1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21#include <linux/config.h>
22#include <linux/module.h>
23#include <linux/init.h>
24#include <linux/kernel.h>
25#include <linux/ptrace.h>
26#include <linux/errno.h>
27#include <linux/sched.h>
28#include <linux/security.h>
29#include <linux/xattr.h>
30#include <linux/capability.h>
31#include <linux/unistd.h>
32#include <linux/mm.h>
33#include <linux/mman.h>
34#include <linux/slab.h>
35#include <linux/pagemap.h>
36#include <linux/swap.h>
37#include <linux/smp_lock.h>
38#include <linux/spinlock.h>
39#include <linux/syscalls.h>
40#include <linux/file.h>
41#include <linux/namei.h>
42#include <linux/mount.h>
43#include <linux/ext2_fs.h>
44#include <linux/proc_fs.h>
45#include <linux/kd.h>
46#include <linux/netfilter_ipv4.h>
47#include <linux/netfilter_ipv6.h>
48#include <linux/tty.h>
49#include <net/icmp.h>
50#include <net/ip.h>
51#include <net/tcp.h>
52#include <asm/uaccess.h>
53#include <asm/semaphore.h>
54#include <asm/ioctls.h>
55#include <linux/bitops.h>
56#include <linux/interrupt.h>
57#include <linux/netdevice.h>
58#include <linux/netlink.h>
59#include <linux/tcp.h>
60#include <linux/udp.h>
61#include <linux/quota.h>
62#include <linux/un.h>
63#include <net/af_unix.h>
64#include <linux/parser.h>
65#include <linux/nfs_mount.h>
66#include <net/ipv6.h>
67#include <linux/hugetlb.h>
68#include <linux/personality.h>
69#include <linux/sysctl.h>
70#include <linux/audit.h>
71#include <linux/string.h>
72
73#include "avc.h"
74#include "objsec.h"
75#include "netif.h"
76#include "xfrm.h"
77
78#define XATTR_SELINUX_SUFFIX "selinux"
79#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
80
81extern unsigned int policydb_loaded_version;
82extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
83
84#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
85int selinux_enforcing = 0;
86
87static int __init enforcing_setup(char *str)
88{
89 selinux_enforcing = simple_strtol(str,NULL,0);
90 return 1;
91}
92__setup("enforcing=", enforcing_setup);
93#endif
94
95#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
96int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
97
98static int __init selinux_enabled_setup(char *str)
99{
100 selinux_enabled = simple_strtol(str, NULL, 0);
101 return 1;
102}
103__setup("selinux=", selinux_enabled_setup);
104#else
105int selinux_enabled = 1;
106#endif
107
108
109static struct security_operations *original_ops = NULL;
110
111
112
113
114
115static struct security_operations *secondary_ops = NULL;
116
117
118
119static LIST_HEAD(superblock_security_head);
120static DEFINE_SPINLOCK(sb_security_lock);
121
122static kmem_cache_t *sel_inode_cache;
123
124
125
126static int selinux_getsecurity(u32 sid, void *buffer, size_t size)
127{
128 char *context;
129 unsigned len;
130 int rc;
131
132 rc = security_sid_to_context(sid, &context, &len);
133 if (rc)
134 return rc;
135
136 if (!buffer || !size)
137 goto getsecurity_exit;
138
139 if (size < len) {
140 len = -ERANGE;
141 goto getsecurity_exit;
142 }
143 memcpy(buffer, context, len);
144
145getsecurity_exit:
146 kfree(context);
147 return len;
148}
149
150
151
152static int task_alloc_security(struct task_struct *task)
153{
154 struct task_security_struct *tsec;
155
156 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
157 if (!tsec)
158 return -ENOMEM;
159
160 tsec->task = task;
161 tsec->osid = tsec->sid = tsec->ptrace_sid = SECINITSID_UNLABELED;
162 task->security = tsec;
163
164 return 0;
165}
166
167static void task_free_security(struct task_struct *task)
168{
169 struct task_security_struct *tsec = task->security;
170 task->security = NULL;
171 kfree(tsec);
172}
173
174static int inode_alloc_security(struct inode *inode)
175{
176 struct task_security_struct *tsec = current->security;
177 struct inode_security_struct *isec;
178
179 isec = kmem_cache_alloc(sel_inode_cache, SLAB_KERNEL);
180 if (!isec)
181 return -ENOMEM;
182
183 memset(isec, 0, sizeof(*isec));
184 init_MUTEX(&isec->sem);
185 INIT_LIST_HEAD(&isec->list);
186 isec->inode = inode;
187 isec->sid = SECINITSID_UNLABELED;
188 isec->sclass = SECCLASS_FILE;
189 isec->task_sid = tsec->sid;
190 inode->i_security = isec;
191
192 return 0;
193}
194
195static void inode_free_security(struct inode *inode)
196{
197 struct inode_security_struct *isec = inode->i_security;
198 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
199
200 spin_lock(&sbsec->isec_lock);
201 if (!list_empty(&isec->list))
202 list_del_init(&isec->list);
203 spin_unlock(&sbsec->isec_lock);
204
205 inode->i_security = NULL;
206 kmem_cache_free(sel_inode_cache, isec);
207}
208
209static int file_alloc_security(struct file *file)
210{
211 struct task_security_struct *tsec = current->security;
212 struct file_security_struct *fsec;
213
214 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
215 if (!fsec)
216 return -ENOMEM;
217
218 fsec->file = file;
219 fsec->sid = tsec->sid;
220 fsec->fown_sid = tsec->sid;
221 file->f_security = fsec;
222
223 return 0;
224}
225
226static void file_free_security(struct file *file)
227{
228 struct file_security_struct *fsec = file->f_security;
229 file->f_security = NULL;
230 kfree(fsec);
231}
232
233static int superblock_alloc_security(struct super_block *sb)
234{
235 struct superblock_security_struct *sbsec;
236
237 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
238 if (!sbsec)
239 return -ENOMEM;
240
241 init_MUTEX(&sbsec->sem);
242 INIT_LIST_HEAD(&sbsec->list);
243 INIT_LIST_HEAD(&sbsec->isec_head);
244 spin_lock_init(&sbsec->isec_lock);
245 sbsec->sb = sb;
246 sbsec->sid = SECINITSID_UNLABELED;
247 sbsec->def_sid = SECINITSID_FILE;
248 sb->s_security = sbsec;
249
250 return 0;
251}
252
253static void superblock_free_security(struct super_block *sb)
254{
255 struct superblock_security_struct *sbsec = sb->s_security;
256
257 spin_lock(&sb_security_lock);
258 if (!list_empty(&sbsec->list))
259 list_del_init(&sbsec->list);
260 spin_unlock(&sb_security_lock);
261
262 sb->s_security = NULL;
263 kfree(sbsec);
264}
265
266static int sk_alloc_security(struct sock *sk, int family, gfp_t priority)
267{
268 struct sk_security_struct *ssec;
269
270 if (family != PF_UNIX)
271 return 0;
272
273 ssec = kzalloc(sizeof(*ssec), priority);
274 if (!ssec)
275 return -ENOMEM;
276
277 ssec->sk = sk;
278 ssec->peer_sid = SECINITSID_UNLABELED;
279 sk->sk_security = ssec;
280
281 return 0;
282}
283
284static void sk_free_security(struct sock *sk)
285{
286 struct sk_security_struct *ssec = sk->sk_security;
287
288 if (sk->sk_family != PF_UNIX)
289 return;
290
291 sk->sk_security = NULL;
292 kfree(ssec);
293}
294
295
296
297extern int ss_initialized;
298
299
300
301static char *labeling_behaviors[6] = {
302 "uses xattr",
303 "uses transition SIDs",
304 "uses task SIDs",
305 "uses genfs_contexts",
306 "not configured for labeling",
307 "uses mountpoint labeling",
308};
309
310static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
311
312static inline int inode_doinit(struct inode *inode)
313{
314 return inode_doinit_with_dentry(inode, NULL);
315}
316
317enum {
318 Opt_context = 1,
319 Opt_fscontext = 2,
320 Opt_defcontext = 4,
321};
322
323static match_table_t tokens = {
324 {Opt_context, "context=%s"},
325 {Opt_fscontext, "fscontext=%s"},
326 {Opt_defcontext, "defcontext=%s"},
327};
328
329#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
330
331static int try_context_mount(struct super_block *sb, void *data)
332{
333 char *context = NULL, *defcontext = NULL;
334 const char *name;
335 u32 sid;
336 int alloc = 0, rc = 0, seen = 0;
337 struct task_security_struct *tsec = current->security;
338 struct superblock_security_struct *sbsec = sb->s_security;
339
340 if (!data)
341 goto out;
342
343 name = sb->s_type->name;
344
345 if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA) {
346
347
348 if (!strcmp(name, "nfs")) {
349 struct nfs_mount_data *d = data;
350
351 if (d->version < NFS_MOUNT_VERSION)
352 goto out;
353
354 if (d->context[0]) {
355 context = d->context;
356 seen |= Opt_context;
357 }
358 } else
359 goto out;
360
361 } else {
362
363 char *p, *options = data;
364
365 while ((p = strsep(&options, ",")) != NULL) {
366 int token;
367 substring_t args[MAX_OPT_ARGS];
368
369 if (!*p)
370 continue;
371
372 token = match_token(p, tokens, args);
373
374 switch (token) {
375 case Opt_context:
376 if (seen) {
377 rc = -EINVAL;
378 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
379 goto out_free;
380 }
381 context = match_strdup(&args[0]);
382 if (!context) {
383 rc = -ENOMEM;
384 goto out_free;
385 }
386 if (!alloc)
387 alloc = 1;
388 seen |= Opt_context;
389 break;
390
391 case Opt_fscontext:
392 if (seen & (Opt_context|Opt_fscontext)) {
393 rc = -EINVAL;
394 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
395 goto out_free;
396 }
397 context = match_strdup(&args[0]);
398 if (!context) {
399 rc = -ENOMEM;
400 goto out_free;
401 }
402 if (!alloc)
403 alloc = 1;
404 seen |= Opt_fscontext;
405 break;
406
407 case Opt_defcontext:
408 if (sbsec->behavior != SECURITY_FS_USE_XATTR) {
409 rc = -EINVAL;
410 printk(KERN_WARNING "SELinux: "
411 "defcontext option is invalid "
412 "for this filesystem type\n");
413 goto out_free;
414 }
415 if (seen & (Opt_context|Opt_defcontext)) {
416 rc = -EINVAL;
417 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
418 goto out_free;
419 }
420 defcontext = match_strdup(&args[0]);
421 if (!defcontext) {
422 rc = -ENOMEM;
423 goto out_free;
424 }
425 if (!alloc)
426 alloc = 1;
427 seen |= Opt_defcontext;
428 break;
429
430 default:
431 rc = -EINVAL;
432 printk(KERN_WARNING "SELinux: unknown mount "
433 "option\n");
434 goto out_free;
435
436 }
437 }
438 }
439
440 if (!seen)
441 goto out;
442
443 if (context) {
444 rc = security_context_to_sid(context, strlen(context), &sid);
445 if (rc) {
446 printk(KERN_WARNING "SELinux: security_context_to_sid"
447 "(%s) failed for (dev %s, type %s) errno=%d\n",
448 context, sb->s_id, name, rc);
449 goto out_free;
450 }
451
452 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
453 FILESYSTEM__RELABELFROM, NULL);
454 if (rc)
455 goto out_free;
456
457 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
458 FILESYSTEM__RELABELTO, NULL);
459 if (rc)
460 goto out_free;
461
462 sbsec->sid = sid;
463
464 if (seen & Opt_context)
465 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
466 }
467
468 if (defcontext) {
469 rc = security_context_to_sid(defcontext, strlen(defcontext), &sid);
470 if (rc) {
471 printk(KERN_WARNING "SELinux: security_context_to_sid"
472 "(%s) failed for (dev %s, type %s) errno=%d\n",
473 defcontext, sb->s_id, name, rc);
474 goto out_free;
475 }
476
477 if (sid == sbsec->def_sid)
478 goto out_free;
479
480 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
481 FILESYSTEM__RELABELFROM, NULL);
482 if (rc)
483 goto out_free;
484
485 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
486 FILESYSTEM__ASSOCIATE, NULL);
487 if (rc)
488 goto out_free;
489
490 sbsec->def_sid = sid;
491 }
492
493out_free:
494 if (alloc) {
495 kfree(context);
496 kfree(defcontext);
497 }
498out:
499 return rc;
500}
501
502static int superblock_doinit(struct super_block *sb, void *data)
503{
504 struct superblock_security_struct *sbsec = sb->s_security;
505 struct dentry *root = sb->s_root;
506 struct inode *inode = root->d_inode;
507 int rc = 0;
508
509 down(&sbsec->sem);
510 if (sbsec->initialized)
511 goto out;
512
513 if (!ss_initialized) {
514
515
516
517 spin_lock(&sb_security_lock);
518 if (list_empty(&sbsec->list))
519 list_add(&sbsec->list, &superblock_security_head);
520 spin_unlock(&sb_security_lock);
521 goto out;
522 }
523
524
525 rc = security_fs_use(sb->s_type->name, &sbsec->behavior, &sbsec->sid);
526 if (rc) {
527 printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
528 __FUNCTION__, sb->s_type->name, rc);
529 goto out;
530 }
531
532 rc = try_context_mount(sb, data);
533 if (rc)
534 goto out;
535
536 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
537
538
539
540
541
542 if (!inode->i_op->getxattr) {
543 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
544 "xattr support\n", sb->s_id, sb->s_type->name);
545 rc = -EOPNOTSUPP;
546 goto out;
547 }
548 rc = inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
549 if (rc < 0 && rc != -ENODATA) {
550 if (rc == -EOPNOTSUPP)
551 printk(KERN_WARNING "SELinux: (dev %s, type "
552 "%s) has no security xattr handler\n",
553 sb->s_id, sb->s_type->name);
554 else
555 printk(KERN_WARNING "SELinux: (dev %s, type "
556 "%s) getxattr errno %d\n", sb->s_id,
557 sb->s_type->name, -rc);
558 goto out;
559 }
560 }
561
562 if (strcmp(sb->s_type->name, "proc") == 0)
563 sbsec->proc = 1;
564
565 sbsec->initialized = 1;
566
567 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) {
568 printk(KERN_INFO "SELinux: initialized (dev %s, type %s), unknown behavior\n",
569 sb->s_id, sb->s_type->name);
570 }
571 else {
572 printk(KERN_INFO "SELinux: initialized (dev %s, type %s), %s\n",
573 sb->s_id, sb->s_type->name,
574 labeling_behaviors[sbsec->behavior-1]);
575 }
576
577
578 rc = inode_doinit_with_dentry(sb->s_root->d_inode, sb->s_root);
579
580
581
582
583
584 spin_lock(&sbsec->isec_lock);
585next_inode:
586 if (!list_empty(&sbsec->isec_head)) {
587 struct inode_security_struct *isec =
588 list_entry(sbsec->isec_head.next,
589 struct inode_security_struct, list);
590 struct inode *inode = isec->inode;
591 spin_unlock(&sbsec->isec_lock);
592 inode = igrab(inode);
593 if (inode) {
594 if (!IS_PRIVATE (inode))
595 inode_doinit(inode);
596 iput(inode);
597 }
598 spin_lock(&sbsec->isec_lock);
599 list_del_init(&isec->list);
600 goto next_inode;
601 }
602 spin_unlock(&sbsec->isec_lock);
603out:
604 up(&sbsec->sem);
605 return rc;
606}
607
608static inline u16 inode_mode_to_security_class(umode_t mode)
609{
610 switch (mode & S_IFMT) {
611 case S_IFSOCK:
612 return SECCLASS_SOCK_FILE;
613 case S_IFLNK:
614 return SECCLASS_LNK_FILE;
615 case S_IFREG:
616 return SECCLASS_FILE;
617 case S_IFBLK:
618 return SECCLASS_BLK_FILE;
619 case S_IFDIR:
620 return SECCLASS_DIR;
621 case S_IFCHR:
622 return SECCLASS_CHR_FILE;
623 case S_IFIFO:
624 return SECCLASS_FIFO_FILE;
625
626 }
627
628 return SECCLASS_FILE;
629}
630
631static inline int default_protocol_stream(int protocol)
632{
633 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
634}
635
636static inline int default_protocol_dgram(int protocol)
637{
638 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
639}
640
641static inline u16 socket_type_to_security_class(int family, int type, int protocol)
642{
643 switch (family) {
644 case PF_UNIX:
645 switch (type) {
646 case SOCK_STREAM:
647 case SOCK_SEQPACKET:
648 return SECCLASS_UNIX_STREAM_SOCKET;
649 case SOCK_DGRAM:
650 return SECCLASS_UNIX_DGRAM_SOCKET;
651 }
652 break;
653 case PF_INET:
654 case PF_INET6:
655 switch (type) {
656 case SOCK_STREAM:
657 if (default_protocol_stream(protocol))
658 return SECCLASS_TCP_SOCKET;
659 else
660 return SECCLASS_RAWIP_SOCKET;
661 case SOCK_DGRAM:
662 if (default_protocol_dgram(protocol))
663 return SECCLASS_UDP_SOCKET;
664 else
665 return SECCLASS_RAWIP_SOCKET;
666 default:
667 return SECCLASS_RAWIP_SOCKET;
668 }
669 break;
670 case PF_NETLINK:
671 switch (protocol) {
672 case NETLINK_ROUTE:
673 return SECCLASS_NETLINK_ROUTE_SOCKET;
674 case NETLINK_FIREWALL:
675 return SECCLASS_NETLINK_FIREWALL_SOCKET;
676 case NETLINK_INET_DIAG:
