1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25#include <linux/init.h>
26#include <linux/kernel.h>
27#include <linux/ptrace.h>
28#include <linux/errno.h>
29#include <linux/sched.h>
30#include <linux/security.h>
31#include <linux/xattr.h>
32#include <linux/capability.h>
33#include <linux/unistd.h>
34#include <linux/mm.h>
35#include <linux/mman.h>
36#include <linux/slab.h>
37#include <linux/pagemap.h>
38#include <linux/swap.h>
39#include <linux/spinlock.h>
40#include <linux/syscalls.h>
41#include <linux/file.h>
42#include <linux/fdtable.h>
43#include <linux/namei.h>
44#include <linux/mount.h>
45#include <linux/ext2_fs.h>
46#include <linux/proc_fs.h>
47#include <linux/kd.h>
48#include <linux/netfilter_ipv4.h>
49#include <linux/netfilter_ipv6.h>
50#include <linux/tty.h>
51#include <net/icmp.h>
52#include <net/ip.h>
53#include <net/tcp.h>
54#include <net/net_namespace.h>
55#include <net/netlabel.h>
56#include <asm/uaccess.h>
57#include <asm/ioctls.h>
58#include <asm/atomic.h>
59#include <linux/bitops.h>
60#include <linux/interrupt.h>
61#include <linux/netdevice.h>
62#include <linux/netlink.h>
63#include <linux/tcp.h>
64#include <linux/udp.h>
65#include <linux/dccp.h>
66#include <linux/quota.h>
67#include <linux/un.h>
68#include <net/af_unix.h>
69#include <linux/parser.h>
70#include <linux/nfs_mount.h>
71#include <net/ipv6.h>
72#include <linux/hugetlb.h>
73#include <linux/personality.h>
74#include <linux/sysctl.h>
75#include <linux/audit.h>
76#include <linux/string.h>
77#include <linux/selinux.h>
78#include <linux/mutex.h>
79
80#include "avc.h"
81#include "objsec.h"
82#include "netif.h"
83#include "netnode.h"
84#include "netport.h"
85#include "xfrm.h"
86#include "netlabel.h"
87#include "audit.h"
88
89#define XATTR_SELINUX_SUFFIX "selinux"
90#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
91
92#define NUM_SEL_MNT_OPTS 4
93
94extern unsigned int policydb_loaded_version;
95extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
96extern int selinux_compat_net;
97extern struct security_operations *security_ops;
98
99
100atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
101
102#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
103int selinux_enforcing;
104
105static int __init enforcing_setup(char *str)
106{
107 selinux_enforcing = simple_strtol(str, NULL, 0);
108 return 1;
109}
110__setup("enforcing=", enforcing_setup);
111#endif
112
113#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
114int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
115
116static int __init selinux_enabled_setup(char *str)
117{
118 selinux_enabled = simple_strtol(str, NULL, 0);
119 return 1;
120}
121__setup("selinux=", selinux_enabled_setup);
122#else
123int selinux_enabled = 1;
124#endif
125
126
127static struct security_operations *original_ops;
128
129
130
131
132
133static struct security_operations *secondary_ops;
134
135
136
137static LIST_HEAD(superblock_security_head);
138static DEFINE_SPINLOCK(sb_security_lock);
139
140static struct kmem_cache *sel_inode_cache;
141
142
143
144
145
146
147
148
149
150
151
152static int selinux_secmark_enabled(void)
153{
154 return (atomic_read(&selinux_secmark_refcount) > 0);
155}
156
157
158
159static int task_alloc_security(struct task_struct *task)
160{
161 struct task_security_struct *tsec;
162
163 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
164 if (!tsec)
165 return -ENOMEM;
166
167 tsec->osid = tsec->sid = SECINITSID_UNLABELED;
168 task->security = tsec;
169
170 return 0;
171}
172
173static void task_free_security(struct task_struct *task)
174{
175 struct task_security_struct *tsec = task->security;
176 task->security = NULL;
177 kfree(tsec);
178}
179
180static int inode_alloc_security(struct inode *inode)
181{
182 struct task_security_struct *tsec = current->security;
183 struct inode_security_struct *isec;
184
185 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
186 if (!isec)
187 return -ENOMEM;
188
189 mutex_init(&isec->lock);
190 INIT_LIST_HEAD(&isec->list);
191 isec->inode = inode;
192 isec->sid = SECINITSID_UNLABELED;
193 isec->sclass = SECCLASS_FILE;
194 isec->task_sid = tsec->sid;
195 inode->i_security = isec;
196
197 return 0;
198}
199
200static void inode_free_security(struct inode *inode)
201{
202 struct inode_security_struct *isec = inode->i_security;
203 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
204
205 spin_lock(&sbsec->isec_lock);
206 if (!list_empty(&isec->list))
207 list_del_init(&isec->list);
208 spin_unlock(&sbsec->isec_lock);
209
210 inode->i_security = NULL;
211 kmem_cache_free(sel_inode_cache, isec);
212}
213
214static int file_alloc_security(struct file *file)
215{
216 struct task_security_struct *tsec = current->security;
217 struct file_security_struct *fsec;
218
219 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
220 if (!fsec)
221 return -ENOMEM;
222
223 fsec->sid = tsec->sid;
224 fsec->fown_sid = tsec->sid;
225 file->f_security = fsec;
226
227 return 0;
228}
229
230static void file_free_security(struct file *file)
231{
232 struct file_security_struct *fsec = file->f_security;
233 file->f_security = NULL;
234 kfree(fsec);
235}
236
237static int superblock_alloc_security(struct super_block *sb)
238{
239 struct superblock_security_struct *sbsec;
240
241 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
242 if (!sbsec)
243 return -ENOMEM;
244
245 mutex_init(&sbsec->lock);
246 INIT_LIST_HEAD(&sbsec->list);
247 INIT_LIST_HEAD(&sbsec->isec_head);
248 spin_lock_init(&sbsec->isec_lock);
249 sbsec->sb = sb;
250 sbsec->sid = SECINITSID_UNLABELED;
251 sbsec->def_sid = SECINITSID_FILE;
252 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
253 sb->s_security = sbsec;
254
255 return 0;
256}
257
258static void superblock_free_security(struct super_block *sb)
259{
260 struct superblock_security_struct *sbsec = sb->s_security;
261
262 spin_lock(&sb_security_lock);
263 if (!list_empty(&sbsec->list))
264 list_del_init(&sbsec->list);
