1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21#include <linux/module.h>
22#include <linux/init.h>
23#include <linux/kernel.h>
24#include <linux/ptrace.h>
25#include <linux/errno.h>
26#include <linux/sched.h>
27#include <linux/security.h>
28#include <linux/xattr.h>
29#include <linux/capability.h>
30#include <linux/unistd.h>
31#include <linux/mm.h>
32#include <linux/mman.h>
33#include <linux/slab.h>
34#include <linux/pagemap.h>
35#include <linux/swap.h>
36#include <linux/smp_lock.h>
37#include <linux/spinlock.h>
38#include <linux/syscalls.h>
39#include <linux/file.h>
40#include <linux/namei.h>
41#include <linux/mount.h>
42#include <linux/ext2_fs.h>
43#include <linux/proc_fs.h>
44#include <linux/kd.h>
45#include <linux/netfilter_ipv4.h>
46#include <linux/netfilter_ipv6.h>
47#include <linux/tty.h>
48#include <net/icmp.h>
49#include <net/ip.h>
50#include <net/tcp.h>
51#include <asm/uaccess.h>
52#include <asm/semaphore.h>
53#include <asm/ioctls.h>
54#include <linux/bitops.h>
55#include <linux/interrupt.h>
56#include <linux/netdevice.h>
57#include <linux/netlink.h>
58#include <linux/tcp.h>
59#include <linux/udp.h>
60#include <linux/quota.h>
61#include <linux/un.h>
62#include <net/af_unix.h>
63#include <linux/parser.h>
64#include <linux/nfs_mount.h>
65#include <net/ipv6.h>
66#include <linux/hugetlb.h>
67#include <linux/personality.h>
68#include <linux/sysctl.h>
69#include <linux/audit.h>
70#include <linux/string.h>
71#include <linux/selinux.h>
72
73#include "avc.h"
74#include "objsec.h"
75#include "netif.h"
76#include "xfrm.h"
77
78#define XATTR_SELINUX_SUFFIX "selinux"
79#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
80
81extern unsigned int policydb_loaded_version;
82extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
83extern int selinux_compat_net;
84
85#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
86int selinux_enforcing = 0;
87
88static int __init enforcing_setup(char *str)
89{
90 selinux_enforcing = simple_strtol(str,NULL,0);
91 return 1;
92}
93__setup("enforcing=", enforcing_setup);
94#endif
95
96#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
97int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
98
99static int __init selinux_enabled_setup(char *str)
100{
101 selinux_enabled = simple_strtol(str, NULL, 0);
102 return 1;
103}
104__setup("selinux=", selinux_enabled_setup);
105#else
106int selinux_enabled = 1;
107#endif
108
109
110static struct security_operations *original_ops = NULL;
111
112
113
114
115
116static struct security_operations *secondary_ops = NULL;
117
118
119
120static LIST_HEAD(superblock_security_head);
121static DEFINE_SPINLOCK(sb_security_lock);
122
123static kmem_cache_t *sel_inode_cache;
124
125
126
127static int selinux_getsecurity(u32 sid, void *buffer, size_t size)
128{
129 char *context;
130 unsigned len;
131 int rc;
132
133 rc = security_sid_to_context(sid, &context, &len);
134 if (rc)
135 return rc;
136
137 if (!buffer || !size)
138 goto getsecurity_exit;
139
140 if (size < len) {
141 len = -ERANGE;
142 goto getsecurity_exit;
143 }
144 memcpy(buffer, context, len);
145
146getsecurity_exit:
147 kfree(context);
148 return len;
149}
150
151
152
153static int task_alloc_security(struct task_struct *task)
154{
155 struct task_security_struct *tsec;
156
157 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
158 if (!tsec)
159 return -ENOMEM;
160
161 tsec->task = task;
162 tsec->osid = tsec->sid = tsec->ptrace_sid = SECINITSID_UNLABELED;
163 task->security = tsec;
164
165 return 0;
166}
167
168static void task_free_security(struct task_struct *task)
169{
170 struct task_security_struct *tsec = task->security;
171 task->security = NULL;
172 kfree(tsec);
173}
174
175static int inode_alloc_security(struct inode *inode)
176{
177 struct task_security_struct *tsec = current->security;
178 struct inode_security_struct *isec;
179
180 isec = kmem_cache_alloc(sel_inode_cache, SLAB_KERNEL);
181 if (!isec)
182 return -ENOMEM;
183
184 memset(isec, 0, sizeof(*isec));
185 init_MUTEX(&isec->sem);
186 INIT_LIST_HEAD(&isec->list);
187 isec->inode = inode;
188 isec->sid = SECINITSID_UNLABELED;
189 isec->sclass = SECCLASS_FILE;
190 isec->task_sid = tsec->sid;
191 inode->i_security = isec;
192
193 return 0;
194}
195
196static void inode_free_security(struct inode *inode)
197{
198 struct inode_security_struct *isec = inode->i_security;
199 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
200
201 spin_lock(&sbsec->isec_lock);
202 if (!list_empty(&isec->list))
203 list_del_init(&isec->list);
204 spin_unlock(&sbsec->isec_lock);
205
206 inode->i_security = NULL;
207 kmem_cache_free(sel_inode_cache, isec);
208}
209
210static int file_alloc_security(struct file *file)
211{
212 struct task_security_struct *tsec = current->security;
213 struct file_security_struct *fsec;
214
215 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
216 if (!fsec)
217 return -ENOMEM;
218
219 fsec->file = file;
220 fsec->sid = tsec->sid;
221 fsec->fown_sid = tsec->sid;
222 file->f_security = fsec;
223
224 return 0;
225}
226
227static void file_free_security(struct file *file)
228{
229 struct file_security_struct *fsec = file->f_security;
230 file->f_security = NULL;
231 kfree(fsec);
232}
233
234static int superblock_alloc_security(struct super_block *sb)
235{
236 struct superblock_security_struct *sbsec;
237
238 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
239 if (!sbsec)
240 return -ENOMEM;
241
242 init_MUTEX(&sbsec->sem);
243 INIT_LIST_HEAD(&sbsec->list);
244 INIT_LIST_HEAD(&sbsec->isec_head);
245 spin_lock_init(&sbsec->isec_lock);
246 sbsec->sb = sb;
247 sbsec->sid = SECINITSID_UNLABELED;
248 sbsec->def_sid = SECINITSID_FILE;
249 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
250 sb->s_security = sbsec;
251
252 return 0;
253}
254
255static void superblock_free_security(struct super_block *sb)
256{
257 struct superblock_security_struct *sbsec = sb->s_security;
258
259 spin_lock(&sb_security_lock);
260 if (!list_empty(&sbsec->list))
261 list_del_init(&sbsec->list);
262 spin_unlock(&sb_security_lock);
263
264 sb->s_security = NULL;
265 kfree(sbsec);
266}
267
268static int sk_alloc_security(struct sock *sk, int family, gfp_t priority)
269{
270 struct sk_security_struct *ssec;
271
272 if (family != PF_UNIX)
273 return 0;
274
275 ssec = kzalloc(sizeof(*ssec), priority);
276 if (!ssec)
277 return -ENOMEM;
278
279 ssec->sk = sk;
280 ssec->peer_sid = SECINITSID_UNLABELED;
281 sk->sk_security = ssec;
282
283 return 0;
284}
285
286static void sk_free_security(struct sock *sk)
287{
288 struct sk_security_struct *ssec = sk->sk_security;
289
290 if (sk->sk_family != PF_UNIX)
291 return;
292
293 sk->sk_security = NULL;
294 kfree(ssec);
295}
296
297
298
299extern int ss_initialized;
300
301
302
303static char *labeling_behaviors[6] = {
304 "uses xattr",
305 "uses transition SIDs",
306 "uses task SIDs",
307 "uses genfs_contexts",
308 "not configured for labeling",
309 "uses mountpoint labeling",
310};
311
312static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
313
314static inline int inode_doinit(struct inode *inode)
315{
316 return inode_doinit_with_dentry(inode, NULL);
317}
318
319enum {
320 Opt_context = 1,
321 Opt_fscontext = 2,
322 Opt_defcontext = 4,
323 Opt_rootcontext = 8,
324};
325
326static match_table_t tokens = {
327 {Opt_context, "context=%s"},
328 {Opt_fscontext, "fscontext=%s"},
329 {Opt_defcontext, "defcontext=%s"},
330 {Opt_rootcontext, "rootcontext=%s"},
331};
332
333#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
334
335static int may_context_mount_sb_relabel(u32 sid,
336 struct superblock_security_struct *sbsec,
337 struct task_security_struct *tsec)
338{
339 int rc;
340
341 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
342 FILESYSTEM__RELABELFROM, NULL);
343 if (rc)
344 return rc;
345
346 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
347 FILESYSTEM__RELABELTO, NULL);
348 return rc;
349}
350
351static int may_context_mount_inode_relabel(u32 sid,
352 struct superblock_security_struct *sbsec,
353 struct task_security_struct *tsec)
354{
355 int rc;
356 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
357 FILESYSTEM__RELABELFROM, NULL);
358 if (rc)
359 return rc;
360
361 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
362 FILESYSTEM__ASSOCIATE, NULL);
363 return rc;
364}
365
366static int try_context_mount(struct super_block *sb, void *data)
367{
368 char *context = NULL, *defcontext = NULL;
369 char *fscontext = NULL, *rootcontext = NULL;
370 const char *name;
371 u32 sid;
372 int alloc = 0, rc = 0, seen = 0;
373 struct task_security_struct *tsec = current->security;
374 struct superblock_security_struct *sbsec = sb->s_security;
375
376 if (!data)
377 goto out;
378
379 name = sb->s_type->name;
380
381 if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA) {
382
383
384 if (!strcmp(name, "nfs")) {
385 struct nfs_mount_data *d = data;
386
387 if (d->version < NFS_MOUNT_VERSION)
388 goto out;
389
390 if (d->context[0]) {
391 context = d->context;
392 seen |= Opt_context;
393 }
394 } else
395 goto out;
396
397 } else {
398
399 char *p, *options = data;
400
401 while ((p = strsep(&options, ",")) != NULL) {
402 int token;
403 substring_t args[MAX_OPT_ARGS];
404
405 if (!*p)
406 continue;
407
408 token = match_token(p, tokens, args);
409
410 switch (token) {
411 case Opt_context:
412 if (seen & (Opt_context|Opt_defcontext)) {
413 rc = -EINVAL;
414 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
415 goto out_free;
416 }
417 context = match_strdup(&args[0]);
418 if (!context) {
419 rc = -ENOMEM;
420 goto out_free;
421 }
422 if (!alloc)
423 alloc = 1;
424 seen |= Opt_context;
425 break;
426
427 case Opt_fscontext:
428 if (seen & Opt_fscontext) {
429 rc = -EINVAL;
430 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
431 goto out_free;
432 }
433 fscontext = match_strdup(&args[0]);
434 if (!fscontext) {
435 rc = -ENOMEM;
436 goto out_free;
437 }
438 if (!alloc)
439 alloc = 1;
440 seen |= Opt_fscontext;
441 break;
442
443 case Opt_rootcontext:
444 if (seen & Opt_rootcontext) {
445 rc = -EINVAL;
446 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
447 goto out_free;
448 }
449 rootcontext = match_strdup(&args[0]);
450 if (!rootcontext) {
451 rc = -ENOMEM;
452 goto out_free;
453 }
454 if (!alloc)
455 alloc = 1;
456 seen |= Opt_rootcontext;
457 break;
458
459 case Opt_defcontext:
460 if (sbsec->behavior != SECURITY_FS_USE_XATTR) {
461 rc = -EINVAL;
462 printk(KERN_WARNING "SELinux: "
463 "defcontext option is invalid "
464 "for this filesystem type\n");
465 goto out_free;
466 }
467 if (seen & (Opt_context|Opt_defcontext)) {
468 rc = -EINVAL;
469 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
470 goto out_free;
471 }
472 defcontext = match_strdup(&args[0]);
473 if (!defcontext) {
474 rc = -ENOMEM;
475 goto out_free;
476 }
477 if (!alloc)
478 alloc = 1;
479 seen |= Opt_defcontext;
480 break;
481
482 default:
483 rc = -EINVAL;
484 printk(KERN_WARNING "SELinux: unknown mount "
485 "option\n");
486 goto out_free;
487
488 }
489 }
490 }
491
492 if (!seen)
493 goto out;
494
495
496 if (fscontext) {
497 rc = security_context_to_sid(fscontext, strlen(fscontext), &sid);
498 if (rc) {
499 printk(KERN_WARNING "SELinux: security_context_to_sid"
500 "(%s) failed for (dev %s, type %s) errno=%d\n",
501 fscontext, sb->s_id, name, rc);
502 goto out_free;
503 }
504
505 rc = may_context_mount_sb_relabel(sid, sbsec, tsec);
506 if (rc)
507 goto out_free;
508
509 sbsec->sid = sid;
510 }
511
512
513
514
515
516
517 if (context) {
518 rc = security_context_to_sid(context, strlen(context), &sid);
519 if (rc) {
520 printk(KERN_WARNING "SELinux: security_context_to_sid"
521 "(%s) failed for (dev %s, type %s) errno=%d\n",
522 context, sb->s_id, name, rc);
523 goto out_free;
524 }
525
526 if (!fscontext) {
527 rc = may_context_mount_sb_relabel(sid, sbsec, tsec);
528 if (rc)
529 goto out_free;
530 sbsec->sid = sid;
531 } else {
532 rc = may_context_mount_inode_relabel(sid, sbsec, tsec);
533 if (rc)
534 goto out_free;
535 }
536 sbsec->mntpoint_sid = sid;
537
538 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
539 }
540
541 if (rootcontext) {
542 struct inode *inode = sb->s_root->d_inode;
543 struct inode_security_struct *isec = inode->i_security;
544 rc = security_context_to_sid(rootcontext, strlen(rootcontext), &sid);
545 if (rc) {
546 printk(KERN_WARNING "SELinux: security_context_to_sid"
547 "(%s) failed for (dev %s, type %s) errno=%d\n",
548 rootcontext, sb->s_id, name, rc);
549 goto out_free;
550 }
551
552 rc = may_context_mount_inode_relabel(sid, sbsec, tsec);
553 if (rc)
554 goto out_free;
555
556 isec->sid = sid;
557 isec->initialized = 1;
558 }
559
560 if (defcontext) {
561 rc = security_context_to_sid(defcontext, strlen(defcontext), &sid);
562 if (rc) {
563 printk(KERN_WARNING "SELinux: security_context_to_sid"
564 "(%s) failed for (dev %s, type %s) errno=%d\n",
565 defcontext, sb->s_id, name, rc);
566 goto out_free;
567 }
568
569 if (sid == sbsec->def_sid)
570 goto out_free;
571
572 rc = may_context_mount_inode_relabel(sid, sbsec, tsec);
573 if (rc)
574 goto out_free;
575
576 sbsec->def_sid = sid;
577 }
578
579out_free:
580 if (alloc) {
581 kfree(context);
582 kfree(defcontext);
583 kfree(fscontext);
584 kfree(rootcontext);
585 }
586out:
587 return rc;
588}
589
590static int superblock_doinit(struct super_block *sb, void *data)
591{
592 struct superblock_security_struct *sbsec = sb->s_security;
593 struct dentry *root = sb->s_root;
594 struct inode *inode = root->d_inode;
595 int rc = 0;
596
597 down(&sbsec->sem);
598 if (sbsec->initialized)
599 goto out;
600
601 if (!ss_initialized) {
602
603
604
605 spin_lock(&sb_security_lock);
606 if (list_empty(&sbsec->list))
607 list_add(&sbsec->list, &superblock_security_head);
608 spin_unlock(&sb_security_lock);
609 goto out;
610 }
611
612
613 rc = security_fs_use(sb->s_type->name, &sbsec->behavior, &sbsec->sid);
614 if (rc) {
615 printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
616 __FUNCTION__, sb->s_type->name, rc);
617 goto out;
618 }
619
620 rc = try_context_mount(sb, data);
621 if (rc)
622 goto out;
623
624 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
625
626
627
628
629
630 if (!inode->i_op->getxattr) {
631 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
632 "xattr support\n", sb->s_id, sb->s_type->name);
633 rc = -EOPNOTSUPP;
634 goto out;