677 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
678 case NETLINK_NFLOG:
679 return SECCLASS_NETLINK_NFLOG_SOCKET;
680 case NETLINK_XFRM:
681 return SECCLASS_NETLINK_XFRM_SOCKET;
682 case NETLINK_SELINUX:
683 return SECCLASS_NETLINK_SELINUX_SOCKET;
684 case NETLINK_AUDIT:
685 return SECCLASS_NETLINK_AUDIT_SOCKET;
686 case NETLINK_IP6_FW:
687 return SECCLASS_NETLINK_IP6FW_SOCKET;
688 case NETLINK_DNRTMSG:
689 return SECCLASS_NETLINK_DNRT_SOCKET;
690 case NETLINK_KOBJECT_UEVENT:
691 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
692 default:
693 return SECCLASS_NETLINK_SOCKET;
694 }
695 case PF_PACKET:
696 return SECCLASS_PACKET_SOCKET;
697 case PF_KEY:
698 return SECCLASS_KEY_SOCKET;
699 }
700
701 return SECCLASS_SOCKET;
702}
703
704#ifdef CONFIG_PROC_FS
705static int selinux_proc_get_sid(struct proc_dir_entry *de,
706 u16 tclass,
707 u32 *sid)
708{
709 int buflen, rc;
710 char *buffer, *path, *end;
711
712 buffer = (char*)__get_free_page(GFP_KERNEL);
713 if (!buffer)
714 return -ENOMEM;
715
716 buflen = PAGE_SIZE;
717 end = buffer+buflen;
718 *--end = '\0';
719 buflen--;
720 path = end-1;
721 *path = '/';
722 while (de && de != de->parent) {
723 buflen -= de->namelen + 1;
724 if (buflen < 0)
725 break;
726 end -= de->namelen;
727 memcpy(end, de->name, de->namelen);
728 *--end = '/';
729 path = end;
730 de = de->parent;
731 }
732 rc = security_genfs_sid("proc", path, tclass, sid);
733 free_page((unsigned long)buffer);
734 return rc;
735}
736#else
737static int selinux_proc_get_sid(struct proc_dir_entry *de,
738 u16 tclass,
739 u32 *sid)
740{
741 return -EINVAL;
742}
743#endif
744
745
746static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
747{
748 struct superblock_security_struct *sbsec = NULL;
749 struct inode_security_struct *isec = inode->i_security;
750 u32 sid;
751 struct dentry *dentry;
752#define INITCONTEXTLEN 255
753 char *context = NULL;
754 unsigned len = 0;
755 int rc = 0;
756 int hold_sem = 0;
757
758 if (isec->initialized)
759 goto out;
760
761 down(&isec->sem);
762 hold_sem = 1;
763 if (isec->initialized)
764 goto out;
765
766 sbsec = inode->i_sb->s_security;
767 if (!sbsec->initialized) {
768
769
770
771 spin_lock(&sbsec->isec_lock);
772 if (list_empty(&isec->list))
773 list_add(&isec->list, &sbsec->isec_head);
774 spin_unlock(&sbsec->isec_lock);
775 goto out;
776 }
777
778 switch (sbsec->behavior) {
779 case SECURITY_FS_USE_XATTR:
780 if (!inode->i_op->getxattr) {
781 isec->sid = sbsec->def_sid;
782 break;
783 }
784
785
786
787 if (opt_dentry) {
788
789 dentry = dget(opt_dentry);
790 } else {
791
792 dentry = d_find_alias(inode);
793 }
794 if (!dentry) {
795 printk(KERN_WARNING "%s: no dentry for dev=%s "
796 "ino=%ld\n", __FUNCTION__, inode->i_sb->s_id,
797 inode->i_ino);
798 goto out;
799 }
800
801 len = INITCONTEXTLEN;
802 context = kmalloc(len, GFP_KERNEL);
803 if (!context) {
804 rc = -ENOMEM;
805 dput(dentry);
806 goto out;
807 }
808 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
809 context, len);
810 if (rc == -ERANGE) {
811
812 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
813 NULL, 0);
814 if (rc < 0) {
815 dput(dentry);
816 goto out;
817 }
818 kfree(context);
819 len = rc;
820 context = kmalloc(len, GFP_KERNEL);
821 if (!context) {
822 rc = -ENOMEM;
823 dput(dentry);
824 goto out;
825 }
826 rc = inode->i_op->getxattr(dentry,
827 XATTR_NAME_SELINUX,
828 context, len);
829 }
830 dput(dentry);
831 if (rc < 0) {
832 if (rc != -ENODATA) {
833 printk(KERN_WARNING "%s: getxattr returned "
834 "%d for dev=%s ino=%ld\n", __FUNCTION__,
835 -rc, inode->i_sb->s_id, inode->i_ino);
836 kfree(context);
837 goto out;
838 }
839
840 sid = sbsec->def_sid;
841 rc = 0;
842 } else {
843 rc = security_context_to_sid_default(context, rc, &sid,
844 sbsec->def_sid);
845 if (rc) {
846 printk(KERN_WARNING "%s: context_to_sid(%s) "
847 "returned %d for dev=%s ino=%ld\n",
848 __FUNCTION__, context, -rc,
849 inode->i_sb->s_id, inode->i_ino);
850 kfree(context);
851
852 rc = 0;
853 break;
854 }
855 }
856 kfree(context);
857 isec->sid = sid;
858 break;
859 case SECURITY_FS_USE_TASK:
860 isec->sid = isec->task_sid;
861 break;
862 case SECURITY_FS_USE_TRANS:
863
864 isec->sid = sbsec->sid;
865
866
867 isec->sclass = inode_mode_to_security_class(inode->i_mode);
868 rc = security_transition_sid(isec->task_sid,
869 sbsec->sid,
870 isec->sclass,
871 &sid);
872 if (rc)
873 goto out;
874 isec->sid = sid;
875 break;
876 default:
877
878 isec->sid = sbsec->sid;
879
880 if (sbsec->proc) {
881 struct proc_inode *proci = PROC_I(inode);
882 if (proci->pde) {
883 isec->sclass = inode_mode_to_security_class(inode->i_mode);
884 rc = selinux_proc_get_sid(proci->pde,
885 isec->sclass,
886 &sid);
887 if (rc)
888 goto out;
889 isec->sid = sid;
890 }
891 }
892 break;
893 }
894
895 isec->initialized = 1;
896
897out:
898 if (isec->sclass == SECCLASS_FILE)
899 isec->sclass = inode_mode_to_security_class(inode->i_mode);
900
901 if (hold_sem)
902 up(&isec->sem);
903 return rc;
904}
905
906
907static inline u32 signal_to_av(int sig)
908{
909 u32 perm = 0;
910
911 switch (sig) {
912 case SIGCHLD:
913
914 perm = PROCESS__SIGCHLD;
915 break;
916 case SIGKILL:
917
918 perm = PROCESS__SIGKILL;
919 break;
920 case SIGSTOP:
921
922 perm = PROCESS__SIGSTOP;
923 break;
924 default:
925
926 perm = PROCESS__SIGNAL;
927 break;
928 }
929
930 return perm;
931}
932
933
934
935static int task_has_perm(struct task_struct *tsk1,
936 struct task_struct *tsk2,
937 u32 perms)
938{
939 struct task_security_struct *tsec1, *tsec2;
940
941 tsec1 = tsk1->security;
942 tsec2 = tsk2->security;
943 return avc_has_perm(tsec1->sid, tsec2->sid,
944 SECCLASS_PROCESS, perms, NULL);
945}
946
947
948static int task_has_capability(struct task_struct *tsk,
949 int cap)
950{
951 struct task_security_struct *tsec;
952 struct avc_audit_data ad;
953
954 tsec = tsk->security;
955
956 AVC_AUDIT_DATA_INIT(&ad,CAP);
957 ad.tsk = tsk;
958 ad.u.cap = cap;
959
960 return avc_has_perm(tsec->sid, tsec->sid,
961 SECCLASS_CAPABILITY, CAP_TO_MASK(cap), &ad);
962}
963
964
965static int task_has_system(struct task_struct *tsk,
966 u32 perms)
967{
968 struct task_security_struct *tsec;
969
970 tsec = tsk->security;
971
972 return avc_has_perm(tsec->sid, SECINITSID_KERNEL,
973 SECCLASS_SYSTEM, perms, NULL);
974}
975
976
977
978
979static int inode_has_perm(struct task_struct *tsk,
980 struct inode *inode,
981 u32 perms,
982 struct avc_audit_data *adp)
983{
984 struct task_security_struct *tsec;
985 struct inode_security_struct *isec;
986 struct avc_audit_data ad;
987
988 tsec = tsk->security;
989 isec = inode->i_security;
990
991 if (!adp) {
992 adp = &ad;
993 AVC_AUDIT_DATA_INIT(&ad, FS);
994 ad.u.fs.inode = inode;
995 }
996
997 return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, adp);
998}
999
1000
1001
1002
1003static inline int dentry_has_perm(struct task_struct *tsk,
1004 struct vfsmount *mnt,
1005 struct dentry *dentry,
1006 u32 av)
1007{
1008 struct inode *inode = dentry->d_inode;
1009 struct avc_audit_data ad;
1010 AVC_AUDIT_DATA_INIT(&ad,FS);
1011 ad.u.fs.mnt = mnt;
1012 ad.u.fs.dentry = dentry;
1013 return inode_has_perm(tsk, inode, av, &ad);
1014}
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024static int file_has_perm(struct task_struct *tsk,
1025 struct file *file,
1026 u32 av)
1027{
1028 struct task_security_struct *tsec = tsk->security;
1029 struct file_security_struct *fsec = file->f_security;
1030 struct vfsmount *mnt = file->f_vfsmnt;
1031 struct dentry *dentry = file->f_dentry;
1032 struct inode *inode = dentry->d_inode;
1033 struct avc_audit_data ad;
1034 int rc;
1035
1036 AVC_AUDIT_DATA_INIT(&ad, FS);
1037 ad.u.fs.mnt = mnt;
1038 ad.u.fs.dentry = dentry;
1039
1040 if (tsec->sid != fsec->sid) {
1041 rc = avc_has_perm(tsec->sid, fsec->sid,
1042 SECCLASS_FD,
1043 FD__USE,
1044 &ad);
1045 if (rc)
1046 return rc;
1047 }
1048
1049
1050 if (av)
1051 return inode_has_perm(tsk, inode, av, &ad);
1052
1053 return 0;
1054}
1055
1056
1057static int may_create(struct inode *dir,
1058 struct dentry *dentry,
1059 u16 tclass)
1060{
1061 struct task_security_struct *tsec;
1062 struct inode_security_struct *dsec;
1063 struct superblock_security_struct *sbsec;
1064 u32 newsid;
1065 struct avc_audit_data ad;
1066 int rc;
1067
1068 tsec = current->security;
1069 dsec = dir->i_security;
1070 sbsec = dir->i_sb->s_security;
1071
1072 AVC_AUDIT_DATA_INIT(&ad, FS);
1073 ad.u.fs.dentry = dentry;
1074
1075 rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR,
1076 DIR__ADD_NAME | DIR__SEARCH,
1077 &ad);
1078 if (rc)
1079 return rc;
1080
1081 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
1082 newsid = tsec->create_sid;
1083 } else {
1084 rc = security_transition_sid(tsec->sid, dsec->sid, tclass,
1085 &newsid);
1086 if (rc)
1087 return rc;
1088 }
1089
1090 rc = avc_has_perm(tsec->sid, newsid, tclass, FILE__CREATE, &ad);
1091 if (rc)
1092 return rc;
1093
1094 return avc_has_perm(newsid, sbsec->sid,
1095 SECCLASS_FILESYSTEM,
1096 FILESYSTEM__ASSOCIATE, &ad);
1097}
1098
1099#define MAY_LINK 0
1100#define MAY_UNLINK 1
1101#define MAY_RMDIR 2
1102
1103
1104static int may_link(struct inode *dir,
1105 struct dentry *dentry,
1106 int kind)
1107
1108{
1109 struct task_security_struct *tsec;
1110 struct inode_security_struct *dsec, *isec;
1111 struct avc_audit_data ad;
1112 u32 av;
1113 int rc;
1114
1115 tsec = current->security;
1116 dsec = dir->i_security;
1117 isec = dentry->d_inode->i_security;
1118
1119 AVC_AUDIT_DATA_INIT(&ad, FS);
1120 ad.u.fs.dentry = dentry;
1121
1122 av = DIR__SEARCH;
1123 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1124 rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR, av, &ad);
1125 if (rc)
1126 return rc;
1127
1128 switch (kind) {
1129 case MAY_LINK:
1130 av = FILE__LINK;
1131 break;
1132 case MAY_UNLINK:
1133 av = FILE__UNLINK;
1134 break;
1135 case MAY_RMDIR:
1136 av = DIR__RMDIR;
1137 break;
1138 default:
1139 printk(KERN_WARNING "may_link: unrecognized kind %d\n", kind);
1140 return 0;
1141 }
1142
1143 rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, av, &ad);
1144 return rc;
1145}
1146
1147static inline int may_rename(struct inode *old_dir,
1148 struct dentry *old_dentry,
1149 struct inode *new_dir,
1150 struct dentry *new_dentry)
1151{
1152 struct task_security_struct *tsec;
1153 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1154 struct avc_audit_data ad;
1155 u32 av;
1156 int old_is_dir, new_is_dir;
1157 int rc;
1158
1159 tsec = current->security;
1160 old_dsec = old_dir->i_security;
1161 old_isec = old_dentry->d_inode->i_security;
1162 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
1163 new_dsec = new_dir->i_security;
1164
1165 AVC_AUDIT_DATA_INIT(&ad, FS);
1166
1167 ad.u.fs.dentry = old_dentry;
1168 rc = avc_has_perm(tsec->sid, old_dsec->sid, SECCLASS_DIR,
1169 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1170 if (rc)
1171 return rc;
1172 rc = avc_has_perm(tsec->sid, old_isec->sid,
1173 old_isec->sclass, FILE__RENAME, &ad);
1174 if (rc)
1175 return rc;
1176 if (old_is_dir && new_dir != old_dir) {
1177 rc = avc_has_perm(tsec->sid, old_isec->sid,
1178 old_isec->sclass, DIR__REPARENT, &ad);
1179 if (rc)
1180 return rc;
1181 }
1182
1183 ad.u.fs.dentry = new_dentry;
1184 av = DIR__ADD_NAME | DIR__SEARCH;
1185 if (new_dentry->d_inode)
1186 av |= DIR__REMOVE_NAME;
1187 rc = avc_has_perm(tsec->sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1188 if (rc)
1189 return rc;
1190 if (new_dentry->d_inode) {
1191 new_isec = new_dentry->d_inode->i_security;
1192 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
1193 rc = avc_has_perm(tsec->sid, new_isec->sid,
1194 new_isec->sclass,
1195 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1196 if (rc)
1197 return rc;
1198 }
1199
1200 return 0;
1201}
1202
1203
1204static int superblock_has_perm(struct task_struct *tsk,
1205 struct super_block *sb,
1206 u32 perms,
1207 struct avc_audit_data *ad)
1208{
1209 struct task_security_struct *tsec;
1210 struct superblock_security_struct *sbsec;
1211
1212 tsec = tsk->security;
1213 sbsec = sb->s_security;
1214 return avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
1215 perms, ad);
1216}
1217
1218
1219static inline u32 file_mask_to_av(int mode, int mask)
1220{
1221 u32 av = 0;
1222
1223 if ((mode & S_IFMT) != S_IFDIR) {
1224 if (mask & MAY_EXEC)
1225 av |= FILE__EXECUTE;
1226 if (mask & MAY_READ)
1227 av |= FILE__READ;
1228
1229 if (mask & MAY_APPEND)
1230 av |= FILE__APPEND;
1231 else if (mask & MAY_WRITE)
1232 av |= FILE__WRITE;
1233
1234 } else {
1235 if (mask & MAY_EXEC)
1236 av |= DIR__SEARCH;
1237 if (mask & MAY_WRITE)
1238 av |= DIR__WRITE;
1239 if (mask & MAY_READ)
1240 av |= DIR__READ;
1241 }
1242
1243 return av;
1244}
1245
1246
1247static inline u32 file_to_av(struct file *file)
1248{
1249 u32 av = 0;
1250
1251 if (file->f_mode & FMODE_READ)
1252 av |= FILE__READ;
1253 if (file->f_mode & FMODE_WRITE) {
1254 if (file->f_flags & O_APPEND)
1255 av |= FILE__APPEND;
1256 else
1257 av |= FILE__WRITE;
1258 }
1259
1260 return av;
1261}
1262
1263
1264static int inode_security_set_sid(struct inode *inode, u32 sid)
1265{
1266 struct inode_security_struct *isec = inode->i_security;
1267 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
1268
1269 if (!sbsec->initialized) {
1270
1271 return 0;
1272 }
1273
1274 down(&isec->sem);
1275 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1276 isec->sid = sid;
1277 isec->initialized = 1;
1278 up(&isec->sem);
1279 return 0;
1280}
1281
1282
1283
1284static int selinux_ptrace(struct task_struct *parent, struct task_struct *child)
1285{
1286 struct task_security_struct *psec = parent->security;
1287 struct task_security_struct *csec = child->security;
1288 int rc;
1289
1290 rc = secondary_ops->ptrace(parent,child);
1291 if (rc)
1292 return rc;
1293
1294 rc = task_has_perm(parent, child, PROCESS__PTRACE);
1295
1296 if (!(child->ptrace & PT_PTRACED) && !rc)
1297 csec->ptrace_sid = psec->sid;
1298 return rc;
1299}
1300
1301static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
1302 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1303{
1304 int error;
1305
1306 error = task_has_perm(current, target, PROCESS__GETCAP);
1307 if (error)
1308 return error;
1309
1310 return secondary_ops->capget(target, effective, inheritable, permitted);
1311}
1312
1313static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effective,
1314 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1315{
1316 int error;
1317
1318 error = secondary_ops->capset_check(target, effective, inheritable, permitted);
1319 if (error)
1320 return error;
1321
1322 return task_has_perm(current, target, PROCESS__SETCAP);
1323}
1324
1325static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective,
1326 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1327{
1328 secondary_ops->capset_set(target, effective, inheritable, permitted);
1329}
1330
1331static int selinux_capable(struct task_struct *tsk, int cap)
1332{
1333 int rc;
1334
1335 rc = secondary_ops->capable(tsk, cap);
1336 if (rc)
1337 return rc;
1338
1339 return task_has_capability(tsk,cap);
1340}
1341
1342static int selinux_sysctl(ctl_table *table, int op)
1343{
1344 int error = 0;
1345 u32 av;
1346 struct task_security_struct *tsec;
1347 u32 tsid;
1348 int rc;
1349
1350 rc = secondary_ops->sysctl(table, op);
1351 if (rc)
1352 return rc;
1353
1354 tsec = current->security;
1355
1356 rc = selinux_proc_get_sid(table->de, (op == 001) ?