265 spin_unlock(&sb_security_lock);
266
267 sb->s_security = NULL;
268 kfree(sbsec);
269}
270
271static int sk_alloc_security(struct sock *sk, int family, gfp_t priority)
272{
273 struct sk_security_struct *ssec;
274
275 ssec = kzalloc(sizeof(*ssec), priority);
276 if (!ssec)
277 return -ENOMEM;
278
279 ssec->peer_sid = SECINITSID_UNLABELED;
280 ssec->sid = SECINITSID_UNLABELED;
281 sk->sk_security = ssec;
282
283 selinux_netlbl_sk_security_reset(ssec, family);
284
285 return 0;
286}
287
288static void sk_free_security(struct sock *sk)
289{
290 struct sk_security_struct *ssec = sk->sk_security;
291
292 sk->sk_security = NULL;
293 kfree(ssec);
294}
295
296
297
298extern int ss_initialized;
299
300
301
302static char *labeling_behaviors[6] = {
303 "uses xattr",
304 "uses transition SIDs",
305 "uses task SIDs",
306 "uses genfs_contexts",
307 "not configured for labeling",
308 "uses mountpoint labeling",
309};
310
311static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
312
313static inline int inode_doinit(struct inode *inode)
314{
315 return inode_doinit_with_dentry(inode, NULL);
316}
317
318enum {
319 Opt_error = -1,
320 Opt_context = 1,
321 Opt_fscontext = 2,
322 Opt_defcontext = 3,
323 Opt_rootcontext = 4,
324};
325
326static match_table_t tokens = {
327 {Opt_context, CONTEXT_STR "%s"},
328 {Opt_fscontext, FSCONTEXT_STR "%s"},
329 {Opt_defcontext, DEFCONTEXT_STR "%s"},
330 {Opt_rootcontext, ROOTCONTEXT_STR "%s"},
331 {Opt_error, NULL},
332};
333
334#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
335
336static int may_context_mount_sb_relabel(u32 sid,
337 struct superblock_security_struct *sbsec,
338 struct task_security_struct *tsec)
339{
340 int rc;
341
342 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
343 FILESYSTEM__RELABELFROM, NULL);
344 if (rc)
345 return rc;
346
347 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
348 FILESYSTEM__RELABELTO, NULL);
349 return rc;
350}
351
352static int may_context_mount_inode_relabel(u32 sid,
353 struct superblock_security_struct *sbsec,
354 struct task_security_struct *tsec)
355{
356 int rc;
357 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
358 FILESYSTEM__RELABELFROM, NULL);
359 if (rc)
360 return rc;
361
362 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
363 FILESYSTEM__ASSOCIATE, NULL);
364 return rc;
365}
366
367static int sb_finish_set_opts(struct super_block *sb)
368{
369 struct superblock_security_struct *sbsec = sb->s_security;
370 struct dentry *root = sb->s_root;
371 struct inode *root_inode = root->d_inode;
372 int rc = 0;
373
374 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
375
376
377
378
379
380 if (!root_inode->i_op->getxattr) {
381 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
382 "xattr support\n", sb->s_id, sb->s_type->name);
383 rc = -EOPNOTSUPP;
384 goto out;
385 }
386 rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
387 if (rc < 0 && rc != -ENODATA) {
388 if (rc == -EOPNOTSUPP)
389 printk(KERN_WARNING "SELinux: (dev %s, type "
390 "%s) has no security xattr handler\n",
391 sb->s_id, sb->s_type->name);
392 else
393 printk(KERN_WARNING "SELinux: (dev %s, type "
394 "%s) getxattr errno %d\n", sb->s_id,
395 sb->s_type->name, -rc);
396 goto out;
397 }
398 }
399
400 sbsec->initialized = 1;
401
402 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
403 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
404 sb->s_id, sb->s_type->name);
405 else
406 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
407 sb->s_id, sb->s_type->name,
408 labeling_behaviors[sbsec->behavior-1]);
409
410
411 rc = inode_doinit_with_dentry(root_inode, root);
412
413
414
415
416
417 spin_lock(&sbsec->isec_lock);
418next_inode:
419 if (!list_empty(&sbsec->isec_head)) {
420 struct inode_security_struct *isec =
421 list_entry(sbsec->isec_head.next,
422 struct inode_security_struct, list);
423 struct inode *inode = isec->inode;
424 spin_unlock(&sbsec->isec_lock);
425 inode = igrab(inode);
426 if (inode) {
427 if (!IS_PRIVATE(inode))
428 inode_doinit(inode);
429 iput(inode);
430 }
431 spin_lock(&sbsec->isec_lock);
432 list_del_init(&isec->list);
433 goto next_inode;
434 }
435 spin_unlock(&sbsec->isec_lock);
436out:
437 return rc;
438}
439
440
441
442
443
444
445static int selinux_get_mnt_opts(const struct super_block *sb,
446 struct security_mnt_opts *opts)
447{
448 int rc = 0, i;
449 struct superblock_security_struct *sbsec = sb->s_security;
450 char *context = NULL;
451 u32 len;
452 char tmp;
453
454 security_init_mnt_opts(opts);
455
456 if (!sbsec->initialized)
457 return -EINVAL;
458
459 if (!ss_initialized)
460 return -EINVAL;
461
462
463
464
465
466 tmp = sbsec->flags;
467
468 for (i = 0; i < 8; i++) {
469 if (tmp & 0x01)
470 opts->num_mnt_opts++;
471 tmp >>= 1;
472 }
473
474 opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
475 if (!opts->mnt_opts) {
476 rc = -ENOMEM;
477 goto out_free;
478 }
479
480 opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);
481 if (!opts->mnt_opts_flags) {
482 rc = -ENOMEM;
483 goto out_free;
484 }
485
486 i = 0;
487 if (sbsec->flags & FSCONTEXT_MNT) {
488 rc = security_sid_to_context(sbsec->sid, &context, &len);
489 if (rc)
490 goto out_free;
491 opts->mnt_opts[i] = context;
492 opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
493 }
494 if (sbsec->flags & CONTEXT_MNT) {
495 rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
496 if (rc)
497 goto out_free;
498 opts->mnt_opts[i] = context;
499 opts->mnt_opts_flags[i++] = CONTEXT_MNT;
500 }
501 if (sbsec->flags & DEFCONTEXT_MNT) {
502 rc = security_sid_to_context(sbsec->def_sid, &context, &len);
503 if (rc)
504 goto out_free;
505 opts->mnt_opts[i] = context;
506 opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;
507 }
508 if (sbsec->flags & ROOTCONTEXT_MNT) {
509 struct inode *root = sbsec->sb->s_root->d_inode;
510 struct inode_security_struct *isec = root->i_security;
511
512 rc = security_sid_to_context(isec->sid, &context, &len);
513 if (rc)
514 goto out_free;