635 }
636 rc = inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
637 if (rc < 0 && rc != -ENODATA) {
638 if (rc == -EOPNOTSUPP)
639 printk(KERN_WARNING "SELinux: (dev %s, type "
640 "%s) has no security xattr handler\n",
641 sb->s_id, sb->s_type->name);
642 else
643 printk(KERN_WARNING "SELinux: (dev %s, type "
644 "%s) getxattr errno %d\n", sb->s_id,
645 sb->s_type->name, -rc);
646 goto out;
647 }
648 }
649
650 if (strcmp(sb->s_type->name, "proc") == 0)
651 sbsec->proc = 1;
652
653 sbsec->initialized = 1;
654
655 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) {
656 printk(KERN_INFO "SELinux: initialized (dev %s, type %s), unknown behavior\n",
657 sb->s_id, sb->s_type->name);
658 }
659 else {
660 printk(KERN_INFO "SELinux: initialized (dev %s, type %s), %s\n",
661 sb->s_id, sb->s_type->name,
662 labeling_behaviors[sbsec->behavior-1]);
663 }
664
665
666 rc = inode_doinit_with_dentry(sb->s_root->d_inode, sb->s_root);
667
668
669
670
671
672 spin_lock(&sbsec->isec_lock);
673next_inode:
674 if (!list_empty(&sbsec->isec_head)) {
675 struct inode_security_struct *isec =
676 list_entry(sbsec->isec_head.next,
677 struct inode_security_struct, list);
678 struct inode *inode = isec->inode;
679 spin_unlock(&sbsec->isec_lock);
680 inode = igrab(inode);
681 if (inode) {
682 if (!IS_PRIVATE (inode))
683 inode_doinit(inode);
684 iput(inode);
685 }
686 spin_lock(&sbsec->isec_lock);
687 list_del_init(&isec->list);
688 goto next_inode;
689 }
690 spin_unlock(&sbsec->isec_lock);
691out:
692 up(&sbsec->sem);
693 return rc;
694}
695
696static inline u16 inode_mode_to_security_class(umode_t mode)
697{
698 switch (mode & S_IFMT) {
699 case S_IFSOCK:
700 return SECCLASS_SOCK_FILE;
701 case S_IFLNK:
702 return SECCLASS_LNK_FILE;
703 case S_IFREG:
704 return SECCLASS_FILE;
705 case S_IFBLK:
706 return SECCLASS_BLK_FILE;
707 case S_IFDIR:
708 return SECCLASS_DIR;
709 case S_IFCHR:
710 return SECCLASS_CHR_FILE;
711 case S_IFIFO:
712 return SECCLASS_FIFO_FILE;
713
714 }
715
716 return SECCLASS_FILE;
717}
718
719static inline int default_protocol_stream(int protocol)
720{
721 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
722}
723
724static inline int default_protocol_dgram(int protocol)
725{
726 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
727}
728
729static inline u16 socket_type_to_security_class(int family, int type, int protocol)
730{
731 switch (family) {
732 case PF_UNIX:
733 switch (type) {
734 case SOCK_STREAM:
735 case SOCK_SEQPACKET:
736 return SECCLASS_UNIX_STREAM_SOCKET;
737 case SOCK_DGRAM:
738 return SECCLASS_UNIX_DGRAM_SOCKET;
739 }
740 break;
741 case PF_INET:
742 case PF_INET6:
743 switch (type) {
744 case SOCK_STREAM:
745 if (default_protocol_stream(protocol))
746 return SECCLASS_TCP_SOCKET;
747 else
748 return SECCLASS_RAWIP_SOCKET;
749 case SOCK_DGRAM:
750 if (default_protocol_dgram(protocol))
751 return SECCLASS_UDP_SOCKET;
752 else
753 return SECCLASS_RAWIP_SOCKET;
754 default:
755 return SECCLASS_RAWIP_SOCKET;
756 }
757 break;
758 case PF_NETLINK:
759 switch (protocol) {
760 case NETLINK_ROUTE:
761 return SECCLASS_NETLINK_ROUTE_SOCKET;
762 case NETLINK_FIREWALL:
763 return SECCLASS_NETLINK_FIREWALL_SOCKET;
764 case NETLINK_INET_DIAG:
765 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
766 case NETLINK_NFLOG:
767 return SECCLASS_NETLINK_NFLOG_SOCKET;
768 case NETLINK_XFRM:
769 return SECCLASS_NETLINK_XFRM_SOCKET;
770 case NETLINK_SELINUX:
771 return SECCLASS_NETLINK_SELINUX_SOCKET;
772 case NETLINK_AUDIT:
773 return SECCLASS_NETLINK_AUDIT_SOCKET;
774 case NETLINK_IP6_FW:
775 return SECCLASS_NETLINK_IP6FW_SOCKET;
776 case NETLINK_DNRTMSG:
777 return SECCLASS_NETLINK_DNRT_SOCKET;
778 case NETLINK_KOBJECT_UEVENT:
779 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
780 default:
781 return SECCLASS_NETLINK_SOCKET;
782 }
783 case PF_PACKET:
784 return SECCLASS_PACKET_SOCKET;
785 case PF_KEY:
786 return SECCLASS_KEY_SOCKET;
787 case PF_APPLETALK:
788 return SECCLASS_APPLETALK_SOCKET;
789 }
790
791 return SECCLASS_SOCKET;
792}
793
794#ifdef CONFIG_PROC_FS
795static int selinux_proc_get_sid(struct proc_dir_entry *de,
796 u16 tclass,
797 u32 *sid)
798{
799 int buflen, rc;
800 char *buffer, *path, *end;
801
802 buffer = (char*)__get_free_page(GFP_KERNEL);
803 if (!buffer)
804 return -ENOMEM;
805
806 buflen = PAGE_SIZE;
807 end = buffer+buflen;
808 *--end = '\0';
809 buflen--;
810 path = end-1;
811 *path = '/';
812 while (de && de != de->parent) {
813 buflen -= de->namelen + 1;
814 if (buflen < 0)
815 break;
816 end -= de->namelen;
817 memcpy(end, de->name, de->namelen);
818 *--end = '/';
819 path = end;
820 de = de->parent;
821 }
822 rc = security_genfs_sid("proc", path, tclass, sid);
823 free_page((unsigned long)buffer);
824 return rc;
825}
826#else
827static int selinux_proc_get_sid(struct proc_dir_entry *de,
828 u16 tclass,
829 u32 *sid)
830{
831 return -EINVAL;
832}
833#endif
834
835
836static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
837{
838 struct superblock_security_struct *sbsec = NULL;
839 struct inode_security_struct *isec = inode->i_security;
840 u32 sid;
841 struct dentry *dentry;
842#define INITCONTEXTLEN 255
843 char *context = NULL;
844 unsigned len = 0;
845 int rc = 0;
846 int hold_sem = 0;
847
848 if (isec->initialized)
849 goto out;
850
851 down(&isec->sem);
852 hold_sem = 1;
853 if (isec->initialized)
854 goto out;
855
856 sbsec = inode->i_sb->s_security;
857 if (!sbsec->initialized) {
858
859
860
861 spin_lock(&sbsec->isec_lock);
862 if (list_empty(&isec->list))
863 list_add(&isec->list, &sbsec->isec_head);
864 spin_unlock(&sbsec->isec_lock);
865 goto out;
866 }
867
868 switch (sbsec->behavior) {
869 case SECURITY_FS_USE_XATTR:
870 if (!inode->i_op->getxattr) {
871 isec->sid = sbsec->def_sid;
872 break;
873 }
874
875
876
877 if (opt_dentry) {
878
879 dentry = dget(opt_dentry);
880 } else {
881
882 dentry = d_find_alias(inode);
883 }
884 if (!dentry) {
885 printk(KERN_WARNING "%s: no dentry for dev=%s "
886 "ino=%ld\n", __FUNCTION__, inode->i_sb->s_id,
887 inode->i_ino);
888 goto out;
889 }
890
891 len = INITCONTEXTLEN;
892 context = kmalloc(len, GFP_KERNEL);
893 if (!context) {
894 rc = -ENOMEM;
895 dput(dentry);
896 goto out;
897 }
898 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
899 context, len);
900 if (rc == -ERANGE) {
901
902 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
903 NULL, 0);
904 if (rc < 0) {
905 dput(dentry);
906 goto out;
907 }
908 kfree(context);
909 len = rc;
910 context = kmalloc(len, GFP_KERNEL);
911 if (!context) {
912 rc = -ENOMEM;
913 dput(dentry);
914 goto out;
915 }
916 rc = inode->i_op->getxattr(dentry,
917 XATTR_NAME_SELINUX,
918 context, len);
919 }
920 dput(dentry);
921 if (rc < 0) {
922 if (rc != -ENODATA) {
923 printk(KERN_WARNING "%s: getxattr returned "
924 "%d for dev=%s ino=%ld\n", __FUNCTION__,
925 -rc, inode->i_sb->s_id, inode->i_ino);
926 kfree(context);
927 goto out;
928 }
929
930 sid = sbsec->def_sid;
931 rc = 0;
932 } else {
933 rc = security_context_to_sid_default(context, rc, &sid,
934 sbsec->def_sid);
935 if (rc) {
936 printk(KERN_WARNING "%s: context_to_sid(%s) "
937 "returned %d for dev=%s ino=%ld\n",
938 __FUNCTION__, context, -rc,
939 inode->i_sb->s_id, inode->i_ino);
940 kfree(context);
941
942 rc = 0;
943 break;
944 }
945 }
946 kfree(context);
947 isec->sid = sid;
948 break;
949 case SECURITY_FS_USE_TASK:
950 isec->sid = isec->task_sid;
951 break;
952 case SECURITY_FS_USE_TRANS:
953
954 isec->sid = sbsec->sid;
955
956
957 isec->sclass = inode_mode_to_security_class(inode->i_mode);
958 rc = security_transition_sid(isec->task_sid,
959 sbsec->sid,
960 isec->sclass,
961 &sid);
962 if (rc)
963 goto out;
964 isec->sid = sid;
965 break;
966 case SECURITY_FS_USE_MNTPOINT:
967 isec->sid = sbsec->mntpoint_sid;
968 break;
969 default:
970
971 isec->sid = sbsec->sid;
972
973 if (sbsec->proc) {
974 struct proc_inode *proci = PROC_I(inode);
975 if (proci->pde) {
976 isec->sclass = inode_mode_to_security_class(inode->i_mode);
977 rc = selinux_proc_get_sid(proci->pde,
978 isec->sclass,
979 &sid);
980 if (rc)
981 goto out;
982 isec->sid = sid;
983 }
984 }
985 break;
986 }
987
988 isec->initialized = 1;
989
990out:
991 if (isec->sclass == SECCLASS_FILE)
992 isec->sclass = inode_mode_to_security_class(inode->i_mode);
993
994 if (hold_sem)
995 up(&isec->sem);
996 return rc;
997}
998
999
1000static inline u32 signal_to_av(int sig)
1001{
1002 u32 perm = 0;
1003
1004 switch (sig) {
1005 case SIGCHLD:
1006
1007 perm = PROCESS__SIGCHLD;
1008 break;
1009 case SIGKILL:
1010
1011 perm = PROCESS__SIGKILL;
1012 break;
1013 case SIGSTOP:
1014
1015 perm = PROCESS__SIGSTOP;
1016 break;
1017 default:
1018
1019 perm = PROCESS__SIGNAL;
1020 break;
1021 }
1022
1023 return perm;
1024}
1025
1026
1027
1028static int task_has_perm(struct task_struct *tsk1,
1029 struct task_struct *tsk2,
1030 u32 perms)
1031{
1032 struct task_security_struct *tsec1, *tsec2;
1033
1034 tsec1 = tsk1->security;
1035 tsec2 = tsk2->security;
1036 return avc_has_perm(tsec1->sid, tsec2->sid,
1037 SECCLASS_PROCESS, perms, NULL);
1038}
1039
1040
1041static int task_has_capability(struct task_struct *tsk,
1042 int cap)
1043{
1044 struct task_security_struct *tsec;
1045 struct avc_audit_data ad;
1046
1047 tsec = tsk->security;
1048
1049 AVC_AUDIT_DATA_INIT(&ad,CAP);
1050 ad.tsk = tsk;
1051 ad.u.cap = cap;
1052
1053 return avc_has_perm(tsec->sid, tsec->sid,
1054 SECCLASS_CAPABILITY, CAP_TO_MASK(cap), &ad);
1055}
1056
1057
1058static int task_has_system(struct task_struct *tsk,
1059 u32 perms)
1060{
1061 struct task_security_struct *tsec;
1062
1063 tsec = tsk->security;
1064
1065 return avc_has_perm(tsec->sid, SECINITSID_KERNEL,
1066 SECCLASS_SYSTEM, perms, NULL);
1067}
1068
1069
1070
1071
1072static int inode_has_perm(struct task_struct *tsk,
1073 struct inode *inode,
1074 u32 perms,
1075 struct avc_audit_data *adp)
1076{
1077 struct task_security_struct *tsec;
1078 struct inode_security_struct *isec;
1079 struct avc_audit_data ad;
1080
1081 tsec = tsk->security;
1082 isec = inode->i_security;
1083
1084 if (!adp) {
1085 adp = &ad;
1086 AVC_AUDIT_DATA_INIT(&ad, FS);
1087 ad.u.fs.inode = inode;
1088 }
1089
1090 return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, adp);
1091}
1092
1093
1094
1095
1096static inline int dentry_has_perm(struct task_struct *tsk,
1097 struct vfsmount *mnt,
1098 struct dentry *dentry,
1099 u32 av)
1100{
1101 struct inode *inode = dentry->d_inode;
1102 struct avc_audit_data ad;
1103 AVC_AUDIT_DATA_INIT(&ad,FS);
1104 ad.u.fs.mnt = mnt;
1105 ad.u.fs.dentry = dentry;
1106 return inode_has_perm(tsk, inode, av, &ad);
1107}
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117static int file_has_perm(struct task_struct *tsk,
1118 struct file *file,
1119 u32 av)
1120{
1121 struct task_security_struct *tsec = tsk->security;
1122 struct file_security_struct *fsec = file->f_security;
1123 struct vfsmount *mnt = file->f_vfsmnt;
1124 struct dentry *dentry = file->f_dentry;
1125 struct inode *inode = dentry->d_inode;
1126 struct avc_audit_data ad;
1127 int rc;
1128
1129 AVC_AUDIT_DATA_INIT(&ad, FS);
1130 ad.u.fs.mnt = mnt;
1131 ad.u.fs.dentry = dentry;
1132
1133 if (tsec->sid != fsec->sid) {
1134 rc = avc_has_perm(tsec->sid, fsec->sid,
1135 SECCLASS_FD,
1136 FD__USE,
1137 &ad);
1138 if (rc)
1139 return rc;
1140 }
1141
1142
1143 if (av)
1144 return inode_has_perm(tsk, inode, av, &ad);
1145
1146 return 0;
1147}
1148
1149
1150static int may_create(struct inode *dir,
1151 struct dentry *dentry,
1152 u16 tclass)
1153{
1154 struct task_security_struct *tsec;
1155 struct inode_security_struct *dsec;
1156 struct superblock_security_struct *sbsec;
1157 u32 newsid;
1158 struct avc_audit_data ad;
1159 int rc;
1160
1161 tsec = current->security;
1162 dsec = dir->i_security;
1163 sbsec = dir->i_sb->s_security;
1164
1165 AVC_AUDIT_DATA_INIT(&ad, FS);
1166 ad.u.fs.dentry = dentry;
1167
1168 rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR,
1169 DIR__ADD_NAME | DIR__SEARCH,
1170 &ad);
1171 if (rc)
1172 return rc;
1173
1174 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
1175 newsid = tsec->create_sid;
1176 } else {
1177 rc = security_transition_sid(tsec->sid, dsec->sid, tclass,
1178 &newsid);
1179 if (rc)
1180 return rc;
1181 }
1182
1183 rc = avc_has_perm(tsec->sid, newsid, tclass, FILE__CREATE, &ad);
1184 if (rc)
1185 return rc;
1186
1187 return avc_has_perm(newsid, sbsec->sid,
1188 SECCLASS_FILESYSTEM,
1189 FILESYSTEM__ASSOCIATE, &ad);
1190}
1191
1192
1193static int may_create_key(u32 ksid,
1194 struct task_struct *ctx)
1195{
1196 struct task_security_struct *tsec;
1197
1198 tsec = ctx->security;
1199
1200 return avc_has_perm(tsec->sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1201}
1202
1203#define MAY_LINK 0
1204#define MAY_UNLINK 1
1205#define MAY_RMDIR 2
1206
1207
1208static int may_link(struct inode *dir,
1209 struct dentry *dentry,
1210 int kind)
1211
1212{
1213 struct task_security_struct *tsec;
1214 struct inode_security_struct *dsec, *isec;
1215 struct avc_audit_data ad;
1216 u32 av;
1217 int rc;
1218
1219 tsec = current->security;
1220 dsec = dir->i_security;
1221 isec = dentry->d_inode->i_security;
1222
1223 AVC_AUDIT_DATA_INIT(&ad, FS);
1224 ad.u.fs.dentry = dentry;
1225
1226 av = DIR__SEARCH;
1227 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1228 rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR, av, &ad);
1229 if (rc)
1230 return rc;
1231
1232 switch (kind) {
1233 case MAY_LINK:
1234 av = FILE__LINK;
1235 break;
1236 case MAY_UNLINK:
1237 av = FILE__UNLINK;
1238 break;
1239 case MAY_RMDIR:
1240 av = DIR__RMDIR;
1241 break;
1242 default:
1243 printk(KERN_WARNING "may_link: unrecognized kind %d\n", kind);
1244 return 0;
1245 }
1246
1247 rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, av, &ad);
1248 return rc;
1249}
1250
1251static inline int may_rename(struct inode *old_dir,
1252 struct dentry *old_dentry,
1253 struct inode *new_dir,
1254 struct dentry *new_dentry)
1255{
1256 struct task_security_struct *tsec;
1257 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1258 struct avc_audit_data ad;
1259 u32 av;
1260 int old_is_dir, new_is_dir;
1261 int rc;
1262
1263 tsec = current->security;
1264 old_dsec = old_dir->i_security;
1265 old_isec = old_dentry->d_inode->i_security;
1266 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
1267 new_dsec = new_dir->i_security;
1268