1357 SECCLASS_DIR : SECCLASS_FILE, &tsid);
1358 if (rc) {
1359
1360 tsid = SECINITSID_SYSCTL;
1361 }
1362
1363
1364
1365 if(op == 001) {
1366 error = avc_has_perm(tsec->sid, tsid,
1367 SECCLASS_DIR, DIR__SEARCH, NULL);
1368 } else {
1369 av = 0;
1370 if (op & 004)
1371 av |= FILE__READ;
1372 if (op & 002)
1373 av |= FILE__WRITE;
1374 if (av)
1375 error = avc_has_perm(tsec->sid, tsid,
1376 SECCLASS_FILE, av, NULL);
1377 }
1378
1379 return error;
1380}
1381
1382static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1383{
1384 int rc = 0;
1385
1386 if (!sb)
1387 return 0;
1388
1389 switch (cmds) {
1390 case Q_SYNC:
1391 case Q_QUOTAON:
1392 case Q_QUOTAOFF:
1393 case Q_SETINFO:
1394 case Q_SETQUOTA:
1395 rc = superblock_has_perm(current,
1396 sb,
1397 FILESYSTEM__QUOTAMOD, NULL);
1398 break;
1399 case Q_GETFMT:
1400 case Q_GETINFO:
1401 case Q_GETQUOTA:
1402 rc = superblock_has_perm(current,
1403 sb,
1404 FILESYSTEM__QUOTAGET, NULL);
1405 break;
1406 default:
1407 rc = 0;
1408 break;
1409 }
1410 return rc;
1411}
1412
1413static int selinux_quota_on(struct dentry *dentry)
1414{
1415 return dentry_has_perm(current, NULL, dentry, FILE__QUOTAON);
1416}
1417
1418static int selinux_syslog(int type)
1419{
1420 int rc;
1421
1422 rc = secondary_ops->syslog(type);
1423 if (rc)
1424 return rc;
1425
1426 switch (type) {
1427 case 3:
1428 case 10:
1429 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
1430 break;
1431 case 6:
1432 case 7:
1433 case 8:
1434 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
1435 break;
1436 case 0:
1437 case 1:
1438 case 2:
1439 case 4:
1440 case 5:
1441 default:
1442 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
1443 break;
1444 }
1445 return rc;
1446}
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460static int selinux_vm_enough_memory(long pages)
1461{
1462 int rc, cap_sys_admin = 0;
1463 struct task_security_struct *tsec = current->security;
1464
1465 rc = secondary_ops->capable(current, CAP_SYS_ADMIN);
1466 if (rc == 0)
1467 rc = avc_has_perm_noaudit(tsec->sid, tsec->sid,
1468 SECCLASS_CAPABILITY,
1469 CAP_TO_MASK(CAP_SYS_ADMIN),
1470 NULL);
1471
1472 if (rc == 0)
1473 cap_sys_admin = 1;
1474
1475 return __vm_enough_memory(pages, cap_sys_admin);
1476}
1477
1478
1479
1480static int selinux_bprm_alloc_security(struct linux_binprm *bprm)
1481{
1482 struct bprm_security_struct *bsec;
1483
1484 bsec = kzalloc(sizeof(struct bprm_security_struct), GFP_KERNEL);
1485 if (!bsec)
1486 return -ENOMEM;
1487
1488 bsec->bprm = bprm;
1489 bsec->sid = SECINITSID_UNLABELED;
1490 bsec->set = 0;
1491
1492 bprm->security = bsec;
1493 return 0;
1494}
1495
1496static int selinux_bprm_set_security(struct linux_binprm *bprm)
1497{
1498 struct task_security_struct *tsec;
1499 struct inode *inode = bprm->file->f_dentry->d_inode;
1500 struct inode_security_struct *isec;
1501 struct bprm_security_struct *bsec;
1502 u32 newsid;
1503 struct avc_audit_data ad;
1504 int rc;
1505
1506 rc = secondary_ops->bprm_set_security(bprm);
1507 if (rc)
1508 return rc;
1509
1510 bsec = bprm->security;
1511
1512 if (bsec->set)
1513 return 0;
1514
1515 tsec = current->security;
1516 isec = inode->i_security;
1517
1518
1519 bsec->sid = tsec->sid;
1520
1521
1522 tsec->create_sid = 0;
1523
1524 if (tsec->exec_sid) {
1525 newsid = tsec->exec_sid;
1526
1527 tsec->exec_sid = 0;
1528 } else {
1529
1530 rc = security_transition_sid(tsec->sid, isec->sid,
1531 SECCLASS_PROCESS, &newsid);
1532 if (rc)
1533 return rc;
1534 }
1535
1536 AVC_AUDIT_DATA_INIT(&ad, FS);
1537 ad.u.fs.mnt = bprm->file->f_vfsmnt;
1538 ad.u.fs.dentry = bprm->file->f_dentry;
1539
1540 if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID)
1541 newsid = tsec->sid;
1542
1543 if (tsec->sid == newsid) {
1544 rc = avc_has_perm(tsec->sid, isec->sid,
1545 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
1546 if (rc)
1547 return rc;
1548 } else {
1549
1550 rc = avc_has_perm(tsec->sid, newsid,
1551 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
1552 if (rc)
1553 return rc;
1554
1555 rc = avc_has_perm(newsid, isec->sid,
1556 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
1557 if (rc)
1558 return rc;
1559
1560
1561 current->personality &= ~PER_CLEAR_ON_SETID;
1562
1563
1564 bsec->sid = newsid;
1565 }
1566
1567 bsec->set = 1;
1568 return 0;
1569}
1570
1571static int selinux_bprm_check_security (struct linux_binprm *bprm)
1572{
1573 return secondary_ops->bprm_check_security(bprm);
1574}
1575
1576
1577static int selinux_bprm_secureexec (struct linux_binprm *bprm)
1578{
1579 struct task_security_struct *tsec = current->security;
1580 int atsecure = 0;
1581
1582 if (tsec->osid != tsec->sid) {
1583
1584
1585
1586 atsecure = avc_has_perm(tsec->osid, tsec->sid,
1587 SECCLASS_PROCESS,
1588 PROCESS__NOATSECURE, NULL);
1589 }
1590
1591 return (atsecure || secondary_ops->bprm_secureexec(bprm));
1592}
1593
1594static void selinux_bprm_free_security(struct linux_binprm *bprm)
1595{
1596 kfree(bprm->security);
1597 bprm->security = NULL;
1598}
1599
1600extern struct vfsmount *selinuxfs_mount;
1601extern struct dentry *selinux_null;
1602
1603
1604static inline void flush_unauthorized_files(struct files_struct * files)
1605{
1606 struct avc_audit_data ad;
1607 struct file *file, *devnull = NULL;
1608 struct tty_struct *tty = current->signal->tty;
1609 struct fdtable *fdt;
1610 long j = -1;
1611
1612 if (tty) {
1613 file_list_lock();
1614 file = list_entry(tty->tty_files.next, typeof(*file), f_u.fu_list);
1615 if (file) {
1616
1617
1618
1619
1620
1621 struct inode *inode = file->f_dentry->d_inode;
1622 if (inode_has_perm(current, inode,
1623 FILE__READ | FILE__WRITE, NULL)) {
1624
1625 current->signal->tty = NULL;
1626 current->signal->tty_old_pgrp = 0;
1627 }
1628 }
1629 file_list_unlock();
1630 }
1631
1632
1633
1634 AVC_AUDIT_DATA_INIT(&ad,FS);
1635
1636 spin_lock(&files->file_lock);
1637 for (;;) {
1638 unsigned long set, i;
1639 int fd;
1640
1641 j++;
1642 i = j * __NFDBITS;
1643 fdt = files_fdtable(files);
1644 if (i >= fdt->max_fds || i >= fdt->max_fdset)
1645 break;
1646 set = fdt->open_fds->fds_bits[j];
1647 if (!set)
1648 continue;
1649 spin_unlock(&files->file_lock);
1650 for ( ; set ; i++,set >>= 1) {
1651 if (set & 1) {
1652 file = fget(i);
1653 if (!file)
1654 continue;
1655 if (file_has_perm(current,
1656 file,
1657 file_to_av(file))) {
1658 sys_close(i);
1659 fd = get_unused_fd();
1660 if (fd != i) {
1661 if (fd >= 0)
1662 put_unused_fd(fd);
1663 fput(file);
1664 continue;
1665 }
1666 if (devnull) {
1667 get_file(devnull);
1668 } else {
1669 devnull = dentry_open(dget(selinux_null), mntget(selinuxfs_mount), O_RDWR);
1670 if (!devnull) {
1671 put_unused_fd(fd);
1672 fput(file);
1673 continue;
1674 }
1675 }
1676 fd_install(fd, devnull);
1677 }
1678 fput(file);
1679 }
1680 }
1681 spin_lock(&files->file_lock);
1682
1683 }
1684 spin_unlock(&files->file_lock);
1685}
1686
1687static void selinux_bprm_apply_creds(struct linux_binprm *bprm, int unsafe)
1688{
1689 struct task_security_struct *tsec;
1690 struct bprm_security_struct *bsec;
1691 u32 sid;
1692 int rc;
1693
1694 secondary_ops->bprm_apply_creds(bprm, unsafe);
1695
1696 tsec = current->security;
1697
1698 bsec = bprm->security;
1699 sid = bsec->sid;
1700
1701 tsec->osid = tsec->sid;
1702 bsec->unsafe = 0;
1703 if (tsec->sid != sid) {
1704
1705
1706 if (unsafe & LSM_UNSAFE_SHARE) {
1707 rc = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
1708 PROCESS__SHARE, NULL);
1709 if (rc) {
1710 bsec->unsafe = 1;
1711 return;
1712 }
1713 }
1714
1715
1716
1717 if (unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
1718 rc = avc_has_perm(tsec->ptrace_sid, sid,
1719 SECCLASS_PROCESS, PROCESS__PTRACE,
1720 NULL);
1721 if (rc) {
1722 bsec->unsafe = 1;
1723 return;
1724 }
1725 }
1726 tsec->sid = sid;
1727 }
1728}
1729
1730
1731
1732
1733static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm)
1734{
1735 struct task_security_struct *tsec;
1736 struct rlimit *rlim, *initrlim;
1737 struct itimerval itimer;
1738 struct bprm_security_struct *bsec;
1739 int rc, i;
1740
1741 tsec = current->security;
1742 bsec = bprm->security;
1743
1744 if (bsec->unsafe) {
1745 force_sig_specific(SIGKILL, current);
1746 return;
1747 }
1748 if (tsec->osid == tsec->sid)
1749 return;
1750
1751
1752 flush_unauthorized_files(current->files);
1753
1754
1755
1756
1757
1758
1759
1760 rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS,
1761 PROCESS__SIGINH, NULL);
1762 if (rc) {
1763 memset(&itimer, 0, sizeof itimer);
1764 for (i = 0; i < 3; i++)
1765 do_setitimer(i, &itimer, NULL);
1766 flush_signals(current);
1767 spin_lock_irq(¤t->sighand->siglock);
1768 flush_signal_handlers(current, 1);
1769 sigemptyset(¤t->blocked);
1770 recalc_sigpending();
1771 spin_unlock_irq(¤t->sighand->siglock);
1772 }
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784 rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS,
1785 PROCESS__RLIMITINH, NULL);
1786 if (rc) {
1787 for (i = 0; i < RLIM_NLIMITS; i++) {
1788 rlim = current->signal->rlim + i;
1789 initrlim = init_task.signal->rlim+i;
1790 rlim->rlim_cur = min(rlim->rlim_max,initrlim->rlim_cur);
1791 }
1792 if (current->signal->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) {
1793
1794
1795
1796
1797 current->it_prof_expires = jiffies_to_cputime(1);
1798 }
1799 }
1800
1801
1802
1803 wake_up_interruptible(¤t->parent->signal->wait_chldexit);
1804}
1805
1806
1807
1808static int selinux_sb_alloc_security(struct super_block *sb)
1809{
1810 return superblock_alloc_security(sb);
1811}
1812
1813static void selinux_sb_free_security(struct super_block *sb)
1814{
1815 superblock_free_security(sb);
1816}
1817
1818static inline int match_prefix(char *prefix, int plen, char *option, int olen)
1819{
1820 if (plen > olen)
1821 return 0;
1822
1823 return !memcmp(prefix, option, plen);
1824}
1825
1826static inline int selinux_option(char *option, int len)
1827{
1828 return (match_prefix("context=", sizeof("context=")-1, option, len) ||
1829 match_prefix("fscontext=", sizeof("fscontext=")-1, option, len) ||
1830 match_prefix("defcontext=", sizeof("defcontext=")-1, option, len));
1831}
1832
1833static inline void take_option(char **to, char *from, int *first, int len)
1834{
1835 if (!*first) {
1836 **to = ',';
1837 *to += 1;
1838 }
1839 else
1840 *first = 0;
1841 memcpy(*to, from, len);
1842 *to += len;
1843}
1844
1845static int selinux_sb_copy_data(struct file_system_type *type, void *orig, void *copy)
1846{
1847 int fnosec, fsec, rc = 0;
1848 char *in_save, *in_curr, *in_end;
1849 char *sec_curr, *nosec_save, *nosec;
1850
1851 in_curr = orig;
1852 sec_curr = copy;
1853
1854
1855 if (type->fs_flags & FS_BINARY_MOUNTDATA) {
1856 copy_page(sec_curr, in_curr);
1857 goto out;
1858 }
1859
1860 nosec = (char *)get_zeroed_page(GFP_KERNEL);
1861 if (!nosec) {
1862 rc = -ENOMEM;
1863 goto out;
1864 }
1865
1866 nosec_save = nosec;
1867 fnosec = fsec = 1;
1868 in_save = in_end = orig;
1869
1870 do {
1871 if (*in_end == ',' || *in_end == '\0') {
1872 int len = in_end - in_curr;
1873
1874 if (selinux_option(in_curr, len))
1875 take_option(&sec_curr, in_curr, &fsec, len);
1876 else
1877 take_option(&nosec, in_curr, &fnosec, len);
1878
1879 in_curr = in_end + 1;
1880 }
1881 } while (*in_end++);
1882
1883 strcpy(in_save, nosec_save);
1884 free_page((unsigned long)nosec_save);
1885out:
1886 return rc;
1887}
1888
1889static int selinux_sb_kern_mount(struct super_block *sb, void *data)
1890{
1891 struct avc_audit_data ad;
1892 int rc;
1893
1894 rc = superblock_doinit(sb, data);
1895 if (rc)
1896 return rc;
1897
1898 AVC_AUDIT_DATA_INIT(&ad,FS);
1899 ad.u.fs.dentry = sb->s_root;
1900 return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad);
1901}
1902
1903static int selinux_sb_statfs(struct super_block *sb)
1904{
1905 struct avc_audit_data ad;
1906
1907 AVC_AUDIT_DATA_INIT(&ad,FS);
1908 ad.u.fs.dentry = sb->s_root;
1909 return superblock_has_perm(current, sb, FILESYSTEM__GETATTR, &ad);
1910}
1911
1912static int selinux_mount(char * dev_name,
1913 struct nameidata *nd,
1914 char * type,
1915 unsigned long flags,
1916 void * data)
1917{
1918 int rc;
1919
1920 rc = secondary_ops->sb_mount(dev_name, nd, type, flags, data);
1921 if (rc)
1922 return rc;
1923
1924 if (flags & MS_REMOUNT)
1925 return superblock_has_perm(current, nd->mnt->mnt_sb,
1926 FILESYSTEM__REMOUNT, NULL);
1927 else
1928 return dentry_has_perm(current, nd->mnt, nd->dentry,
1929 FILE__MOUNTON);
1930}
1931
1932static int selinux_umount(struct vfsmount *mnt, int flags)
1933{
1934 int rc;
1935
1936 rc = secondary_ops->sb_umount(mnt, flags);
1937 if (rc)
1938 return rc;
1939
1940 return superblock_has_perm(current,mnt->mnt_sb,
1941 FILESYSTEM__UNMOUNT,NULL);
1942}
1943
1944
1945
1946static int selinux_inode_alloc_security(struct inode *inode)
1947{
1948 return inode_alloc_security(inode);
