default:
5948 return NF_DROP_ERR(-ECONNREFUSED);
5949 }
5950 }
5951 if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid))
5952 return NF_DROP;
5953 secmark_perm = PACKET__SEND;
5954 } else {
5955
5956
5957 struct sk_security_struct *sksec = sk->sk_security;
5958 peer_sid = sksec->sid;
5959 secmark_perm = PACKET__SEND;
5960 }
5961
5962 ad.type = LSM_AUDIT_DATA_NET;
5963 ad.u.net = &net;
5964 ad.u.net->netif = ifindex;
5965 ad.u.net->family = family;
5966 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
5967 return NF_DROP;
5968
5969 if (secmark_active)
5970 if (avc_has_perm(&selinux_state,
5971 peer_sid, skb->secmark,
5972 SECCLASS_PACKET, secmark_perm, &ad))
5973 return NF_DROP_ERR(-ECONNREFUSED);
5974
5975 if (peerlbl_active) {
5976 u32 if_sid;
5977 u32 node_sid;
5978
5979 if (sel_netif_sid(dev_net(outdev), ifindex, &if_sid))
5980 return NF_DROP;
5981 if (avc_has_perm(&selinux_state,
5982 peer_sid, if_sid,
5983 SECCLASS_NETIF, NETIF__EGRESS, &ad))
5984 return NF_DROP_ERR(-ECONNREFUSED);
5985
5986 if (sel_netnode_sid(addrp, family, &node_sid))
5987 return NF_DROP;
5988 if (avc_has_perm(&selinux_state,
5989 peer_sid, node_sid,
5990 SECCLASS_NODE, NODE__SENDTO, &ad))
5991 return NF_DROP_ERR(-ECONNREFUSED);
5992 }
5993
5994 return NF_ACCEPT;
5995}
5996
5997static unsigned int selinux_ipv4_postroute(void *priv,
5998 struct sk_buff *skb,
5999 const struct nf_hook_state *state)
6000{
6001 return selinux_ip_postroute(skb, state->out, PF_INET);
6002}
6003
6004#if IS_ENABLED(CONFIG_IPV6)
6005static unsigned int selinux_ipv6_postroute(void *priv,
6006 struct sk_buff *skb,
6007 const struct nf_hook_state *state)
6008{
6009 return selinux_ip_postroute(skb, state->out, PF_INET6);
6010}
6011#endif
6012
6013#endif
6014
6015static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
6016{
6017 int rc = 0;
6018 unsigned int msg_len;
6019 unsigned int data_len = skb->len;
6020 unsigned char *data = skb->data;
6021 struct nlmsghdr *nlh;
6022 struct sk_security_struct *sksec = sk->sk_security;
6023 u16 sclass = sksec->sclass;
6024 u32 perm;
6025
6026 while (data_len >= nlmsg_total_size(0)) {
6027 nlh = (struct nlmsghdr *)data;
6028
6029
6030
6031
6032
6033
6034
6035 if (nlh->nlmsg_len < NLMSG_HDRLEN || nlh->nlmsg_len > data_len)
6036 return 0;
6037
6038 rc = selinux_nlmsg_lookup(sclass, nlh->nlmsg_type, &perm);
6039 if (rc == 0) {
6040 rc = sock_has_perm(sk, perm);
6041 if (rc)
6042 return rc;
6043 } else if (rc == -EINVAL) {
6044
6045 pr_warn_ratelimited("SELinux: unrecognized netlink"
6046 " message: protocol=%hu nlmsg_type=%hu sclass=%s"
6047 " pid=%d comm=%s\n",
6048 sk->sk_protocol, nlh->nlmsg_type,
6049 secclass_map[sclass - 1].name,
6050 task_pid_nr(current), current->comm);
6051 if (enforcing_enabled(&selinux_state) &&
6052 !security_get_allow_unknown(&selinux_state))
6053 return rc;
6054 rc = 0;
6055 } else if (rc == -ENOENT) {
6056
6057 rc = 0;
6058 } else {
6059 return rc;
6060 }
6061
6062
6063 msg_len = NLMSG_ALIGN(nlh->nlmsg_len);
6064 if (msg_len >= data_len)
6065 return 0;
6066 data_len -= msg_len;
6067 data += msg_len;
6068 }
6069
6070 return rc;
6071}
6072
6073static void ipc_init_security(struct ipc_security_struct *isec, u16 sclass)
6074{
6075 isec->sclass = sclass;
6076 isec->sid = current_sid();
6077}
6078
6079static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
6080 u32 perms)
6081{
6082 struct ipc_security_struct *isec;
6083 struct common_audit_data ad;
6084 u32 sid = current_sid();
6085
6086 isec = selinux_ipc(ipc_perms);
6087
6088 ad.type = LSM_AUDIT_DATA_IPC;
6089 ad.u.ipc_id = ipc_perms->key;
6090
6091 return avc_has_perm(&selinux_state,
6092 sid, isec->sid, isec->sclass, perms, &ad);
6093}
6094
6095static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
6096{
6097 struct msg_security_struct *msec;
6098
6099 msec = selinux_msg_msg(msg);
6100 msec->sid = SECINITSID_UNLABELED;
6101
6102 return 0;
6103}
6104
6105
6106static int selinux_msg_queue_alloc_security(struct kern_ipc_perm *msq)
6107{
6108 struct ipc_security_struct *isec;
6109 struct common_audit_data ad;
6110 u32 sid = current_sid();
6111 int rc;
6112
6113 isec = selinux_ipc(msq);
6114 ipc_init_security(isec, SECCLASS_MSGQ);
6115
6116 ad.type = LSM_AUDIT_DATA_IPC;
6117 ad.u.ipc_id = msq->key;
6118
6119 rc = avc_has_perm(&selinux_state,
6120 sid, isec->sid, SECCLASS_MSGQ,
6121 MSGQ__CREATE, &ad);
6122 return rc;
6123}
6124
6125static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg)
6126{
6127 struct ipc_security_struct *isec;
6128 struct common_audit_data ad;
6129 u32 sid = current_sid();
6130
6131 isec = selinux_ipc(msq);
6132
6133 ad.type = LSM_AUDIT_DATA_IPC;
6134 ad.u.ipc_id = msq->key;
6135
6136 return avc_has_perm(&selinux_state,
6137 sid, isec->sid, SECCLASS_MSGQ,
6138 MSGQ__ASSOCIATE, &ad);
6139}
6140
6141static int selinux_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd)
6142{
6143 int err;
6144 int perms;
6145
6146 switch (cmd) {
6147 case IPC_INFO:
6148 case MSG_INFO:
6149
6150 return avc_has_perm(&selinux_state,
6151 current_sid(), SECINITSID_KERNEL,
6152 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
6153 case IPC_STAT:
6154 case MSG_STAT:
6155 case MSG_STAT_ANY:
6156 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
6157 break;
6158 case IPC_SET:
6159 perms = MSGQ__SETATTR;
6160 break;
6161 case IPC_RMID:
6162 perms = MSGQ__DESTROY;
6163 break;
6164 default:
6165 return 0;
6166 }
6167
6168 err = ipc_has_perm(msq, perms);
6169 return err;
6170}
6171
6172static int selinux_msg_queue_msgsnd(struct kern_ipc_perm *msq, struct msg_msg *msg, int msqflg)
6173{
6174 struct ipc_security_struct *isec;
6175 struct msg_security_struct *msec;
6176 struct common_audit_data ad;
6177 u32 sid = current_sid();
6178 int rc;
6179
6180 isec = selinux_ipc(msq);
6181 msec = selinux_msg_msg(msg);
6182
6183