1269 AVC_AUDIT_DATA_INIT(&ad, FS);
1270
1271 ad.u.fs.dentry = old_dentry;
1272 rc = avc_has_perm(tsec->sid, old_dsec->sid, SECCLASS_DIR,
1273 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1274 if (rc)
1275 return rc;
1276 rc = avc_has_perm(tsec->sid, old_isec->sid,
1277 old_isec->sclass, FILE__RENAME, &ad);
1278 if (rc)
1279 return rc;
1280 if (old_is_dir && new_dir != old_dir) {
1281 rc = avc_has_perm(tsec->sid, old_isec->sid,
1282 old_isec->sclass, DIR__REPARENT, &ad);
1283 if (rc)
1284 return rc;
1285 }
1286
1287 ad.u.fs.dentry = new_dentry;
1288 av = DIR__ADD_NAME | DIR__SEARCH;
1289 if (new_dentry->d_inode)
1290 av |= DIR__REMOVE_NAME;
1291 rc = avc_has_perm(tsec->sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1292 if (rc)
1293 return rc;
1294 if (new_dentry->d_inode) {
1295 new_isec = new_dentry->d_inode->i_security;
1296 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
1297 rc = avc_has_perm(tsec->sid, new_isec->sid,
1298 new_isec->sclass,
1299 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1300 if (rc)
1301 return rc;
1302 }
1303
1304 return 0;
1305}
1306
1307
1308static int superblock_has_perm(struct task_struct *tsk,
1309 struct super_block *sb,
1310 u32 perms,
1311 struct avc_audit_data *ad)
1312{
1313 struct task_security_struct *tsec;
1314 struct superblock_security_struct *sbsec;
1315
1316 tsec = tsk->security;
1317 sbsec = sb->s_security;
1318 return avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
1319 perms, ad);
1320}
1321
1322
1323static inline u32 file_mask_to_av(int mode, int mask)
1324{
1325 u32 av = 0;
1326
1327 if ((mode & S_IFMT) != S_IFDIR) {
1328 if (mask & MAY_EXEC)
1329 av |= FILE__EXECUTE;
1330 if (mask & MAY_READ)
1331 av |= FILE__READ;
1332
1333 if (mask & MAY_APPEND)
1334 av |= FILE__APPEND;
1335 else if (mask & MAY_WRITE)
1336 av |= FILE__WRITE;
1337
1338 } else {
1339 if (mask & MAY_EXEC)
1340 av |= DIR__SEARCH;
1341 if (mask & MAY_WRITE)
1342 av |= DIR__WRITE;
1343 if (mask & MAY_READ)
1344 av |= DIR__READ;
1345 }
1346
1347 return av;
1348}
1349
1350
1351static inline u32 file_to_av(struct file *file)
1352{
1353 u32 av = 0;
1354
1355 if (file->f_mode & FMODE_READ)
1356 av |= FILE__READ;
1357 if (file->f_mode & FMODE_WRITE) {
1358 if (file->f_flags & O_APPEND)
1359 av |= FILE__APPEND;
1360 else
1361 av |= FILE__WRITE;
1362 }
1363
1364 return av;
1365}
1366
1367
1368static int inode_security_set_sid(struct inode *inode, u32 sid)
1369{
1370 struct inode_security_struct *isec = inode->i_security;
1371 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
1372
1373 if (!sbsec->initialized) {
1374
1375 return 0;
1376 }
1377
1378 down(&isec->sem);
1379 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1380 isec->sid = sid;
1381 isec->initialized = 1;
1382 up(&isec->sem);
1383 return 0;
1384}
1385
1386
1387
1388static int selinux_ptrace(struct task_struct *parent, struct task_struct *child)
1389{
1390 struct task_security_struct *psec = parent->security;
1391 struct task_security_struct *csec = child->security;
1392 int rc;
1393
1394 rc = secondary_ops->ptrace(parent,child);
1395 if (rc)
1396 return rc;
1397
1398 rc = task_has_perm(parent, child, PROCESS__PTRACE);
1399
1400 if (!(child->ptrace & PT_PTRACED) && !rc)
1401 csec->ptrace_sid = psec->sid;
1402 return rc;
1403}
1404
1405static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
1406 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1407{
1408 int error;
1409
1410 error = task_has_perm(current, target, PROCESS__GETCAP);
1411 if (error)
1412 return error;
1413
1414 return secondary_ops->capget(target, effective, inheritable, permitted);
1415}
1416
1417static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effective,
1418 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1419{
1420 int error;
1421
1422 error = secondary_ops->capset_check(target, effective, inheritable, permitted);
1423 if (error)
1424 return error;
1425
1426 return task_has_perm(current, target, PROCESS__SETCAP);
1427}
1428
1429static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective,
1430 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1431{
1432 secondary_ops->capset_set(target, effective, inheritable, permitted);
1433}
1434
1435static int selinux_capable(struct task_struct *tsk, int cap)
1436{
1437 int rc;
1438
1439 rc = secondary_ops->capable(tsk, cap);
1440 if (rc)
1441 return rc;
1442
1443 return task_has_capability(tsk,cap);
1444}
1445
1446static int selinux_sysctl(ctl_table *table, int op)
1447{
1448 int error = 0;
1449 u32 av;
1450 struct task_security_struct *tsec;
1451 u32 tsid;
1452 int rc;
1453
1454 rc = secondary_ops->sysctl(table, op);
1455 if (rc)
1456 return rc;
1457
1458 tsec = current->security;
1459
1460 rc = selinux_proc_get_sid(table->de, (op == 001) ?
1461 SECCLASS_DIR : SECCLASS_FILE, &tsid);
1462 if (rc) {
1463
1464 tsid = SECINITSID_SYSCTL;
1465 }
1466
1467
1468
1469 if(op == 001) {
1470 error = avc_has_perm(tsec->sid, tsid,
1471 SECCLASS_DIR, DIR__SEARCH, NULL);
1472 } else {
1473 av = 0;
1474 if (op & 004)
1475 av |= FILE__READ;
1476 if (op & 002)
1477 av |= FILE__WRITE;
1478 if (av)
1479 error = avc_has_perm(tsec->sid, tsid,
1480 SECCLASS_FILE, av, NULL);
1481 }
1482
1483 return error;
1484}
1485
1486static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1487{
1488 int rc = 0;
1489
1490 if (!sb)
1491 return 0;
1492
1493 switch (cmds) {
1494 case Q_SYNC:
1495 case Q_QUOTAON:
1496 case Q_QUOTAOFF:
1497 case Q_SETINFO:
1498 case Q_SETQUOTA:
1499 rc = superblock_has_perm(current,
1500 sb,
1501 FILESYSTEM__QUOTAMOD, NULL);
1502 break;
1503 case Q_GETFMT:
1504 case Q_GETINFO:
1505 case Q_GETQUOTA:
1506 rc = superblock_has_perm(current,
1507 sb,
1508 FILESYSTEM__QUOTAGET, NULL);
1509 break;
1510 default:
1511 rc = 0;
1512 break;
1513 }
1514 return rc;
1515}
1516
1517static int selinux_quota_on(struct dentry *dentry)
1518{
1519 return dentry_has_perm(current, NULL, dentry, FILE__QUOTAON);
1520}
1521
1522static int selinux_syslog(int type)
1523{
1524 int rc;
1525
1526 rc = secondary_ops->syslog(type);
1527 if (rc)
1528 return rc;
1529
1530 switch (type) {
1531 case 3:
1532 case 10:
1533 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
1534 break;
1535 case 6:
1536 case 7:
1537 case 8:
1538 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
1539 break;
1540 case 0:
1541 case 1:
1542 case 2:
1543 case 4:
1544 case 5:
1545 default:
1546 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
1547 break;
1548 }
1549 return rc;
1550}
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564static int selinux_vm_enough_memory(long pages)
1565{
1566 int rc, cap_sys_admin = 0;
1567 struct task_security_struct *tsec = current->security;
1568
1569 rc = secondary_ops->capable(current, CAP_SYS_ADMIN);
1570 if (rc == 0)
1571 rc = avc_has_perm_noaudit(tsec->sid, tsec->sid,
1572 SECCLASS_CAPABILITY,
1573 CAP_TO_MASK(CAP_SYS_ADMIN),
1574 NULL);
1575
1576 if (rc == 0)
1577 cap_sys_admin = 1;
1578
1579 return __vm_enough_memory(pages, cap_sys_admin);
1580}
1581
1582
1583
1584static int selinux_bprm_alloc_security(struct linux_binprm *bprm)
1585{
1586 struct bprm_security_struct *bsec;
1587
1588 bsec = kzalloc(sizeof(struct bprm_security_struct), GFP_KERNEL);
1589 if (!bsec)
1590 return -ENOMEM;
1591
1592 bsec->bprm = bprm;
1593 bsec->sid = SECINITSID_UNLABELED;
1594 bsec->set = 0;
1595
1596 bprm->security = bsec;
1597 return 0;
1598}
1599
1600static int selinux_bprm_set_security(struct linux_binprm *bprm)
1601{
1602 struct task_security_struct *tsec;
1603 struct inode *inode = bprm->file->f_dentry->d_inode;
1604 struct inode_security_struct *isec;
1605 struct bprm_security_struct *bsec;
1606 u32 newsid;
1607 struct avc_audit_data ad;
1608 int rc;
1609
1610 rc = secondary_ops->bprm_set_security(bprm);
1611 if (rc)
1612 return rc;
1613
1614 bsec = bprm->security;
1615
1616 if (bsec->set)
1617 return 0;
1618
1619 tsec = current->security;
1620 isec = inode->i_security;
1621
1622
1623 bsec->sid = tsec->sid;
1624
1625
1626 tsec->create_sid = 0;
1627 tsec->keycreate_sid = 0;
1628 tsec->sockcreate_sid = 0;
1629
1630 if (tsec->exec_sid) {
1631 newsid = tsec->exec_sid;
1632
1633 tsec->exec_sid = 0;
1634 } else {
1635
1636 rc = security_transition_sid(tsec->sid, isec->sid,
1637 SECCLASS_PROCESS, &newsid);
1638 if (rc)
1639 return rc;
1640 }
1641
1642 AVC_AUDIT_DATA_INIT(&ad, FS);
1643 ad.u.fs.mnt = bprm->file->f_vfsmnt;
1644 ad.u.fs.dentry = bprm->file->f_dentry;
1645
1646 if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID)
1647 newsid = tsec->sid;
1648
1649 if (tsec->sid == newsid) {
1650 rc = avc_has_perm(tsec->sid, isec->sid,
1651 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
1652 if (rc)
1653 return rc;
1654 } else {
1655
1656 rc = avc_has_perm(tsec->sid, newsid,
1657 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
1658 if (rc)
1659 return rc;
1660
1661 rc = avc_has_perm(newsid, isec->sid,
1662 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
1663 if (rc)
1664 return rc;
1665
1666
1667 current->personality &= ~PER_CLEAR_ON_SETID;
1668
1669
1670 bsec->sid = newsid;
1671 }
1672
1673 bsec->set = 1;
1674 return 0;
1675}
1676
1677static int selinux_bprm_check_security (struct linux_binprm *bprm)
1678{
1679 return secondary_ops->bprm_check_security(bprm);
1680}
1681
1682
1683static int selinux_bprm_secureexec (struct linux_binprm *bprm)
1684{
1685 struct task_security_struct *tsec = current->security;
1686 int atsecure = 0;
1687
1688 if (tsec->osid != tsec->sid) {
1689
1690
1691
1692 atsecure = avc_has_perm(tsec->osid, tsec->sid,
1693 SECCLASS_PROCESS,
1694 PROCESS__NOATSECURE, NULL);
1695 }
1696
1697 return (atsecure || secondary_ops->bprm_secureexec(bprm));
1698}
1699
1700static void selinux_bprm_free_security(struct linux_binprm *bprm)
1701{
1702 kfree(bprm->security);
1703 bprm->security = NULL;
1704}
1705
1706extern struct vfsmount *selinuxfs_mount;
1707extern struct dentry *selinux_null;
1708
1709
1710static inline void flush_unauthorized_files(struct files_struct * files)
1711{
1712 struct avc_audit_data ad;
1713 struct file *file, *devnull = NULL;
1714 struct tty_struct *tty = current->signal->tty;
1715 struct fdtable *fdt;
1716 long j = -1;
1717
1718 if (tty) {
1719 file_list_lock();
1720 file = list_entry(tty->tty_files.next, typeof(*file), f_u.fu_list);
1721 if (file) {
1722
1723
1724
1725
1726
1727 struct inode *inode = file->f_dentry->d_inode;
1728 if (inode_has_perm(current, inode,
1729 FILE__READ | FILE__WRITE, NULL)) {
1730
1731 current->signal->tty = NULL;
1732 current->signal->tty_old_pgrp = 0;
1733 }
1734 }
1735 file_list_unlock();
1736 }
1737
1738
1739
1740 AVC_AUDIT_DATA_INIT(&ad,FS);
1741
1742 spin_lock(&files->file_lock);
1743 for (;;) {
1744 unsigned long set, i;
1745 int fd;
1746
1747 j++;
1748 i = j * __NFDBITS;
1749 fdt = files_fdtable(files);
1750 if (i >= fdt->max_fds || i >= fdt->max_fdset)
1751 break;
1752 set = fdt->open_fds->fds_bits[j];
1753 if (!set)
1754 continue;
1755 spin_unlock(&files->file_lock);
1756 for ( ; set ; i++,set >>= 1) {
1757 if (set & 1) {
1758 file = fget(i);
1759 if (!file)
1760 continue;
1761 if (file_has_perm(current,
1762 file,
1763 file_to_av(file))) {
1764 sys_close(i);
1765 fd = get_unused_fd();
1766 if (fd != i) {
1767 if (fd >= 0)
1768 put_unused_fd(fd);
1769 fput(file);
1770 continue;
1771 }
1772 if (devnull) {
1773 get_file(devnull);
1774 } else {
1775 devnull = dentry_open(dget(selinux_null), mntget(selinuxfs_mount), O_RDWR);
1776 if (!devnull) {
1777 put_unused_fd(fd);
1778 fput(file);
1779 continue;
1780 }
1781 }
1782 fd_install(fd, devnull);
1783 }
1784 fput(file);
1785 }
1786 }
1787 spin_lock(&files->file_lock);
1788
1789 }
1790 spin_unlock(&files->file_lock);
1791}
1792
1793static void selinux_bprm_apply_creds(struct linux_binprm *bprm, int unsafe)
1794{
1795 struct task_security_struct *tsec;
1796 struct bprm_security_struct *bsec;
1797 u32 sid;
1798 int rc;
1799
1800 secondary_ops->bprm_apply_creds(bprm, unsafe);
1801
1802 tsec = current->security;
1803
1804 bsec = bprm->security;
1805 sid = bsec->sid;
1806
1807 tsec->osid = tsec->sid;
1808 bsec->unsafe = 0;
1809 if (tsec->sid != sid) {
1810
1811
1812 if (unsafe & LSM_UNSAFE_SHARE) {
1813 rc = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
1814 PROCESS__SHARE, NULL);
1815 if (rc) {
1816 bsec->unsafe = 1;
1817 return;
1818 }
1819 }
1820
1821
1822
1823 if (unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
1824 rc = avc_has_perm(tsec->ptrace_sid, sid,
1825 SECCLASS_PROCESS, PROCESS__PTRACE,
1826 NULL);
1827 if (rc) {
1828 bsec->unsafe = 1;
1829 return;
1830 }
1831 }
1832 tsec->sid = sid;
1833 }
1834}
1835
1836
1837
1838
1839static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm)
1840{
1841 struct task_security_struct *tsec;
1842 struct rlimit *rlim, *initrlim;
1843 struct itimerval itimer;
1844 struct bprm_security_struct *bsec;
1845 int rc, i;
1846
1847 tsec = current->security;
1848 bsec = bprm->security;
1849
1850 if (bsec->unsafe) {
1851 force_sig_specific(SIGKILL, current);
1852 return;
1853 }
1854 if (tsec->osid == tsec->sid)
1855 return;
1856
1857
1858 flush_unauthorized_files(current->files);
1859
1860
1861
1862
1863
1864
1865
1866 rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS,
1867 PROCESS__SIGINH, NULL);
1868 if (rc) {
1869 memset(&itimer, 0, sizeof itimer);
1870 for (i = 0; i < 3; i++)
1871 do_setitimer(i, &itimer, NULL);
1872 flush_signals(current);
1873 spin_lock_irq(¤t->sighand->siglock);
1874 flush_signal_handlers(current, 1);
1875 sigemptyset(¤t->blocked);
1876 recalc_sigpending();
1877 spin_unlock_irq(¤t->sighand->siglock);
1878 }
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890 rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS,
1891 PROCESS__RLIMITINH, NULL);
1892 if (rc) {
1893 for (i = 0; i < RLIM_NLIMITS; i++) {
1894 rlim = current->signal->rlim + i;
1895 initrlim = init_task.signal->rlim+i;
1896 rlim->rlim_cur = min(rlim->rlim_max,initrlim->rlim_cur);
1897 }
1898 if (current->signal->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) {
1899
1900
1901
1902
1903 current->it_prof_expires = jiffies_to_cputime(1);
1904 }
1905 }
1906
1907
1908
1909 wake_up_interruptible(¤t->parent->signal->wait_chldexit);
1910}
1911
1912
1913
1914static int selinux_sb_alloc_security(struct super_block *sb)
1915{
1916 return superblock_alloc_security(sb);
1917}
1918
1919static void selinux_sb_free_security(struct super_block *sb)