1949}
1950
1951static void selinux_inode_free_security(struct inode *inode)
1952{
1953 inode_free_security(inode);
1954}
1955
1956static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
1957 char **name, void **value,
1958 size_t *len)
1959{
1960 struct task_security_struct *tsec;
1961 struct inode_security_struct *dsec;
1962 struct superblock_security_struct *sbsec;
1963 u32 newsid, clen;
1964 int rc;
1965 char *namep = NULL, *context;
1966
1967 tsec = current->security;
1968 dsec = dir->i_security;
1969 sbsec = dir->i_sb->s_security;
1970
1971 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
1972 newsid = tsec->create_sid;
1973 } else {
1974 rc = security_transition_sid(tsec->sid, dsec->sid,
1975 inode_mode_to_security_class(inode->i_mode),
1976 &newsid);
1977 if (rc) {
1978 printk(KERN_WARNING "%s: "
1979 "security_transition_sid failed, rc=%d (dev=%s "
1980 "ino=%ld)\n",
1981 __FUNCTION__,
1982 -rc, inode->i_sb->s_id, inode->i_ino);
1983 return rc;
1984 }
1985 }
1986
1987 inode_security_set_sid(inode, newsid);
1988
1989 if (!ss_initialized || sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
1990 return -EOPNOTSUPP;
1991
1992 if (name) {
1993 namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_KERNEL);
1994 if (!namep)
1995 return -ENOMEM;
1996 *name = namep;
1997 }
1998
1999 if (value && len) {
2000 rc = security_sid_to_context(newsid, &context, &clen);
2001 if (rc) {
2002 kfree(namep);
2003 return rc;
2004 }
2005 *value = context;
2006 *len = clen;
2007 }
2008
2009 return 0;
2010}
2011
2012static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask)
2013{
2014 return may_create(dir, dentry, SECCLASS_FILE);
2015}
2016
2017static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2018{
2019 int rc;
2020
2021 rc = secondary_ops->inode_link(old_dentry,dir,new_dentry);
2022 if (rc)
2023 return rc;
2024 return may_link(dir, old_dentry, MAY_LINK);
2025}
2026
2027static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2028{
2029 int rc;
2030
2031 rc = secondary_ops->inode_unlink(dir, dentry);
2032 if (rc)
2033 return rc;
2034 return may_link(dir, dentry, MAY_UNLINK);
2035}
2036
2037static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2038{
2039 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2040}
2041
2042static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask)
2043{
2044 return may_create(dir, dentry, SECCLASS_DIR);
2045}
2046
2047static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2048{
2049 return may_link(dir, dentry, MAY_RMDIR);
2050}
2051
2052static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
2053{
2054 int rc;
2055
2056 rc = secondary_ops->inode_mknod(dir, dentry, mode, dev);
2057 if (rc)
2058 return rc;
2059
2060 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2061}
2062
2063static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2064 struct inode *new_inode, struct dentry *new_dentry)
2065{
2066 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2067}
2068
2069static int selinux_inode_readlink(struct dentry *dentry)
2070{
2071 return dentry_has_perm(current, NULL, dentry, FILE__READ);
2072}
2073
2074static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
2075{
2076 int rc;
2077
2078 rc = secondary_ops->inode_follow_link(dentry,nameidata);
2079 if (rc)
2080 return rc;
2081 return dentry_has_perm(current, NULL, dentry, FILE__READ);
2082}
2083
2084static int selinux_inode_permission(struct inode *inode, int mask,
2085 struct nameidata *nd)
2086{
2087 int rc;
2088
2089 rc = secondary_ops->inode_permission(inode, mask, nd);
2090 if (rc)
2091 return rc;
2092
2093 if (!mask) {
2094
2095 return 0;
2096 }
2097
2098 return inode_has_perm(current, inode,
2099 file_mask_to_av(inode->i_mode, mask), NULL);
2100}
2101
2102static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2103{
2104 int rc;
2105
2106 rc = secondary_ops->inode_setattr(dentry, iattr);
2107 if (rc)
2108 return rc;
2109
2110 if (iattr->ia_valid & ATTR_FORCE)
2111 return 0;
2112
2113 if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
2114 ATTR_ATIME_SET | ATTR_MTIME_SET))
2115 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
2116
2117 return dentry_has_perm(current, NULL, dentry, FILE__WRITE);
2118}
2119
2120static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
2121{
2122 return dentry_has_perm(current, mnt, dentry, FILE__GETATTR);
2123}
2124
2125static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags)
2126{
2127 struct task_security_struct *tsec = current->security;
2128 struct inode *inode = dentry->d_inode;
2129 struct inode_security_struct *isec = inode->i_security;
2130 struct superblock_security_struct *sbsec;
2131 struct avc_audit_data ad;
2132 u32 newsid;
2133 int rc = 0;
2134
2135 if (strcmp(name, XATTR_NAME_SELINUX)) {
2136 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2137 sizeof XATTR_SECURITY_PREFIX - 1) &&
2138 !capable(CAP_SYS_ADMIN)) {
2139
2140
2141 return -EPERM;
2142 }
2143
2144
2145
2146 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
2147 }
2148
2149 sbsec = inode->i_sb->s_security;
2150 if (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
2151 return -EOPNOTSUPP;
2152
2153 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))
2154 return -EPERM;
2155
2156 AVC_AUDIT_DATA_INIT(&ad,FS);
2157 ad.u.fs.dentry = dentry;
2158
2159 rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
2160 FILE__RELABELFROM, &ad);
2161 if (rc)
2162 return rc;
2163
2164 rc = security_context_to_sid(value, size, &newsid);
2165 if (rc)
2166 return rc;
2167
2168 rc = avc_has_perm(tsec->sid, newsid, isec->sclass,
2169 FILE__RELABELTO, &ad);
2170 if (rc)
2171 return rc;
2172
2173 rc = security_validate_transition(isec->sid, newsid, tsec->sid,
2174 isec->sclass);
2175 if (rc)
2176 return rc;
2177
2178 return avc_has_perm(newsid,
2179 sbsec->sid,
2180 SECCLASS_FILESYSTEM,
2181 FILESYSTEM__ASSOCIATE,
2182 &ad);
2183}
2184
2185static void selinux_inode_post_setxattr(struct dentry *dentry, char *name,
2186 void *value, size_t size, int flags)
2187{
2188 struct inode *inode = dentry->d_inode;
2189 struct inode_security_struct *isec = inode->i_security;
2190 u32 newsid;
2191 int rc;
2192
2193 if (strcmp(name, XATTR_NAME_SELINUX)) {
2194
2195 return;
2196 }
2197
2198 rc = security_context_to_sid(value, size, &newsid);
2199 if (rc) {
2200 printk(KERN_WARNING "%s: unable to obtain SID for context "
2201 "%s, rc=%d\n", __FUNCTION__, (char*)value, -rc);
2202 return;
2203 }
2204
2205 isec->sid = newsid;
2206 return;
2207}
2208
2209static int selinux_inode_getxattr (struct dentry *dentry, char *name)
2210{
2211 return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
2212}
2213
2214static int selinux_inode_listxattr (struct dentry *dentry)
2215{
2216 return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
2217}
2218
2219static int selinux_inode_removexattr (struct dentry *dentry, char *name)
2220{
2221 if (strcmp(name, XATTR_NAME_SELINUX)) {
2222 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2223 sizeof XATTR_SECURITY_PREFIX - 1) &&
2224 !capable(CAP_SYS_ADMIN)) {
2225
2226
2227 return -EPERM;
2228 }
2229
2230
2231
2232
2233 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
2234 }
2235
2236
2237
2238 return -EACCES;
2239}
2240
2241static const char *selinux_inode_xattr_getsuffix(void)
2242{
2243 return XATTR_SELINUX_SUFFIX;
2244}
2245
2246
2247
2248
2249
2250
2251
2252
2253static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
2254{
2255 struct inode_security_struct *isec = inode->i_security;
2256
2257 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2258 return -EOPNOTSUPP;
2259
2260 return selinux_getsecurity(isec->sid, buffer, size);
2261}
2262
2263static int selinux_inode_setsecurity(struct inode *inode, const char *name,
2264 const void *value, size_t size, int flags)
2265{
2266 struct inode_security_struct *isec = inode->i_security;
2267 u32 newsid;
2268 int rc;
2269
2270 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2271 return -EOPNOTSUPP;
2272
2273 if (!value || !size)
2274 return -EACCES;
2275
2276 rc = security_context_to_sid((void*)value, size, &newsid);
2277 if (rc)
2278 return rc;
2279
2280 isec->sid = newsid;
2281 return 0;
2282}
2283
2284static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
2285{
2286 const int len = sizeof(XATTR_NAME_SELINUX);
2287 if (buffer && len <= buffer_size)
2288 memcpy(buffer, XATTR_NAME_SELINUX, len);
2289 return len;
2290}
2291
2292
2293
2294static int selinux_file_permission(struct file *file, int mask)
2295{
2296 struct inode *inode = file->f_dentry->d_inode;
2297
2298 if (!mask) {
2299
2300 return 0;
2301 }
2302
2303
2304 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
2305 mask |= MAY_APPEND;
2306
2307 return file_has_perm(current, file,
2308 file_mask_to_av(inode->i_mode, mask));
2309}
2310
2311static int selinux_file_alloc_security(struct file *file)
2312{
2313 return file_alloc_security(file);
2314}
2315
2316static void selinux_file_free_security(struct file *file)
2317{
2318 file_free_security(file);
2319}
2320
2321static int selinux_file_ioctl(struct file *file, unsigned int cmd,
2322 unsigned long arg)
2323{
2324 int error = 0;
2325
2326 switch (cmd) {
2327 case FIONREAD:
2328
2329 case FIBMAP:
2330
2331 case FIGETBSZ:
2332
2333 case EXT2_IOC_GETFLAGS:
2334
2335 case EXT2_IOC_GETVERSION:
2336 error = file_has_perm(current, file, FILE__GETATTR);
2337 break;
2338
2339 case EXT2_IOC_SETFLAGS:
2340
2341 case EXT2_IOC_SETVERSION:
2342 error = file_has_perm(current, file, FILE__SETATTR);
2343 break;
2344
2345
2346 case FIONBIO:
2347
2348 case FIOASYNC:
2349 error = file_has_perm(current, file, 0);
2350 break;
2351
2352 case KDSKBENT:
2353 case KDSKBSENT:
2354 error = task_has_capability(current,CAP_SYS_TTY_CONFIG);
2355 break;
2356
2357
2358
2359
2360 default:
2361 error = file_has_perm(current, file, FILE__IOCTL);
2362
2363 }
2364 return error;
2365}
2366
2367static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
2368{
2369#ifndef CONFIG_PPC32
2370 if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
2371
2372
2373
2374
2375
2376 int rc = task_has_perm(current, current, PROCESS__EXECMEM);
2377 if (rc)
2378 return rc;
2379 }
2380#endif
2381
2382 if (file) {
2383
2384 u32 av = FILE__READ;
2385
2386
2387 if (shared && (prot & PROT_WRITE))
2388 av |= FILE__WRITE;
2389
2390 if (prot & PROT_EXEC)
2391 av |= FILE__EXECUTE;
2392
2393 return file_has_perm(current, file, av);
2394 }
2395 return 0;
2396}
2397
2398static int selinux_file_mmap(struct file *file, unsigned long reqprot,
2399 unsigned long prot, unsigned long flags)
2400{
2401 int rc;
2402
2403 rc = secondary_ops->file_mmap(file, reqprot, prot, flags);
2404 if (rc)
2405 return rc;
2406
2407 if (selinux_checkreqprot)
2408 prot = reqprot;
2409
2410 return file_map_prot_check(file, prot,
2411 (flags & MAP_TYPE) == MAP_SHARED);
2412}
2413
2414static int selinux_file_mprotect(struct vm_area_struct *vma,
2415 unsigned long reqprot,
2416 unsigned long prot)
2417{
2418 int rc;
2419
2420 rc = secondary_ops->file_mprotect(vma, reqprot, prot);
2421 if (rc)
2422 return rc;
2423
2424 if (selinux_checkreqprot)
2425 prot = reqprot;
2426
2427#ifndef CONFIG_PPC32
2428 if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
2429 rc = 0;
2430 if (vma->vm_start >= vma->vm_mm->start_brk &&
2431 vma->vm_end <= vma->vm_mm->brk) {
2432 rc = task_has_perm(current, current,
2433 PROCESS__EXECHEAP);
2434 } else if (!vma->vm_file &&
2435 vma->vm_start <= vma->vm_mm->start_stack &&
2436 vma->vm_end >= vma->vm_mm->start_stack) {
2437 rc = task_has_perm(current, current, PROCESS__EXECSTACK);
2438 } else if (vma->vm_file && vma->anon_vma) {
2439
2440
2441
2442
2443
2444
2445
2446 rc = file_has_perm(current, vma->vm_file,
2447 FILE__EXECMOD);
2448 }
2449 if (rc)
2450 return rc;
2451 }
2452#endif
2453
2454 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
2455}
2456
2457static int selinux_file_lock(struct file *file, unsigned int cmd)
2458{
2459 return file_has_perm(current, file, FILE__LOCK);
2460}
2461
2462static int selinux_file_fcntl(struct file *file, unsigned int cmd,
2463 unsigned long arg)
2464{
2465 int err = 0;
2466
2467 switch (cmd) {
2468 case F_SETFL:
2469 if (!file->f_dentry || !file->f_dentry->d_inode) {
2470 err = -EINVAL;
2471 break;
2472 }
2473
2474 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
2475 err = file_has_perm(current, file,FILE__WRITE);
2476 break;
2477 }
2478
2479 case F_SETOWN:
2480 case F_SETSIG:
2481 case F_GETFL:
2482 case F_GETOWN:
2483 case F_GETSIG:
2484
2485 err = file_has_perm(current, file, 0);
2486 break;
2487 case F_GETLK:
2488 case F_SETLK:
2489 case F_SETLKW:
2490#if BITS_PER_LONG == 32
2491 case F_GETLK64:
2492 case F_SETLK64:
2493 case F_SETLKW64:
2494#endif
2495 if (!file->f_dentry || !file->f_dentry->d_inode) {