6184
6185
6186 if (msec->sid == SECINITSID_UNLABELED) {
6187
6188
6189
6190
6191 rc = security_transition_sid(&selinux_state, sid, isec->sid,
6192 SECCLASS_MSG, NULL, &msec->sid);
6193 if (rc)
6194 return rc;
6195 }
6196
6197 ad.type = LSM_AUDIT_DATA_IPC;
6198 ad.u.ipc_id = msq->key;
6199
6200
6201 rc = avc_has_perm(&selinux_state,
6202 sid, isec->sid, SECCLASS_MSGQ,
6203 MSGQ__WRITE, &ad);
6204 if (!rc)
6205
6206 rc = avc_has_perm(&selinux_state,
6207 sid, msec->sid, SECCLASS_MSG,
6208 MSG__SEND, &ad);
6209 if (!rc)
6210
6211 rc = avc_has_perm(&selinux_state,
6212 msec->sid, isec->sid, SECCLASS_MSGQ,
6213 MSGQ__ENQUEUE, &ad);
6214
6215 return rc;
6216}
6217
6218static int selinux_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg,
6219 struct task_struct *target,
6220 long type, int mode)
6221{
6222 struct ipc_security_struct *isec;
6223 struct msg_security_struct *msec;
6224 struct common_audit_data ad;
6225 u32 sid = task_sid_obj(target);
6226 int rc;
6227
6228 isec = selinux_ipc(msq);
6229 msec = selinux_msg_msg(msg);
6230
6231 ad.type = LSM_AUDIT_DATA_IPC;
6232 ad.u.ipc_id = msq->key;
6233
6234 rc = avc_has_perm(&selinux_state,
6235 sid, isec->sid,
6236 SECCLASS_MSGQ, MSGQ__READ, &ad);
6237 if (!rc)
6238 rc = avc_has_perm(&selinux_state,
6239 sid, msec->sid,
6240 SECCLASS_MSG, MSG__RECEIVE, &ad);
6241 return rc;
6242}
6243
6244
6245static int selinux_shm_alloc_security(struct kern_ipc_perm *shp)
6246{
6247 struct ipc_security_struct *isec;
6248 struct common_audit_data ad;
6249 u32 sid = current_sid();
6250 int rc;
6251
6252 isec = selinux_ipc(shp);
6253 ipc_init_security(isec, SECCLASS_SHM);
6254
6255 ad.type = LSM_AUDIT_DATA_IPC;
6256 ad.u.ipc_id = shp->key;
6257
6258 rc = avc_has_perm(&selinux_state,
6259 sid, isec->sid, SECCLASS_SHM,
6260 SHM__CREATE, &ad);
6261 return rc;
6262}
6263
6264static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg)
6265{
6266 struct ipc_security_struct *isec;
6267 struct common_audit_data ad;
6268 u32 sid = current_sid();
6269
6270 isec = selinux_ipc(shp);
6271
6272 ad.type = LSM_AUDIT_DATA_IPC;
6273 ad.u.ipc_id = shp->key;
6274
6275 return avc_has_perm(&selinux_state,
6276 sid, isec->sid, SECCLASS_SHM,
6277 SHM__ASSOCIATE, &ad);
6278}
6279
6280
6281static int selinux_shm_shmctl(struct kern_ipc_perm *shp, int cmd)
6282{
6283 int perms;
6284 int err;
6285
6286 switch (cmd) {
6287 case IPC_INFO:
6288 case SHM_INFO:
6289
6290 return avc_has_perm(&selinux_state,
6291 current_sid(), SECINITSID_KERNEL,
6292 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
6293 case IPC_STAT:
6294 case SHM_STAT:
6295 case SHM_STAT_ANY:
6296 perms = SHM__GETATTR | SHM__ASSOCIATE;
6297 break;
6298 case IPC_SET:
6299 perms = SHM__SETATTR;
6300 break;
6301 case SHM_LOCK:
6302 case SHM_UNLOCK:
6303 perms = SHM__LOCK;
6304 break;
6305 case IPC_RMID:
6306 perms = SHM__DESTROY;
6307 break;
6308 default:
6309 return 0;
6310 }
6311
6312 err = ipc_has_perm(shp, perms);
6313 return err;
6314}
6315
6316static int selinux_shm_shmat(struct kern_ipc_perm *shp,
6317 char __user *shmaddr, int shmflg)
6318{
6319 u32 perms;
6320
6321 if (shmflg & SHM_RDONLY)
6322 perms = SHM__READ;
6323 else
6324 perms = SHM__READ | SHM__WRITE;
6325
6326 return ipc_has_perm(shp, perms);
6327}
6328
6329
6330static int selinux_sem_alloc_security(struct kern_ipc_perm *sma)
6331{
6332 struct ipc_security_struct *isec;
6333 struct common_audit_data ad;
6334 u32 sid = current_sid();
6335 int rc;
6336
6337 isec = selinux_ipc(sma);
6338 ipc_init_security(isec, SECCLASS_SEM);
6339
6340 ad.type = LSM_AUDIT_DATA_IPC;
6341 ad.u.ipc_id = sma->key;
6342
6343 rc = avc_has_perm(&selinux_state,
6344 sid, isec->sid, SECCLASS_SEM,
6345 SEM__CREATE, &ad);
6346 return rc;
6347}
6348
6349static int selinux_sem_associate(struct kern_ipc_perm *sma, int semflg)
6350{
6351 struct ipc_security_struct *isec;
6352 struct common_audit_data ad;
6353 u32 sid = current_sid();
6354
6355 isec = selinux_ipc(sma);
6356
6357 ad.type = LSM_AUDIT_DATA_IPC;
6358 ad.u.ipc_id = sma->key;
6359
6360 return avc_has_perm(&selinux_state,
6361 sid, isec->sid, SECCLASS_SEM,
6362 SEM__ASSOCIATE, &ad);
6363}
6364
6365
6366static int selinux_sem_semctl(struct kern_ipc_perm *sma, int cmd)
6367{
6368 int err;
6369 u32 perms;
6370
6371 switch (cmd) {
6372 case IPC_INFO:
6373 case SEM_INFO:
6374
6375 return avc_has_perm(&selinux_state,
6376 current_sid(), SECINITSID_KERNEL,
6377 SECCLASS_SYSTEM, SYSTEM__IPC_INFO, NULL);
6378 case GETPID:
6379 case GETNCNT:
6380 case GETZCNT:
6381 perms = SEM__GETATTR;
6382 break;
6383 case GETVAL:
6384 case GETALL:
6385 perms = SEM__READ;
6386 break;
6387 case SETVAL:
6388 case SETALL:
6389 perms = SEM__WRITE;
6390 break;
6391 case IPC_RMID:
6392 perms = SEM__DESTROY;
6393 break;
6394 case IPC_SET:
6395 perms = SEM__SETATTR;
6396 break;
6397 case IPC_STAT:
6398 case SEM_STAT:
6399 case SEM_STAT_ANY:
6400 perms = SEM__GETATTR | SEM__ASSOCIATE;
6401 break;
6402 default:
6403 return 0;
6404 }
6405
6406 err = ipc_has_perm(sma, perms);
6407 return err;
6408}
6409
6410static int selinux_sem_semop(struct kern_ipc_perm *sma,
6411 struct sembuf *sops, unsigned nsops, int alter)
6412{
6413 u32 perms;
6414
6415 if (alter)
6416 perms = SEM__READ | SEM__WRITE;
6417 else
6418 perms = SEM__READ;
6419
6420 return ipc_has_perm(sma, perms);
6421}
6422
6423static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
6424{
6425 u32 av = 0;
6426
6427 av = 0;
6428 if (flag & S_IRUGO)
6429 av |= IPC__UNIX_READ;
6430 if (flag & S_IWUGO)
6431 av |= IPC__UNIX_WRITE;
6432
6433 if (av == 0)
6434 return 0;
6435
6436 return ipc_has_perm(ipcp, av);
6437}
6438
6439static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
6440{
6441 struct ipc_security_struct *isec = selinux_ipc(ipcp);
6442 *secid = isec->sid;
6443}
6444
6445static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