1920{
1921 superblock_free_security(sb);
1922}
1923
1924static inline int match_prefix(char *prefix, int plen, char *option, int olen)
1925{
1926 if (plen > olen)
1927 return 0;
1928
1929 return !memcmp(prefix, option, plen);
1930}
1931
1932static inline int selinux_option(char *option, int len)
1933{
1934 return (match_prefix("context=", sizeof("context=")-1, option, len) ||
1935 match_prefix("fscontext=", sizeof("fscontext=")-1, option, len) ||
1936 match_prefix("defcontext=", sizeof("defcontext=")-1, option, len) ||
1937 match_prefix("rootcontext=", sizeof("rootcontext=")-1, option, len));
1938}
1939
1940static inline void take_option(char **to, char *from, int *first, int len)
1941{
1942 if (!*first) {
1943 **to = ',';
1944 *to += 1;
1945 }
1946 else
1947 *first = 0;
1948 memcpy(*to, from, len);
1949 *to += len;
1950}
1951
1952static int selinux_sb_copy_data(struct file_system_type *type, void *orig, void *copy)
1953{
1954 int fnosec, fsec, rc = 0;
1955 char *in_save, *in_curr, *in_end;
1956 char *sec_curr, *nosec_save, *nosec;
1957
1958 in_curr = orig;
1959 sec_curr = copy;
1960
1961
1962 if (type->fs_flags & FS_BINARY_MOUNTDATA) {
1963 copy_page(sec_curr, in_curr);
1964 goto out;
1965 }
1966
1967 nosec = (char *)get_zeroed_page(GFP_KERNEL);
1968 if (!nosec) {
1969 rc = -ENOMEM;
1970 goto out;
1971 }
1972
1973 nosec_save = nosec;
1974 fnosec = fsec = 1;
1975 in_save = in_end = orig;
1976
1977 do {
1978 if (*in_end == ',' || *in_end == '\0') {
1979 int len = in_end - in_curr;
1980
1981 if (selinux_option(in_curr, len))
1982 take_option(&sec_curr, in_curr, &fsec, len);
1983 else
1984 take_option(&nosec, in_curr, &fnosec, len);
1985
1986 in_curr = in_end + 1;
1987 }
1988 } while (*in_end++);
1989
1990 strcpy(in_save, nosec_save);
1991 free_page((unsigned long)nosec_save);
1992out:
1993 return rc;
1994}
1995
1996static int selinux_sb_kern_mount(struct super_block *sb, void *data)
1997{
1998 struct avc_audit_data ad;
1999 int rc;
2000
2001 rc = superblock_doinit(sb, data);
2002 if (rc)
2003 return rc;
2004
2005 AVC_AUDIT_DATA_INIT(&ad,FS);
2006 ad.u.fs.dentry = sb->s_root;
2007 return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad);
2008}
2009
2010static int selinux_sb_statfs(struct dentry *dentry)
2011{
2012 struct avc_audit_data ad;
2013
2014 AVC_AUDIT_DATA_INIT(&ad,FS);
2015 ad.u.fs.dentry = dentry->d_sb->s_root;
2016 return superblock_has_perm(current, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2017}
2018
2019static int selinux_mount(char * dev_name,
2020 struct nameidata *nd,
2021 char * type,
2022 unsigned long flags,
2023 void * data)
2024{
2025 int rc;
2026
2027 rc = secondary_ops->sb_mount(dev_name, nd, type, flags, data);
2028 if (rc)
2029 return rc;
2030
2031 if (flags & MS_REMOUNT)
2032 return superblock_has_perm(current, nd->mnt->mnt_sb,
2033 FILESYSTEM__REMOUNT, NULL);
2034 else
2035 return dentry_has_perm(current, nd->mnt, nd->dentry,
2036 FILE__MOUNTON);
2037}
2038
2039static int selinux_umount(struct vfsmount *mnt, int flags)
2040{
2041 int rc;
2042
2043 rc = secondary_ops->sb_umount(mnt, flags);
2044 if (rc)
2045 return rc;
2046
2047 return superblock_has_perm(current,mnt->mnt_sb,
2048 FILESYSTEM__UNMOUNT,NULL);
2049}
2050
2051
2052
2053static int selinux_inode_alloc_security(struct inode *inode)
2054{
2055 return inode_alloc_security(inode);
2056}
2057
2058static void selinux_inode_free_security(struct inode *inode)
2059{
2060 inode_free_security(inode);
2061}
2062
2063static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2064 char **name, void **value,
2065 size_t *len)
2066{
2067 struct task_security_struct *tsec;
2068 struct inode_security_struct *dsec;
2069 struct superblock_security_struct *sbsec;
2070 u32 newsid, clen;
2071 int rc;
2072 char *namep = NULL, *context;
2073
2074 tsec = current->security;
2075 dsec = dir->i_security;
2076 sbsec = dir->i_sb->s_security;
2077
2078 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
2079 newsid = tsec->create_sid;
2080 } else {
2081 rc = security_transition_sid(tsec->sid, dsec->sid,
2082 inode_mode_to_security_class(inode->i_mode),
2083 &newsid);
2084 if (rc) {
2085 printk(KERN_WARNING "%s: "
2086 "security_transition_sid failed, rc=%d (dev=%s "
2087 "ino=%ld)\n",
2088 __FUNCTION__,
2089 -rc, inode->i_sb->s_id, inode->i_ino);
2090 return rc;
2091 }
2092 }
2093
2094 inode_security_set_sid(inode, newsid);
2095
2096 if (!ss_initialized || sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
2097 return -EOPNOTSUPP;
2098
2099 if (name) {
2100 namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_KERNEL);
2101 if (!namep)
2102 return -ENOMEM;
2103 *name = namep;
2104 }
2105
2106 if (value && len) {
2107 rc = security_sid_to_context(newsid, &context, &clen);
2108 if (rc) {
2109 kfree(namep);
2110 return rc;
2111 }
2112 *value = context;
2113 *len = clen;
2114 }
2115
2116 return 0;
2117}
2118
2119static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask)
2120{
2121 return may_create(dir, dentry, SECCLASS_FILE);
2122}
2123
2124static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2125{
2126 int rc;
2127
2128 rc = secondary_ops->inode_link(old_dentry,dir,new_dentry);
2129 if (rc)
2130 return rc;
2131 return may_link(dir, old_dentry, MAY_LINK);
2132}
2133
2134static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2135{
2136 int rc;
2137
2138 rc = secondary_ops->inode_unlink(dir, dentry);
2139 if (rc)
2140 return rc;
2141 return may_link(dir, dentry, MAY_UNLINK);
2142}
2143
2144static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2145{
2146 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2147}
2148
2149static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask)
2150{
2151 return may_create(dir, dentry, SECCLASS_DIR);
2152}
2153
2154static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2155{
2156 return may_link(dir, dentry, MAY_RMDIR);
2157}
2158
2159static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
2160{
2161 int rc;
2162
2163 rc = secondary_ops->inode_mknod(dir, dentry, mode, dev);
2164 if (rc)
2165 return rc;
2166
2167 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2168}
2169
2170static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2171 struct inode *new_inode, struct dentry *new_dentry)
2172{
2173 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2174}
2175
2176static int selinux_inode_readlink(struct dentry *dentry)
2177{
2178 return dentry_has_perm(current, NULL, dentry, FILE__READ);
2179}
2180
2181static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
2182{
2183 int rc;
2184
2185 rc = secondary_ops->inode_follow_link(dentry,nameidata);
2186 if (rc)
2187 return rc;
2188 return dentry_has_perm(current, NULL, dentry, FILE__READ);
2189}
2190
2191static int selinux_inode_permission(struct inode *inode, int mask,
2192 struct nameidata *nd)
2193{
2194 int rc;
2195
2196 rc = secondary_ops->inode_permission(inode, mask, nd);
2197 if (rc)
2198 return rc;
2199
2200 if (!mask) {
2201
2202 return 0;
2203 }
2204
2205 return inode_has_perm(current, inode,
2206 file_mask_to_av(inode->i_mode, mask), NULL);
2207}
2208
2209static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2210{
2211 int rc;
2212
2213 rc = secondary_ops->inode_setattr(dentry, iattr);
2214 if (rc)
2215 return rc;
2216
2217 if (iattr->ia_valid & ATTR_FORCE)
2218 return 0;
2219
2220 if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
2221 ATTR_ATIME_SET | ATTR_MTIME_SET))
2222 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
2223
2224 return dentry_has_perm(current, NULL, dentry, FILE__WRITE);
2225}
2226
2227static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
2228{
2229 return dentry_has_perm(current, mnt, dentry, FILE__GETATTR);
2230}
2231
2232static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags)
2233{
2234 struct task_security_struct *tsec = current->security;
2235 struct inode *inode = dentry->d_inode;
2236 struct inode_security_struct *isec = inode->i_security;
2237 struct superblock_security_struct *sbsec;
2238 struct avc_audit_data ad;
2239 u32 newsid;
2240 int rc = 0;
2241
2242 if (strcmp(name, XATTR_NAME_SELINUX)) {
2243 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2244 sizeof XATTR_SECURITY_PREFIX - 1) &&
2245 !capable(CAP_SYS_ADMIN)) {
2246
2247
2248 return -EPERM;
2249 }
2250
2251
2252
2253 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
2254 }
2255
2256 sbsec = inode->i_sb->s_security;
2257 if (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
2258 return -EOPNOTSUPP;
2259
2260 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))
2261 return -EPERM;
2262
2263 AVC_AUDIT_DATA_INIT(&ad,FS);
2264 ad.u.fs.dentry = dentry;
2265
2266 rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
2267 FILE__RELABELFROM, &ad);
2268 if (rc)
2269 return rc;
2270
2271 rc = security_context_to_sid(value, size, &newsid);
2272 if (rc)
2273 return rc;
2274
2275 rc = avc_has_perm(tsec->sid, newsid, isec->sclass,
2276 FILE__RELABELTO, &ad);
2277 if (rc)
2278 return rc;
2279
2280 rc = security_validate_transition(isec->sid, newsid, tsec->sid,
2281 isec->sclass);
2282 if (rc)
2283 return rc;
2284
2285 return avc_has_perm(newsid,
2286 sbsec->sid,
2287 SECCLASS_FILESYSTEM,
2288 FILESYSTEM__ASSOCIATE,
2289 &ad);
2290}
2291
2292static void selinux_inode_post_setxattr(struct dentry *dentry, char *name,
2293 void *value, size_t size, int flags)
2294{
2295 struct inode *inode = dentry->d_inode;
2296 struct inode_security_struct *isec = inode->i_security;
2297 u32 newsid;
2298 int rc;
2299
2300 if (strcmp(name, XATTR_NAME_SELINUX)) {
2301
2302 return;
2303 }
2304
2305 rc = security_context_to_sid(value, size, &newsid);
2306 if (rc) {
2307 printk(KERN_WARNING "%s: unable to obtain SID for context "
2308 "%s, rc=%d\n", __FUNCTION__, (char*)value, -rc);
2309 return;
2310 }
2311
2312 isec->sid = newsid;
2313 return;
2314}
2315
2316static int selinux_inode_getxattr (struct dentry *dentry, char *name)
2317{
2318 return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
2319}
2320
2321static int selinux_inode_listxattr (struct dentry *dentry)
2322{
2323 return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
2324}
2325
2326static int selinux_inode_removexattr (struct dentry *dentry, char *name)
2327{
2328 if (strcmp(name, XATTR_NAME_SELINUX)) {
2329 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2330 sizeof XATTR_SECURITY_PREFIX - 1) &&
2331 !capable(CAP_SYS_ADMIN)) {
2332
2333
2334 return -EPERM;
2335 }
2336
2337
2338
2339
2340 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
2341 }
2342
2343
2344
2345 return -EACCES;
2346}
2347
2348static const char *selinux_inode_xattr_getsuffix(void)
2349{
2350 return XATTR_SELINUX_SUFFIX;
2351}
2352
2353
2354
2355
2356
2357
2358
2359
2360static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
2361{
2362 struct inode_security_struct *isec = inode->i_security;
2363
2364 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2365 return -EOPNOTSUPP;
2366
2367 return selinux_getsecurity(isec->sid, buffer, size);
2368}
2369
2370static int selinux_inode_setsecurity(struct inode *inode, const char *name,
2371 const void *value, size_t size, int flags)
2372{
2373 struct inode_security_struct *isec = inode->i_security;
2374 u32 newsid;
2375 int rc;
2376
2377 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2378 return -EOPNOTSUPP;
2379
2380 if (!value || !size)
2381 return -EACCES;
2382
2383 rc = security_context_to_sid((void*)value, size, &newsid);
2384 if (rc)
2385 return rc;
2386
2387 isec->sid = newsid;
2388 return 0;
2389}
2390
2391static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
2392{
2393 const int len = sizeof(XATTR_NAME_SELINUX);
2394 if (buffer && len <= buffer_size)
2395 memcpy(buffer, XATTR_NAME_SELINUX, len);
2396 return len;
2397}
2398
2399
2400
2401static int selinux_file_permission(struct file *file, int mask)
2402{
2403 struct inode *inode = file->f_dentry->d_inode;
2404
2405 if (!mask) {
2406
2407 return 0;
2408 }
2409
2410
2411 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
2412 mask |= MAY_APPEND;
2413
2414 return file_has_perm(current, file,
2415 file_mask_to_av(inode->i_mode, mask));
2416}
2417
2418static int selinux_file_alloc_security(struct file *file)
2419{
2420 return file_alloc_security(file);
2421}
2422
2423static void selinux_file_free_security(struct file *file)
2424{
2425 file_free_security(file);
2426}
2427
2428static int selinux_file_ioctl(struct file *file, unsigned int cmd,
2429 unsigned long arg)
2430{
2431 int error = 0;
2432
2433 switch (cmd) {
2434 case FIONREAD:
2435
2436 case FIBMAP:
2437
2438 case FIGETBSZ:
2439
2440 case EXT2_IOC_GETFLAGS:
2441
2442 case EXT2_IOC_GETVERSION:
2443 error = file_has_perm(current, file, FILE__GETATTR);
2444 break;
2445
2446 case EXT2_IOC_SETFLAGS:
2447
2448 case EXT2_IOC_SETVERSION:
2449 error = file_has_perm(current, file, FILE__SETATTR);
2450 break;
2451
2452
2453 case FIONBIO:
2454
2455 case FIOASYNC:
2456 error = file_has_perm(current, file, 0);
2457 break;
2458
2459 case KDSKBENT:
2460 case KDSKBSENT:
2461 error = task_has_capability(current,CAP_SYS_TTY_CONFIG);
2462 break;
2463
2464
2465
2466
2467 default:
2468 error = file_has_perm(current, file, FILE__IOCTL);
2469
2470 }
2471 return error;
2472}
2473
2474static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
2475{
2476#ifndef CONFIG_PPC32
2477 if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
2478
2479
2480
2481
2482
2483 int rc = task_has_perm(current, current, PROCESS__EXECMEM);
2484 if (rc)
2485 return rc;
2486 }
2487#endif
2488
2489 if (file) {
2490
2491 u32 av = FILE__READ;
2492
2493
2494 if (shared && (prot & PROT_WRITE))
2495 av |= FILE__WRITE;
2496
2497 if (prot & PROT_EXEC)
2498 av |= FILE__EXECUTE;
2499
2500 return file_has_perm(current, file, av);
2501 }
2502 return 0;
2503}
2504
2505static int selinux_file_mmap(struct file *file, unsigned long reqprot,
2506 unsigned long prot, unsigned long flags)
2507{
2508 int rc;
2509
2510 rc = secondary_ops->file_mmap(file, reqprot, prot, flags);
2511 if (rc)
2512 return rc;
2513
2514 if (selinux_checkreqprot)
2515 prot = reqprot;
2516
2517 return file_map_prot_check(file, prot,
2518 (flags & MAP_TYPE) == MAP_SHARED);
2519}
2520
2521static int selinux_file_mprotect(struct vm_area_struct *vma,
2522 unsigned long reqprot,
2523 unsigned long prot)
2524{
2525 int rc;
2526