2496 err = -EINVAL;
2497 break;
2498 }
2499 err = file_has_perm(current, file, FILE__LOCK);
2500 break;
2501 }
2502
2503 return err;
2504}
2505
2506static int selinux_file_set_fowner(struct file *file)
2507{
2508 struct task_security_struct *tsec;
2509 struct file_security_struct *fsec;
2510
2511 tsec = current->security;
2512 fsec = file->f_security;
2513 fsec->fown_sid = tsec->sid;
2514
2515 return 0;
2516}
2517
2518static int selinux_file_send_sigiotask(struct task_struct *tsk,
2519 struct fown_struct *fown, int signum)
2520{
2521 struct file *file;
2522 u32 perm;
2523 struct task_security_struct *tsec;
2524 struct file_security_struct *fsec;
2525
2526
2527 file = (struct file *)((long)fown - offsetof(struct file,f_owner));
2528
2529 tsec = tsk->security;
2530 fsec = file->f_security;
2531
2532 if (!signum)
2533 perm = signal_to_av(SIGIO);
2534 else
2535 perm = signal_to_av(signum);
2536
2537 return avc_has_perm(fsec->fown_sid, tsec->sid,
2538 SECCLASS_PROCESS, perm, NULL);
2539}
2540
2541static int selinux_file_receive(struct file *file)
2542{
2543 return file_has_perm(current, file, file_to_av(file));
2544}
2545
2546
2547
2548static int selinux_task_create(unsigned long clone_flags)
2549{
2550 int rc;
2551
2552 rc = secondary_ops->task_create(clone_flags);
2553 if (rc)
2554 return rc;
2555
2556 return task_has_perm(current, current, PROCESS__FORK);
2557}
2558
2559static int selinux_task_alloc_security(struct task_struct *tsk)
2560{
2561 struct task_security_struct *tsec1, *tsec2;
2562 int rc;
2563
2564 tsec1 = current->security;
2565
2566 rc = task_alloc_security(tsk);
2567 if (rc)
2568 return rc;
2569 tsec2 = tsk->security;
2570
2571 tsec2->osid = tsec1->osid;
2572 tsec2->sid = tsec1->sid;
2573
2574
2575 tsec2->exec_sid = tsec1->exec_sid;
2576 tsec2->create_sid = tsec1->create_sid;
2577
2578
2579
2580
2581 tsec2->ptrace_sid = tsec1->ptrace_sid;
2582
2583 return 0;
2584}
2585
2586static void selinux_task_free_security(struct task_struct *tsk)
2587{
2588 task_free_security(tsk);
2589}
2590
2591static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
2592{
2593
2594
2595
2596
2597
2598
2599 return 0;
2600}
2601
2602static int selinux_task_post_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
2603{
2604 return secondary_ops->task_post_setuid(id0,id1,id2,flags);
2605}
2606
2607static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags)
2608{
2609
2610 return 0;
2611}
2612
2613static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
2614{
2615 return task_has_perm(current, p, PROCESS__SETPGID);
2616}
2617
2618static int selinux_task_getpgid(struct task_struct *p)
2619{
2620 return task_has_perm(current, p, PROCESS__GETPGID);
2621}
2622
2623static int selinux_task_getsid(struct task_struct *p)
2624{
2625 return task_has_perm(current, p, PROCESS__GETSESSION);
2626}
2627
2628static int selinux_task_setgroups(struct group_info *group_info)
2629{
2630
2631 return 0;
2632}
2633
2634static int selinux_task_setnice(struct task_struct *p, int nice)
2635{
2636 int rc;
2637
2638 rc = secondary_ops->task_setnice(p, nice);
2639 if (rc)
2640 return rc;
2641
2642 return task_has_perm(current,p, PROCESS__SETSCHED);
2643}
2644
2645static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim)
2646{
2647 struct rlimit *old_rlim = current->signal->rlim + resource;
2648 int rc;
2649
2650 rc = secondary_ops->task_setrlimit(resource, new_rlim);
2651 if (rc)
2652 return rc;
2653
2654
2655
2656
2657
2658 if (old_rlim->rlim_max != new_rlim->rlim_max)
2659 return task_has_perm(current, current, PROCESS__SETRLIMIT);
2660
2661 return 0;
2662}
2663
2664static int selinux_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp)
2665{
2666 return task_has_perm(current, p, PROCESS__SETSCHED);
2667}
2668
2669static int selinux_task_getscheduler(struct task_struct *p)
2670{
2671 return task_has_perm(current, p, PROCESS__GETSCHED);
2672}
2673
2674static int selinux_task_kill(struct task_struct *p, struct siginfo *info, int sig)
2675{
2676 u32 perm;
2677 int rc;
2678
2679 rc = secondary_ops->task_kill(p, info, sig);
2680 if (rc)
2681 return rc;
2682
2683 if (info != SEND_SIG_NOINFO && (is_si_special(info) || SI_FROMKERNEL(info)))
2684 return 0;
2685
2686 if (!sig)
2687 perm = PROCESS__SIGNULL;
2688 else
2689 perm = signal_to_av(sig);
2690
2691 return task_has_perm(current, p, perm);
2692}
2693
2694static int selinux_task_prctl(int option,
2695 unsigned long arg2,
2696 unsigned long arg3,
2697 unsigned long arg4,
2698 unsigned long arg5)
2699{
2700
2701
2702
2703 return 0;
2704}
2705
2706static int selinux_task_wait(struct task_struct *p)
2707{
2708 u32 perm;
2709
2710 perm = signal_to_av(p->exit_signal);
2711
2712 return task_has_perm(p, current, perm);
2713}
2714
2715static void selinux_task_reparent_to_init(struct task_struct *p)
2716{
2717 struct task_security_struct *tsec;
2718
2719 secondary_ops->task_reparent_to_init(p);
2720
2721 tsec = p->security;
2722 tsec->osid = tsec->sid;
2723 tsec->sid = SECINITSID_KERNEL;
2724 return;
2725}
2726
2727static void selinux_task_to_inode(struct task_struct *p,
2728 struct inode *inode)
2729{
2730 struct task_security_struct *tsec = p->security;
2731 struct inode_security_struct *isec = inode->i_security;
2732
2733 isec->sid = tsec->sid;
2734 isec->initialized = 1;
2735 return;
2736}
2737
2738
2739static int selinux_parse_skb_ipv4(struct sk_buff *skb, struct avc_audit_data *ad)
2740{
2741 int offset, ihlen, ret = -EINVAL;
2742 struct iphdr _iph, *ih;
2743
2744 offset = skb->nh.raw - skb->data;
2745 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
2746 if (ih == NULL)
2747 goto out;
2748
2749 ihlen = ih->ihl * 4;
2750 if (ihlen < sizeof(_iph))
2751 goto out;
2752
2753 ad->u.net.v4info.saddr = ih->saddr;
2754 ad->u.net.v4info.daddr = ih->daddr;
2755 ret = 0;
2756
2757 switch (ih->protocol) {
2758 case IPPROTO_TCP: {
2759 struct tcphdr _tcph, *th;
2760
2761 if (ntohs(ih->frag_off) & IP_OFFSET)
2762 break;
2763
2764 offset += ihlen;
2765 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
2766 if (th == NULL)
2767 break;
2768
2769 ad->u.net.sport = th->source;
2770 ad->u.net.dport = th->dest;
2771 break;
2772 }
2773
2774 case IPPROTO_UDP: {
2775 struct udphdr _udph, *uh;
2776
2777 if (ntohs(ih->frag_off) & IP_OFFSET)
2778 break;
2779
2780 offset += ihlen;
2781 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
2782 if (uh == NULL)
2783 break;
2784
2785 ad->u.net.sport = uh->source;
2786 ad->u.net.dport = uh->dest;
2787 break;
2788 }
2789
2790 default:
2791 break;
2792 }
2793out:
2794 return ret;
2795}
2796
2797#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
2798
2799
2800static int selinux_parse_skb_ipv6(struct sk_buff *skb, struct avc_audit_data *ad)
2801{
2802 u8 nexthdr;
2803 int ret = -EINVAL, offset;
2804 struct ipv6hdr _ipv6h, *ip6;
2805
2806 offset = skb->nh.raw - skb->data;
2807 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
2808 if (ip6 == NULL)
2809 goto out;
2810
2811 ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr);
2812 ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr);
2813 ret = 0;
2814
2815 nexthdr = ip6->nexthdr;
2816 offset += sizeof(_ipv6h);
2817 offset = ipv6_skip_exthdr(skb, offset, &nexthdr);
2818 if (offset < 0)
2819 goto out;
2820
2821 switch (nexthdr) {
2822 case IPPROTO_TCP: {
2823 struct tcphdr _tcph, *th;
2824
2825 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
2826 if (th == NULL)
2827 break;
2828
2829 ad->u.net.sport = th->source;
2830 ad->u.net.dport = th->dest;
2831 break;
2832 }
2833
2834 case IPPROTO_UDP: {
2835 struct udphdr _udph, *uh;
2836
2837 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
2838 if (uh == NULL)
2839 break;
2840
2841 ad->u.net.sport = uh->source;
2842 ad->u.net.dport = uh->dest;
2843 break;
2844 }
2845
2846
2847 default:
2848 break;
2849 }
2850out:
2851 return ret;
2852}
2853
2854#endif
2855
2856static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad,
2857 char **addrp, int *len, int src)
2858{
2859 int ret = 0;
2860
2861 switch (ad->u.net.family) {
2862 case PF_INET:
2863 ret = selinux_parse_skb_ipv4(skb, ad);
2864 if (ret || !addrp)
2865 break;
2866 *len = 4;
2867 *addrp = (char *)(src ? &ad->u.net.v4info.saddr :
2868 &ad->u.net.v4info.daddr);
2869 break;
2870
2871#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
2872 case PF_INET6:
2873 ret = selinux_parse_skb_ipv6(skb, ad);
2874 if (ret || !addrp)
2875 break;
2876 *len = 16;
2877 *addrp = (char *)(src ? &ad->u.net.v6info.saddr :
2878 &ad->u.net.v6info.daddr);
2879 break;
2880#endif
2881 default:
2882 break;
2883 }
2884
2885 return ret;
2886}
2887
2888
2889static int socket_has_perm(struct task_struct *task, struct socket *sock,
2890 u32 perms)
2891{
2892 struct inode_security_struct *isec;
2893 struct task_security_struct *tsec;
2894 struct avc_audit_data ad;
2895 int err = 0;
2896
2897 tsec = task->security;
2898 isec = SOCK_INODE(sock)->i_security;
2899
2900 if (isec->sid == SECINITSID_KERNEL)
2901 goto out;
2902
2903 AVC_AUDIT_DATA_INIT(&ad,NET);
2904 ad.u.net.sk = sock->sk;
2905 err = avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad);
2906
2907out:
2908 return err;
2909}
2910
2911static int selinux_socket_create(int family, int type,
2912 int protocol, int kern)
2913{
2914 int err = 0;
2915 struct task_security_struct *tsec;
2916
2917 if (kern)
2918 goto out;
2919
2920 tsec = current->security;
2921 err = avc_has_perm(tsec->sid, tsec->sid,
2922 socket_type_to_security_class(family, type,
2923 protocol), SOCKET__CREATE, NULL);
2924
2925out:
2926 return err;
2927}
2928
2929static void selinux_socket_post_create(struct socket *sock, int family,
2930 int type, int protocol, int kern)
2931{
2932 struct inode_security_struct *isec;
2933 struct task_security_struct *tsec;
2934
2935 isec = SOCK_INODE(sock)->i_security;
2936
2937 tsec = current->security;
2938 isec->sclass = socket_type_to_security_class(family, type, protocol);
2939 isec->sid = kern ? SECINITSID_KERNEL : tsec->sid;
2940 isec->initialized = 1;
2941
2942 return;
2943}
2944
2945
2946
2947
2948#define ip_local_port_range_0 sysctl_local_port_range[0]
2949#define ip_local_port_range_1 sysctl_local_port_range[1]
2950
2951static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
2952{
2953 u16 family;
2954 int err;
2955
2956 err = socket_has_perm(current, sock, SOCKET__BIND);
2957 if (err)
2958 goto out;
2959
2960
2961
2962
2963
2964
2965 family = sock->sk->sk_family;
2966 if (family == PF_INET || family == PF_INET6) {
2967 char *addrp;
2968 struct inode_security_struct *isec;
2969 struct task_security_struct *tsec;
2970 struct avc_audit_data ad;
2971 struct sockaddr_in *addr4 = NULL;
2972 struct sockaddr_in6 *addr6 = NULL;
2973 unsigned short snum;
2974 struct sock *sk = sock->sk;
2975 u32 sid, node_perm, addrlen;
2976
2977 tsec = current->security;
2978 isec = SOCK_INODE(sock)->i_security;
2979
2980 if (family == PF_INET) {
2981 addr4 = (struct sockaddr_in *)address;
2982 snum = ntohs(addr4->sin_port);
2983 addrlen = sizeof(addr4->sin_addr.s_addr);
2984 addrp = (char *)&addr4->sin_addr.s_addr;
2985 } else {
2986 addr6 = (struct sockaddr_in6 *)address;
2987 snum = ntohs(addr6->sin6_port);
2988 addrlen = sizeof(addr6->sin6_addr.s6_addr);
2989 addrp = (char *)&addr6->sin6_addr.s6_addr;
2990 }
2991
2992 if (snum&&(snum < max(PROT_SOCK,ip_local_port_range_0) ||
2993 snum > ip_local_port_range_1)) {
2994 err = security_port_sid(sk->sk_family, sk->sk_type,
2995 sk->sk_protocol, snum, &sid);
2996 if (err)
2997 goto out;
2998 AVC_AUDIT_DATA_INIT(&ad,NET);
2999 ad.u.net.sport = htons(snum);
3000 ad.u.net.family = family;
3001 err = avc_has_perm(isec->sid, sid,
3002 isec->sclass,
3003 SOCKET__NAME_BIND, &ad);
3004 if (err)
3005 goto out;
3006 }
3007
3008 switch(isec->sclass) {
3009 case SECCLASS_TCP_SOCKET:
3010 node_perm = TCP_SOCKET__NODE_BIND;
3011 break;
3012
3013 case SECCLASS_UDP_SOCKET:
3014 node_perm = UDP_SOCKET__NODE_BIND;
3015 break;
3016
3017 default:
3018 node_perm = RAWIP_SOCKET__NODE_BIND;
3019 break;
3020 }
3021
3022 err = security_node_sid(family, addrp, addrlen, &sid);
3023 if (err)
3024 goto out;
3025
3026 AVC_AUDIT_DATA_INIT(&ad,NET);
3027 ad.u.net.sport = htons(snum);
3028 ad.u.net.family = family;
3029
3030 if (family == PF_INET)
3031 ad.u.net.v4info.saddr = addr4->sin_addr.s_addr;
3032 else
3033 ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr);
3034
3035 err = avc_has_perm(isec->sid, sid,
3036 isec->sclass, node_perm, &ad);
3037 if (err)
3038 goto out;
3039 }
3040out:
3041 return err;
3042}
3043
3044static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
3045{
3046 struct inode_security_struct *isec;
3047 int err;
3048
3049 err = socket_has_perm(current, sock, SOCKET__CONNECT);
3050 if (err)
3051 return err;
3052
3053
3054
3055
3056 isec = SOCK_INODE(sock)->i_security;