6446{
6447 if (inode)
6448 inode_doinit_with_dentry(inode, dentry);
6449}
6450
6451static int selinux_getprocattr(struct task_struct *p,
6452 char *name, char **value)
6453{
6454 const struct task_security_struct *__tsec;
6455 u32 sid;
6456 int error;
6457 unsigned len;
6458
6459 rcu_read_lock();
6460 __tsec = selinux_cred(__task_cred(p));
6461
6462 if (current != p) {
6463 error = avc_has_perm(&selinux_state,
6464 current_sid(), __tsec->sid,
6465 SECCLASS_PROCESS, PROCESS__GETATTR, NULL);
6466 if (error)
6467 goto bad;
6468 }
6469
6470 if (!strcmp(name, "current"))
6471 sid = __tsec->sid;
6472 else if (!strcmp(name, "prev"))
6473 sid = __tsec->osid;
6474 else if (!strcmp(name, "exec"))
6475 sid = __tsec->exec_sid;
6476 else if (!strcmp(name, "fscreate"))
6477 sid = __tsec->create_sid;
6478 else if (!strcmp(name, "keycreate"))
6479 sid = __tsec->keycreate_sid;
6480 else if (!strcmp(name, "sockcreate"))
6481 sid = __tsec->sockcreate_sid;
6482 else {
6483 error = -EINVAL;
6484 goto bad;
6485 }
6486 rcu_read_unlock();
6487
6488 if (!sid)
6489 return 0;
6490
6491 error = security_sid_to_context(&selinux_state, sid, value, &len);
6492 if (error)
6493 return error;
6494 return len;
6495
6496bad:
6497 rcu_read_unlock();
6498 return error;
6499}
6500
6501static int selinux_setprocattr(const char *name, void *value, size_t size)
6502{
6503 struct task_security_struct *tsec;
6504 struct cred *new;
6505 u32 mysid = current_sid(), sid = 0, ptsid;
6506 int error;
6507 char *str = value;
6508
6509
6510
6511
6512 if (!strcmp(name, "exec"))
6513 error = avc_has_perm(&selinux_state,
6514 mysid, mysid, SECCLASS_PROCESS,
6515 PROCESS__SETEXEC, NULL);
6516 else if (!strcmp(name, "fscreate"))
6517 error = avc_has_perm(&selinux_state,
6518 mysid, mysid, SECCLASS_PROCESS,
6519 PROCESS__SETFSCREATE, NULL);
6520 else if (!strcmp(name, "keycreate"))
6521 error = avc_has_perm(&selinux_state,
6522 mysid, mysid, SECCLASS_PROCESS,
6523 PROCESS__SETKEYCREATE, NULL);
6524 else if (!strcmp(name, "sockcreate"))
6525 error = avc_has_perm(&selinux_state,
6526 mysid, mysid, SECCLASS_PROCESS,
6527 PROCESS__SETSOCKCREATE, NULL);
6528 else if (!strcmp(name, "current"))
6529 error = avc_has_perm(&selinux_state,
6530 mysid, mysid, SECCLASS_PROCESS,
6531 PROCESS__SETCURRENT, NULL);
6532 else
6533 error = -EINVAL;
6534 if (error)
6535 return error;
6536
6537
6538 if (size && str[0] && str[0] != '\n') {
6539 if (str[size-1] == '\n') {
6540 str[size-1] = 0;
6541 size--;
6542 }
6543 error = security_context_to_sid(&selinux_state, value, size,
6544 &sid, GFP_KERNEL);
6545 if (error == -EINVAL && !strcmp(name, "fscreate")) {
6546 if (!has_cap_mac_admin(true)) {
6547 struct audit_buffer *ab;
6548 size_t audit_size;
6549
6550
6551
6552 if (str[size - 1] == '\0')
6553 audit_size = size - 1;
6554 else
6555 audit_size = size;
6556 ab = audit_log_start(audit_context(),
6557 GFP_ATOMIC,
6558 AUDIT_SELINUX_ERR);
6559 if (!ab)
6560 return error;
6561 audit_log_format(ab, "op=fscreate invalid_context=");
6562 audit_log_n_untrustedstring(ab, value, audit_size);
6563 audit_log_end(ab);
6564
6565 return error;
6566 }
6567 error = security_context_to_sid_force(
6568 &selinux_state,
6569 value, size, &sid);
6570 }
6571 if (error)
6572 return error;
6573 }
6574
6575 new = prepare_creds();
6576 if (!new)
6577 return -ENOMEM;
6578
6579
6580
6581
6582
6583
6584
6585 tsec = selinux_cred(new);
6586 if (!strcmp(name, "exec")) {
6587 tsec->exec_sid = sid;
6588 } else if (!strcmp(name, "fscreate")) {
6589 tsec->create_sid = sid;
6590 } else if (!strcmp(name, "keycreate")) {
6591 if (sid) {
6592 error = avc_has_perm(&selinux_state, mysid, sid,
6593 SECCLASS_KEY, KEY__CREATE, NULL);
6594 if (error)
6595 goto abort_change;
6596 }
6597 tsec->keycreate_sid = sid;
6598 } else if (!strcmp(name, "sockcreate")) {
6599 tsec->sockcreate_sid = sid;
6600 } else if (!strcmp(name, "current")) {
6601 error = -EINVAL;
6602 if (sid == 0)
6603 goto abort_change;
6604
6605
6606 error = -EPERM;
6607 if (!current_is_single_threaded()) {
6608 error = security_bounded_transition(&selinux_state,
6609 tsec->sid, sid);
6610 if (error)
6611 goto abort_change;
6612 }
6613
6614
6615 error = avc_has_perm(&selinux_state,
6616 tsec->sid, sid, SECCLASS_PROCESS,
6617 PROCESS__DYNTRANSITION, NULL);
6618 if (error)
6619 goto abort_change;
6620
6621
6622
6623 ptsid = ptrace_parent_sid();
6624 if (ptsid != 0) {
6625 error = avc_has_perm(&selinux_state,
6626 ptsid, sid, SECCLASS_PROCESS,
6627 PROCESS__PTRACE, NULL);
6628 if (error)
6629 goto abort_change;
6630 }
6631
6632 tsec->sid = sid;
6633 } else {
6634 error = -EINVAL;
6635 goto abort_change;
6636 }
6637
6638 commit_creds(new);
6639 return size;
6640
6641abort_change:
6642 abort_creds(new);
6643 return error;
6644}
6645
6646static int selinux_ismaclabel(const char *name)
6647{
6648 return (strcmp(name, XATTR_SELINUX_SUFFIX) == 0);
6649}
6650
6651static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
6652{
6653 return security_sid_to_context(&selinux_state, secid,
6654 secdata, seclen);
6655}
6656
6657static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
6658{
6659 return security_context_to_sid(&selinux_state, secdata, seclen,
6660 secid, GFP_KERNEL);
6661}
6662
6663static void selinux_release_secctx(char *secdata, u32 seclen)
6664{
6665 kfree(secdata);
6666}
6667
6668static void selinux_inode_invalidate_secctx(struct inode *inode)
6669{
6670 struct inode_security_struct *isec = selinux_inode(inode);
6671
6672 spin_lock(&isec->lock);
6673 isec->initialized = LABEL_INVALID;
6674 spin_unlock(&isec->lock);
6675}
6676
6677
6678
6679
6680static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
6681{
6682 int rc = selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX,
6683 ctx, ctxlen, 0);
6684
6685 return rc == -EOPNOTSUPP ? 0 : rc;