515 opts->mnt_opts[i] = context;
516 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
517 }
518
519 BUG_ON(i != opts->num_mnt_opts);
520
521 return 0;
522
523out_free:
524 security_free_mnt_opts(opts);
525 return rc;
526}
527
528static int bad_option(struct superblock_security_struct *sbsec, char flag,
529 u32 old_sid, u32 new_sid)
530{
531
532 if (sbsec->initialized)
533 if (!(sbsec->flags & flag) ||
534 (old_sid != new_sid))
535 return 1;
536
537
538
539
540 if (!sbsec->initialized)
541 if (sbsec->flags & flag)
542 return 1;
543 return 0;
544}
545
546
547
548
549
550static int selinux_set_mnt_opts(struct super_block *sb,
551 struct security_mnt_opts *opts)
552{
553 int rc = 0, i;
554 struct task_security_struct *tsec = current->security;
555 struct superblock_security_struct *sbsec = sb->s_security;
556 const char *name = sb->s_type->name;
557 struct inode *inode = sbsec->sb->s_root->d_inode;
558 struct inode_security_struct *root_isec = inode->i_security;
559 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
560 u32 defcontext_sid = 0;
561 char **mount_options = opts->mnt_opts;
562 int *flags = opts->mnt_opts_flags;
563 int num_opts = opts->num_mnt_opts;
564
565 mutex_lock(&sbsec->lock);
566
567 if (!ss_initialized) {
568 if (!num_opts) {
569
570
571
572 spin_lock(&sb_security_lock);
573 if (list_empty(&sbsec->list))
574 list_add(&sbsec->list, &superblock_security_head);
575 spin_unlock(&sb_security_lock);
576 goto out;
577 }
578 rc = -EINVAL;
579 printk(KERN_WARNING "SELinux: Unable to set superblock options "
580 "before the security server is initialized\n");
581 goto out;
582 }
583
584
585
586
587
588
589
590
591
592
593
594
595 if (sbsec->initialized && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
596 && (num_opts == 0))
597 goto out;
598
599
600
601
602
603
604 for (i = 0; i < num_opts; i++) {
605 u32 sid;
606 rc = security_context_to_sid(mount_options[i],
607 strlen(mount_options[i]), &sid);
608 if (rc) {
609 printk(KERN_WARNING "SELinux: security_context_to_sid"
610 "(%s) failed for (dev %s, type %s) errno=%d\n",
611 mount_options[i], sb->s_id, name, rc);
612 goto out;
613 }
614 switch (flags[i]) {
615 case FSCONTEXT_MNT:
616 fscontext_sid = sid;
617
618 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
619 fscontext_sid))
620 goto out_double_mount;
621
622 sbsec->flags |= FSCONTEXT_MNT;
623 break;
624 case CONTEXT_MNT:
625 context_sid = sid;
626
627 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
628 context_sid))
629 goto out_double_mount;
630
631 sbsec->flags |= CONTEXT_MNT;
632 break;
633 case ROOTCONTEXT_MNT:
634 rootcontext_sid = sid;
635
636 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
637 rootcontext_sid))
638 goto out_double_mount;
639
640 sbsec->flags |= ROOTCONTEXT_MNT;
641
642 break;
643 case DEFCONTEXT_MNT:
644 defcontext_sid = sid;
645
646 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
647 defcontext_sid))
648 goto out_double_mount;
649
650 sbsec->flags |= DEFCONTEXT_MNT;
651
652 break;
653 default:
654 rc = -EINVAL;
655 goto out;
656 }
657 }
658
659 if (sbsec->initialized) {
660
661 if (sbsec->flags && !num_opts)
662 goto out_double_mount;
663 rc = 0;
664 goto out;
665 }
666
667 if (strcmp(sb->s_type->name, "proc") == 0)
668 sbsec->proc = 1;
669
670
671 rc = security_fs_use(sb->s_type->name, &sbsec->behavior, &sbsec->sid);
672 if (rc) {
673 printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
674 __func__, sb->s_type->name, rc);
675 goto out;
676 }
677
678
679 if (fscontext_sid) {
680
681 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, tsec);
682 if (rc)
683 goto out;
684
685 sbsec->sid = fscontext_sid;
686 }
687
688
689
690
691
692
693 if (context_sid) {
694 if (!fscontext_sid) {
695 rc = may_context_mount_sb_relabel(context_sid, sbsec, tsec);
696 if (rc)
697 goto out;
698 sbsec->sid = context_sid;
699 } else {
700 rc = may_context_mount_inode_relabel(context_sid, sbsec, tsec);
701 if (rc)
702 goto out;
703 }
704 if (!rootcontext_sid)
705 rootcontext_sid = context_sid;
706
707 sbsec->mntpoint_sid = context_sid;
708 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
709 }
710
711 if (rootcontext_sid) {
712 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec, tsec);
713 if (rc)
714 goto out;
715
716 root_isec->sid = rootcontext_sid;
717 root_isec->initialized = 1;
718 }
719
720 if (defcontext_sid) {
721 if (sbsec->behavior != SECURITY_FS_USE_XATTR) {
722 rc = -EINVAL;
723 printk(KERN_WARNING "SELinux: defcontext option is "
724 "invalid for this filesystem type\n");
725 goto out;
726 }
727
728 if (defcontext_sid != sbsec->def_sid) {
729 rc = may_context_mount_inode_relabel(defcontext_sid,
730 sbsec, tsec);
731 if (rc)
732 goto out;
733 }
734
735 sbsec->def_sid = defcontext_sid;
736 }
737
738 rc = sb_finish_set_opts(sb);
739out:
740 mutex_unlock(&sbsec->lock);
741 return rc;
742out_double_mount:
743 rc = -EINVAL;
744 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
745 "security settings for (dev %s, type %s)\n", sb->s_id, name);
746 goto out;
747}
748
749static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
750 struct super_block *newsb)
751{
752 const struct superblock_security_struct *oldsbsec = oldsb->s_security;
753 struct superblock_security_struct *newsbsec = newsb->s_security;
754
755 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
756 int set_context = (oldsbsec->flags & CONTEXT_MNT);
757 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
758
759
760
761
762
763
764 if (!ss_initialized) {
765 spin_lock(&sb_security_lock);
766 if (list_empty(&newsbsec->list))
767 list_add(&newsbsec->list, &superblock_security_head);
768 spin_unlock(&sb_security_lock);
769 return;
770 }
771
772
773 BUG_ON(!oldsbsec->initialized);
774
775
776 if (newsbsec->initialized)
777 return;
778
779 mutex_lock(&newsbsec->lock);
780
781 newsbsec->flags = oldsbsec->flags;
782
783 newsbsec->sid = oldsbsec->sid;
784 newsbsec->def_sid = oldsbsec->def_sid;