2527 rc = secondary_ops->file_mprotect(vma, reqprot, prot);
2528 if (rc)
2529 return rc;
2530
2531 if (selinux_checkreqprot)
2532 prot = reqprot;
2533
2534#ifndef CONFIG_PPC32
2535 if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
2536 rc = 0;
2537 if (vma->vm_start >= vma->vm_mm->start_brk &&
2538 vma->vm_end <= vma->vm_mm->brk) {
2539 rc = task_has_perm(current, current,
2540 PROCESS__EXECHEAP);
2541 } else if (!vma->vm_file &&
2542 vma->vm_start <= vma->vm_mm->start_stack &&
2543 vma->vm_end >= vma->vm_mm->start_stack) {
2544 rc = task_has_perm(current, current, PROCESS__EXECSTACK);
2545 } else if (vma->vm_file && vma->anon_vma) {
2546
2547
2548
2549
2550
2551
2552
2553 rc = file_has_perm(current, vma->vm_file,
2554 FILE__EXECMOD);
2555 }
2556 if (rc)
2557 return rc;
2558 }
2559#endif
2560
2561 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
2562}
2563
2564static int selinux_file_lock(struct file *file, unsigned int cmd)
2565{
2566 return file_has_perm(current, file, FILE__LOCK);
2567}
2568
2569static int selinux_file_fcntl(struct file *file, unsigned int cmd,
2570 unsigned long arg)
2571{
2572 int err = 0;
2573
2574 switch (cmd) {
2575 case F_SETFL:
2576 if (!file->f_dentry || !file->f_dentry->d_inode) {
2577 err = -EINVAL;
2578 break;
2579 }
2580
2581 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
2582 err = file_has_perm(current, file,FILE__WRITE);
2583 break;
2584 }
2585
2586 case F_SETOWN:
2587 case F_SETSIG:
2588 case F_GETFL:
2589 case F_GETOWN:
2590 case F_GETSIG:
2591
2592 err = file_has_perm(current, file, 0);
2593 break;
2594 case F_GETLK:
2595 case F_SETLK:
2596 case F_SETLKW:
2597#if BITS_PER_LONG == 32
2598 case F_GETLK64:
2599 case F_SETLK64:
2600 case F_SETLKW64:
2601#endif
2602 if (!file->f_dentry || !file->f_dentry->d_inode) {
2603 err = -EINVAL;
2604 break;
2605 }
2606 err = file_has_perm(current, file, FILE__LOCK);
2607 break;
2608 }
2609
2610 return err;
2611}
2612
2613static int selinux_file_set_fowner(struct file *file)
2614{
2615 struct task_security_struct *tsec;
2616 struct file_security_struct *fsec;
2617
2618 tsec = current->security;
2619 fsec = file->f_security;
2620 fsec->fown_sid = tsec->sid;
2621
2622 return 0;
2623}
2624
2625static int selinux_file_send_sigiotask(struct task_struct *tsk,
2626 struct fown_struct *fown, int signum)
2627{
2628 struct file *file;
2629 u32 perm;
2630 struct task_security_struct *tsec;
2631 struct file_security_struct *fsec;
2632
2633
2634 file = (struct file *)((long)fown - offsetof(struct file,f_owner));
2635
2636 tsec = tsk->security;
2637 fsec = file->f_security;
2638
2639 if (!signum)
2640 perm = signal_to_av(SIGIO);
2641 else
2642 perm = signal_to_av(signum);
2643
2644 return avc_has_perm(fsec->fown_sid, tsec->sid,
2645 SECCLASS_PROCESS, perm, NULL);
2646}
2647
2648static int selinux_file_receive(struct file *file)
2649{
2650 return file_has_perm(current, file, file_to_av(file));
2651}
2652
2653
2654
2655static int selinux_task_create(unsigned long clone_flags)
2656{
2657 int rc;
2658
2659 rc = secondary_ops->task_create(clone_flags);
2660 if (rc)
2661 return rc;
2662
2663 return task_has_perm(current, current, PROCESS__FORK);
2664}
2665
2666static int selinux_task_alloc_security(struct task_struct *tsk)
2667{
2668 struct task_security_struct *tsec1, *tsec2;
2669 int rc;
2670
2671 tsec1 = current->security;
2672
2673 rc = task_alloc_security(tsk);
2674 if (rc)
2675 return rc;
2676 tsec2 = tsk->security;
2677
2678 tsec2->osid = tsec1->osid;
2679 tsec2->sid = tsec1->sid;
2680
2681
2682 tsec2->exec_sid = tsec1->exec_sid;
2683 tsec2->create_sid = tsec1->create_sid;
2684 tsec2->keycreate_sid = tsec1->keycreate_sid;
2685 tsec2->sockcreate_sid = tsec1->sockcreate_sid;
2686
2687
2688
2689
2690 tsec2->ptrace_sid = tsec1->ptrace_sid;
2691
2692 return 0;
2693}
2694
2695static void selinux_task_free_security(struct task_struct *tsk)
2696{
2697 task_free_security(tsk);
2698}
2699
2700static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
2701{
2702
2703
2704
2705
2706
2707
2708 return 0;
2709}
2710
2711static int selinux_task_post_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
2712{
2713 return secondary_ops->task_post_setuid(id0,id1,id2,flags);
2714}
2715
2716static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags)
2717{
2718
2719 return 0;
2720}
2721
2722static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
2723{
2724 return task_has_perm(current, p, PROCESS__SETPGID);
2725}
2726
2727static int selinux_task_getpgid(struct task_struct *p)
2728{
2729 return task_has_perm(current, p, PROCESS__GETPGID);
2730}
2731
2732static int selinux_task_getsid(struct task_struct *p)
2733{
2734 return task_has_perm(current, p, PROCESS__GETSESSION);
2735}
2736
2737static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
2738{
2739 selinux_get_task_sid(p, secid);
2740}
2741
2742static int selinux_task_setgroups(struct group_info *group_info)
2743{
2744
2745 return 0;
2746}
2747
2748static int selinux_task_setnice(struct task_struct *p, int nice)
2749{
2750 int rc;
2751
2752 rc = secondary_ops->task_setnice(p, nice);
2753 if (rc)
2754 return rc;
2755
2756 return task_has_perm(current,p, PROCESS__SETSCHED);
2757}
2758
2759static int selinux_task_setioprio(struct task_struct *p, int ioprio)
2760{
2761 return task_has_perm(current, p, PROCESS__SETSCHED);
2762}
2763
2764static int selinux_task_getioprio(struct task_struct *p)
2765{
2766 return task_has_perm(current, p, PROCESS__GETSCHED);
2767}
2768
2769static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim)
2770{
2771 struct rlimit *old_rlim = current->signal->rlim + resource;
2772 int rc;
2773
2774 rc = secondary_ops->task_setrlimit(resource, new_rlim);
2775 if (rc)
2776 return rc;
2777
2778
2779
2780
2781
2782 if (old_rlim->rlim_max != new_rlim->rlim_max)
2783 return task_has_perm(current, current, PROCESS__SETRLIMIT);
2784
2785 return 0;
2786}
2787
2788static int selinux_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp)
2789{
2790 return task_has_perm(current, p, PROCESS__SETSCHED);
2791}
2792
2793static int selinux_task_getscheduler(struct task_struct *p)
2794{
2795 return task_has_perm(current, p, PROCESS__GETSCHED);
2796}
2797
2798static int selinux_task_movememory(struct task_struct *p)
2799{
2800 return task_has_perm(current, p, PROCESS__SETSCHED);
2801}
2802
2803static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
2804 int sig, u32 secid)
2805{
2806 u32 perm;
2807 int rc;
2808 struct task_security_struct *tsec;
2809
2810 rc = secondary_ops->task_kill(p, info, sig, secid);
2811 if (rc)
2812 return rc;
2813
2814 if (info != SEND_SIG_NOINFO && (is_si_special(info) || SI_FROMKERNEL(info)))
2815 return 0;
2816
2817 if (!sig)
2818 perm = PROCESS__SIGNULL;
2819 else
2820 perm = signal_to_av(sig);
2821 tsec = p->security;
2822 if (secid)
2823 rc = avc_has_perm(secid, tsec->sid, SECCLASS_PROCESS, perm, NULL);
2824 else
2825 rc = task_has_perm(current, p, perm);
2826 return rc;
2827}
2828
2829static int selinux_task_prctl(int option,
2830 unsigned long arg2,
2831 unsigned long arg3,
2832 unsigned long arg4,
2833 unsigned long arg5)
2834{
2835
2836
2837
2838 return 0;
2839}
2840
2841static int selinux_task_wait(struct task_struct *p)
2842{
2843 u32 perm;
2844
2845 perm = signal_to_av(p->exit_signal);
2846
2847 return task_has_perm(p, current, perm);
2848}
2849
2850static void selinux_task_reparent_to_init(struct task_struct *p)
2851{
2852 struct task_security_struct *tsec;
2853
2854 secondary_ops->task_reparent_to_init(p);
2855
2856 tsec = p->security;
2857 tsec->osid = tsec->sid;
2858 tsec->sid = SECINITSID_KERNEL;
2859 return;
2860}
2861
2862static void selinux_task_to_inode(struct task_struct *p,
2863 struct inode *inode)
2864{
2865 struct task_security_struct *tsec = p->security;
2866 struct inode_security_struct *isec = inode->i_security;
2867
2868 isec->sid = tsec->sid;
2869 isec->initialized = 1;
2870 return;
2871}
2872
2873
2874static int selinux_parse_skb_ipv4(struct sk_buff *skb, struct avc_audit_data *ad)
2875{
2876 int offset, ihlen, ret = -EINVAL;
2877 struct iphdr _iph, *ih;
2878
2879 offset = skb->nh.raw - skb->data;
2880 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
2881 if (ih == NULL)
2882 goto out;
2883
2884 ihlen = ih->ihl * 4;
2885 if (ihlen < sizeof(_iph))
2886 goto out;
2887
2888 ad->u.net.v4info.saddr = ih->saddr;
2889 ad->u.net.v4info.daddr = ih->daddr;
2890 ret = 0;
2891
2892 switch (ih->protocol) {
2893 case IPPROTO_TCP: {
2894 struct tcphdr _tcph, *th;
2895
2896 if (ntohs(ih->frag_off) & IP_OFFSET)
2897 break;
2898
2899 offset += ihlen;
2900 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
2901 if (th == NULL)
2902 break;
2903
2904 ad->u.net.sport = th->source;
2905 ad->u.net.dport = th->dest;
2906 break;
2907 }
2908
2909 case IPPROTO_UDP: {
2910 struct udphdr _udph, *uh;
2911
2912 if (ntohs(ih->frag_off) & IP_OFFSET)
2913 break;
2914
2915 offset += ihlen;
2916 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
2917 if (uh == NULL)
2918 break;
2919
2920 ad->u.net.sport = uh->source;
2921 ad->u.net.dport = uh->dest;
2922 break;
2923 }
2924
2925 default:
2926 break;
2927 }
2928out:
2929 return ret;
2930}
2931
2932#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
2933
2934
2935static int selinux_parse_skb_ipv6(struct sk_buff *skb, struct avc_audit_data *ad)
2936{
2937 u8 nexthdr;
2938 int ret = -EINVAL, offset;
2939 struct ipv6hdr _ipv6h, *ip6;
2940
2941 offset = skb->nh.raw - skb->data;
2942 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
2943 if (ip6 == NULL)
2944 goto out;
2945
2946 ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr);
2947 ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr);
2948 ret = 0;
2949
2950 nexthdr = ip6->nexthdr;
2951 offset += sizeof(_ipv6h);
2952 offset = ipv6_skip_exthdr(skb, offset, &nexthdr);
2953 if (offset < 0)
2954 goto out;
2955
2956 switch (nexthdr) {
2957 case IPPROTO_TCP: {
2958 struct tcphdr _tcph, *th;
2959
2960 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
2961 if (th == NULL)
2962 break;
2963
2964 ad->u.net.sport = th->source;
2965 ad->u.net.dport = th->dest;
2966 break;
2967 }
2968
2969 case IPPROTO_UDP: {
2970 struct udphdr _udph, *uh;
2971
2972 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
2973 if (uh == NULL)
2974 break;
2975
2976 ad->u.net.sport = uh->source;
2977 ad->u.net.dport = uh->dest;
2978 break;
2979 }
2980
2981
2982 default:
2983 break;
2984 }
2985out:
2986 return ret;
2987}
2988
2989#endif
2990
2991static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad,
2992 char **addrp, int *len, int src)
2993{
2994 int ret = 0;
2995
2996 switch (ad->u.net.family) {
2997 case PF_INET:
2998 ret = selinux_parse_skb_ipv4(skb, ad);
2999 if (ret || !addrp)
3000 break;
3001 *len = 4;
3002 *addrp = (char *)(src ? &ad->u.net.v4info.saddr :
3003 &ad->u.net.v4info.daddr);
3004 break;
3005
3006#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3007 case PF_INET6:
3008 ret = selinux_parse_skb_ipv6(skb, ad);
3009 if (ret || !addrp)
3010 break;
3011 *len = 16;
3012 *addrp = (char *)(src ? &ad->u.net.v6info.saddr :
3013 &ad->u.net.v6info.daddr);
3014 break;
3015#endif
3016 default:
3017 break;
3018 }
3019
3020 return ret;
3021}
3022
3023
3024static int socket_has_perm(struct task_struct *task, struct socket *sock,
3025 u32 perms)
3026{
3027 struct inode_security_struct *isec;
3028 struct task_security_struct *tsec;
3029 struct avc_audit_data ad;
3030 int err = 0;
3031
3032 tsec = task->security;
3033 isec = SOCK_INODE(sock)->i_security;
3034
3035 if (isec->sid == SECINITSID_KERNEL)
3036 goto out;
3037
3038 AVC_AUDIT_DATA_INIT(&ad,NET);
3039 ad.u.net.sk = sock->sk;
3040 err = avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad);
3041
3042out:
3043 return err;
3044}
3045
3046static int selinux_socket_create(int family, int type,
3047 int protocol, int kern)
3048{
3049 int err = 0;
3050 struct task_security_struct *tsec;
3051 u32 newsid;
3052
3053 if (kern)
3054 goto out;
3055
3056 tsec = current->security;
3057 newsid = tsec->sockcreate_sid ? : tsec->sid;
3058 err = avc_has_perm(tsec->sid, newsid,
3059 socket_type_to_security_class(family, type,
3060 protocol), SOCKET__CREATE, NULL);
3061
3062out:
3063 return err;
3064}
3065
3066static void selinux_socket_post_create(struct socket *sock, int family,
3067 int type, int protocol, int kern)
3068{
3069 struct inode_security_struct *isec;
3070 struct task_security_struct *tsec;
3071 u32 newsid;
3072
3073 isec = SOCK_INODE(sock)->i_security;
3074
3075 tsec = current->security;
3076 newsid = tsec->sockcreate_sid ? : tsec->sid;
3077 isec->sclass = socket_type_to_security_class(family, type, protocol);
3078 isec->sid = kern ? SECINITSID_KERNEL : newsid;
3079 isec->initialized = 1;
3080
3081 return;
3082}
3083
3084
3085
3086
3087#define ip_local_port_range_0 sysctl_local_port_range[0]
3088#define ip_local_port_range_1 sysctl_local_port_range[1]
3089
3090static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
3091{
3092 u16 family;
3093 int err;
3094
3095 err = socket_has_perm(current, sock, SOCKET__BIND);
3096 if (err)
3097 goto out;
3098
3099
3100
3101
3102
3103
3104 family = sock->sk->sk_family;
3105 if (family == PF_INET || family == PF_INET6) {
3106 char *addrp;
3107 struct inode_security_struct *isec;
3108 struct task_security_struct *tsec;
3109 struct avc_audit_data ad;
3110 struct sockaddr_in *addr4 = NULL;
3111 struct sockaddr_in6 *addr6 = NULL;
3112 unsigned short snum;
3113 struct sock *sk = sock->sk;
3114 u32 sid, node_perm, addrlen;
3115
3116 tsec = current->security;
3117 isec = SOCK_INODE(sock)->i_security;
3118
3119 if (family == PF_INET) {
3120 addr4 = (struct sockaddr_in *)address;
3121 snum = ntohs(addr4->sin_port);
3122 addrlen = sizeof(addr4->sin_addr.s_addr);
3123 addrp = (char *)&addr4->sin_addr.s_addr;
3124 } else {
3125 addr6 = (struct sockaddr_in6 *)address;
3126 snum = ntohs(addr6->sin6_port);
3127 addrlen = sizeof(addr6->sin6_addr.s6_addr);
3128 addrp = (char *)&addr6->sin6_addr.s6_addr;
3129 }
3130
3131 if (snum&&(snum < max(PROT_SOCK,ip_local_port_range_0) ||
3132 snum > ip_local_port_range_1)) {
3133 err = security_port_sid(sk->sk_family, sk->sk_type,
3134 sk->sk_protocol, snum, &sid);
3135 if (err)
3136 goto out;
3137 AVC_AUDIT_DATA_INIT(&ad,NET);
3138 ad.u.net.sport = htons(snum);
3139 ad.u.net.family = family;
3140 err = avc_has_perm(isec->sid, sid,