6686}
6687
6688
6689
6690
6691static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
6692{
6693 return __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_SELINUX,
6694 ctx, ctxlen, 0);
6695}
6696
6697static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
6698{
6699 int len = 0;
6700 len = selinux_inode_getsecurity(&init_user_ns, inode,
6701 XATTR_SELINUX_SUFFIX, ctx, true);
6702 if (len < 0)
6703 return len;
6704 *ctxlen = len;
6705 return 0;
6706}
6707#ifdef CONFIG_KEYS
6708
6709static int selinux_key_alloc(struct key *k, const struct cred *cred,
6710 unsigned long flags)
6711{
6712 const struct task_security_struct *tsec;
6713 struct key_security_struct *ksec;
6714
6715 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
6716 if (!ksec)
6717 return -ENOMEM;
6718
6719 tsec = selinux_cred(cred);
6720 if (tsec->keycreate_sid)
6721 ksec->sid = tsec->keycreate_sid;
6722 else
6723 ksec->sid = tsec->sid;
6724
6725 k->security = ksec;
6726 return 0;
6727}
6728
6729static void selinux_key_free(struct key *k)
6730{
6731 struct key_security_struct *ksec = k->security;
6732
6733 k->security = NULL;
6734 kfree(ksec);
6735}
6736
6737static int selinux_key_permission(key_ref_t key_ref,
6738 const struct cred *cred,
6739 enum key_need_perm need_perm)
6740{
6741 struct key *key;
6742 struct key_security_struct *ksec;
6743 u32 perm, sid;
6744
6745 switch (need_perm) {
6746 case KEY_NEED_VIEW:
6747 perm = KEY__VIEW;
6748 break;
6749 case KEY_NEED_READ:
6750 perm = KEY__READ;
6751 break;
6752 case KEY_NEED_WRITE:
6753 perm = KEY__WRITE;
6754 break;
6755 case KEY_NEED_SEARCH:
6756 perm = KEY__SEARCH;
6757 break;
6758 case KEY_NEED_LINK:
6759 perm = KEY__LINK;
6760 break;
6761 case KEY_NEED_SETATTR:
6762 perm = KEY__SETATTR;
6763 break;
6764 case KEY_NEED_UNLINK:
6765 case KEY_SYSADMIN_OVERRIDE:
6766 case KEY_AUTHTOKEN_OVERRIDE:
6767 case KEY_DEFER_PERM_CHECK:
6768 return 0;
6769 default:
6770 WARN_ON(1);
6771 return -EPERM;
6772
6773 }
6774
6775 sid = cred_sid(cred);
6776 key = key_ref_to_ptr(key_ref);
6777 ksec = key->security;
6778
6779 return avc_has_perm(&selinux_state,
6780 sid, ksec->sid, SECCLASS_KEY, perm, NULL);
6781}
6782
6783static int selinux_key_getsecurity(struct key *key, char **_buffer)
6784{
6785 struct key_security_struct *ksec = key->security;
6786 char *context = NULL;
6787 unsigned len;
6788 int rc;
6789
6790 rc = security_sid_to_context(&selinux_state, ksec->sid,
6791 &context, &len);
6792 if (!rc)
6793 rc = len;
6794 *_buffer = context;
6795 return rc;
6796}
6797
6798#ifdef CONFIG_KEY_NOTIFICATIONS
6799static int selinux_watch_key(struct key *key)
6800{
6801 struct key_security_struct *ksec = key->security;
6802 u32 sid = current_sid();
6803
6804 return avc_has_perm(&selinux_state,
6805 sid, ksec->sid, SECCLASS_KEY, KEY__VIEW, NULL);
6806}
6807#endif
6808#endif
6809
6810#ifdef CONFIG_SECURITY_INFINIBAND
6811static int selinux_ib_pkey_access(void *ib_sec, u64 subnet_prefix, u16 pkey_val)
6812{
6813 struct common_audit_data ad;
6814 int err;
6815 u32 sid = 0;
6816 struct ib_security_struct *sec = ib_sec;
6817 struct lsm_ibpkey_audit ibpkey;
6818
6819 err = sel_ib_pkey_sid(subnet_prefix, pkey_val, &sid);
6820 if (err)
6821 return err;
6822
6823 ad.type = LSM_AUDIT_DATA_IBPKEY;
6824 ibpkey.subnet_prefix = subnet_prefix;
6825 ibpkey.pkey = pkey_val;
6826 ad.u.ibpkey = &ibpkey;
6827 return avc_has_perm(&selinux_state,
6828 sec->sid, sid,
6829 SECCLASS_INFINIBAND_PKEY,
6830 INFINIBAND_PKEY__ACCESS, &ad);
6831}
6832
6833static int selinux_ib_endport_manage_subnet(void *ib_sec, const char *dev_name,
6834 u8 port_num)
6835{
6836 struct common_audit_data ad;
6837 int err;
6838 u32 sid = 0;
6839 struct ib_security_struct *sec = ib_sec;
6840 struct lsm_ibendport_audit ibendport;
6841
6842 err = security_ib_endport_sid(&selinux_state, dev_name, port_num,
6843 &sid);
6844
6845 if (err)
6846 return err;
6847
6848 ad.type = LSM_AUDIT_DATA_IBENDPORT;
6849 ibendport.dev_name = dev_name;
6850 ibendport.port = port_num;
6851 ad.u.ibendport = &ibendport;
6852 return avc_has_perm(&selinux_state,
6853 sec->sid, sid,
6854 SECCLASS_INFINIBAND_ENDPORT,
6855 INFINIBAND_ENDPORT__MANAGE_SUBNET, &ad);
6856}
6857
6858static int selinux_ib_alloc_security(void **ib_sec)
6859{
6860 struct ib_security_struct *sec;
6861
6862 sec = kzalloc(sizeof(*sec), GFP_KERNEL);
6863 if (!sec)
6864 return -ENOMEM;
6865 sec->sid = current_sid();
6866
6867 *ib_sec = sec;
6868 return 0;
6869}
6870
6871static void selinux_ib_free_security(void *ib_sec)
6872{
6873 kfree(ib_sec);
6874}
6875#endif
6876
6877#ifdef CONFIG_BPF_SYSCALL
6878static int selinux_bpf(int cmd, union bpf_attr *attr,
6879 unsigned int size)
6880{
6881 u32 sid = current_sid();
6882 int ret;
6883
6884 switch (cmd) {
6885 case BPF_MAP_CREATE:
6886 ret = avc_has_perm(&selinux_state,
6887 sid, sid, SECCLASS_BPF, BPF__MAP_CREATE,
6888 NULL);
6889 break;
6890 case BPF_PROG_LOAD:
6891 ret = avc_has_perm(&selinux_state,
6892 sid, sid, SECCLASS_BPF, BPF__PROG_LOAD,
6893 NULL);
6894 break;
6895 default:
6896 ret = 0;
6897 break;
6898 }
6899
6900 return ret;
6901}
6902
6903static u32 bpf_map_fmode_to_av(fmode_t fmode)
6904{
6905 u32 av = 0;
6906
6907 if (fmode & FMODE_READ)
6908 av |= BPF__MAP_READ;
6909 if (fmode & FMODE_WRITE)
6910 av |= BPF__MAP_WRITE;
6911 return av;
6912}
6913
6914
6915
6916
6917
6918
6919
6920
6921
6922static int bpf_fd_pass(struct file *file, u32 sid)
6923{
6924 struct bpf_security_struct *bpfsec;
6925 struct bpf_prog *prog;
6926 struct bpf_map *map;
6927 int ret;
6928
6929 if (file->f_op == &bpf_map_fops) {
6930 map = file->private_data;
6931 bpfsec = map->security;
6932 ret = avc_has_perm(&selinux_state,
6933 sid, bpfsec->sid, SECCLASS_BPF,
6934 bpf_map_fmode_to_av(file->f_mode), NULL);
6935 if (ret)
6936 return ret;
6937 } else if (file->f_op == &bpf_prog_fops) {