785 newsbsec->behavior = oldsbsec->behavior;
786
787 if (set_context) {
788 u32 sid = oldsbsec->mntpoint_sid;
789
790 if (!set_fscontext)
791 newsbsec->sid = sid;
792 if (!set_rootcontext) {
793 struct inode *newinode = newsb->s_root->d_inode;
794 struct inode_security_struct *newisec = newinode->i_security;
795 newisec->sid = sid;
796 }
797 newsbsec->mntpoint_sid = sid;
798 }
799 if (set_rootcontext) {
800 const struct inode *oldinode = oldsb->s_root->d_inode;
801 const struct inode_security_struct *oldisec = oldinode->i_security;
802 struct inode *newinode = newsb->s_root->d_inode;
803 struct inode_security_struct *newisec = newinode->i_security;
804
805 newisec->sid = oldisec->sid;
806 }
807
808 sb_finish_set_opts(newsb);
809 mutex_unlock(&newsbsec->lock);
810}
811
812static int selinux_parse_opts_str(char *options,
813 struct security_mnt_opts *opts)
814{
815 char *p;
816 char *context = NULL, *defcontext = NULL;
817 char *fscontext = NULL, *rootcontext = NULL;
818 int rc, num_mnt_opts = 0;
819
820 opts->num_mnt_opts = 0;
821
822
823 while ((p = strsep(&options, "|")) != NULL) {
824 int token;
825 substring_t args[MAX_OPT_ARGS];
826
827 if (!*p)
828 continue;
829
830 token = match_token(p, tokens, args);
831
832 switch (token) {
833 case Opt_context:
834 if (context || defcontext) {
835 rc = -EINVAL;
836 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
837 goto out_err;
838 }
839 context = match_strdup(&args[0]);
840 if (!context) {
841 rc = -ENOMEM;
842 goto out_err;
843 }
844 break;
845
846 case Opt_fscontext:
847 if (fscontext) {
848 rc = -EINVAL;
849 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
850 goto out_err;
851 }
852 fscontext = match_strdup(&args[0]);
853 if (!fscontext) {
854 rc = -ENOMEM;
855 goto out_err;
856 }
857 break;
858
859 case Opt_rootcontext:
860 if (rootcontext) {
861 rc = -EINVAL;
862 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
863 goto out_err;
864 }
865 rootcontext = match_strdup(&args[0]);
866 if (!rootcontext) {
867 rc = -ENOMEM;
868 goto out_err;
869 }
870 break;
871
872 case Opt_defcontext:
873 if (context || defcontext) {
874 rc = -EINVAL;
875 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
876 goto out_err;
877 }
878 defcontext = match_strdup(&args[0]);
879 if (!defcontext) {
880 rc = -ENOMEM;
881 goto out_err;
882 }
883 break;
884
885 default:
886 rc = -EINVAL;
887 printk(KERN_WARNING "SELinux: unknown mount option\n");
888 goto out_err;
889
890 }
891 }
892
893 rc = -ENOMEM;
894 opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC);
895 if (!opts->mnt_opts)
896 goto out_err;
897
898 opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC);
899 if (!opts->mnt_opts_flags) {
900 kfree(opts->mnt_opts);
901 goto out_err;
902 }
903
904 if (fscontext) {
905 opts->mnt_opts[num_mnt_opts] = fscontext;
906 opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;
907 }
908 if (context) {
909 opts->mnt_opts[num_mnt_opts] = context;
910 opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;
911 }
912 if (rootcontext) {
913 opts->mnt_opts[num_mnt_opts] = rootcontext;
914 opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;
915 }
916 if (defcontext) {
917 opts->mnt_opts[num_mnt_opts] = defcontext;
918 opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;
919 }
920
921 opts->num_mnt_opts = num_mnt_opts;
922 return 0;
923
924out_err:
925 kfree(context);
926 kfree(defcontext);
927 kfree(fscontext);
928 kfree(rootcontext);
929 return rc;
930}
931
932
933
934static int superblock_doinit(struct super_block *sb, void *data)
935{
936 int rc = 0;
937 char *options = data;
938 struct security_mnt_opts opts;
939
940 security_init_mnt_opts(&opts);
941
942 if (!data)
943 goto out;
944
945 BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
946
947 rc = selinux_parse_opts_str(options, &opts);
948 if (rc)
949 goto out_err;
950
951out:
952 rc = selinux_set_mnt_opts(sb, &opts);
953
954out_err:
955 security_free_mnt_opts(&opts);
956 return rc;
957}
958
959static inline u16 inode_mode_to_security_class(umode_t mode)
960{
961 switch (mode & S_IFMT) {
962 case S_IFSOCK:
963 return SECCLASS_SOCK_FILE;
964 case S_IFLNK:
965 return SECCLASS_LNK_FILE;
966 case S_IFREG:
967 return SECCLASS_FILE;
968 case S_IFBLK:
969 return SECCLASS_BLK_FILE;
970 case S_IFDIR:
971 return SECCLASS_DIR;
972 case S_IFCHR:
973 return SECCLASS_CHR_FILE;
974 case S_IFIFO:
975 return SECCLASS_FIFO_FILE;
976
977 }
978
979 return SECCLASS_FILE;
980}
981
982static inline int default_protocol_stream(int protocol)
983{
984 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
985}
986
987static inline int default_protocol_dgram(int protocol)
988{
989 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
990}
991
992static inline u16 socket_type_to_security_class(int family, int type, int protocol)
993{
994 switch (family) {
995 case PF_UNIX:
996 switch (type) {
997 case SOCK_STREAM:
998 case SOCK_SEQPACKET:
999 return SECCLASS_UNIX_STREAM_SOCKET;
1000 case SOCK_DGRAM:
1001 return SECCLASS_UNIX_DGRAM_SOCKET;
1002 }
1003 break;
1004 case PF_INET:
1005 case PF_INET6:
1006 switch (type) {
1007 case SOCK_STREAM:
1008 if (default_protocol_stream(protocol))
1009 return SECCLASS_TCP_SOCKET;
1010 else
1011 return SECCLASS_RAWIP_SOCKET;
1012 case SOCK_DGRAM:
1013 if (default_protocol_dgram(protocol))
1014 return SECCLASS_UDP_SOCKET;
1015 else
1016 return SECCLASS_RAWIP_SOCKET;
1017 case SOCK_DCCP:
1018 return SECCLASS_DCCP_SOCKET;
1019 default:
1020 return SECCLASS_RAWIP_SOCKET;
1021 }
1022 break;
1023 case PF_NETLINK:
1024 switch (protocol) {
1025 case NETLINK_ROUTE:
1026 return SECCLASS_NETLINK_ROUTE_SOCKET;
1027 case NETLINK_FIREWALL:
1028 return SECCLASS_NETLINK_FIREWALL_SOCKET;
1029 case NETLINK_INET_DIAG:
1030 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1031 case NETLINK_NFLOG:
1032 return SECCLASS_NETLINK_NFLOG_SOCKET;
1033 case NETLINK_XFRM:
1034 return SECCLASS_NETLINK_XFRM_SOCKET;
1035 case NETLINK_SELINUX:
1036 return SECCLASS_NETLINK_SELINUX_SOCKET;