3141 isec->sclass,
3142 SOCKET__NAME_BIND, &ad);
3143 if (err)
3144 goto out;
3145 }
3146
3147 switch(isec->sclass) {
3148 case SECCLASS_TCP_SOCKET:
3149 node_perm = TCP_SOCKET__NODE_BIND;
3150 break;
3151
3152 case SECCLASS_UDP_SOCKET:
3153 node_perm = UDP_SOCKET__NODE_BIND;
3154 break;
3155
3156 default:
3157 node_perm = RAWIP_SOCKET__NODE_BIND;
3158 break;
3159 }
3160
3161 err = security_node_sid(family, addrp, addrlen, &sid);
3162 if (err)
3163 goto out;
3164
3165 AVC_AUDIT_DATA_INIT(&ad,NET);
3166 ad.u.net.sport = htons(snum);
3167 ad.u.net.family = family;
3168
3169 if (family == PF_INET)
3170 ad.u.net.v4info.saddr = addr4->sin_addr.s_addr;
3171 else
3172 ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr);
3173
3174 err = avc_has_perm(isec->sid, sid,
3175 isec->sclass, node_perm, &ad);
3176 if (err)
3177 goto out;
3178 }
3179out:
3180 return err;
3181}
3182
3183static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
3184{
3185 struct inode_security_struct *isec;
3186 int err;
3187
3188 err = socket_has_perm(current, sock, SOCKET__CONNECT);
3189 if (err)
3190 return err;
3191
3192
3193
3194
3195 isec = SOCK_INODE(sock)->i_security;
3196 if (isec->sclass == SECCLASS_TCP_SOCKET) {
3197 struct sock *sk = sock->sk;
3198 struct avc_audit_data ad;
3199 struct sockaddr_in *addr4 = NULL;
3200 struct sockaddr_in6 *addr6 = NULL;
3201 unsigned short snum;
3202 u32 sid;
3203
3204 if (sk->sk_family == PF_INET) {
3205 addr4 = (struct sockaddr_in *)address;
3206 if (addrlen < sizeof(struct sockaddr_in))
3207 return -EINVAL;
3208 snum = ntohs(addr4->sin_port);
3209 } else {
3210 addr6 = (struct sockaddr_in6 *)address;
3211 if (addrlen < SIN6_LEN_RFC2133)
3212 return -EINVAL;
3213 snum = ntohs(addr6->sin6_port);
3214 }
3215
3216 err = security_port_sid(sk->sk_family, sk->sk_type,
3217 sk->sk_protocol, snum, &sid);
3218 if (err)
3219 goto out;
3220
3221 AVC_AUDIT_DATA_INIT(&ad,NET);
3222 ad.u.net.dport = htons(snum);
3223 ad.u.net.family = sk->sk_family;
3224 err = avc_has_perm(isec->sid, sid, isec->sclass,
3225 TCP_SOCKET__NAME_CONNECT, &ad);
3226 if (err)
3227 goto out;
3228 }
3229
3230out:
3231 return err;
3232}
3233
3234static int selinux_socket_listen(struct socket *sock, int backlog)
3235{
3236 return socket_has_perm(current, sock, SOCKET__LISTEN);
3237}
3238
3239static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
3240{
3241 int err;
3242 struct inode_security_struct *isec;
3243 struct inode_security_struct *newisec;
3244
3245 err = socket_has_perm(current, sock, SOCKET__ACCEPT);
3246 if (err)
3247 return err;
3248
3249 newisec = SOCK_INODE(newsock)->i_security;
3250
3251 isec = SOCK_INODE(sock)->i_security;
3252 newisec->sclass = isec->sclass;
3253 newisec->sid = isec->sid;
3254 newisec->initialized = 1;
3255
3256 return 0;
3257}
3258
3259static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3260 int size)
3261{
3262 return socket_has_perm(current, sock, SOCKET__WRITE);
3263}
3264
3265static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
3266 int size, int flags)
3267{
3268 return socket_has_perm(current, sock, SOCKET__READ);
3269}
3270
3271static int selinux_socket_getsockname(struct socket *sock)
3272{
3273 return socket_has_perm(current, sock, SOCKET__GETATTR);
3274}
3275
3276static int selinux_socket_getpeername(struct socket *sock)
3277{
3278 return socket_has_perm(current, sock, SOCKET__GETATTR);
3279}
3280
3281static int selinux_socket_setsockopt(struct socket *sock,int level,int optname)
3282{
3283 return socket_has_perm(current, sock, SOCKET__SETOPT);
3284}
3285
3286static int selinux_socket_getsockopt(struct socket *sock, int level,
3287 int optname)
3288{
3289 return socket_has_perm(current, sock, SOCKET__GETOPT);
3290}
3291
3292static int selinux_socket_shutdown(struct socket *sock, int how)
3293{
3294 return socket_has_perm(current, sock, SOCKET__SHUTDOWN);
3295}
3296
3297static int selinux_socket_unix_stream_connect(struct socket *sock,
3298 struct socket *other,
3299 struct sock *newsk)
3300{
3301 struct sk_security_struct *ssec;
3302 struct inode_security_struct *isec;
3303 struct inode_security_struct *other_isec;
3304 struct avc_audit_data ad;
3305 int err;
3306
3307 err = secondary_ops->unix_stream_connect(sock, other, newsk);
3308 if (err)
3309 return err;
3310
3311 isec = SOCK_INODE(sock)->i_security;
3312 other_isec = SOCK_INODE(other)->i_security;
3313
3314 AVC_AUDIT_DATA_INIT(&ad,NET);
3315 ad.u.net.sk = other->sk;
3316
3317 err = avc_has_perm(isec->sid, other_isec->sid,
3318 isec->sclass,
3319 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
3320 if (err)
3321 return err;
3322
3323
3324 ssec = sock->sk->sk_security;
3325 ssec->peer_sid = other_isec->sid;
3326
3327
3328 ssec = newsk->sk_security;
3329 ssec->peer_sid = isec->sid;
3330
3331 return 0;
3332}
3333
3334static int selinux_socket_unix_may_send(struct socket *sock,
3335 struct socket *other)
3336{
3337 struct inode_security_struct *isec;
3338 struct inode_security_struct *other_isec;
3339 struct avc_audit_data ad;
3340 int err;
3341
3342 isec = SOCK_INODE(sock)->i_security;
3343 other_isec = SOCK_INODE(other)->i_security;
3344
3345 AVC_AUDIT_DATA_INIT(&ad,NET);
3346 ad.u.net.sk = other->sk;
3347
3348 err = avc_has_perm(isec->sid, other_isec->sid,
3349 isec->sclass, SOCKET__SENDTO, &ad);
3350 if (err)
3351 return err;
3352
3353 return 0;
3354}
3355
3356static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
3357 struct avc_audit_data *ad, u32 sock_sid, u16 sock_class,
3358 u16 family, char *addrp, int len)
3359{
3360 int err = 0;
3361 u32 netif_perm, node_perm, node_sid, if_sid, recv_perm = 0;
3362
3363 if (!skb->dev)
3364 goto out;
3365
3366 err = sel_netif_sids(skb->dev, &if_sid, NULL);
3367 if (err)
3368 goto out;
3369
3370 switch (sock_class) {
3371 case SECCLASS_UDP_SOCKET:
3372 netif_perm = NETIF__UDP_RECV;
3373 node_perm = NODE__UDP_RECV;
3374 recv_perm = UDP_SOCKET__RECV_MSG;
3375 break;
3376
3377 case SECCLASS_TCP_SOCKET:
3378 netif_perm = NETIF__TCP_RECV;
3379 node_perm = NODE__TCP_RECV;
3380 recv_perm = TCP_SOCKET__RECV_MSG;
3381 break;
3382
3383 default:
3384 netif_perm = NETIF__RAWIP_RECV;
3385 node_perm = NODE__RAWIP_RECV;
3386 break;
3387 }
3388
3389 err = avc_has_perm(sock_sid, if_sid, SECCLASS_NETIF, netif_perm, ad);
3390 if (err)
3391 goto out;
3392
3393 err = security_node_sid(family, addrp, len, &node_sid);
3394 if (err)
3395 goto out;
3396
3397 err = avc_has_perm(sock_sid, node_sid, SECCLASS_NODE, node_perm, ad);
3398 if (err)
3399 goto out;
3400
3401 if (recv_perm) {
3402 u32 port_sid;
3403
3404 err = security_port_sid(sk->sk_family, sk->sk_type,
3405 sk->sk_protocol, ntohs(ad->u.net.sport),
3406 &port_sid);
3407 if (err)
3408 goto out;
3409
3410 err = avc_has_perm(sock_sid, port_sid,
3411 sock_class, recv_perm, ad);
3412 }
3413
3414out:
3415 return err;
3416}
3417
3418static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3419{
3420 u16 family;
3421 u16 sock_class = 0;
3422 char *addrp;
3423 int len, err = 0;
3424 u32 sock_sid = 0;
3425 struct socket *sock;
3426 struct avc_audit_data ad;
3427
3428 family = sk->sk_family;
3429 if (family != PF_INET && family != PF_INET6)
3430 goto out;
3431
3432
3433 if (family == PF_INET6 && skb->protocol == ntohs(ETH_P_IP))
3434 family = PF_INET;
3435
3436 read_lock_bh(&sk->sk_callback_lock);
3437 sock = sk->sk_socket;
3438 if (sock) {
3439 struct inode *inode;
3440 inode = SOCK_INODE(sock);
3441 if (inode) {
3442 struct inode_security_struct *isec;
3443 isec = inode->i_security;
3444 sock_sid = isec->sid;
3445 sock_class = isec->sclass;
3446 }
3447 }
3448 read_unlock_bh(&sk->sk_callback_lock);
3449 if (!sock_sid)
3450 goto out;
3451
3452 AVC_AUDIT_DATA_INIT(&ad, NET);
3453 ad.u.net.netif = skb->dev ? skb->dev->name : "[unknown]";
3454 ad.u.net.family = family;
3455
3456 err = selinux_parse_skb(skb, &ad, &addrp, &len, 1);
3457 if (err)
3458 goto out;
3459
3460 if (selinux_compat_net)
3461 err = selinux_sock_rcv_skb_compat(sk, skb, &ad, sock_sid,
3462 sock_class, family,
3463 addrp, len);
3464 else
3465 err = avc_has_perm(sock_sid, skb->secmark, SECCLASS_PACKET,
3466 PACKET__RECV, &ad);
3467 if (err)
3468 goto out;
3469
3470 err = selinux_xfrm_sock_rcv_skb(sock_sid, skb);
3471out:
3472 return err;
3473}
3474
3475static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
3476 int __user *optlen, unsigned len)
3477{
3478 int err = 0;
3479 char *scontext;
3480 u32 scontext_len;
3481 struct sk_security_struct *ssec;
3482 struct inode_security_struct *isec;
3483 u32 peer_sid = 0;
3484
3485 isec = SOCK_INODE(sock)->i_security;
3486
3487
3488 if (isec->sclass == SECCLASS_UNIX_STREAM_SOCKET) {
3489 ssec = sock->sk->sk_security;
3490 peer_sid = ssec->peer_sid;
3491 }
3492 else if (isec->sclass == SECCLASS_TCP_SOCKET) {
3493 peer_sid = selinux_socket_getpeer_stream(sock->sk);
3494
3495 if (peer_sid == SECSID_NULL) {
3496 err = -ENOPROTOOPT;
3497 goto out;
3498 }
3499 }
3500 else {
3501 err = -ENOPROTOOPT;
3502 goto out;
3503 }
3504
3505 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
3506
3507 if (err)
3508 goto out;
3509
3510 if (scontext_len > len) {
3511 err = -ERANGE;
3512 goto out_len;
3513 }
3514
3515 if (copy_to_user(optval, scontext, scontext_len))
3516 err = -EFAULT;
3517
3518out_len:
3519 if (put_user(scontext_len, optlen))
3520 err = -EFAULT;
3521
3522 kfree(scontext);
3523out:
3524 return err;
3525}
3526
3527static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
3528{
3529 u32 peer_secid = SECSID_NULL;
3530 int err = 0;
3531
3532 if (sock && (sock->sk->sk_family == PF_UNIX))
3533 selinux_get_inode_sid(SOCK_INODE(sock), &peer_secid);
3534 else if (skb)
3535 peer_secid = selinux_socket_getpeer_dgram(skb);
3536
3537 if (peer_secid == SECSID_NULL)
3538 err = -EINVAL;
3539 *secid = peer_secid;
3540
3541 return err;
3542}
3543
3544static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
3545{
3546 return sk_alloc_security(sk, family, priority);
3547}
3548
3549static void selinux_sk_free_security(struct sock *sk)
3550{
3551 sk_free_security(sk);
3552}
3553
3554static unsigned int selinux_sk_getsid_security(struct sock *sk, struct flowi *fl, u8 dir)
3555{
3556 struct inode_security_struct *isec;
3557 u32 sock_sid = SECINITSID_ANY_SOCKET;
3558
3559 if (!sk)
3560 return selinux_no_sk_sid(fl);
3561
3562 read_lock_bh(&sk->sk_callback_lock);
3563 isec = get_sock_isec(sk);
3564
3565 if (isec)
3566 sock_sid = isec->sid;
3567
3568 read_unlock_bh(&sk->sk_callback_lock);
3569 return sock_sid;
3570}
3571
3572static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
3573{
3574 int err = 0;
3575 u32 perm;
3576 struct nlmsghdr *nlh;
3577 struct socket *sock = sk->sk_socket;
3578 struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;
3579
3580 if (skb->len < NLMSG_SPACE(0)) {
3581 err = -EINVAL;
3582 goto out;
3583 }
3584 nlh = (struct nlmsghdr *)skb->data;
3585
3586 err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
3587 if (err) {
3588 if (err == -EINVAL) {
3589 audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR,
3590 "SELinux: unrecognized netlink message"
3591 " type=%hu for sclass=%hu\n",
3592 nlh->nlmsg_type, isec->sclass);
3593 if (!selinux_enforcing)
3594 err = 0;
3595 }
3596
3597
3598 if (err == -ENOENT)
3599 err = 0;
3600 goto out;
3601 }
3602
3603 err = socket_has_perm(current, sock, perm);
3604out:
3605 return err;
3606}
3607
3608#ifdef CONFIG_NETFILTER
3609
3610static int selinux_ip_postroute_last_compat(struct sock *sk, struct net_device *dev,
3611 struct inode_security_struct *isec,
3612 struct avc_audit_data *ad,
3613 u16 family, char *addrp, int len)
3614{
3615 int err;
3616 u32 netif_perm, node_perm, node_sid, if_sid, send_perm = 0;
3617
3618 err = sel_netif_sids(dev, &if_sid, NULL);
3619 if (err)
3620 goto out;
3621
3622 switch (isec->sclass) {
3623 case SECCLASS_UDP_SOCKET:
3624 netif_perm = NETIF__UDP_SEND;
3625 node_perm = NODE__UDP_SEND;
3626 send_perm = UDP_SOCKET__SEND_MSG;
3627 break;
3628
3629 case SECCLASS_TCP_SOCKET:
3630 netif_perm = NETIF__TCP_SEND;
3631 node_perm = NODE__TCP_SEND;
3632 send_perm = TCP_SOCKET__SEND_MSG;
3633 break;
3634
3635 default:
3636 netif_perm = NETIF__RAWIP_SEND;
3637 node_perm = NODE__RAWIP_SEND;
3638 break;
3639 }
3640
3641 err = avc_has_perm(isec->sid, if_sid, SECCLASS_NETIF, netif_perm, ad);
3642 if (err)
3643 goto out;
3644
3645 err = security_node_sid(family, addrp, len, &node_sid);
3646 if (err)
3647 goto out;
3648
3649 err = avc_has_perm(isec->sid, node_sid, SECCLASS_NODE, node_perm, ad);
3650 if (err)
3651 goto out;
3652
3653 if (send_perm) {
3654 u32 port_sid;
3655
3656 err = security_port_sid(sk->sk_family,
3657 sk->sk_type,
3658 sk->sk_protocol,
3659 ntohs(ad->u.net.dport),
3660 &port_sid);
3661 if (err)
3662 goto out;
3663
3664 err = avc_has_perm(isec->sid, port_sid, isec->sclass,
3665 send_perm, ad);
3666 }
3667out:
3668 return err;
3669}
3670
3671static unsigned int selinux_ip_postroute_last(unsigned int hooknum,
3672 struct sk_buff **pskb,
3673 const struct net_device *in,
3674 const struct net_device *out,
3675 int (*okfn)(struct sk_buff *),
3676 u16 family)
3677{
3678 char *addrp;
3679 int len, err = 0;
3680 struct sock *sk;
3681 struct socket *sock;
3682 struct inode *inode;
3683 struct sk_buff *skb = *pskb;
3684 struct inode_security_struct *isec;
3685 struct avc_audit_data ad;
3686 struct net_device *dev = (struct net_device *)out;
3687
3688 sk = skb->sk;
3689 if (!sk)
3690 goto out;
3691
3692 sock = sk->sk_socket;
3693 if (!sock)
3694 goto out;
3695
3696 inode = SOCK_INODE(sock);
3697 if (!inode)
3698 goto out;
3699
3700 isec = inode->i_security;
3701
3702 AVC_AUDIT_DATA_INIT(&ad, NET);
3703 ad.u.net.netif = dev->name;
3704 ad.u.net.family = family;
3705
3706 err = selinux_parse_skb(skb, &ad, &addrp, &len, 0);
3707 if (err)
3708 goto out;
3709
3710 if (selinux_compat_net)
3711 err = selinux_ip_postroute_last_compat(sk, dev, isec, &ad,
3712 family, addrp, len);
3713 else
3714 err = avc_has_perm(isec->sid, skb->secmark, SECCLASS_PACKET,
3715 PACKET__SEND, &ad);
3716
3717 if (err)
3718 goto out;
3719
3720 err = selinux_xfrm_postroute_last(isec->sid, skb);
3721out:
3722 return err ? NF_DROP : NF_ACCEPT;
3723}
3724
3725static unsigned int selinux_ipv4_postroute_last(unsigned int hooknum,
3726 struct sk_buff **pskb,
3727 const struct net_device *in,
3728 const struct net_device *out,
3729 int (*okfn)(struct sk_buff *))
3730{