6938 prog = file->private_data;
6939 bpfsec = prog->aux->security;
6940 ret = avc_has_perm(&selinux_state,
6941 sid, bpfsec->sid, SECCLASS_BPF,
6942 BPF__PROG_RUN, NULL);
6943 if (ret)
6944 return ret;
6945 }
6946 return 0;
6947}
6948
6949static int selinux_bpf_map(struct bpf_map *map, fmode_t fmode)
6950{
6951 u32 sid = current_sid();
6952 struct bpf_security_struct *bpfsec;
6953
6954 bpfsec = map->security;
6955 return avc_has_perm(&selinux_state,
6956 sid, bpfsec->sid, SECCLASS_BPF,
6957 bpf_map_fmode_to_av(fmode), NULL);
6958}
6959
6960static int selinux_bpf_prog(struct bpf_prog *prog)
6961{
6962 u32 sid = current_sid();
6963 struct bpf_security_struct *bpfsec;
6964
6965 bpfsec = prog->aux->security;
6966 return avc_has_perm(&selinux_state,
6967 sid, bpfsec->sid, SECCLASS_BPF,
6968 BPF__PROG_RUN, NULL);
6969}
6970
6971static int selinux_bpf_map_alloc(struct bpf_map *map)
6972{
6973 struct bpf_security_struct *bpfsec;
6974
6975 bpfsec = kzalloc(sizeof(*bpfsec), GFP_KERNEL);
6976 if (!bpfsec)
6977 return -ENOMEM;
6978
6979 bpfsec->sid = current_sid();
6980 map->security = bpfsec;
6981
6982 return 0;
6983}
6984
6985static void selinux_bpf_map_free(struct bpf_map *map)
6986{
6987 struct bpf_security_struct *bpfsec = map->security;
6988
6989 map->security = NULL;
6990 kfree(bpfsec);
6991}
6992
6993static int selinux_bpf_prog_alloc(struct bpf_prog_aux *aux)
6994{
6995 struct bpf_security_struct *bpfsec;
6996
6997 bpfsec = kzalloc(sizeof(*bpfsec), GFP_KERNEL);
6998 if (!bpfsec)
6999 return -ENOMEM;
7000
7001 bpfsec->sid = current_sid();
7002 aux->security = bpfsec;
7003
7004 return 0;
7005}
7006
7007static void selinux_bpf_prog_free(struct bpf_prog_aux *aux)
7008{
7009 struct bpf_security_struct *bpfsec = aux->security;
7010
7011 aux->security = NULL;
7012 kfree(bpfsec);
7013}
7014#endif
7015
7016static int selinux_lockdown(enum lockdown_reason what)
7017{
7018 struct common_audit_data ad;
7019 u32 sid = current_sid();
7020 int invalid_reason = (what <= LOCKDOWN_NONE) ||
7021 (what == LOCKDOWN_INTEGRITY_MAX) ||
7022 (what >= LOCKDOWN_CONFIDENTIALITY_MAX);
7023
7024 if (WARN(invalid_reason, "Invalid lockdown reason")) {
7025 audit_log(audit_context(),
7026 GFP_ATOMIC, AUDIT_SELINUX_ERR,
7027 "lockdown_reason=invalid");
7028 return -EINVAL;
7029 }
7030
7031 ad.type = LSM_AUDIT_DATA_LOCKDOWN;
7032 ad.u.reason = what;
7033
7034 if (what <= LOCKDOWN_INTEGRITY_MAX)
7035 return avc_has_perm(&selinux_state,
7036 sid, sid, SECCLASS_LOCKDOWN,
7037 LOCKDOWN__INTEGRITY, &ad);
7038 else
7039 return avc_has_perm(&selinux_state,
7040 sid, sid, SECCLASS_LOCKDOWN,
7041 LOCKDOWN__CONFIDENTIALITY, &ad);
7042}
7043
7044struct lsm_blob_sizes selinux_blob_sizes __lsm_ro_after_init = {
7045 .lbs_cred = sizeof(struct task_security_struct),
7046 .lbs_file = sizeof(struct file_security_struct),
7047 .lbs_inode = sizeof(struct inode_security_struct),
7048 .lbs_ipc = sizeof(struct ipc_security_struct),
7049 .lbs_msg_msg = sizeof(struct msg_security_struct),
7050 .lbs_superblock = sizeof(struct superblock_security_struct),
7051};
7052
7053#ifdef CONFIG_PERF_EVENTS
7054static int selinux_perf_event_open(struct perf_event_attr *attr, int type)
7055{
7056 u32 requested, sid = current_sid();
7057
7058 if (type == PERF_SECURITY_OPEN)
7059 requested = PERF_EVENT__OPEN;
7060 else if (type == PERF_SECURITY_CPU)
7061 requested = PERF_EVENT__CPU;
7062 else if (type == PERF_SECURITY_KERNEL)
7063 requested = PERF_EVENT__KERNEL;
7064 else if (type == PERF_SECURITY_TRACEPOINT)
7065 requested = PERF_EVENT__TRACEPOINT;
7066 else
7067 return -EINVAL;
7068
7069 return avc_has_perm(&selinux_state, sid, sid, SECCLASS_PERF_EVENT,
7070 requested, NULL);
7071}
7072
7073static int selinux_perf_event_alloc(struct perf_event *event)
7074{
7075 struct perf_event_security_struct *perfsec;
7076
7077 perfsec = kzalloc(sizeof(*perfsec), GFP_KERNEL);
7078 if (!perfsec)
7079 return -ENOMEM;
7080
7081 perfsec->sid = current_sid();
7082 event->security = perfsec;
7083
7084 return 0;
7085}
7086
7087static void selinux_perf_event_free(struct perf_event *event)
7088{
7089 struct perf_event_security_struct *perfsec = event->security;
7090
7091 event->security = NULL;
7092 kfree(perfsec);
7093}
7094
7095static int selinux_perf_event_read(struct perf_event *event)
7096{
7097 struct perf_event_security_struct *perfsec = event->security;
7098 u32 sid = current_sid();
7099
7100 return avc_has_perm(&selinux_state, sid, perfsec->sid,
7101 SECCLASS_PERF_EVENT, PERF_EVENT__READ, NULL);
7102}
7103
7104static int selinux_perf_event_write(struct perf_event *event)
7105{
7106 struct perf_event_security_struct *perfsec = event->security;
7107 u32 sid = current_sid();
7108
7109 return avc_has_perm(&selinux_state, sid, perfsec->sid,
7110 SECCLASS_PERF_EVENT, PERF_EVENT__WRITE, NULL);
7111}
7112#endif
7113
7114
7115
7116
7117
7118
7119
7120
7121
7122
7123
7124
7125
7126
7127
7128
7129static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
7130 LSM_HOOK_INIT(binder_set_context_mgr, selinux_binder_set_context_mgr),
7131 LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction),
7132 LSM_HOOK_INIT(binder_transfer_binder, selinux_binder_transfer_binder),
7133 LSM_HOOK_INIT(binder_transfer_file, selinux_binder_transfer_file),
7134
7135 LSM_HOOK_INIT(ptrace_access_check, selinux_ptrace_access_check),
7136 LSM_HOOK_INIT(ptrace_traceme, selinux_ptrace_traceme),
7137 LSM_HOOK_INIT(capget, selinux_capget),
7138 LSM_HOOK_INIT(capset, selinux_capset),
7139 LSM_HOOK_INIT(capable, selinux_capable),
7140 LSM_HOOK_INIT(quotactl, selinux_quotactl),
7141 LSM_HOOK_INIT(quota_on, selinux_quota_on),
7142 LSM_HOOK_INIT(syslog, selinux_syslog),
7143 LSM_HOOK_INIT(vm_enough_memory, selinux_vm_enough_memory),
7144
7145 LSM_HOOK_INIT(netlink_send, selinux_netlink_send),
7146