3057 if (isec->sclass == SECCLASS_TCP_SOCKET) {
3058 struct sock *sk = sock->sk;
3059 struct avc_audit_data ad;
3060 struct sockaddr_in *addr4 = NULL;
3061 struct sockaddr_in6 *addr6 = NULL;
3062 unsigned short snum;
3063 u32 sid;
3064
3065 if (sk->sk_family == PF_INET) {
3066 addr4 = (struct sockaddr_in *)address;
3067 if (addrlen < sizeof(struct sockaddr_in))
3068 return -EINVAL;
3069 snum = ntohs(addr4->sin_port);
3070 } else {
3071 addr6 = (struct sockaddr_in6 *)address;
3072 if (addrlen < SIN6_LEN_RFC2133)
3073 return -EINVAL;
3074 snum = ntohs(addr6->sin6_port);
3075 }
3076
3077 err = security_port_sid(sk->sk_family, sk->sk_type,
3078 sk->sk_protocol, snum, &sid);
3079 if (err)
3080 goto out;
3081
3082 AVC_AUDIT_DATA_INIT(&ad,NET);
3083 ad.u.net.dport = htons(snum);
3084 ad.u.net.family = sk->sk_family;
3085 err = avc_has_perm(isec->sid, sid, isec->sclass,
3086 TCP_SOCKET__NAME_CONNECT, &ad);
3087 if (err)
3088 goto out;
3089 }
3090
3091out:
3092 return err;
3093}
3094
3095static int selinux_socket_listen(struct socket *sock, int backlog)
3096{
3097 return socket_has_perm(current, sock, SOCKET__LISTEN);
3098}
3099
3100static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
3101{
3102 int err;
3103 struct inode_security_struct *isec;
3104 struct inode_security_struct *newisec;
3105
3106 err = socket_has_perm(current, sock, SOCKET__ACCEPT);
3107 if (err)
3108 return err;
3109
3110 newisec = SOCK_INODE(newsock)->i_security;
3111
3112 isec = SOCK_INODE(sock)->i_security;
3113 newisec->sclass = isec->sclass;
3114 newisec->sid = isec->sid;
3115 newisec->initialized = 1;
3116
3117 return 0;
3118}
3119
3120static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3121 int size)
3122{
3123 return socket_has_perm(current, sock, SOCKET__WRITE);
3124}
3125
3126static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
3127 int size, int flags)
3128{
3129 return socket_has_perm(current, sock, SOCKET__READ);
3130}
3131
3132static int selinux_socket_getsockname(struct socket *sock)
3133{
3134 return socket_has_perm(current, sock, SOCKET__GETATTR);
3135}
3136
3137static int selinux_socket_getpeername(struct socket *sock)
3138{
3139 return socket_has_perm(current, sock, SOCKET__GETATTR);
3140}
3141
3142static int selinux_socket_setsockopt(struct socket *sock,int level,int optname)
3143{
3144 return socket_has_perm(current, sock, SOCKET__SETOPT);
3145}
3146
3147static int selinux_socket_getsockopt(struct socket *sock, int level,
3148 int optname)
3149{
3150 return socket_has_perm(current, sock, SOCKET__GETOPT);
3151}
3152
3153static int selinux_socket_shutdown(struct socket *sock, int how)
3154{
3155 return socket_has_perm(current, sock, SOCKET__SHUTDOWN);
3156}
3157
3158static int selinux_socket_unix_stream_connect(struct socket *sock,
3159 struct socket *other,
3160 struct sock *newsk)
3161{
3162 struct sk_security_struct *ssec;
3163 struct inode_security_struct *isec;
3164 struct inode_security_struct *other_isec;
3165 struct avc_audit_data ad;
3166 int err;
3167
3168 err = secondary_ops->unix_stream_connect(sock, other, newsk);
3169 if (err)
3170 return err;
3171
3172 isec = SOCK_INODE(sock)->i_security;
3173 other_isec = SOCK_INODE(other)->i_security;
3174
3175 AVC_AUDIT_DATA_INIT(&ad,NET);
3176 ad.u.net.sk = other->sk;
3177
3178 err = avc_has_perm(isec->sid, other_isec->sid,
3179 isec->sclass,
3180 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
3181 if (err)
3182 return err;
3183
3184
3185 ssec = sock->sk->sk_security;
3186 ssec->peer_sid = other_isec->sid;
3187
3188
3189 ssec = newsk->sk_security;
3190 ssec->peer_sid = isec->sid;
3191
3192 return 0;
3193}
3194
3195static int selinux_socket_unix_may_send(struct socket *sock,
3196 struct socket *other)
3197{
3198 struct inode_security_struct *isec;
3199 struct inode_security_struct *other_isec;
3200 struct avc_audit_data ad;
3201 int err;
3202
3203 isec = SOCK_INODE(sock)->i_security;
3204 other_isec = SOCK_INODE(other)->i_security;
3205
3206 AVC_AUDIT_DATA_INIT(&ad,NET);
3207 ad.u.net.sk = other->sk;
3208
3209 err = avc_has_perm(isec->sid, other_isec->sid,
3210 isec->sclass, SOCKET__SENDTO, &ad);
3211 if (err)
3212 return err;
3213
3214 return 0;
3215}
3216
3217static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3218{
3219 u16 family;
3220 char *addrp;
3221 int len, err = 0;
3222 u32 netif_perm, node_perm, node_sid, if_sid, recv_perm = 0;
3223 u32 sock_sid = 0;
3224 u16 sock_class = 0;
3225 struct socket *sock;
3226 struct net_device *dev;
3227 struct avc_audit_data ad;
3228
3229 family = sk->sk_family;
3230 if (family != PF_INET && family != PF_INET6)
3231 goto out;
3232
3233
3234 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
3235 family = PF_INET;
3236
3237 read_lock_bh(&sk->sk_callback_lock);
3238 sock = sk->sk_socket;
3239 if (sock) {
3240 struct inode *inode;
3241 inode = SOCK_INODE(sock);
3242 if (inode) {
3243 struct inode_security_struct *isec;
3244 isec = inode->i_security;
3245 sock_sid = isec->sid;
3246 sock_class = isec->sclass;
3247 }
3248 }
3249 read_unlock_bh(&sk->sk_callback_lock);
3250 if (!sock_sid)
3251 goto out;
3252
3253 dev = skb->dev;
3254 if (!dev)
3255 goto out;
3256
3257 err = sel_netif_sids(dev, &if_sid, NULL);
3258 if (err)
3259 goto out;
3260
3261 switch (sock_class) {
3262 case SECCLASS_UDP_SOCKET:
3263 netif_perm = NETIF__UDP_RECV;
3264 node_perm = NODE__UDP_RECV;
3265 recv_perm = UDP_SOCKET__RECV_MSG;
3266 break;
3267
3268 case SECCLASS_TCP_SOCKET:
3269 netif_perm = NETIF__TCP_RECV;
3270 node_perm = NODE__TCP_RECV;
3271 recv_perm = TCP_SOCKET__RECV_MSG;
3272 break;
3273
3274 default:
3275 netif_perm = NETIF__RAWIP_RECV;
3276 node_perm = NODE__RAWIP_RECV;
3277 break;
3278 }
3279
3280 AVC_AUDIT_DATA_INIT(&ad, NET);
3281 ad.u.net.netif = dev->name;
3282 ad.u.net.family = family;
3283
3284 err = selinux_parse_skb(skb, &ad, &addrp, &len, 1);
3285 if (err)
3286 goto out;
3287
3288 err = avc_has_perm(sock_sid, if_sid, SECCLASS_NETIF, netif_perm, &ad);
3289 if (err)
3290 goto out;
3291
3292
3293 err = security_node_sid(family, addrp, len, &node_sid);
3294 if (err)
3295 goto out;
3296
3297 err = avc_has_perm(sock_sid, node_sid, SECCLASS_NODE, node_perm, &ad);
3298 if (err)
3299 goto out;
3300
3301 if (recv_perm) {
3302 u32 port_sid;
3303
3304
3305 err = security_port_sid(sk->sk_family, sk->sk_type,
3306 sk->sk_protocol, ntohs(ad.u.net.sport),
3307 &port_sid);
3308 if (err)
3309 goto out;
3310
3311 err = avc_has_perm(sock_sid, port_sid,
3312 sock_class, recv_perm, &ad);
3313 }
3314
3315 if (!err)
3316 err = selinux_xfrm_sock_rcv_skb(sock_sid, skb);
3317
3318out:
3319 return err;
3320}
3321
3322static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
3323 int __user *optlen, unsigned len)
3324{
3325 int err = 0;
3326 char *scontext;
3327 u32 scontext_len;
3328 struct sk_security_struct *ssec;
3329 struct inode_security_struct *isec;
3330 u32 peer_sid = 0;
3331
3332 isec = SOCK_INODE(sock)->i_security;
3333
3334
3335 if (isec->sclass == SECCLASS_UNIX_STREAM_SOCKET) {
3336 ssec = sock->sk->sk_security;
3337 peer_sid = ssec->peer_sid;
3338 }
3339 else if (isec->sclass == SECCLASS_TCP_SOCKET) {
3340 peer_sid = selinux_socket_getpeer_stream(sock->sk);
3341
3342 if (peer_sid == SECSID_NULL) {
3343 err = -ENOPROTOOPT;
3344 goto out;
3345 }
3346 }
3347 else {
3348 err = -ENOPROTOOPT;
3349 goto out;
3350 }
3351
3352 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
3353
3354 if (err)
3355 goto out;
3356
3357 if (scontext_len > len) {
3358 err = -ERANGE;
3359 goto out_len;
3360 }
3361
3362 if (copy_to_user(optval, scontext, scontext_len))
3363 err = -EFAULT;
3364
3365out_len:
3366 if (put_user(scontext_len, optlen))
3367 err = -EFAULT;
3368
3369 kfree(scontext);
3370out:
3371 return err;
3372}
3373
3374static int selinux_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata, u32 *seclen)
3375{
3376 int err = 0;
3377 u32 peer_sid = selinux_socket_getpeer_dgram(skb);
3378
3379 if (peer_sid == SECSID_NULL)
3380 return -EINVAL;
3381
3382 err = security_sid_to_context(peer_sid, secdata, seclen);
3383 if (err)
3384 return err;
3385
3386 return 0;
3387}
3388
3389
3390
3391static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
3392{
3393 return sk_alloc_security(sk, family, priority);
3394}
3395
3396static void selinux_sk_free_security(struct sock *sk)
3397{
3398 sk_free_security(sk);
3399}
3400
3401static unsigned int selinux_sk_getsid_security(struct sock *sk, struct flowi *fl, u8 dir)
3402{
3403 struct inode_security_struct *isec;
3404 u32 sock_sid = SECINITSID_ANY_SOCKET;
3405
3406 if (!sk)
3407 return selinux_no_sk_sid(fl);
3408
3409 read_lock_bh(&sk->sk_callback_lock);
3410 isec = get_sock_isec(sk);
3411
3412 if (isec)
3413 sock_sid = isec->sid;
3414
3415 read_unlock_bh(&sk->sk_callback_lock);
3416 return sock_sid;
3417}
3418
3419static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
3420{
3421 int err = 0;
3422 u32 perm;
3423 struct nlmsghdr *nlh;
3424 struct socket *sock = sk->sk_socket;
3425 struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;
3426
3427 if (skb->len < NLMSG_SPACE(0)) {
3428 err = -EINVAL;
3429 goto out;
3430 }
3431 nlh = (struct nlmsghdr *)skb->data;
3432
3433 err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
3434 if (err) {
3435 if (err == -EINVAL) {
3436 audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR,
3437 "SELinux: unrecognized netlink message"
3438 " type=%hu for sclass=%hu\n",
3439 nlh->nlmsg_type, isec->sclass);
3440 if (!selinux_enforcing)
3441 err = 0;
3442 }
3443
3444
3445 if (err == -ENOENT)
3446 err = 0;
3447 goto out;
3448 }
3449
3450 err = socket_has_perm(current, sock, perm);
3451out:
3452 return err;
3453}
3454
3455#ifdef CONFIG_NETFILTER
3456
3457static unsigned int selinux_ip_postroute_last(unsigned int hooknum,
3458 struct sk_buff **pskb,
3459 const struct net_device *in,
3460 const struct net_device *out,
3461 int (*okfn)(struct sk_buff *),
3462 u16 family)
3463{
3464 char *addrp;
3465 int len, err = NF_ACCEPT;
3466 u32 netif_perm, node_perm, node_sid, if_sid, send_perm = 0;
3467 struct sock *sk;
3468 struct socket *sock;
3469 struct inode *inode;
3470 struct sk_buff *skb = *pskb;
3471 struct inode_security_struct *isec;
3472 struct avc_audit_data ad;
3473 struct net_device *dev = (struct net_device *)out;
3474
3475 sk = skb->sk;
3476 if (!sk)
3477 goto out;
3478
3479 sock = sk->sk_socket;
3480 if (!sock)
3481 goto out;
3482
3483 inode = SOCK_INODE(sock);
3484 if (!inode)
3485 goto out;
3486
3487 err = sel_netif_sids(dev, &if_sid, NULL);
3488 if (err)
3489 goto out;
3490
3491 isec = inode->i_security;
3492
3493 switch (isec->sclass) {
3494 case SECCLASS_UDP_SOCKET:
3495 netif_perm = NETIF__UDP_SEND;
3496 node_perm = NODE__UDP_SEND;
3497 send_perm = UDP_SOCKET__SEND_MSG;
3498 break;
3499
3500 case SECCLASS_TCP_SOCKET:
3501 netif_perm = NETIF__TCP_SEND;
3502 node_perm = NODE__TCP_SEND;
3503 send_perm = TCP_SOCKET__SEND_MSG;
3504 break;
3505
3506 default:
3507 netif_perm = NETIF__RAWIP_SEND;
3508 node_perm = NODE__RAWIP_SEND;
3509 break;
3510 }
3511
3512
3513 AVC_AUDIT_DATA_INIT(&ad, NET);
3514 ad.u.net.netif = dev->name;
3515 ad.u.net.family = family;
3516
3517 err = selinux_parse_skb(skb, &ad, &addrp,
3518 &len, 0) ? NF_DROP : NF_ACCEPT;
3519 if (err != NF_ACCEPT)
3520 goto out;
3521
3522 err = avc_has_perm(isec->sid, if_sid, SECCLASS_NETIF,
3523 netif_perm, &ad) ? NF_DROP : NF_ACCEPT;
3524 if (err != NF_ACCEPT)
3525 goto out;
3526
3527
3528 err = security_node_sid(family, addrp, len,
3529 &node_sid) ? NF_DROP : NF_ACCEPT;
3530 if (err != NF_ACCEPT)
3531 goto out;
3532
3533 err = avc_has_perm(isec->sid, node_sid, SECCLASS_NODE,
3534 node_perm, &ad) ? NF_DROP : NF_ACCEPT;
3535 if (err != NF_ACCEPT)
3536 goto out;
3537
3538 if (send_perm) {
3539 u32 port_sid;
3540
3541
3542 err = security_port_sid(sk->sk_family,
3543 sk->sk_type,
3544 sk->sk_protocol,
3545 ntohs(ad.u.net.dport),
3546 &port_sid) ? NF_DROP : NF_ACCEPT;
3547 if (err != NF_ACCEPT)
3548 goto out;
3549
3550 err = avc_has_perm(isec->sid, port_sid, isec->sclass,
3551 send_perm, &ad) ? NF_DROP : NF_ACCEPT;
3552 }
3553
3554 if (err != NF_ACCEPT)
3555 goto out;
3556
3557 err = selinux_xfrm_postroute_last(isec->sid, skb);
3558
3559out:
3560 return err;
3561}
3562
3563static unsigned int selinux_ipv4_postroute_last(unsigned int hooknum,
3564 struct sk_buff **pskb,
3565 const struct net_device *in,
3566 const struct net_device *out,
3567 int (*okfn)(struct sk_buff *))
3568{
3569 return selinux_ip_postroute_last(hooknum, pskb, in, out, okfn, PF_INET);
3570}
3571
3572#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3573
3574static unsigned int selinux_ipv6_postroute_last(unsigned int hooknum,
3575 struct sk_buff **pskb,
3576 const struct net_device *in,
3577 const struct net_device *out,
3578 int (*okfn)(struct sk_buff *))
3579{