3731 return selinux_ip_postroute_last(hooknum, pskb, in, out, okfn, PF_INET);
3732}
3733
3734#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3735
3736static unsigned int selinux_ipv6_postroute_last(unsigned int hooknum,
3737 struct sk_buff **pskb,
3738 const struct net_device *in,
3739 const struct net_device *out,
3740 int (*okfn)(struct sk_buff *))
3741{
3742 return selinux_ip_postroute_last(hooknum, pskb, in, out, okfn, PF_INET6);
3743}
3744
3745#endif
3746
3747#endif
3748
3749static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
3750{
3751 int err;
3752
3753 err = secondary_ops->netlink_send(sk, skb);
3754 if (err)
3755 return err;
3756
3757 if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS)
3758 err = selinux_nlmsg_perm(sk, skb);
3759
3760 return err;
3761}
3762
3763static int selinux_netlink_recv(struct sk_buff *skb, int capability)
3764{
3765 int err;
3766 struct avc_audit_data ad;
3767
3768 err = secondary_ops->netlink_recv(skb, capability);
3769 if (err)
3770 return err;
3771
3772 AVC_AUDIT_DATA_INIT(&ad, CAP);
3773 ad.u.cap = capability;
3774
3775 return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid,
3776 SECCLASS_CAPABILITY, CAP_TO_MASK(capability), &ad);
3777}
3778
3779static int ipc_alloc_security(struct task_struct *task,
3780 struct kern_ipc_perm *perm,
3781 u16 sclass)
3782{
3783 struct task_security_struct *tsec = task->security;
3784 struct ipc_security_struct *isec;
3785
3786 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
3787 if (!isec)
3788 return -ENOMEM;
3789
3790 isec->sclass = sclass;
3791 isec->ipc_perm = perm;
3792 isec->sid = tsec->sid;
3793 perm->security = isec;
3794
3795 return 0;
3796}
3797
3798static void ipc_free_security(struct kern_ipc_perm *perm)
3799{
3800 struct ipc_security_struct *isec = perm->security;
3801 perm->security = NULL;
3802 kfree(isec);
3803}
3804
3805static int msg_msg_alloc_security(struct msg_msg *msg)
3806{
3807 struct msg_security_struct *msec;
3808
3809 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
3810 if (!msec)
3811 return -ENOMEM;
3812
3813 msec->msg = msg;
3814 msec->sid = SECINITSID_UNLABELED;
3815 msg->security = msec;
3816
3817 return 0;
3818}
3819
3820static void msg_msg_free_security(struct msg_msg *msg)
3821{
3822 struct msg_security_struct *msec = msg->security;
3823
3824 msg->security = NULL;
3825 kfree(msec);
3826}
3827
3828static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
3829 u32 perms)
3830{
3831 struct task_security_struct *tsec;
3832 struct ipc_security_struct *isec;
3833 struct avc_audit_data ad;
3834
3835 tsec = current->security;
3836 isec = ipc_perms->security;
3837
3838 AVC_AUDIT_DATA_INIT(&ad, IPC);
3839 ad.u.ipc_id = ipc_perms->key;
3840
3841 return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad);
3842}
3843
3844static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
3845{
3846 return msg_msg_alloc_security(msg);
3847}
3848
3849static void selinux_msg_msg_free_security(struct msg_msg *msg)
3850{
3851 msg_msg_free_security(msg);
3852}
3853
3854
3855static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
3856{
3857 struct task_security_struct *tsec;
3858 struct ipc_security_struct *isec;
3859 struct avc_audit_data ad;
3860 int rc;
3861
3862 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
3863 if (rc)
3864 return rc;
3865
3866 tsec = current->security;
3867 isec = msq->q_perm.security;
3868
3869 AVC_AUDIT_DATA_INIT(&ad, IPC);
3870 ad.u.ipc_id = msq->q_perm.key;
3871
3872 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
3873 MSGQ__CREATE, &ad);
3874 if (rc) {
3875 ipc_free_security(&msq->q_perm);
3876 return rc;
3877 }
3878 return 0;
3879}
3880
3881static void selinux_msg_queue_free_security(struct msg_queue *msq)
3882{
3883 ipc_free_security(&msq->q_perm);
3884}
3885
3886static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
3887{
3888 struct task_security_struct *tsec;
3889 struct ipc_security_struct *isec;
3890 struct avc_audit_data ad;
3891
3892 tsec = current->security;
3893 isec = msq->q_perm.security;
3894
3895 AVC_AUDIT_DATA_INIT(&ad, IPC);
3896 ad.u.ipc_id = msq->q_perm.key;
3897
3898 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
3899 MSGQ__ASSOCIATE, &ad);
3900}
3901
3902static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
3903{
3904 int err;
3905 int perms;
3906
3907 switch(cmd) {
3908 case IPC_INFO:
3909 case MSG_INFO:
3910
3911 return task_has_system(current, SYSTEM__IPC_INFO);
3912 case IPC_STAT:
3913 case MSG_STAT:
3914 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
3915 break;
3916 case IPC_SET:
3917 perms = MSGQ__SETATTR;
3918 break;
3919 case IPC_RMID:
3920 perms = MSGQ__DESTROY;
3921 break;
3922 default:
3923 return 0;
3924 }
3925
3926 err = ipc_has_perm(&msq->q_perm, perms);
3927 return err;
3928}
3929
3930static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
3931{
3932 struct task_security_struct *tsec;
3933 struct ipc_security_struct *isec;
3934 struct msg_security_struct *msec;
3935 struct avc_audit_data ad;
3936 int rc;
3937
3938 tsec = current->security;
3939 isec = msq->q_perm.security;
3940 msec = msg->security;
3941
3942
3943
3944
3945 if (msec->sid == SECINITSID_UNLABELED) {
3946
3947
3948
3949
3950 rc = security_transition_sid(tsec->sid,
3951 isec->sid,
3952 SECCLASS_MSG,
3953 &msec->sid);
3954 if (rc)
3955 return rc;
3956 }
3957
3958 AVC_AUDIT_DATA_INIT(&ad, IPC);
3959 ad.u.ipc_id = msq->q_perm.key;
3960
3961
3962 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
3963 MSGQ__WRITE, &ad);
3964 if (!rc)
3965
3966 rc = avc_has_perm(tsec->sid, msec->sid,
3967 SECCLASS_MSG, MSG__SEND, &ad);
3968 if (!rc)
3969
3970 rc = avc_has_perm(msec->sid, isec->sid,
3971 SECCLASS_MSGQ, MSGQ__ENQUEUE, &ad);
3972
3973 return rc;
3974}
3975
3976static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
3977 struct task_struct *target,
3978 long type, int mode)
3979{
3980 struct task_security_struct *tsec;
3981 struct ipc_security_struct *isec;
3982 struct msg_security_struct *msec;
3983 struct avc_audit_data ad;
3984 int rc;
3985
3986 tsec = target->security;
3987 isec = msq->q_perm.security;
3988 msec = msg->security;
3989
3990 AVC_AUDIT_DATA_INIT(&ad, IPC);
3991 ad.u.ipc_id = msq->q_perm.key;
3992
3993 rc = avc_has_perm(tsec->sid, isec->sid,
3994 SECCLASS_MSGQ, MSGQ__READ, &ad);
3995 if (!rc)
3996 rc = avc_has_perm(tsec->sid, msec->sid,
3997 SECCLASS_MSG, MSG__RECEIVE, &ad);
3998 return rc;
3999}
4000
4001
4002static int selinux_shm_alloc_security(struct shmid_kernel *shp)
4003{
4004 struct task_security_struct *tsec;
4005 struct ipc_security_struct *isec;
4006 struct avc_audit_data ad;
4007 int rc;
4008
4009 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
4010 if (rc)
4011 return rc;
4012
4013 tsec = current->security;
4014 isec = shp->shm_perm.security;
4015
4016 AVC_AUDIT_DATA_INIT(&ad, IPC);
4017 ad.u.ipc_id = shp->shm_perm.key;
4018
4019 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM,
4020 SHM__CREATE, &ad);
4021 if (rc) {
4022 ipc_free_security(&shp->shm_perm);
4023 return rc;
4024 }
4025 return 0;
4026}
4027
4028static void selinux_shm_free_security(struct shmid_kernel *shp)
4029{
4030 ipc_free_security(&shp->shm_perm);
4031}
4032
4033static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
4034{
4035 struct task_security_struct *tsec;
4036 struct ipc_security_struct *isec;
4037 struct avc_audit_data ad;
4038
4039 tsec = current->security;
4040 isec = shp->shm_perm.security;
4041
4042 AVC_AUDIT_DATA_INIT(&ad, IPC);
4043 ad.u.ipc_id = shp->shm_perm.key;
4044
4045 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM,
4046 SHM__ASSOCIATE, &ad);
4047}
4048
4049
4050static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
4051{
4052 int perms;
4053 int err;
4054
4055 switch(cmd) {
4056 case IPC_INFO:
4057 case SHM_INFO:
4058
4059 return task_has_system(current, SYSTEM__IPC_INFO);
4060 case IPC_STAT:
4061 case SHM_STAT:
4062 perms = SHM__GETATTR | SHM__ASSOCIATE;
4063 break;
4064 case IPC_SET:
4065 perms = SHM__SETATTR;
4066 break;
4067 case SHM_LOCK:
4068 case SHM_UNLOCK:
4069 perms = SHM__LOCK;
4070 break;
4071 case IPC_RMID:
4072 perms = SHM__DESTROY;
4073 break;
4074 default:
4075 return 0;
4076 }
4077
4078 err = ipc_has_perm(&shp->shm_perm, perms);
4079 return err;
4080}
4081
4082static int selinux_shm_shmat(struct shmid_kernel *shp,
4083 char __user *shmaddr, int shmflg)
4084{
4085 u32 perms;
4086 int rc;
4087
4088 rc = secondary_ops->shm_shmat(shp, shmaddr, shmflg);
4089 if (rc)
4090 return rc;
4091
4092 if (shmflg & SHM_RDONLY)
4093 perms = SHM__READ;
4094 else
4095 perms = SHM__READ | SHM__WRITE;
4096
4097 return ipc_has_perm(&shp->shm_perm, perms);
4098}
4099
4100
4101static int selinux_sem_alloc_security(struct sem_array *sma)
4102{
4103 struct task_security_struct *tsec;
4104 struct ipc_security_struct *isec;
4105 struct avc_audit_data ad;
4106 int rc;
4107
4108 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
4109 if (rc)
4110 return rc;
4111
4112 tsec = current->security;
4113 isec = sma->sem_perm.security;
4114
4115 AVC_AUDIT_DATA_INIT(&ad, IPC);
4116 ad.u.ipc_id = sma->sem_perm.key;
4117
4118 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM,
4119 SEM__CREATE, &ad);
4120 if (rc) {
4121 ipc_free_security(&sma->sem_perm);
4122 return rc;
4123 }
4124 return 0;
4125}
4126
4127static void selinux_sem_free_security(struct sem_array *sma)
4128{
4129 ipc_free_security(&sma->sem_perm);
4130}
4131
4132static int selinux_sem_associate(struct sem_array *sma, int semflg)
4133{
4134 struct task_security_struct *tsec;
4135 struct ipc_security_struct *isec;
4136 struct avc_audit_data ad;
4137
4138 tsec = current->security;
4139 isec = sma->sem_perm.security;
4140
4141 AVC_AUDIT_DATA_INIT(&ad, IPC);
4142 ad.u.ipc_id = sma->sem_perm.key;
4143
4144 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM,
4145 SEM__ASSOCIATE, &ad);
4146}
4147
4148
4149static int selinux_sem_semctl(struct sem_array *sma, int cmd)
4150{
4151 int err;
4152 u32 perms;
4153
4154 switch(cmd) {
4155 case IPC_INFO:
4156 case SEM_INFO:
4157
4158 return task_has_system(current, SYSTEM__IPC_INFO);
4159 case GETPID:
4160 case GETNCNT:
4161 case GETZCNT:
4162 perms = SEM__GETATTR;
4163 break;
4164 case GETVAL:
4165 case GETALL:
4166 perms = SEM__READ;
4167 break;
4168 case SETVAL:
4169 case SETALL:
4170 perms = SEM__WRITE;
4171 break;
4172 case IPC_RMID:
4173 perms = SEM__DESTROY;
4174 break;
4175 case IPC_SET:
4176 perms = SEM__SETATTR;
4177 break;
4178 case IPC_STAT:
4179 case SEM_STAT:
4180 perms = SEM__GETATTR | SEM__ASSOCIATE;
4181 break;
4182 default:
4183 return 0;
4184 }
4185
4186 err = ipc_has_perm(&sma->sem_perm, perms);
4187 return err;
4188}
4189
4190static int selinux_sem_semop(struct sem_array *sma,
4191 struct sembuf *sops, unsigned nsops, int alter)
4192{
4193 u32 perms;
4194
4195 if (alter)
4196 perms = SEM__READ | SEM__WRITE;
4197 else
4198 perms = SEM__READ;
4199
4200 return ipc_has_perm(&sma->sem_perm, perms);
4201}
4202
4203static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
4204{
4205 u32 av = 0;
4206
4207 av = 0;
4208 if (flag & S_IRUGO)
4209 av |= IPC__UNIX_READ;
4210 if (flag & S_IWUGO)
4211 av |= IPC__UNIX_WRITE;
4212
4213 if (av == 0)
4214 return 0;
4215
4216 return ipc_has_perm(ipcp, av);
4217}
4218
4219
4220static int selinux_register_security (const char *name, struct security_operations *ops)
4221{
4222 if (secondary_ops != original_ops) {
4223 printk(KERN_INFO "%s: There is already a secondary security "
4224 "module registered.\n", __FUNCTION__);
4225 return -EINVAL;
4226 }
4227
4228 secondary_ops = ops;
4229
4230 printk(KERN_INFO "%s: Registering secondary module %s\n",
4231 __FUNCTION__,
4232 name);
4233
4234 return 0;
4235}
4236
4237static int selinux_unregister_security (const char *name, struct security_operations *ops)
4238{
4239 if (ops != secondary_ops) {
4240 printk (KERN_INFO "%s: trying to unregister a security module "
4241 "that is not registered.\n", __FUNCTION__);
4242 return -EINVAL;
4243 }
4244
4245 secondary_ops = original_ops;
4246
4247 return 0;
4248}
4249
4250static void selinux_d_instantiate (struct dentry *dentry, struct inode *inode)
4251{
4252 if (inode)
4253 inode_doinit_with_dentry(inode, dentry);
4254}
4255
4256static int selinux_getprocattr(struct task_struct *p,
4257 char *name, void *value, size_t size)
4258{
4259 struct task_security_struct *tsec;
4260 u32 sid;
4261 int error;
4262
4263 if (current != p) {
4264 error = task_has_perm(current, p, PROCESS__GETATTR);
4265 if (error)
4266 return error;
4267 }
4268
4269 tsec = p->security;
4270
4271 if (!strcmp(name, "current"))
4272 sid = tsec->sid;
4273 else if (!strcmp(name, "prev"))
4274 sid = tsec->osid;
4275 else if (!strcmp(name, "exec"))
4276 sid = tsec->exec_sid;
4277 else if (!strcmp(name, "fscreate"))
4278 sid = tsec->create_sid;
4279 else if (!strcmp(name, "keycreate"))
4280 sid = tsec->keycreate_sid;
4281 else if (!strcmp(name, "sockcreate"))
4282 sid = tsec->sockcreate_sid;
4283 else
4284 return -EINVAL;
4285
4286 if (!sid)
4287 return 0;
4288
4289 return selinux_getsecurity(sid, value, size);
4290}
4291
4292static int selinux_setprocattr(struct task_struct *p,
4293 char *name, void *value, size_t size)
4294{
4295 struct task_security_struct *tsec;
4296 u32 sid = 0;
4297 int error;
4298 char *str = value;
4299
4300 if (current != p) {
4301
4302
4303 return -EACCES;
4304 }
4305
4306
4307
4308
4309
4310
4311 if (!strcmp(name, "exec"))
4312 error = task_has_perm(current, p, PROCESS__SETEXEC);
4313 else if (!strcmp(name, "fscreate"))
4314 error = task_has_perm(current, p, PROCESS__SETFSCREATE);
4315 else if (!strcmp(name, "keycreate"))
4316 error = task_has_perm(current, p, PROCESS__SETKEYCREATE);
4317 else if (!strcmp(name, "sockcreate"))
4318 error = task_has_perm(current, p, PROCESS__SETSOCKCREATE);
4319 else if (!strcmp(name, "current"))
4320 error = task_has_perm(current, p, PROCESS__SETCURRENT);
4321 else
4322 error = -EINVAL;
4323 if (error)
4324 return error;
4325
4326
4327 if (size && str[1] && str[1] != '\n') {
4328 if (str[size-1] == '\n') {
4329 str[size-1] = 0;
4330 size--;
4331 }
4332 error = security_context_to_sid(value, size, &sid);
4333 if (error)
4334 return error;
4335 }
4336
4337
4338
4339
4340
4341
4342
4343 tsec = p->security;
4344 if (!strcmp(name, "exec"))
4345 tsec->exec_sid = sid;
4346 else if (!strcmp(name, "fscreate"))
4347 tsec->create_sid = sid;