7147 LSM_HOOK_INIT(bprm_creds_for_exec, selinux_bprm_creds_for_exec),
7148 LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds),
7149 LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds),
7150
7151 LSM_HOOK_INIT(sb_free_mnt_opts, selinux_free_mnt_opts),
7152 LSM_HOOK_INIT(sb_mnt_opts_compat, selinux_sb_mnt_opts_compat),
7153 LSM_HOOK_INIT(sb_remount, selinux_sb_remount),
7154 LSM_HOOK_INIT(sb_kern_mount, selinux_sb_kern_mount),
7155 LSM_HOOK_INIT(sb_show_options, selinux_sb_show_options),
7156 LSM_HOOK_INIT(sb_statfs, selinux_sb_statfs),
7157 LSM_HOOK_INIT(sb_mount, selinux_mount),
7158 LSM_HOOK_INIT(sb_umount, selinux_umount),
7159 LSM_HOOK_INIT(sb_set_mnt_opts, selinux_set_mnt_opts),
7160 LSM_HOOK_INIT(sb_clone_mnt_opts, selinux_sb_clone_mnt_opts),
7161
7162 LSM_HOOK_INIT(move_mount, selinux_move_mount),
7163
7164 LSM_HOOK_INIT(dentry_init_security, selinux_dentry_init_security),
7165 LSM_HOOK_INIT(dentry_create_files_as, selinux_dentry_create_files_as),
7166
7167 LSM_HOOK_INIT(inode_free_security, selinux_inode_free_security),
7168 LSM_HOOK_INIT(inode_init_security, selinux_inode_init_security),
7169 LSM_HOOK_INIT(inode_init_security_anon, selinux_inode_init_security_anon),
7170 LSM_HOOK_INIT(inode_create, selinux_inode_create),
7171 LSM_HOOK_INIT(inode_link, selinux_inode_link),
7172 LSM_HOOK_INIT(inode_unlink, selinux_inode_unlink),
7173 LSM_HOOK_INIT(inode_symlink, selinux_inode_symlink),
7174 LSM_HOOK_INIT(inode_mkdir, selinux_inode_mkdir),
7175 LSM_HOOK_INIT(inode_rmdir, selinux_inode_rmdir),
7176 LSM_HOOK_INIT(inode_mknod, selinux_inode_mknod),
7177 LSM_HOOK_INIT(inode_rename, selinux_inode_rename),
7178 LSM_HOOK_INIT(inode_readlink, selinux_inode_readlink),
7179 LSM_HOOK_INIT(inode_follow_link, selinux_inode_follow_link),
7180 LSM_HOOK_INIT(inode_permission, selinux_inode_permission),
7181 LSM_HOOK_INIT(inode_setattr, selinux_inode_setattr),
7182 LSM_HOOK_INIT(inode_getattr, selinux_inode_getattr),
7183 LSM_HOOK_INIT(inode_setxattr, selinux_inode_setxattr),
7184 LSM_HOOK_INIT(inode_post_setxattr, selinux_inode_post_setxattr),
7185 LSM_HOOK_INIT(inode_getxattr, selinux_inode_getxattr),
7186 LSM_HOOK_INIT(inode_listxattr, selinux_inode_listxattr),
7187 LSM_HOOK_INIT(inode_removexattr, selinux_inode_removexattr),
7188 LSM_HOOK_INIT(inode_getsecurity, selinux_inode_getsecurity),
7189 LSM_HOOK_INIT(inode_setsecurity, selinux_inode_setsecurity),
7190 LSM_HOOK_INIT(inode_listsecurity, selinux_inode_listsecurity),
7191 LSM_HOOK_INIT(inode_getsecid, selinux_inode_getsecid),
7192 LSM_HOOK_INIT(inode_copy_up, selinux_inode_copy_up),
7193 LSM_HOOK_INIT(inode_copy_up_xattr, selinux_inode_copy_up_xattr),
7194 LSM_HOOK_INIT(path_notify, selinux_path_notify),
7195
7196 LSM_HOOK_INIT(kernfs_init_security, selinux_kernfs_init_security),
7197
7198 LSM_HOOK_INIT(file_permission, selinux_file_permission),
7199 LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security),
7200 LSM_HOOK_INIT(file_ioctl, selinux_file_ioctl),
7201 LSM_HOOK_INIT(mmap_file, selinux_mmap_file),
7202 LSM_HOOK_INIT(mmap_addr, selinux_mmap_addr),
7203 LSM_HOOK_INIT(file_mprotect, selinux_file_mprotect),
7204 LSM_HOOK_INIT(file_lock, selinux_file_lock),
7205 LSM_HOOK_INIT(file_fcntl, selinux_file_fcntl),
7206 LSM_HOOK_INIT(file_set_fowner, selinux_file_set_fowner),
7207 LSM_HOOK_INIT(file_send_sigiotask, selinux_file_send_sigiotask),
7208 LSM_HOOK_INIT(file_receive, selinux_file_receive),
7209
7210 LSM_HOOK_INIT(file_open, selinux_file_open),
7211
7212 LSM_HOOK_INIT(task_alloc, selinux_task_alloc),
7213 LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare),
7214 LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer),
7215 LSM_HOOK_INIT(cred_getsecid, selinux_cred_getsecid),
7216 LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as),
7217 LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as),
7218 LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request),
7219 LSM_HOOK_INIT(kernel_load_data, selinux_kernel_load_data),
7220 LSM_HOOK_INIT(kernel_read_file, selinux_kernel_read_file),
7221 LSM_HOOK_INIT(task_setpgid, selinux_task_setpgid),
7222 LSM_HOOK_INIT(task_getpgid, selinux_task_getpgid),
7223 LSM_HOOK_INIT(task_getsid, selinux_task_getsid),
7224 LSM_HOOK_INIT(task_getsecid_subj, selinux_task_getsecid_subj),
7225 LSM_HOOK_INIT(task_getsecid_obj, selinux_task_getsecid_obj),
7226 LSM_HOOK_INIT(task_setnice, selinux_task_setnice),
7227 LSM_HOOK_INIT(task_setioprio, selinux_task_setioprio),
7228 LSM_HOOK_INIT(task_getioprio, selinux_task_getioprio),
7229 LSM_HOOK_INIT(task_prlimit, selinux_task_prlimit),
7230 LSM_HOOK_INIT(task_setrlimit, selinux_task_setrlimit),
7231 LSM_HOOK_INIT(task_setscheduler, selinux_task_setscheduler),
7232 LSM_HOOK_INIT(task_getscheduler, selinux_task_getscheduler),
7233 LSM_HOOK_INIT(task_movememory, selinux_task_movememory),
7234 LSM_HOOK_INIT(task_kill, selinux_task_kill),
7235 LSM_HOOK_INIT(task_to_inode, selinux_task_to_inode),
7236
7237 LSM_HOOK_INIT(ipc_permission, selinux_ipc_permission),
7238 LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid),
7239
7240 LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate),
7241 LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl),
7242 LSM_HOOK_INIT(msg_queue_msgsnd, selinux_msg_queue_msgsnd),
7243 LSM_HOOK_INIT(msg_queue_msgrcv, selinux_msg_queue_msgrcv),
7244
7245 LSM_HOOK_INIT(shm_associate, selinux_shm_associate),
7246 LSM_HOOK_INIT(shm_shmctl, selinux_shm_shmctl),
7247 LSM_HOOK_INIT(shm_shmat, selinux_shm_shmat),
7248
7249 LSM_HOOK_INIT(sem_associate, selinux_sem_associate),
7250 LSM_HOOK_INIT(sem_semctl, selinux_sem_semctl),
7251 LSM_HOOK_INIT(sem_semop, selinux_sem_semop),
7252
7253 LSM_HOOK_INIT(d_instantiate, selinux_d_instantiate),
7254
7255 LSM_HOOK_INIT(getprocattr, selinux_getprocattr),
7256 LSM_HOOK_INIT(setprocattr, selinux_setprocattr),