3580 return selinux_ip_postroute_last(hooknum, pskb, in, out, okfn, PF_INET6);
3581}
3582
3583#endif
3584
3585#endif
3586
3587static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
3588{
3589 struct task_security_struct *tsec;
3590 struct av_decision avd;
3591 int err;
3592
3593 err = secondary_ops->netlink_send(sk, skb);
3594 if (err)
3595 return err;
3596
3597 tsec = current->security;
3598
3599 avd.allowed = 0;
3600 avc_has_perm_noaudit(tsec->sid, tsec->sid,
3601 SECCLASS_CAPABILITY, ~0, &avd);
3602 cap_mask(NETLINK_CB(skb).eff_cap, avd.allowed);
3603
3604 if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS)
3605 err = selinux_nlmsg_perm(sk, skb);
3606
3607 return err;
3608}
3609
3610static int selinux_netlink_recv(struct sk_buff *skb)
3611{
3612 if (!cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN))
3613 return -EPERM;
3614 return 0;
3615}
3616
3617static int ipc_alloc_security(struct task_struct *task,
3618 struct kern_ipc_perm *perm,
3619 u16 sclass)
3620{
3621 struct task_security_struct *tsec = task->security;
3622 struct ipc_security_struct *isec;
3623
3624 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
3625 if (!isec)
3626 return -ENOMEM;
3627
3628 isec->sclass = sclass;
3629 isec->ipc_perm = perm;
3630 isec->sid = tsec->sid;
3631 perm->security = isec;
3632
3633 return 0;
3634}
3635
3636static void ipc_free_security(struct kern_ipc_perm *perm)
3637{
3638 struct ipc_security_struct *isec = perm->security;
3639 perm->security = NULL;
3640 kfree(isec);
3641}
3642
3643static int msg_msg_alloc_security(struct msg_msg *msg)
3644{
3645 struct msg_security_struct *msec;
3646
3647 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
3648 if (!msec)
3649 return -ENOMEM;
3650
3651 msec->msg = msg;
3652 msec->sid = SECINITSID_UNLABELED;
3653 msg->security = msec;
3654
3655 return 0;
3656}
3657
3658static void msg_msg_free_security(struct msg_msg *msg)
3659{
3660 struct msg_security_struct *msec = msg->security;
3661
3662 msg->security = NULL;
3663 kfree(msec);
3664}
3665
3666static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
3667 u32 perms)
3668{
3669 struct task_security_struct *tsec;
3670 struct ipc_security_struct *isec;
3671 struct avc_audit_data ad;
3672
3673 tsec = current->security;
3674 isec = ipc_perms->security;
3675
3676 AVC_AUDIT_DATA_INIT(&ad, IPC);
3677 ad.u.ipc_id = ipc_perms->key;
3678
3679 return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad);
3680}
3681
3682static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
3683{
3684 return msg_msg_alloc_security(msg);
3685}
3686
3687static void selinux_msg_msg_free_security(struct msg_msg *msg)
3688{
3689 msg_msg_free_security(msg);
3690}
3691
3692
3693static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
3694{
3695 struct task_security_struct *tsec;
3696 struct ipc_security_struct *isec;
3697 struct avc_audit_data ad;
3698 int rc;
3699
3700 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
3701 if (rc)
3702 return rc;
3703
3704 tsec = current->security;
3705 isec = msq->q_perm.security;
3706
3707 AVC_AUDIT_DATA_INIT(&ad, IPC);
3708 ad.u.ipc_id = msq->q_perm.key;
3709
3710 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
3711 MSGQ__CREATE, &ad);
3712 if (rc) {
3713 ipc_free_security(&msq->q_perm);
3714 return rc;
3715 }
3716 return 0;
3717}
3718
3719static void selinux_msg_queue_free_security(struct msg_queue *msq)
3720{
3721 ipc_free_security(&msq->q_perm);
3722}
3723
3724static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
3725{
3726 struct task_security_struct *tsec;
3727 struct ipc_security_struct *isec;
3728 struct avc_audit_data ad;
3729
3730 tsec = current->security;
3731 isec = msq->q_perm.security;
3732
3733 AVC_AUDIT_DATA_INIT(&ad, IPC);
3734 ad.u.ipc_id = msq->q_perm.key;
3735
3736 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
3737 MSGQ__ASSOCIATE, &ad);
3738}
3739
3740static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
3741{
3742 int err;
3743 int perms;
3744
3745 switch(cmd) {
3746 case IPC_INFO:
3747 case MSG_INFO:
3748
3749 return task_has_system(current, SYSTEM__IPC_INFO);
3750 case IPC_STAT:
3751 case MSG_STAT:
3752 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
3753 break;
3754 case IPC_SET:
3755 perms = MSGQ__SETATTR;
3756 break;
3757 case IPC_RMID:
3758 perms = MSGQ__DESTROY;
3759 break;
3760 default:
3761 return 0;
3762 }
3763
3764 err = ipc_has_perm(&msq->q_perm, perms);
3765 return err;
3766}
3767
3768static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
3769{
3770 struct task_security_struct *tsec;
3771 struct ipc_security_struct *isec;
3772 struct msg_security_struct *msec;
3773 struct avc_audit_data ad;
3774 int rc;
3775
3776 tsec = current->security;
3777 isec = msq->q_perm.security;
3778 msec = msg->security;
3779
3780
3781
3782
3783 if (msec->sid == SECINITSID_UNLABELED) {
3784
3785
3786
3787
3788 rc = security_transition_sid(tsec->sid,
3789 isec->sid,
3790 SECCLASS_MSG,
3791 &msec->sid);
3792 if (rc)
3793 return rc;
3794 }
3795
3796 AVC_AUDIT_DATA_INIT(&ad, IPC);
3797 ad.u.ipc_id = msq->q_perm.key;
3798
3799
3800 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
3801 MSGQ__WRITE, &ad);
3802 if (!rc)
3803
3804 rc = avc_has_perm(tsec->sid, msec->sid,
3805 SECCLASS_MSG, MSG__SEND, &ad);
3806 if (!rc)
3807
3808 rc = avc_has_perm(msec->sid, isec->sid,
3809 SECCLASS_MSGQ, MSGQ__ENQUEUE, &ad);
3810
3811 return rc;
3812}
3813
3814static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
3815 struct task_struct *target,
3816 long type, int mode)
3817{
3818 struct task_security_struct *tsec;
3819 struct ipc_security_struct *isec;
3820 struct msg_security_struct *msec;
3821 struct avc_audit_data ad;
3822 int rc;
3823
3824 tsec = target->security;
3825 isec = msq->q_perm.security;
3826 msec = msg->security;
3827
3828 AVC_AUDIT_DATA_INIT(&ad, IPC);
3829 ad.u.ipc_id = msq->q_perm.key;
3830
3831 rc = avc_has_perm(tsec->sid, isec->sid,
3832 SECCLASS_MSGQ, MSGQ__READ, &ad);
3833 if (!rc)
3834 rc = avc_has_perm(tsec->sid, msec->sid,
3835 SECCLASS_MSG, MSG__RECEIVE, &ad);
3836 return rc;
3837}
3838
3839
3840static int selinux_shm_alloc_security(struct shmid_kernel *shp)
3841{
3842 struct task_security_struct *tsec;
3843 struct ipc_security_struct *isec;
3844 struct avc_audit_data ad;
3845 int rc;
3846
3847 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
3848 if (rc)
3849 return rc;
3850
3851 tsec = current->security;
3852 isec = shp->shm_perm.security;
3853
3854 AVC_AUDIT_DATA_INIT(&ad, IPC);
3855 ad.u.ipc_id = shp->shm_perm.key;
3856
3857 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM,
3858 SHM__CREATE, &ad);
3859 if (rc) {
3860 ipc_free_security(&shp->shm_perm);
3861 return rc;
3862 }
3863 return 0;
3864}
3865
3866static void selinux_shm_free_security(struct shmid_kernel *shp)
3867{
3868 ipc_free_security(&shp->shm_perm);
3869}
3870
3871static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
3872{
3873 struct task_security_struct *tsec;
3874 struct ipc_security_struct *isec;
3875 struct avc_audit_data ad;
3876
3877 tsec = current->security;
3878 isec = shp->shm_perm.security;
3879
3880 AVC_AUDIT_DATA_INIT(&ad, IPC);
3881 ad.u.ipc_id = shp->shm_perm.key;
3882
3883 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM,
3884 SHM__ASSOCIATE, &ad);
3885}
3886
3887
3888static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
3889{
3890 int perms;
3891 int err;
3892
3893 switch(cmd) {
3894 case IPC_INFO:
3895 case SHM_INFO:
3896
3897 return task_has_system(current, SYSTEM__IPC_INFO);
3898 case IPC_STAT:
3899 case SHM_STAT:
3900 perms = SHM__GETATTR | SHM__ASSOCIATE;
3901 break;
3902 case IPC_SET:
3903 perms = SHM__SETATTR;
3904 break;
3905 case SHM_LOCK:
3906 case SHM_UNLOCK:
3907 perms = SHM__LOCK;
3908 break;
3909 case IPC_RMID:
3910 perms = SHM__DESTROY;
3911 break;
3912 default:
3913 return 0;
3914 }
3915
3916 err = ipc_has_perm(&shp->shm_perm, perms);
3917 return err;
3918}
3919
3920static int selinux_shm_shmat(struct shmid_kernel *shp,
3921 char __user *shmaddr, int shmflg)
3922{
3923 u32 perms;
3924 int rc;
3925
3926 rc = secondary_ops->shm_shmat(shp, shmaddr, shmflg);
3927 if (rc)
3928 return rc;
3929
3930 if (shmflg & SHM_RDONLY)
3931 perms = SHM__READ;
3932 else
3933 perms = SHM__READ | SHM__WRITE;
3934
3935 return ipc_has_perm(&shp->shm_perm, perms);
3936}
3937
3938
3939static int selinux_sem_alloc_security(struct sem_array *sma)
3940{
3941 struct task_security_struct *tsec;
3942 struct ipc_security_struct *isec;
3943 struct avc_audit_data ad;
3944 int rc;
3945
3946 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
3947 if (rc)
3948 return rc;
3949
3950 tsec = current->security;
3951 isec = sma->sem_perm.security;
3952
3953 AVC_AUDIT_DATA_INIT(&ad, IPC);
3954 ad.u.ipc_id = sma->sem_perm.key;
3955
3956 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM,
3957 SEM__CREATE, &ad);
3958 if (rc) {
3959 ipc_free_security(&sma->sem_perm);
3960 return rc;
3961 }
3962 return 0;
3963}
3964
3965static void selinux_sem_free_security(struct sem_array *sma)
3966{
3967 ipc_free_security(&sma->sem_perm);
3968}
3969
3970static int selinux_sem_associate(struct sem_array *sma, int semflg)
3971{
3972 struct task_security_struct *tsec;
3973 struct ipc_security_struct *isec;
3974 struct avc_audit_data ad;
3975
3976 tsec = current->security;
3977 isec = sma->sem_perm.security;
3978
3979 AVC_AUDIT_DATA_INIT(&ad, IPC);
3980 ad.u.ipc_id = sma->sem_perm.key;
3981
3982 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM,
3983 SEM__ASSOCIATE, &ad);
3984}
3985
3986
3987static int selinux_sem_semctl(struct sem_array *sma, int cmd)
3988{
3989 int err;
3990 u32 perms;
3991
3992 switch(cmd) {
3993 case IPC_INFO:
3994 case SEM_INFO:
3995
3996 return task_has_system(current, SYSTEM__IPC_INFO);
3997 case GETPID:
3998 case GETNCNT:
3999 case GETZCNT:
4000 perms = SEM__GETATTR;
4001 break;
4002 case GETVAL:
4003 case GETALL:
4004 perms = SEM__READ;
4005 break;
4006 case SETVAL:
4007 case SETALL:
4008 perms = SEM__WRITE;
4009 break;
4010 case IPC_RMID:
4011 perms = SEM__DESTROY;
4012 break;
4013 case IPC_SET:
4014 perms = SEM__SETATTR;
4015 break;
4016 case IPC_STAT:
4017 case SEM_STAT:
4018 perms = SEM__GETATTR | SEM__ASSOCIATE;
4019 break;
4020 default:
4021 return 0;
4022 }
4023
4024 err = ipc_has_perm(&sma->sem_perm, perms);
4025 return err;
4026}
4027
4028static int selinux_sem_semop(struct sem_array *sma,
4029 struct sembuf *sops, unsigned nsops, int alter)
4030{
4031 u32 perms;
4032
4033 if (alter)
4034 perms = SEM__READ | SEM__WRITE;
4035 else
4036 perms = SEM__READ;
4037
4038 return ipc_has_perm(&sma->sem_perm, perms);
4039}
4040
4041static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
4042{
4043 u32 av = 0;
4044
4045 av = 0;
4046 if (flag & S_IRUGO)
4047 av |= IPC__UNIX_READ;
4048 if (flag & S_IWUGO)
4049 av |= IPC__UNIX_WRITE;
4050
4051 if (av == 0)
4052 return 0;
4053
4054 return ipc_has_perm(ipcp, av);
4055}
4056
4057
4058static int selinux_register_security (const char *name, struct security_operations *ops)
4059{
4060 if (secondary_ops != original_ops) {
4061 printk(KERN_INFO "%s: There is already a secondary security "
4062 "module registered.\n", __FUNCTION__);
4063 return -EINVAL;
4064 }
4065
4066 secondary_ops = ops;
4067
4068 printk(KERN_INFO "%s: Registering secondary module %s\n",
4069 __FUNCTION__,
4070 name);
4071
4072 return 0;
4073}
4074
4075static int selinux_unregister_security (const char *name, struct security_operations *ops)
4076{
4077 if (ops != secondary_ops) {
4078 printk (KERN_INFO "%s: trying to unregister a security module "
4079 "that is not registered.\n", __FUNCTION__);
4080 return -EINVAL;
4081 }
4082
4083 secondary_ops = original_ops;
4084
4085 return 0;
4086}
4087
4088static void selinux_d_instantiate (struct dentry *dentry, struct inode *inode)
4089{
4090 if (inode)
4091 inode_doinit_with_dentry(inode, dentry);
4092}
4093
4094static int selinux_getprocattr(struct task_struct *p,
4095 char *name, void *value, size_t size)
4096{
4097 struct task_security_struct *tsec;
4098 u32 sid;
4099 int error;
4100
4101 if (current != p) {
4102 error = task_has_perm(current, p, PROCESS__GETATTR);
4103 if (error)
4104 return error;
4105 }
4106
4107 tsec = p->security;
4108
4109 if (!strcmp(name, "current"))
4110 sid = tsec->sid;
4111 else if (!strcmp(name, "prev"))
4112 sid = tsec->osid;
4113 else if (!strcmp(name, "exec"))
4114 sid = tsec->exec_sid;
4115 else if (!strcmp(name, "fscreate"))
4116 sid = tsec->create_sid;
4117 else
4118 return -EINVAL;
4119
4120 if (!sid)
4121 return 0;
4122
4123 return selinux_getsecurity(sid, value, size);
4124}
4125
4126static int selinux_setprocattr(struct task_struct *p,
4127 char *name, void *value, size_t size)
4128{
4129 struct task_security_struct *tsec;
4130 u32 sid = 0;
4131 int error;
4132 char *str = value;
4133