4348 else if (!strcmp(name, "keycreate")) {
4349 error = may_create_key(sid, p);
4350 if (error)
4351 return error;
4352 tsec->keycreate_sid = sid;
4353 } else if (!strcmp(name, "sockcreate"))
4354 tsec->sockcreate_sid = sid;
4355 else if (!strcmp(name, "current")) {
4356 struct av_decision avd;
4357
4358 if (sid == 0)
4359 return -EINVAL;
4360
4361
4362 if (atomic_read(&p->mm->mm_users) != 1) {
4363 struct task_struct *g, *t;
4364 struct mm_struct *mm = p->mm;
4365 read_lock(&tasklist_lock);
4366 do_each_thread(g, t)
4367 if (t->mm == mm && t != p) {
4368 read_unlock(&tasklist_lock);
4369 return -EPERM;
4370 }
4371 while_each_thread(g, t);
4372 read_unlock(&tasklist_lock);
4373 }
4374
4375
4376 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
4377 PROCESS__DYNTRANSITION, NULL);
4378 if (error)
4379 return error;
4380
4381
4382
4383 task_lock(p);
4384 if (p->ptrace & PT_PTRACED) {
4385 error = avc_has_perm_noaudit(tsec->ptrace_sid, sid,
4386 SECCLASS_PROCESS,
4387 PROCESS__PTRACE, &avd);
4388 if (!error)
4389 tsec->sid = sid;
4390 task_unlock(p);
4391 avc_audit(tsec->ptrace_sid, sid, SECCLASS_PROCESS,
4392 PROCESS__PTRACE, &avd, error, NULL);
4393 if (error)
4394 return error;
4395 } else {
4396 tsec->sid = sid;
4397 task_unlock(p);
4398 }
4399 }
4400 else
4401 return -EINVAL;
4402
4403 return size;
4404}
4405
4406static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4407{
4408 return security_sid_to_context(secid, secdata, seclen);
4409}
4410
4411static void selinux_release_secctx(char *secdata, u32 seclen)
4412{
4413 if (secdata)
4414 kfree(secdata);
4415}
4416
4417#ifdef CONFIG_KEYS
4418
4419static int selinux_key_alloc(struct key *k, struct task_struct *tsk,
4420 unsigned long flags)
4421{
4422 struct task_security_struct *tsec = tsk->security;
4423 struct key_security_struct *ksec;
4424
4425 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
4426 if (!ksec)
4427 return -ENOMEM;
4428
4429 ksec->obj = k;
4430 if (tsec->keycreate_sid)
4431 ksec->sid = tsec->keycreate_sid;
4432 else
4433 ksec->sid = tsec->sid;
4434 k->security = ksec;
4435
4436 return 0;
4437}
4438
4439static void selinux_key_free(struct key *k)
4440{
4441 struct key_security_struct *ksec = k->security;
4442
4443 k->security = NULL;
4444 kfree(ksec);
4445}
4446
4447static int selinux_key_permission(key_ref_t key_ref,
4448 struct task_struct *ctx,
4449 key_perm_t perm)
4450{
4451 struct key *key;
4452 struct task_security_struct *tsec;
4453 struct key_security_struct *ksec;
4454
4455 key = key_ref_to_ptr(key_ref);
4456
4457 tsec = ctx->security;
4458 ksec = key->security;
4459
4460
4461
4462
4463 if (perm == 0)
4464 return 0;
4465
4466 return avc_has_perm(tsec->sid, ksec->sid,
4467 SECCLASS_KEY, perm, NULL);
4468}
4469
4470#endif
4471
4472static struct security_operations selinux_ops = {
4473 .ptrace = selinux_ptrace,
4474 .capget = selinux_capget,
4475 .capset_check = selinux_capset_check,
4476 .capset_set = selinux_capset_set,
4477 .sysctl = selinux_sysctl,
4478 .capable = selinux_capable,
4479 .quotactl = selinux_quotactl,
4480 .quota_on = selinux_quota_on,
4481 .syslog = selinux_syslog,
4482 .vm_enough_memory = selinux_vm_enough_memory,
4483
4484 .netlink_send = selinux_netlink_send,
4485 .netlink_recv = selinux_netlink_recv,
4486
4487 .bprm_alloc_security = selinux_bprm_alloc_security,
4488 .bprm_free_security = selinux_bprm_free_security,
4489 .bprm_apply_creds = selinux_bprm_apply_creds,
4490 .bprm_post_apply_creds = selinux_bprm_post_apply_creds,
4491 .bprm_set_security = selinux_bprm_set_security,
4492 .bprm_check_security = selinux_bprm_check_security,
4493 .bprm_secureexec = selinux_bprm_secureexec,
4494
4495 .sb_alloc_security = selinux_sb_alloc_security,
4496 .sb_free_security = selinux_sb_free_security,
4497 .sb_copy_data = selinux_sb_copy_data,
4498 .sb_kern_mount = selinux_sb_kern_mount,
4499 .sb_statfs = selinux_sb_statfs,
4500 .sb_mount = selinux_mount,
4501 .sb_umount = selinux_umount,
4502
4503 .inode_alloc_security = selinux_inode_alloc_security,
4504 .inode_free_security = selinux_inode_free_security,
4505 .inode_init_security = selinux_inode_init_security,
4506 .inode_create = selinux_inode_create,
4507 .inode_link = selinux_inode_link,
4508 .inode_unlink = selinux_inode_unlink,
4509 .inode_symlink = selinux_inode_symlink,
4510 .inode_mkdir = selinux_inode_mkdir,
4511 .inode_rmdir = selinux_inode_rmdir,
4512 .inode_mknod = selinux_inode_mknod,
4513 .inode_rename = selinux_inode_rename,
4514 .inode_readlink = selinux_inode_readlink,
4515 .inode_follow_link = selinux_inode_follow_link,
4516 .inode_permission = selinux_inode_permission,
4517 .inode_setattr = selinux_inode_setattr,
4518 .inode_getattr = selinux_inode_getattr,
4519 .inode_setxattr = selinux_inode_setxattr,
4520 .inode_post_setxattr = selinux_inode_post_setxattr,
4521 .inode_getxattr = selinux_inode_getxattr,
4522 .inode_listxattr = selinux_inode_listxattr,
4523 .inode_removexattr = selinux_inode_removexattr,
4524 .inode_xattr_getsuffix = selinux_inode_xattr_getsuffix,
4525 .inode_getsecurity = selinux_inode_getsecurity,
4526 .inode_setsecurity = selinux_inode_setsecurity,
4527 .inode_listsecurity = selinux_inode_listsecurity,
4528
4529 .file_permission = selinux_file_permission,
4530 .file_alloc_security = selinux_file_alloc_security,
4531 .file_free_security = selinux_file_free_security,
4532 .file_ioctl = selinux_file_ioctl,
4533 .file_mmap = selinux_file_mmap,
4534 .file_mprotect = selinux_file_mprotect,
4535 .file_lock = selinux_file_lock,
4536 .file_fcntl = selinux_file_fcntl,
4537 .file_set_fowner = selinux_file_set_fowner,
4538 .file_send_sigiotask = selinux_file_send_sigiotask,
4539 .file_receive = selinux_file_receive,
4540
4541 .task_create = selinux_task_create,
4542 .task_alloc_security = selinux_task_alloc_security,
4543 .task_free_security = selinux_task_free_security,
4544 .task_setuid = selinux_task_setuid,
4545 .task_post_setuid = selinux_task_post_setuid,
4546 .task_setgid = selinux_task_setgid,
4547 .task_setpgid = selinux_task_setpgid,
4548 .task_getpgid = selinux_task_getpgid,
4549 .task_getsid = selinux_task_getsid,
4550 .task_getsecid = selinux_task_getsecid,
4551 .task_setgroups = selinux_task_setgroups,
4552 .task_setnice = selinux_task_setnice,
4553 .task_setioprio = selinux_task_setioprio,
4554 .task_getioprio = selinux_task_getioprio,
4555 .task_setrlimit = selinux_task_setrlimit,
4556 .task_setscheduler = selinux_task_setscheduler,
4557 .task_getscheduler = selinux_task_getscheduler,
4558 .task_movememory = selinux_task_movememory,
4559 .task_kill = selinux_task_kill,
4560 .task_wait = selinux_task_wait,
4561 .task_prctl = selinux_task_prctl,
4562 .task_reparent_to_init = selinux_task_reparent_to_init,
4563 .task_to_inode = selinux_task_to_inode,
4564
4565 .ipc_permission = selinux_ipc_permission,
4566
4567 .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
4568 .msg_msg_free_security = selinux_msg_msg_free_security,
4569
4570 .msg_queue_alloc_security = selinux_msg_queue_alloc_security,
4571 .msg_queue_free_security = selinux_msg_queue_free_security,
4572 .msg_queue_associate = selinux_msg_queue_associate,
4573 .msg_queue_msgctl = selinux_msg_queue_msgctl,
4574 .msg_queue_msgsnd = selinux_msg_queue_msgsnd,
4575 .msg_queue_msgrcv = selinux_msg_queue_msgrcv,
4576
4577 .shm_alloc_security = selinux_shm_alloc_security,
4578 .shm_free_security = selinux_shm_free_security,
4579 .shm_associate = selinux_shm_associate,
4580 .shm_shmctl = selinux_shm_shmctl,
4581 .shm_shmat = selinux_shm_shmat,
4582
4583 .sem_alloc_security = selinux_sem_alloc_security,
4584 .sem_free_security = selinux_sem_free_security,
4585 .sem_associate = selinux_sem_associate,
4586 .sem_semctl = selinux_sem_semctl,
4587 .sem_semop = selinux_sem_semop,
4588
4589 .register_security = selinux_register_security,
4590 .unregister_security = selinux_unregister_security,
4591
4592 .d_instantiate = selinux_d_instantiate,
4593
4594 .getprocattr = selinux_getprocattr,
4595 .setprocattr = selinux_setprocattr,
4596
4597 .secid_to_secctx = selinux_secid_to_secctx,
4598 .release_secctx = selinux_release_secctx,
4599
4600 .unix_stream_connect = selinux_socket_unix_stream_connect,
4601 .unix_may_send = selinux_socket_unix_may_send,
4602
4603 .socket_create = selinux_socket_create,
4604 .socket_post_create = selinux_socket_post_create,
4605 .socket_bind = selinux_socket_bind,
4606 .socket_connect = selinux_socket_connect,
4607 .socket_listen = selinux_socket_listen,
4608 .socket_accept = selinux_socket_accept,
4609 .socket_sendmsg = selinux_socket_sendmsg,
4610 .socket_recvmsg = selinux_socket_recvmsg,
4611 .socket_getsockname = selinux_socket_getsockname,
4612 .socket_getpeername = selinux_socket_getpeername,
4613 .socket_getsockopt = selinux_socket_getsockopt,
4614 .socket_setsockopt = selinux_socket_setsockopt,
4615 .socket_shutdown = selinux_socket_shutdown,
4616 .socket_sock_rcv_skb = selinux_socket_sock_rcv_skb,
4617 .socket_getpeersec_stream = selinux_socket_getpeersec_stream,
4618 .socket_getpeersec_dgram = selinux_socket_getpeersec_dgram,
4619 .sk_alloc_security = selinux_sk_alloc_security,
4620 .sk_free_security = selinux_sk_free_security,
4621 .sk_getsid = selinux_sk_getsid_security,
4622
4623#ifdef CONFIG_SECURITY_NETWORK_XFRM
4624 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc,
4625 .xfrm_policy_clone_security = selinux_xfrm_policy_clone,
4626 .xfrm_policy_free_security = selinux_xfrm_policy_free,
4627 .xfrm_policy_delete_security = selinux_xfrm_policy_delete,
4628 .xfrm_state_alloc_security = selinux_xfrm_state_alloc,
4629 .xfrm_state_free_security = selinux_xfrm_state_free,
4630 .xfrm_state_delete_security = selinux_xfrm_state_delete,
4631 .xfrm_policy_lookup = selinux_xfrm_policy_lookup,
4632#endif
4633
4634#ifdef CONFIG_KEYS
4635 .key_alloc = selinux_key_alloc,
4636 .key_free = selinux_key_free,
4637 .key_permission = selinux_key_permission,
4638#endif
4639};
4640
4641static __init int selinux_init(void)
4642{
4643 struct task_security_struct *tsec;
4644
4645 if (!selinux_enabled) {
4646 printk(KERN_INFO "SELinux: Disabled at boot.\n");
4647 return 0;
4648 }
4649
4650 printk(KERN_INFO "SELinux: Initializing.\n");
4651
4652
4653 if (task_alloc_security(current))
4654 panic("SELinux: Failed to initialize initial task.\n");
4655 tsec = current->security;
4656 tsec->osid = tsec->sid = SECINITSID_KERNEL;
4657
4658 sel_inode_cache = kmem_cache_create("selinux_inode_security",
4659 sizeof(struct inode_security_struct),
4660 0, SLAB_PANIC, NULL, NULL);
4661 avc_init();
4662
4663 original_ops = secondary_ops = security_ops;
4664 if (!secondary_ops)
4665 panic ("SELinux: No initial security operations\n");
4666 if (register_security (&selinux_ops))
4667 panic("SELinux: Unable to register with kernel.\n");
4668
4669 if (selinux_enforcing) {
4670 printk(KERN_INFO "SELinux: Starting in enforcing mode\n");
4671 } else {
4672 printk(KERN_INFO "SELinux: Starting in permissive mode\n");
4673 }
4674
4675#ifdef CONFIG_KEYS
4676
4677 selinux_key_alloc(&root_user_keyring, current,
4678 KEY_ALLOC_NOT_IN_QUOTA);
4679 selinux_key_alloc(&root_session_keyring, current,
4680 KEY_ALLOC_NOT_IN_QUOTA);
4681#endif
4682
4683 return 0;
4684}
4685
4686void selinux_complete_init(void)
4687{
4688 printk(KERN_INFO "SELinux: Completing initialization.\n");
4689
4690
4691 printk(KERN_INFO "SELinux: Setting up existing superblocks.\n");
4692 spin_lock(&sb_lock);
4693 spin_lock(&sb_security_lock);
4694next_sb:
4695 if (!list_empty(&superblock_security_head)) {
4696 struct superblock_security_struct *sbsec =
4697 list_entry(superblock_security_head.next,
4698 struct superblock_security_struct,
4699 list);
4700 struct super_block *sb = sbsec->sb;
4701 sb->s_count++;
4702 spin_unlock(&sb_security_lock);
4703 spin_unlock(&sb_lock);
4704 down_read(&sb->s_umount);
4705 if (sb->s_root)
4706 superblock_doinit(sb, NULL);
4707 drop_super(sb);
4708 spin_lock(&sb_lock);
4709 spin_lock(&sb_security_lock);
4710 list_del_init(&sbsec->list);
4711 goto next_sb;
4712 }
4713 spin_unlock(&sb_security_lock);
4714 spin_unlock(&sb_lock);
4715}
4716
4717
4718
4719security_initcall(selinux_init);
4720
4721#if defined(CONFIG_NETFILTER)
4722
4723static struct nf_hook_ops selinux_ipv4_op = {
4724 .hook = selinux_ipv4_postroute_last,
4725 .owner = THIS_MODULE,
4726 .pf = PF_INET,
4727 .hooknum = NF_IP_POST_ROUTING,
4728 .priority = NF_IP_PRI_SELINUX_LAST,
4729};
4730
4731#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4732
4733static struct nf_hook_ops selinux_ipv6_op = {
4734 .hook = selinux_ipv6_postroute_last,
4735 .owner = THIS_MODULE,
4736 .pf = PF_INET6,
4737 .hooknum = NF_IP6_POST_ROUTING,
4738 .priority = NF_IP6_PRI_SELINUX_LAST,
4739};
4740
4741#endif
4742
4743static int __init selinux_nf_ip_init(void)
4744{
4745 int err = 0;
4746
4747 if (!selinux_enabled)
4748 goto out;
4749
4750 printk(KERN_INFO "SELinux: Registering netfilter hooks\n");
4751
4752 err = nf_register_hook(&selinux_ipv4_op);
4753 if (err)
4754 panic("SELinux: nf_register_hook for IPv4: error %d\n", err);
4755
4756#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4757
4758 err = nf_register_hook(&selinux_ipv6_op);
4759 if (err)
4760 panic("SELinux: nf_register_hook for IPv6: error %d\n", err);
4761
4762#endif
4763
4764out:
4765 return err;
4766}
4767
4768__initcall(selinux_nf_ip_init);
4769
4770#ifdef CONFIG_SECURITY_SELINUX_DISABLE
4771static void selinux_nf_ip_exit(void)
4772{
4773 printk(KERN_INFO "SELinux: Unregistering netfilter hooks\n");
4774
4775 nf_unregister_hook(&selinux_ipv4_op);
4776#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4777 nf_unregister_hook(&selinux_ipv6_op);
4778#endif
4779}
4780#endif
4781
4782#else
4783
4784#ifdef CONFIG_SECURITY_SELINUX_DISABLE
4785#define selinux_nf_ip_exit()
4786#endif
4787
4788#endif
4789
4790#ifdef CONFIG_SECURITY_SELINUX_DISABLE
4791int selinux_disable(void)
4792{
4793 extern void exit_sel_fs(void);
4794 static int selinux_disabled = 0;
4795
4796 if (ss_initialized) {
4797
4798 return -EINVAL;
4799 }
4800
4801 if (selinux_disabled) {
4802
4803 return -EINVAL;
4804 }
4805
4806 printk(KERN_INFO "SELinux: Disabled at runtime.\n");
4807
4808 selinux_disabled = 1;
4809 selinux_enabled = 0;
4810
4811
4812 security_ops = secondary_ops;
4813
4814
4815 selinux_nf_ip_exit();
4816
4817
4818 exit_sel_fs();
4819
4820 return 0;
4821}
4822#endif
4823
4824
4825