7257
7258 LSM_HOOK_INIT(ismaclabel, selinux_ismaclabel),
7259 LSM_HOOK_INIT(secctx_to_secid, selinux_secctx_to_secid),
7260 LSM_HOOK_INIT(release_secctx, selinux_release_secctx),
7261 LSM_HOOK_INIT(inode_invalidate_secctx, selinux_inode_invalidate_secctx),
7262 LSM_HOOK_INIT(inode_notifysecctx, selinux_inode_notifysecctx),
7263 LSM_HOOK_INIT(inode_setsecctx, selinux_inode_setsecctx),
7264
7265 LSM_HOOK_INIT(unix_stream_connect, selinux_socket_unix_stream_connect),
7266 LSM_HOOK_INIT(unix_may_send, selinux_socket_unix_may_send),
7267
7268 LSM_HOOK_INIT(socket_create, selinux_socket_create),
7269 LSM_HOOK_INIT(socket_post_create, selinux_socket_post_create),
7270 LSM_HOOK_INIT(socket_socketpair, selinux_socket_socketpair),
7271 LSM_HOOK_INIT(socket_bind, selinux_socket_bind),
7272 LSM_HOOK_INIT(socket_connect, selinux_socket_connect),
7273 LSM_HOOK_INIT(socket_listen, selinux_socket_listen),
7274 LSM_HOOK_INIT(socket_accept, selinux_socket_accept),
7275 LSM_HOOK_INIT(socket_sendmsg, selinux_socket_sendmsg),
7276 LSM_HOOK_INIT(socket_recvmsg, selinux_socket_recvmsg),
7277 LSM_HOOK_INIT(socket_getsockname, selinux_socket_getsockname),
7278 LSM_HOOK_INIT(socket_getpeername, selinux_socket_getpeername),
7279 LSM_HOOK_INIT(socket_getsockopt, selinux_socket_getsockopt),
7280 LSM_HOOK_INIT(socket_setsockopt, selinux_socket_setsockopt),
7281 LSM_HOOK_INIT(socket_shutdown, selinux_socket_shutdown),
7282 LSM_HOOK_INIT(socket_sock_rcv_skb, selinux_socket_sock_rcv_skb),
7283 LSM_HOOK_INIT(socket_getpeersec_stream,
7284 selinux_socket_getpeersec_stream),
7285 LSM_HOOK_INIT(socket_getpeersec_dgram, selinux_socket_getpeersec_dgram),
7286 LSM_HOOK_INIT(sk_free_security, selinux_sk_free_security),
7287 LSM_HOOK_INIT(sk_clone_security, selinux_sk_clone_security),
7288 LSM_HOOK_INIT(sk_getsecid, selinux_sk_getsecid),
7289 LSM_HOOK_INIT(sock_graft, selinux_sock_graft),
7290 LSM_HOOK_INIT(sctp_assoc_request, selinux_sctp_assoc_request),
7291 LSM_HOOK_INIT(sctp_sk_clone, selinux_sctp_sk_clone),
7292 LSM_HOOK_INIT(sctp_bind_connect, selinux_sctp_bind_connect),
7293 LSM_HOOK_INIT(inet_conn_request, selinux_inet_conn_request),
7294 LSM_HOOK_INIT(inet_csk_clone, selinux_inet_csk_clone),
7295 LSM_HOOK_INIT(inet_conn_established, selinux_inet_conn_established),
7296 LSM_HOOK_INIT(secmark_relabel_packet, selinux_secmark_relabel_packet),
7297 LSM_HOOK_INIT(secmark_refcount_inc, selinux_secmark_refcount_inc),
7298 LSM_HOOK_INIT(secmark_refcount_dec, selinux_secmark_refcount_dec),
7299 LSM_HOOK_INIT(req_classify_flow, selinux_req_classify_flow),
7300 LSM_HOOK_INIT(tun_dev_free_security, selinux_tun_dev_free_security),
7301 LSM_HOOK_INIT(tun_dev_create, selinux_tun_dev_create),
7302 LSM_HOOK_INIT(tun_dev_attach_queue, selinux_tun_dev_attach_queue),
7303 LSM_HOOK_INIT(tun_dev_attach, selinux_tun_dev_attach),
7304 LSM_HOOK_INIT(tun_dev_open, selinux_tun_dev_open),
7305#ifdef CONFIG_SECURITY_INFINIBAND
7306 LSM_HOOK_INIT(ib_pkey_access, selinux_ib_pkey_access),
7307 LSM_HOOK_INIT(ib_endport_manage_subnet,
7308 selinux_ib_endport_manage_subnet),
7309 LSM_HOOK_INIT(ib_free_security, selinux_ib_free_security),
7310#endif
7311#ifdef CONFIG_SECURITY_NETWORK_XFRM
7312 LSM_HOOK_INIT(xfrm_policy_free_security, selinux_xfrm_policy_free),
7313 LSM_HOOK_INIT(xfrm_policy_delete_security, selinux_xfrm_policy_delete),
7314 LSM_HOOK_INIT(xfrm_state_free_security, selinux_xfrm_state_free),
7315 LSM_HOOK_INIT(xfrm_state_delete_security, selinux_xfrm_state_delete),
7316 LSM_HOOK_INIT(xfrm_policy_lookup, selinux_xfrm_policy_lookup),
7317 LSM_HOOK_INIT(xfrm_state_pol_flow_match,
7318 selinux_xfrm_state_pol_flow_match),
7319 LSM_HOOK_INIT(xfrm_decode_session, selinux_xfrm_decode_session),
7320#endif
7321
7322#ifdef CONFIG_KEYS
7323 LSM_HOOK_INIT(key_free, selinux_key_free),
7324 LSM_HOOK_INIT(key_permission, selinux_key_permission),
7325 LSM_HOOK_INIT(key_getsecurity, selinux_key_getsecurity),
7326#ifdef CONFIG_KEY_NOTIFICATIONS
7327 LSM_HOOK_INIT(watch_key, selinux_watch_key),
7328#endif
7329#endif
7330
7331#ifdef CONFIG_AUDIT
7332 LSM_HOOK_INIT(audit_rule_known, selinux_audit_rule_known),
7333 LSM_HOOK_INIT(audit_rule_match, selinux_audit_rule_match),
7334 LSM_HOOK_INIT(audit_rule_free, selinux_audit_rule_free),
7335#endif
7336
7337#ifdef CONFIG_BPF_SYSCALL
7338 LSM_HOOK_INIT(bpf, selinux_bpf),
7339 LSM_HOOK_INIT(bpf_map, selinux_bpf_map),
7340 LSM_HOOK_INIT(bpf_prog, selinux_bpf_prog),
7341 LSM_HOOK_INIT(bpf_map_free_security, selinux_bpf_map_free),
7342 LSM_HOOK_INIT(bpf_prog_free_security, selinux_bpf_prog_free),
7343#endif
7344
7345#ifdef CONFIG_PERF_EVENTS
7346 LSM_HOOK_INIT(perf_event_open, selinux_perf_event_open),
7347 LSM_HOOK_INIT(perf_event_free, selinux_perf_event_free),
7348 LSM_HOOK_INIT(perf_event_read, selinux_perf_event_read),
7349 LSM_HOOK_INIT(perf_event_write, selinux_perf_event_write),
7350#endif
7351
7352 LSM_HOOK_INIT(locked_down, selinux_lockdown),
7353
7354
7355
7356
7357 LSM_HOOK_INIT(fs_context_dup, selinux_fs_context_dup),
7358 LSM_HOOK_INIT(fs_context_parse_param, selinux_fs_context_parse_param),
7359 LSM_HOOK_INIT(sb_eat_lsm_opts, selinux_sb_eat_lsm_opts),
7360 LSM_HOOK_INIT(sb_add_mnt_opt, selinux_add_mnt_opt),
7361#ifdef CONFIG_SECURITY_NETWORK_XFRM
7362 LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone),
7363#endif
7364
7365
7366
7367
7368 LSM_HOOK_INIT(msg_msg_alloc_security, selinux_msg_msg_alloc_security),
7369 LSM_HOOK_INIT(msg_queue_alloc_security,
7370 selinux_msg_queue_alloc_security),
7371 LSM_HOOK_INIT(shm_alloc_security, selinux_shm_alloc_security),
7372 LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security),
7373 LSM_HOOK_INIT(inode_alloc_security, selinux_inode_alloc_security),
7374 LSM_HOOK_INIT(sem_alloc_security, selinux_sem_alloc_security),
7375 LSM_HOOK_INIT(secid_to_secctx, selinux_secid_to_secctx),