4134 if (current != p) {
4135
4136
4137 return -EACCES;
4138 }
4139
4140
4141
4142
4143
4144
4145 if (!strcmp(name, "exec"))
4146 error = task_has_perm(current, p, PROCESS__SETEXEC);
4147 else if (!strcmp(name, "fscreate"))
4148 error = task_has_perm(current, p, PROCESS__SETFSCREATE);
4149 else if (!strcmp(name, "current"))
4150 error = task_has_perm(current, p, PROCESS__SETCURRENT);
4151 else
4152 error = -EINVAL;
4153 if (error)
4154 return error;
4155
4156
4157 if (size && str[1] && str[1] != '\n') {
4158 if (str[size-1] == '\n') {
4159 str[size-1] = 0;
4160 size--;
4161 }
4162 error = security_context_to_sid(value, size, &sid);
4163 if (error)
4164 return error;
4165 }
4166
4167
4168
4169
4170
4171
4172
4173 tsec = p->security;
4174 if (!strcmp(name, "exec"))
4175 tsec->exec_sid = sid;
4176 else if (!strcmp(name, "fscreate"))
4177 tsec->create_sid = sid;
4178 else if (!strcmp(name, "current")) {
4179 struct av_decision avd;
4180
4181 if (sid == 0)
4182 return -EINVAL;
4183
4184
4185 if (atomic_read(&p->mm->mm_users) != 1) {
4186 struct task_struct *g, *t;
4187 struct mm_struct *mm = p->mm;
4188 read_lock(&tasklist_lock);
4189 do_each_thread(g, t)
4190 if (t->mm == mm && t != p) {
4191 read_unlock(&tasklist_lock);
4192 return -EPERM;
4193 }
4194 while_each_thread(g, t);
4195 read_unlock(&tasklist_lock);
4196 }
4197
4198
4199 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
4200 PROCESS__DYNTRANSITION, NULL);
4201 if (error)
4202 return error;
4203
4204
4205
4206 task_lock(p);
4207 if (p->ptrace & PT_PTRACED) {
4208 error = avc_has_perm_noaudit(tsec->ptrace_sid, sid,
4209 SECCLASS_PROCESS,
4210 PROCESS__PTRACE, &avd);
4211 if (!error)
4212 tsec->sid = sid;
4213 task_unlock(p);
4214 avc_audit(tsec->ptrace_sid, sid, SECCLASS_PROCESS,
4215 PROCESS__PTRACE, &avd, error, NULL);
4216 if (error)
4217 return error;
4218 } else {
4219 tsec->sid = sid;
4220 task_unlock(p);
4221 }
4222 }
4223 else
4224 return -EINVAL;
4225
4226 return size;
4227}
4228
4229static struct security_operations selinux_ops = {
4230 .ptrace = selinux_ptrace,
4231 .capget = selinux_capget,
4232 .capset_check = selinux_capset_check,
4233 .capset_set = selinux_capset_set,
4234 .sysctl = selinux_sysctl,
4235 .capable = selinux_capable,
4236 .quotactl = selinux_quotactl,
4237 .quota_on = selinux_quota_on,
4238 .syslog = selinux_syslog,
4239 .vm_enough_memory = selinux_vm_enough_memory,
4240
4241 .netlink_send = selinux_netlink_send,
4242 .netlink_recv = selinux_netlink_recv,
4243
4244 .bprm_alloc_security = selinux_bprm_alloc_security,
4245 .bprm_free_security = selinux_bprm_free_security,
4246 .bprm_apply_creds = selinux_bprm_apply_creds,
4247 .bprm_post_apply_creds = selinux_bprm_post_apply_creds,
4248 .bprm_set_security = selinux_bprm_set_security,
4249 .bprm_check_security = selinux_bprm_check_security,
4250 .bprm_secureexec = selinux_bprm_secureexec,
4251
4252 .sb_alloc_security = selinux_sb_alloc_security,
4253 .sb_free_security = selinux_sb_free_security,
4254 .sb_copy_data = selinux_sb_copy_data,
4255 .sb_kern_mount = selinux_sb_kern_mount,
4256 .sb_statfs = selinux_sb_statfs,
4257 .sb_mount = selinux_mount,
4258 .sb_umount = selinux_umount,
4259
4260 .inode_alloc_security = selinux_inode_alloc_security,
4261 .inode_free_security = selinux_inode_free_security,
4262 .inode_init_security = selinux_inode_init_security,
4263 .inode_create = selinux_inode_create,
4264 .inode_link = selinux_inode_link,
4265 .inode_unlink = selinux_inode_unlink,
4266 .inode_symlink = selinux_inode_symlink,
4267 .inode_mkdir = selinux_inode_mkdir,
4268 .inode_rmdir = selinux_inode_rmdir,
4269 .inode_mknod = selinux_inode_mknod,
4270 .inode_rename = selinux_inode_rename,
4271 .inode_readlink = selinux_inode_readlink,
4272 .inode_follow_link = selinux_inode_follow_link,
4273 .inode_permission = selinux_inode_permission,
4274 .inode_setattr = selinux_inode_setattr,
4275 .inode_getattr = selinux_inode_getattr,
4276 .inode_setxattr = selinux_inode_setxattr,
4277 .inode_post_setxattr = selinux_inode_post_setxattr,
4278 .inode_getxattr = selinux_inode_getxattr,
4279 .inode_listxattr = selinux_inode_listxattr,
4280 .inode_removexattr = selinux_inode_removexattr,
4281 .inode_xattr_getsuffix = selinux_inode_xattr_getsuffix,
4282 .inode_getsecurity = selinux_inode_getsecurity,
4283 .inode_setsecurity = selinux_inode_setsecurity,
4284 .inode_listsecurity = selinux_inode_listsecurity,
4285
4286 .file_permission = selinux_file_permission,
4287 .file_alloc_security = selinux_file_alloc_security,
4288 .file_free_security = selinux_file_free_security,
4289 .file_ioctl = selinux_file_ioctl,
4290 .file_mmap = selinux_file_mmap,
4291 .file_mprotect = selinux_file_mprotect,
4292 .file_lock = selinux_file_lock,
4293 .file_fcntl = selinux_file_fcntl,
4294 .file_set_fowner = selinux_file_set_fowner,
4295 .file_send_sigiotask = selinux_file_send_sigiotask,
4296 .file_receive = selinux_file_receive,
4297
4298 .task_create = selinux_task_create,
4299 .task_alloc_security = selinux_task_alloc_security,
4300 .task_free_security = selinux_task_free_security,
4301 .task_setuid = selinux_task_setuid,
4302 .task_post_setuid = selinux_task_post_setuid,
4303 .task_setgid = selinux_task_setgid,
4304 .task_setpgid = selinux_task_setpgid,
4305 .task_getpgid = selinux_task_getpgid,
4306 .task_getsid = selinux_task_getsid,
4307 .task_setgroups = selinux_task_setgroups,
4308 .task_setnice = selinux_task_setnice,
4309 .task_setrlimit = selinux_task_setrlimit,
4310 .task_setscheduler = selinux_task_setscheduler,
4311 .task_getscheduler = selinux_task_getscheduler,
4312 .task_kill = selinux_task_kill,
4313 .task_wait = selinux_task_wait,
4314 .task_prctl = selinux_task_prctl,
4315 .task_reparent_to_init = selinux_task_reparent_to_init,
4316 .task_to_inode = selinux_task_to_inode,
4317
4318 .ipc_permission = selinux_ipc_permission,
4319
4320 .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
4321 .msg_msg_free_security = selinux_msg_msg_free_security,
4322
4323 .msg_queue_alloc_security = selinux_msg_queue_alloc_security,
4324 .msg_queue_free_security = selinux_msg_queue_free_security,
4325 .msg_queue_associate = selinux_msg_queue_associate,
4326 .msg_queue_msgctl = selinux_msg_queue_msgctl,
4327 .msg_queue_msgsnd = selinux_msg_queue_msgsnd,
4328 .msg_queue_msgrcv = selinux_msg_queue_msgrcv,
4329
4330 .shm_alloc_security = selinux_shm_alloc_security,
4331 .shm_free_security = selinux_shm_free_security,
4332 .shm_associate = selinux_shm_associate,
4333 .shm_shmctl = selinux_shm_shmctl,
4334 .shm_shmat = selinux_shm_shmat,
4335
4336 .sem_alloc_security = selinux_sem_alloc_security,
4337 .sem_free_security = selinux_sem_free_security,
4338 .sem_associate = selinux_sem_associate,
4339 .sem_semctl = selinux_sem_semctl,
4340 .sem_semop = selinux_sem_semop,
4341
4342 .register_security = selinux_register_security,
4343 .unregister_security = selinux_unregister_security,
4344
4345 .d_instantiate = selinux_d_instantiate,
4346
4347 .getprocattr = selinux_getprocattr,
4348 .setprocattr = selinux_setprocattr,
4349
4350 .unix_stream_connect = selinux_socket_unix_stream_connect,
4351 .unix_may_send = selinux_socket_unix_may_send,
4352
4353 .socket_create = selinux_socket_create,
4354 .socket_post_create = selinux_socket_post_create,
4355 .socket_bind = selinux_socket_bind,
4356 .socket_connect = selinux_socket_connect,
4357 .socket_listen = selinux_socket_listen,
4358 .socket_accept = selinux_socket_accept,
4359 .socket_sendmsg = selinux_socket_sendmsg,
4360 .socket_recvmsg = selinux_socket_recvmsg,
4361 .socket_getsockname = selinux_socket_getsockname,
4362 .socket_getpeername = selinux_socket_getpeername,
4363 .socket_getsockopt = selinux_socket_getsockopt,
4364 .socket_setsockopt = selinux_socket_setsockopt,
4365 .socket_shutdown = selinux_socket_shutdown,
4366 .socket_sock_rcv_skb = selinux_socket_sock_rcv_skb,
4367 .socket_getpeersec_stream = selinux_socket_getpeersec_stream,
4368 .socket_getpeersec_dgram = selinux_socket_getpeersec_dgram,
4369 .sk_alloc_security = selinux_sk_alloc_security,
4370 .sk_free_security = selinux_sk_free_security,
4371 .sk_getsid = selinux_sk_getsid_security,
4372
4373#ifdef CONFIG_SECURITY_NETWORK_XFRM
4374 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc,
4375 .xfrm_policy_clone_security = selinux_xfrm_policy_clone,
4376 .xfrm_policy_free_security = selinux_xfrm_policy_free,
4377 .xfrm_state_alloc_security = selinux_xfrm_state_alloc,
4378 .xfrm_state_free_security = selinux_xfrm_state_free,
4379 .xfrm_policy_lookup = selinux_xfrm_policy_lookup,
4380#endif
4381};
4382
4383static __init int selinux_init(void)
4384{
4385 struct task_security_struct *tsec;
4386
4387 if (!selinux_enabled) {
4388 printk(KERN_INFO "SELinux: Disabled at boot.\n");
4389 return 0;
4390 }
4391
4392 printk(KERN_INFO "SELinux: Initializing.\n");
4393
4394
4395 if (task_alloc_security(current))
4396 panic("SELinux: Failed to initialize initial task.\n");
4397 tsec = current->security;
4398 tsec->osid = tsec->sid = SECINITSID_KERNEL;
4399
4400 sel_inode_cache = kmem_cache_create("selinux_inode_security",
4401 sizeof(struct inode_security_struct),
4402 0, SLAB_PANIC, NULL, NULL);
4403 avc_init();
4404
4405 original_ops = secondary_ops = security_ops;
4406 if (!secondary_ops)
4407 panic ("SELinux: No initial security operations\n");
4408 if (register_security (&selinux_ops))
4409 panic("SELinux: Unable to register with kernel.\n");
4410
4411 if (selinux_enforcing) {
4412 printk(KERN_INFO "SELinux: Starting in enforcing mode\n");
4413 } else {
4414 printk(KERN_INFO "SELinux: Starting in permissive mode\n");
4415 }
4416 return 0;
4417}
4418
4419void selinux_complete_init(void)
4420{
4421 printk(KERN_INFO "SELinux: Completing initialization.\n");
4422
4423
4424 printk(KERN_INFO "SELinux: Setting up existing superblocks.\n");
4425 spin_lock(&sb_lock);
4426 spin_lock(&sb_security_lock);
4427next_sb:
4428 if (!list_empty(&superblock_security_head)) {
4429 struct superblock_security_struct *sbsec =
4430 list_entry(superblock_security_head.next,
4431 struct superblock_security_struct,
4432 list);
4433 struct super_block *sb = sbsec->sb;
4434 sb->s_count++;
4435 spin_unlock(&sb_security_lock);
4436 spin_unlock(&sb_lock);
4437 down_read(&sb->s_umount);
4438 if (sb->s_root)
4439 superblock_doinit(sb, NULL);
4440 drop_super(sb);
4441 spin_lock(&sb_lock);
4442 spin_lock(&sb_security_lock);
4443 list_del_init(&sbsec->list);
4444 goto next_sb;
4445 }
4446 spin_unlock(&sb_security_lock);
4447 spin_unlock(&sb_lock);
4448}
4449
4450
4451
4452security_initcall(selinux_init);
4453
4454#if defined(CONFIG_NETFILTER)
4455
4456static struct nf_hook_ops selinux_ipv4_op = {
4457 .hook = selinux_ipv4_postroute_last,
4458 .owner = THIS_MODULE,
4459 .pf = PF_INET,
4460 .hooknum = NF_IP_POST_ROUTING,
4461 .priority = NF_IP_PRI_SELINUX_LAST,
4462};
4463
4464#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4465
4466static struct nf_hook_ops selinux_ipv6_op = {
4467 .hook = selinux_ipv6_postroute_last,
4468 .owner = THIS_MODULE,
4469 .pf = PF_INET6,
4470 .hooknum = NF_IP6_POST_ROUTING,
4471 .priority = NF_IP6_PRI_SELINUX_LAST,
4472};
4473
4474#endif
4475
4476static int __init selinux_nf_ip_init(void)
4477{
4478 int err = 0;
4479
4480 if (!selinux_enabled)
4481 goto out;
4482
4483 printk(KERN_INFO "SELinux: Registering netfilter hooks\n");
4484
4485 err = nf_register_hook(&selinux_ipv4_op);
4486 if (err)
4487 panic("SELinux: nf_register_hook for IPv4: error %d\n", err);
4488
4489#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4490
4491 err = nf_register_hook(&selinux_ipv6_op);
4492 if (err)
4493 panic("SELinux: nf_register_hook for IPv6: error %d\n", err);
4494
4495#endif
4496
4497out:
4498 return err;
4499}
4500
4501__initcall(selinux_nf_ip_init);
4502
4503#ifdef CONFIG_SECURITY_SELINUX_DISABLE
4504static void selinux_nf_ip_exit(void)
4505{
4506 printk(KERN_INFO "SELinux: Unregistering netfilter hooks\n");
4507
4508 nf_unregister_hook(&selinux_ipv4_op);
4509#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4510 nf_unregister_hook(&selinux_ipv6_op);
4511#endif
4512}
4513#endif
4514
4515#else
4516
4517#ifdef CONFIG_SECURITY_SELINUX_DISABLE
4518#define selinux_nf_ip_exit()
4519#endif
4520
4521#endif
4522
4523#ifdef CONFIG_SECURITY_SELINUX_DISABLE
4524int selinux_disable(void)
4525{
4526 extern void exit_sel_fs(void);
4527 static int selinux_disabled = 0;
4528
4529 if (ss_initialized) {
4530
4531 return -EINVAL;
4532 }
4533
4534 if (selinux_disabled) {
4535
4536 return -EINVAL;
4537 }
4538
4539 printk(KERN_INFO "SELinux: Disabled at runtime.\n");
4540
4541 selinux_disabled = 1;
4542 selinux_enabled = 0;
4543
4544
4545 security_ops = secondary_ops;
4546
4547
4548 selinux_nf_ip_exit();
4549
4550
4551 exit_sel_fs();
4552
4553 return 0;
4554}
4555#endif
4556
4557
4558