1037 case NETLINK_AUDIT:
1038 return SECCLASS_NETLINK_AUDIT_SOCKET;
1039 case NETLINK_IP6_FW:
1040 return SECCLASS_NETLINK_IP6FW_SOCKET;
1041 case NETLINK_DNRTMSG:
1042 return SECCLASS_NETLINK_DNRT_SOCKET;
1043 case NETLINK_KOBJECT_UEVENT:
1044 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1045 default:
1046 return SECCLASS_NETLINK_SOCKET;
1047 }
1048 case PF_PACKET:
1049 return SECCLASS_PACKET_SOCKET;
1050 case PF_KEY:
1051 return SECCLASS_KEY_SOCKET;
1052 case PF_APPLETALK:
1053 return SECCLASS_APPLETALK_SOCKET;
1054 }
1055
1056 return SECCLASS_SOCKET;
1057}
1058
1059#ifdef CONFIG_PROC_FS
1060static int selinux_proc_get_sid(struct proc_dir_entry *de,
1061 u16 tclass,
1062 u32 *sid)
1063{
1064 int buflen, rc;
1065 char *buffer, *path, *end;
1066
1067 buffer = (char *)__get_free_page(GFP_KERNEL);
1068 if (!buffer)
1069 return -ENOMEM;
1070
1071 buflen = PAGE_SIZE;
1072 end = buffer+buflen;
1073 *--end = '\0';
1074 buflen--;
1075 path = end-1;
1076 *path = '/';
1077 while (de && de != de->parent) {
1078 buflen -= de->namelen + 1;
1079 if (buflen < 0)
1080 break;
1081 end -= de->namelen;
1082 memcpy(end, de->name, de->namelen);
1083 *--end = '/';
1084 path = end;
1085 de = de->parent;
1086 }
1087 rc = security_genfs_sid("proc", path, tclass, sid);
1088 free_page((unsigned long)buffer);
1089 return rc;
1090}
1091#else
1092static int selinux_proc_get_sid(struct proc_dir_entry *de,
1093 u16 tclass,
1094 u32 *sid)
1095{
1096 return -EINVAL;
1097}
1098#endif
1099
1100
1101static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1102{
1103 struct superblock_security_struct *sbsec = NULL;
1104 struct inode_security_struct *isec = inode->i_security;
1105 u32 sid;
1106 struct dentry *dentry;
1107#define INITCONTEXTLEN 255
1108 char *context = NULL;
1109 unsigned len = 0;
1110 int rc = 0;
1111
1112 if (isec->initialized)
1113 goto out;
1114
1115 mutex_lock(&isec->lock);
1116 if (isec->initialized)
1117 goto out_unlock;
1118
1119 sbsec = inode->i_sb->s_security;
1120 if (!sbsec->initialized) {
1121
1122
1123
1124 spin_lock(&sbsec->isec_lock);
1125 if (list_empty(&isec->list))
1126 list_add(&isec->list, &sbsec->isec_head);
1127 spin_unlock(&sbsec->isec_lock);
1128 goto out_unlock;
1129 }
1130
1131 switch (sbsec->behavior) {
1132 case SECURITY_FS_USE_XATTR:
1133 if (!inode->i_op->getxattr) {
1134 isec->sid = sbsec->def_sid;
1135 break;
1136 }
1137
1138
1139
1140 if (opt_dentry) {
1141
1142 dentry = dget(opt_dentry);
1143 } else {
1144
1145 dentry = d_find_alias(inode);
1146 }
1147 if (!dentry) {
1148 printk(KERN_WARNING "SELinux: %s: no dentry for dev=%s "
1149 "ino=%ld\n", __func__, inode->i_sb->s_id,
1150 inode->i_ino);
1151 goto out_unlock;
1152 }
1153
1154 len = INITCONTEXTLEN;
1155 context = kmalloc(len, GFP_NOFS);
1156 if (!context) {
1157 rc = -ENOMEM;
1158 dput(dentry);
1159 goto out_unlock;
1160 }
1161 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1162 context, len);
1163 if (rc == -ERANGE) {
1164
1165 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1166 NULL, 0);
1167 if (rc < 0) {
1168 dput(dentry);
1169 goto out_unlock;
1170 }
1171 kfree(context);
1172 len = rc;
1173 context = kmalloc(len, GFP_NOFS);
1174 if (!context) {
1175 rc = -ENOMEM;
1176 dput(dentry);
1177 goto out_unlock;
1178 }
1179 rc = inode->i_op->getxattr(dentry,
1180 XATTR_NAME_SELINUX,
1181 context, len);
1182 }
1183 dput(dentry);
1184 if (rc < 0) {
1185 if (rc != -ENODATA) {
1186 printk(KERN_WARNING "SELinux: %s: getxattr returned "
1187 "%d for dev=%s ino=%ld\n", __func__,
1188 -rc, inode->i_sb->s_id, inode->i_ino);
1189 kfree(context);
1190 goto out_unlock;
1191 }
1192
1193 sid = sbsec->def_sid;
1194 rc = 0;
1195 } else {
1196 rc = security_context_to_sid_default(context, rc, &sid,
1197 sbsec->def_sid,
1198 GFP_NOFS);
1199 if (rc) {
1200 printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
1201 "returned %d for dev=%s ino=%ld\n",
1202 __func__, context, -rc,
1203 inode->i_sb->s_id, inode->i_ino);
1204 kfree(context);
1205
1206 rc = 0;
1207 break;
1208 }
1209 }
1210 kfree(context);
1211 isec->sid = sid;
1212 break;
1213 case SECURITY_FS_USE_TASK:
1214 isec->sid = isec->task_sid;
1215 break;
1216 case SECURITY_FS_USE_TRANS:
1217
1218 isec->sid = sbsec->sid;
1219
1220
1221 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1222 rc = security_transition_sid(isec->task_sid,
1223 sbsec->sid,
1224 isec->sclass,
1225 &sid);
1226 if (rc)
1227 goto out_unlock;
1228 isec->sid = sid;
1229 break;
1230 case SECURITY_FS_USE_MNTPOINT:
1231 isec->sid = sbsec->mntpoint_sid;
1232 break;
1233 default:
1234
1235 isec->sid = sbsec->sid;
1236
1237 if (sbsec->proc) {
1238 struct proc_inode *proci = PROC_I(inode);
1239 if (proci->pde) {
1240 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1241 rc = selinux_proc_get_sid(proci->pde,
1242 isec->sclass,
1243 &sid);
1244 if (rc)
1245 goto out_unlock;
1246 isec->sid = sid;
1247 }
1248 }
1249 break;
1250 }
1251
1252 isec->initialized = 1;
1253
1254out_unlock:
1255 mutex_unlock(&isec->lock);
1256out:
1257 if (isec->sclass == SECCLASS_FILE)
1258 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1259 return rc;
1260}
1261
1262
1263static inline u32 signal_to_av(int sig)
1264{
1265 u32 perm = 0;
1266
1267 switch (sig) {
1268 case SIGCHLD:
1269
1270 perm = PROCESS__SIGCHLD;
1271 break;
1272 case SIGKILL:
1273
1274 perm = PROCESS__SIGKILL;
1275 break;
1276 case SIGSTOP:
1277
1278 perm = PROCESS__SIGSTOP;
1279 break;
1280 default:
1281
1282 perm = PROCESS__SIGNAL;
1283 break;
1284 }
1285
1286 return perm;
1287}
1288
1289
1290
1291static int task_has_perm(struct task_struct *tsk1,
1292 struct task_struct *tsk2,
1293 u32 perms)
1294{
1295 struct task_security_struct *tsec1, *tsec2;
1296
1297 tsec1 = tsk1->security;
1298 tsec2 = tsk2->security;
1299 return avc_has_perm(tsec1->sid, tsec2->sid,
1300 SECCLASS_PROCESS, perms, NULL);
1301}
1302
1303#if CAP_LAST_CAP > 63
1304#error Fix SELinux to handle capabilities > 63.