7376 LSM_HOOK_INIT(inode_getsecctx, selinux_inode_getsecctx),
7377 LSM_HOOK_INIT(sk_alloc_security, selinux_sk_alloc_security),
7378 LSM_HOOK_INIT(tun_dev_alloc_security, selinux_tun_dev_alloc_security),
7379#ifdef CONFIG_SECURITY_INFINIBAND
7380 LSM_HOOK_INIT(ib_alloc_security, selinux_ib_alloc_security),
7381#endif
7382#ifdef CONFIG_SECURITY_NETWORK_XFRM
7383 LSM_HOOK_INIT(xfrm_policy_alloc_security, selinux_xfrm_policy_alloc),
7384 LSM_HOOK_INIT(xfrm_state_alloc, selinux_xfrm_state_alloc),
7385 LSM_HOOK_INIT(xfrm_state_alloc_acquire,
7386 selinux_xfrm_state_alloc_acquire),
7387#endif
7388#ifdef CONFIG_KEYS
7389 LSM_HOOK_INIT(key_alloc, selinux_key_alloc),
7390#endif
7391#ifdef CONFIG_AUDIT
7392 LSM_HOOK_INIT(audit_rule_init, selinux_audit_rule_init),
7393#endif
7394#ifdef CONFIG_BPF_SYSCALL
7395 LSM_HOOK_INIT(bpf_map_alloc_security, selinux_bpf_map_alloc),
7396 LSM_HOOK_INIT(bpf_prog_alloc_security, selinux_bpf_prog_alloc),
7397#endif
7398#ifdef CONFIG_PERF_EVENTS
7399 LSM_HOOK_INIT(perf_event_alloc, selinux_perf_event_alloc),
7400#endif
7401};
7402
7403static __init int selinux_init(void)
7404{
7405 pr_info("SELinux: Initializing.\n");
7406
7407 memset(&selinux_state, 0, sizeof(selinux_state));
7408 enforcing_set(&selinux_state, selinux_enforcing_boot);
7409 checkreqprot_set(&selinux_state, selinux_checkreqprot_boot);
7410 selinux_avc_init(&selinux_state.avc);
7411 mutex_init(&selinux_state.status_lock);
7412 mutex_init(&selinux_state.policy_mutex);
7413
7414
7415 cred_init_security();
7416
7417 default_noexec = !(VM_DATA_DEFAULT_FLAGS & VM_EXEC);
7418
7419 avc_init();
7420
7421 avtab_cache_init();
7422
7423 ebitmap_cache_init();
7424
7425 hashtab_cache_init();
7426
7427 security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), "selinux");
7428
7429 if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET))
7430 panic("SELinux: Unable to register AVC netcache callback\n");
7431
7432 if (avc_add_callback(selinux_lsm_notifier_avc_callback, AVC_CALLBACK_RESET))
7433 panic("SELinux: Unable to register AVC LSM notifier callback\n");
7434
7435 if (selinux_enforcing_boot)
7436 pr_debug("SELinux: Starting in enforcing mode\n");
7437 else
7438 pr_debug("SELinux: Starting in permissive mode\n");
7439
7440 fs_validate_description("selinux", selinux_fs_parameters);
7441
7442 return 0;
7443}
7444
7445static void delayed_superblock_init(struct super_block *sb, void *unused)
7446{
7447 selinux_set_mnt_opts(sb, NULL, 0, NULL);
7448}
7449
7450void selinux_complete_init(void)
7451{
7452 pr_debug("SELinux: Completing initialization.\n");
7453
7454
7455 pr_debug("SELinux: Setting up existing superblocks.\n");
7456 iterate_supers(delayed_superblock_init, NULL);
7457}
7458
7459
7460
7461DEFINE_LSM(selinux) = {
7462 .name = "selinux",
7463 .flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
7464 .enabled = &selinux_enabled_boot,
7465 .blobs = &selinux_blob_sizes,
7466 .init = selinux_init,
7467};
7468
7469#if defined(CONFIG_NETFILTER)
7470
7471static const struct nf_hook_ops selinux_nf_ops[] = {
7472 {
7473 .hook = selinux_ipv4_postroute,
7474 .pf = NFPROTO_IPV4,
7475 .hooknum = NF_INET_POST_ROUTING,
7476 .priority = NF_IP_PRI_SELINUX_LAST,
7477 },
7478 {
7479 .hook = selinux_ipv4_forward,
7480 .pf = NFPROTO_IPV4,
7481 .hooknum = NF_INET_FORWARD,
7482 .priority = NF_IP_PRI_SELINUX_FIRST,
7483 },
7484 {
7485 .hook = selinux_ipv4_output,
7486 .pf = NFPROTO_IPV4,
7487 .hooknum = NF_INET_LOCAL_OUT,
7488 .priority = NF_IP_PRI_SELINUX_FIRST,
7489 },
7490#if IS_ENABLED(CONFIG_IPV6)
7491 {
7492 .hook = selinux_ipv6_postroute,
7493 .pf = NFPROTO_IPV6,
7494 .hooknum = NF_INET_POST_ROUTING,
7495 .priority = NF_IP6_PRI_SELINUX_LAST,
7496 },
7497 {
7498 .hook = selinux_ipv6_forward,
7499 .pf = NFPROTO_IPV6,
7500 .hooknum = NF_INET_FORWARD,
7501 .priority = NF_IP6_PRI_SELINUX_FIRST,
7502 },
7503 {
7504 .hook = selinux_ipv6_output,
7505 .pf = NFPROTO_IPV6,
7506 .hooknum = NF_INET_LOCAL_OUT,
7507 .priority = NF_IP6_PRI_SELINUX_FIRST,
7508 },
7509#endif
7510};
7511
7512static int __net_init selinux_nf_register(struct net *net)
7513{
7514 return nf_register_net_hooks(net, selinux_nf_ops,
7515 ARRAY_SIZE(selinux_nf_ops));
7516}
7517
7518static void __net_exit selinux_nf_unregister(struct net *net)
7519{
7520 nf_unregister_net_hooks(net, selinux_nf_ops,
7521 ARRAY_SIZE(selinux_nf_ops));
7522}
7523
7524static struct pernet_operations selinux_net_ops = {
7525 .init = selinux_nf_register,
7526 .exit = selinux_nf_unregister,
7527};
7528
7529static int __init selinux_nf_ip_init(void)
7530{
7531 int err;
7532
7533 if (!selinux_enabled_boot)
7534 return 0;
7535
7536 pr_debug("SELinux: Registering netfilter hooks\n");
7537
7538 err = register_pernet_subsys(&selinux_net_ops);
7539 if (err)
7540 panic("SELinux: register_pernet_subsys: error %d\n", err);
7541
7542 return 0;
7543}
7544__initcall(selinux_nf_ip_init);
7545
7546#ifdef CONFIG_SECURITY_SELINUX_DISABLE
7547static void selinux_nf_ip_exit(void)
7548{
7549 pr_debug("SELinux: Unregistering netfilter hooks\n");
7550
7551 unregister_pernet_subsys(&selinux_net_ops);
7552}
7553#endif
7554
7555#else
7556
7557#ifdef CONFIG_SECURITY_SELINUX_DISABLE
7558#define selinux_nf_ip_exit()
7559#endif
7560
7561#endif
7562
7563#ifdef CONFIG_SECURITY_SELINUX_DISABLE
7564int selinux_disable(struct selinux_state *state)
7565{
7566 if (selinux_initialized(state)) {
7567
7568 return -EINVAL;
7569 }
7570
7571 if (selinux_disabled(state)) {
7572
7573 return -EINVAL;
7574 }
7575
7576 selinux_mark_disabled(state);
7577
7578 pr_info("SELinux: Disabled at runtime.\n");
7579
7580
7581
7582
7583
7584
7585 selinux_nf_ip_exit();
7586
7587 security_delete_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks));
7588
7589
7590 avc_disable();
7591
7592
7593 exit_sel_fs();
7594
7595 return 0;
7596}
7597#endif
7598