1305#endif
1306
1307
1308static int task_has_capability(struct task_struct *tsk,
1309 int cap)
1310{
1311 struct task_security_struct *tsec;
1312 struct avc_audit_data ad;
1313 u16 sclass;
1314 u32 av = CAP_TO_MASK(cap);
1315
1316 tsec = tsk->security;
1317
1318 AVC_AUDIT_DATA_INIT(&ad, CAP);
1319 ad.tsk = tsk;
1320 ad.u.cap = cap;
1321
1322 switch (CAP_TO_INDEX(cap)) {
1323 case 0:
1324 sclass = SECCLASS_CAPABILITY;
1325 break;
1326 case 1:
1327 sclass = SECCLASS_CAPABILITY2;
1328 break;
1329 default:
1330 printk(KERN_ERR
1331 "SELinux: out of range capability %d\n", cap);
1332 BUG();
1333 }
1334 return avc_has_perm(tsec->sid, tsec->sid, sclass, av, &ad);
1335}
1336
1337
1338static int task_has_system(struct task_struct *tsk,
1339 u32 perms)
1340{
1341 struct task_security_struct *tsec;
1342
1343 tsec = tsk->security;
1344
1345 return avc_has_perm(tsec->sid, SECINITSID_KERNEL,
1346 SECCLASS_SYSTEM, perms, NULL);
1347}
1348
1349
1350
1351
1352static int inode_has_perm(struct task_struct *tsk,
1353 struct inode *inode,
1354 u32 perms,
1355 struct avc_audit_data *adp)
1356{
1357 struct task_security_struct *tsec;
1358 struct inode_security_struct *isec;
1359 struct avc_audit_data ad;
1360
1361 if (unlikely(IS_PRIVATE(inode)))
1362 return 0;
1363
1364 tsec = tsk->security;
1365 isec = inode->i_security;
1366
1367 if (!adp) {
1368 adp = &ad;
1369 AVC_AUDIT_DATA_INIT(&ad, FS);
1370 ad.u.fs.inode = inode;
1371 }
1372
1373 return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, adp);
1374}
1375
1376
1377
1378
1379static inline int dentry_has_perm(struct task_struct *tsk,
1380 struct vfsmount *mnt,
1381 struct dentry *dentry,
1382 u32 av)
1383{
1384 struct inode *inode = dentry->d_inode;
1385 struct avc_audit_data ad;
1386 AVC_AUDIT_DATA_INIT(&ad, FS);
1387 ad.u.fs.path.mnt = mnt;
1388 ad.u.fs.path.dentry = dentry;
1389 return inode_has_perm(tsk, inode, av, &ad);
1390}
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400static int file_has_perm(struct task_struct *tsk,
1401 struct file *file,
1402 u32 av)
1403{
1404 struct task_security_struct *tsec = tsk->security;
1405 struct file_security_struct *fsec = file->f_security;
1406 struct inode *inode = file->f_path.dentry->d_inode;
1407 struct avc_audit_data ad;
1408 int rc;
1409
1410 AVC_AUDIT_DATA_INIT(&ad, FS);
1411 ad.u.fs.path = file->f_path;
1412
1413 if (tsec->sid != fsec->sid) {
1414 rc = avc_has_perm(tsec->sid, fsec->sid,
1415 SECCLASS_FD,
1416 FD__USE,
1417 &ad);
1418 if (rc)
1419 return rc;
1420 }
1421
1422
1423 if (av)
1424 return inode_has_perm(tsk, inode, av, &ad);
1425
1426 return 0;
1427}
1428
1429
1430static int may_create(struct inode *dir,
1431 struct dentry *dentry,
1432 u16 tclass)
1433{
1434 struct task_security_struct *tsec;
1435 struct inode_security_struct *dsec;
1436 struct superblock_security_struct *sbsec;
1437 u32 newsid;
1438 struct avc_audit_data ad;
1439 int rc;
1440
1441 tsec = current->security;
1442 dsec = dir->i_security;
1443 sbsec = dir->i_sb->s_security;
1444
1445 AVC_AUDIT_DATA_INIT(&ad, FS);
1446 ad.u.fs.path.dentry = dentry;
1447
1448 rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR,
1449 DIR__ADD_NAME | DIR__SEARCH,
1450 &ad);
1451 if (rc)
1452 return rc;
1453
1454 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
1455 newsid = tsec->create_sid;
1456 } else {
1457 rc = security_transition_sid(tsec->sid, dsec->sid, tclass,
1458 &newsid);
1459 if (rc)
1460 return rc;
1461 }
1462
1463 rc = avc_has_perm(tsec->sid, newsid, tclass, FILE__CREATE, &ad);
1464 if (rc)
1465 return rc;
1466
1467 return avc_has_perm(newsid, sbsec->sid,
1468 SECCLASS_FILESYSTEM,
1469 FILESYSTEM__ASSOCIATE, &ad);
1470}
1471
1472
1473static int may_create_key(u32 ksid,
1474 struct task_struct *ctx)
1475{
1476 struct task_security_struct *tsec;
1477
1478 tsec = ctx->security;
1479
1480 return avc_has_perm(tsec->sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1481}
1482
1483#define MAY_LINK 0
1484#define MAY_UNLINK 1
1485#define MAY_RMDIR 2
1486
1487
1488static int may_link(struct inode *dir,
1489 struct dentry *dentry,
1490 int kind)
1491
1492{
1493 struct task_security_struct *tsec;
1494 struct inode_security_struct *dsec, *isec;
1495 struct avc_audit_data ad;
1496 u32 av;
1497 int rc;
1498
1499 tsec = current->security;
1500 dsec = dir->i_security;
1501 isec = dentry->d_inode->i_security;
1502
1503 AVC_AUDIT_DATA_INIT(&ad, FS);
1504 ad.u.fs.path.dentry = dentry;
1505
1506 av = DIR__SEARCH;
1507 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1508 rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR, av, &ad);
1509 if (rc)
1510 return rc;
1511
1512 switch (kind) {
1513 case MAY_LINK:
1514 av = FILE__LINK;
1515 break;
1516 case MAY_UNLINK:
1517 av = FILE__UNLINK;
1518 break;
1519 case MAY_RMDIR:
1520 av = DIR__RMDIR;
1521 break;
1522 default:
1523 printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
1524 __func__, kind);
1525 return 0;
1526 }
1527
1528 rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, av, &ad);
1529 return rc;
1530}
1531
1532static inline int may_rename(struct inode *old_dir,
1533 struct dentry *old_dentry,
1534 struct inode *new_dir,
1535 struct dentry *new_dentry)
1536{
1537 struct task_security_struct *tsec;
1538 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1539 struct avc_audit_data ad;
1540 u32 av;
1541 int old_is_dir, new_is_dir;
1542 int rc;
1543
1544 tsec = current->security;
1545 old_dsec = old_dir->i_security;
1546 old_isec = old_dentry->d_inode->i_security;
1547 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
1548 new_dsec = new_dir->i_security;
1549
1550 AVC_AUDIT_DATA_INIT(&ad, FS);
1551
1552 ad.u.fs.path.dentry = old_dentry;
1553 rc = avc_has_perm(tsec->sid, old_dsec->sid, SECCLASS_DIR,
1554 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1555 if (rc)
1556 return rc;
1557 rc = avc_has_perm(tsec->sid, old_isec->sid,
1558 old_isec->sclass, FILE__RENAME, &ad);
1559 if (rc)
1560 return rc;
1561 if (old_is_dir && new_dir != old_dir) {
1562 rc = avc_has_perm(tsec->sid, old_isec->sid,
1563 old_isec->sclass, DIR__REPARENT, &ad);
1564 if (rc)
1565 return rc;
1566 }
1567
1568 ad.u.fs.path.dentry = new_dentry;
1569 av = DIR__ADD_NAME | DIR__SEARCH;
1570 if (new_dentry->d_inode)
1571 av |= DIR__REMOVE_NAME;
1572 rc = avc_has_perm(tsec->sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1573 if (rc)
1574 return rc;
1575 if (new_dentry->d_inode) {
1576 new_isec = new_dentry->d_inode->i_security;
1577 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
1578 rc = avc_has_perm(tsec->sid, new_isec->sid,
1579 new_isec->sclass,
1580 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1581 if (rc)
1582 return rc;
1583 }
1584
1585 return 0;
1586}
1587
1588
1589static int superblock_has_perm(struct task_struct *tsk,
1590 struct super_block *sb,
1591 u32 perms,
1592 struct avc_audit_data *ad)
1593{
1594 struct task_security_struct *tsec;
1595 struct superblock_security_struct *sbsec;
1596
1597 tsec = tsk->security;
1598 sbsec = sb->s_security;
1599 return avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
1600 perms, ad);
1601}
1602
1603
1604static inline u32 file_mask_to_av(int mode, int mask)
1605{
1606 u32 av = 0;
1607
1608 if ((mode & S_IFMT) != S_IFDIR) {
1609 if (mask & MAY_EXEC)
1610 av |= FILE__EXECUTE;
1611 if (mask & MAY_READ)
1612 av |= FILE__READ;
1613
1614 if (mask & MAY_APPEND)
1615 av |= FILE__APPEND;
1616 else if (mask & MAY_WRITE)
1617 av |= FILE__WRITE;
1618
1619 } else {
1620 if (mask & MAY_EXEC)
1621 av |= DIR__SEARCH;
1622 if (mask & MAY_WRITE)
1623 av |= DIR__WRITE;
1624 if (mask & MAY_READ)
1625 av |= DIR__READ;
1626 }
1627
1628 return av;
1629}
1630
1631
1632
1633
1634
1635static inline u32 open_file_mask_to_av(int mode, int mask)
1636{
1637 u32 av = file_mask_to_av(mode, mask);
1638
1639 if (selinux_policycap_openperm) {
1640
1641
1642
1643 if (S_ISREG(mode))
1644 av |= FILE__OPEN;
1645 else if (S_ISCHR(mode))
1646 av |= CHR_FILE__OPEN;
1647 else if (S_ISBLK(mode))
1648 av |= BLK_FILE__OPEN;
1649 else if (S_ISFIFO(mode))
1650 av |= FIFO_FILE__OPEN;
1651 else if (S_ISDIR(mode))
1652 av |= DIR__OPEN;
1653 else
1654 printk(KERN_ERR "SELinux: WARNING: inside %s with "
1655 "unknown mode:%x\n", __func__, mode);
1656 }
1657 return av;
1658}
1659
1660
1661static inline u32 file_to_av(struct file *file)
1662{
1663 u32 av = 0;
1664
1665 if (file->f_mode & FMODE_READ)
1666 av |= FILE__READ;
1667 if (file->f_mode & FMODE_WRITE) {
1668 if (file->f_flags & O_APPEND)
1669 av |= FILE__APPEND;
1670 else
1671 av |= FILE__WRITE;
1672 }
1673 if (!av) {
1674
1675
1676
1677 av = FILE__IOCTL;
1678 }
1679
1680 return av;
1681}
1682
1683
1684
1685static int selinux_ptrace(struct task_struct *parent, struct task_struct *child)
1686{
1687 int rc;
1688
1689 rc = secondary_ops->ptrace(parent, child);
1690 if (rc)
1691 return rc;
1692
1693 return task_has_perm(parent, child, PROCESS__PTRACE);
1694}
1695
1696static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
1697 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1698{
1699 int error;
1700
1701 error = task_has_perm(current, target, PROCESS__GETCAP);
1702 if (error)
1703 return error;
1704
1705 return secondary_ops->capget(target, effective, inheritable, permitted);
1706}
1707
1708static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effective,
1709 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1710{
1711 int error;
1712
1713 error = secondary_ops->capset_check(target, effective, inheritable, permitted);
1714 if (error)
1715 return error;
1716
1717 return task_has_perm(current, target, PROCESS__SETCAP);
1718}
1719
1720static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective,
1721 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1722{
1723 secondary_ops->capset_set(target, effective, inheritable, permitted);
1724}
1725
1726static int selinux_capable(struct task_struct *tsk, int cap)
1727{
1728 int rc;
1729
1730 rc = secondary_ops->capable(tsk, cap);
1731 if (rc)
1732 return rc;
1733
1734 return task_has_capability(tsk, cap);
1735}
1736
1737static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid)
1738{
1739 int buflen, rc;
1740 char *buffer, *path, *end;
1741
1742 rc = -ENOMEM;
1743 buffer = (char *)__get_free_page(GFP_KERNEL);
1744 if (!buffer)
1745 goto out;
1746
1747 buflen = PAGE_SIZE;
1748 end = buffer+buflen;
1749 *--end = '\0';
1750 buflen--;
1751 path = end-1;
1752 *path = '/';
1753 while (table) {
1754 const char *name = table->procname;
1755 size_t namelen = strlen(name);
1756 buflen -= namelen + 1;
1757 if (buflen < 0)
1758 goto out_free;
1759 end -= namelen;
1760 memcpy(end, name, namelen);
1761 *--end = '/';
1762 path = end;
1763 table = table->parent;
1764 }
1765 buflen -= 4;
1766 if (buflen < 0)
1767 goto out_free;
1768 end -= 4;
1769 memcpy(end, "/sys", 4);
1770 path = end;
1771 rc = security_genfs_sid("proc", path, tclass, sid);
1772out_free:
1773 free_page((unsigned long)buffer);
1774out:
1775 return rc;
1776}
1777
1778static int selinux_sysctl(ctl_table *table, int op)
1779{
1780 int error = 0;
1781 u32 av;
1782 struct task_security_struct *tsec;
1783 u32 tsid;
1784 int rc;
1785
1786 rc = secondary_ops->sysctl(table, op);
1787 if (rc)
1788 return rc;
1789
1790 tsec = current->security;
1791
1792 rc = selinux_sysctl_get_sid(table, (op == 0001) ?
1793 SECCLASS_DIR : SECCLASS_FILE, &tsid);
1794 if (rc) {
1795
1796 tsid = SECINITSID_SYSCTL;
1797 }
1798
1799
1800
1801 if (op == 001) {
1802 error = avc_has_perm(tsec->sid, tsid,
1803 SECCLASS_DIR, DIR__SEARCH, NULL);
1804 } else {
1805 av = 0;
1806 if (op & 004)
1807 av |= FILE__READ;
1808 if (op & 002)
1809 av |= FILE__WRITE;
1810 if (av)
1811 error = avc_has_perm(tsec->sid, tsid,
1812 SECCLASS_FILE, av, NULL);
1813 }
1814
1815 return error;
1816}
1817
1818static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1819{
1820 int rc = 0;
1821
1822 if (!sb)
1823 return 0;
1824
1825 switch (cmds) {
1826 case Q_SYNC:
1827 case Q_QUOTAON:
1828 case Q_QUOTAOFF:
1829 case Q_SETINFO:
1830 case Q_SETQUOTA:
1831 rc = superblock_has_perm(current, sb, FILESYSTEM__QUOTAMOD,
1832 NULL);
1833 break;
1834 case Q_GETFMT:
1835 case Q_GETINFO:
1836 case Q_GETQUOTA:
1837 rc = superblock_has_perm(current, sb, FILESYSTEM__QUOTAGET,
1838 NULL);
1839 break;
1840 default:
1841 rc = 0;
1842 break;
1843 }
1844 return rc;
1845}
1846
1847static int selinux_quota_on(struct dentry *dentry)
1848{
1849 return dentry_has_perm(current, NULL, dentry, FILE__QUOTAON);
1850}
1851
1852static int selinux_syslog(int type)
1853{
1854 int rc;
1855
1856 rc = secondary_ops->syslog(type);
1857 if (rc)
1858 return rc;
1859
1860 switch (type) {
1861 case 3:
1862 case 10:
1863 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
1864 break;
1865 case 6:
1866 case 7:
1867 case 8:
1868 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
1869 break;
1870 case 0:
1871 case 1:
1872 case 2:
1873 case 4:
1874 case 5:
1875 default:
1876 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
1877 break;
1878 }
1879 return rc;
1880}
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
1895{
1896 int rc, cap_sys_admin = 0;
1897 struct task_security_struct *tsec = current->security;
1898
1899 rc = secondary_ops->capable(current, CAP_SYS_ADMIN);
1900 if (rc == 0)
1901 rc = avc_has_perm_noaudit(tsec->sid, tsec->sid,
1902 SECCLASS_CAPABILITY,
1903 CAP_TO_MASK(CAP_SYS_ADMIN),
1904 0,
1905 NULL);
1906
1907 if (rc == 0)
1908 cap_sys_admin = 1;
1909
1910 return __vm_enough_memory(mm, pages, cap_sys_admin);
1911}
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922static struct task_struct *task_tracer_task(struct task_struct *task)
1923{
1924 if (task->ptrace & PT_PTRACED)
1925 return rcu_dereference(task->parent);
1926 return NULL;
1927}
1928
1929
1930
1931static int selinux_bprm_alloc_security(struct linux_binprm *bprm)
1932{
1933 struct bprm_security_struct *bsec;
1934
1935 bsec = kzalloc(sizeof(struct bprm_security_struct), GFP_KERNEL);
1936 if (!bsec)
1937 return -ENOMEM;
1938
1939 bsec->sid = SECINITSID_UNLABELED;
1940 bsec->set = 0;
1941
1942 bprm->security = bsec;
1943 return 0;
1944}
1945
1946static int selinux_bprm_set_security(struct linux_binprm *bprm)
1947{
1948 struct task_security_struct *tsec;
1949 struct inode *inode = bprm->file->f_path.dentry->d_inode;
1950 struct inode_security_struct *isec;
1951 struct bprm_security_struct *bsec;
1952 u32 newsid;
1953 struct avc_audit_data ad;
1954 int rc;
1955
1956 rc = secondary_ops->bprm_set_security(bprm);
1957 if (rc)
1958 return rc;
1959
1960 bsec = bprm->security;
1961
1962 if (bsec->set)
1963 return 0;
1964
1965 tsec = current->security;
1966 isec = inode->i_security;
1967
1968
1969 bsec->sid = tsec->sid;
1970
1971
1972 tsec->create_sid = 0;
1973 tsec->keycreate_sid = 0;
1974 tsec->sockcreate_sid = 0;
1975
1976 if (tsec->exec_sid) {
1977 newsid = tsec->exec_sid;
1978
1979 tsec->exec_sid = 0;
1980 } else {
1981
1982 rc = security_transition_sid(tsec->sid, isec->sid,
1983 SECCLASS_PROCESS, &newsid);
1984 if (rc)
1985 return rc;
1986 }
1987
1988 AVC_AUDIT_DATA_INIT(&ad, FS);
1989 ad.u.fs.path = bprm->file->f_path;
1990
1991 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
1992 newsid = tsec->sid;
1993
1994 if (tsec->sid == newsid) {
1995 rc = avc_has_perm(tsec->sid, isec->sid,
1996 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
1997 if (rc)
1998 return rc;
1999 } else {
2000
2001 rc = avc_has_perm(tsec->sid, newsid,
2002 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2003 if (rc)
2004 return rc;
2005
2006 rc = avc_has_perm(newsid, isec->sid,
2007 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2008 if (rc)
2009 return rc;
2010
2011
2012 current->personality &= ~PER_CLEAR_ON_SETID;
2013
2014
2015 bsec->sid = newsid;
2016 }
2017
2018 bsec->set = 1;
2019 return 0;
2020}
2021
2022static int selinux_bprm_check_security(struct linux_binprm *bprm)
2023{
2024 return secondary_ops->bprm_check_security(bprm);
2025}
2026
2027
2028static int selinux_bprm_secureexec(struct linux_binprm *bprm)
2029{
2030 struct task_security_struct *tsec = current->security;
2031 int atsecure = 0;
2032
2033 if (tsec->osid != tsec->sid) {
2034
2035
2036
2037 atsecure = avc_has_perm(tsec->osid, tsec->sid,
2038 SECCLASS_PROCESS,
2039 PROCESS__NOATSECURE, NULL);
2040 }
2041
2042 return (atsecure || secondary_ops->bprm_secureexec(bprm));
2043}
2044
2045static void selinux_bprm_free_security(struct linux_binprm *bprm)
2046{
2047 kfree(bprm->security);
2048 bprm->security = NULL;
2049}
2050
2051extern struct vfsmount *selinuxfs_mount;
2052extern struct dentry *selinux_null;
2053
2054
2055static inline void flush_unauthorized_files(struct files_struct *files)
2056{
2057 struct avc_audit_data ad;
2058 struct file *file, *devnull = NULL;
2059 struct tty_struct *tty;
2060 struct fdtable *fdt;
2061 long j = -1;
2062 int drop_tty = 0;
2063
2064 mutex_lock(&tty_mutex);
2065 tty = get_current_tty();
2066 if (tty) {
2067 file_list_lock();
2068 file = list_entry(tty->tty_files.next, typeof(*file), f_u.fu_list);
2069 if (file) {
2070
2071
2072
2073
2074
2075 struct inode *inode = file->f_path.dentry->d_inode;
2076 if (inode_has_perm(current, inode,
2077 FILE__READ | FILE__WRITE, NULL)) {
2078 drop_tty = 1;
2079 }
2080 }
2081 file_list_unlock();
2082 }
2083 mutex_unlock(&tty_mutex);
2084
2085 if (drop_tty)
2086 no_tty();
2087
2088
2089
2090 AVC_AUDIT_DATA_INIT(&ad, FS);
2091
2092 spin_lock(&files->file_lock);
2093 for (;;) {
2094 unsigned long set, i;
2095 int fd;
2096
2097 j++;
2098 i = j * __NFDBITS;
2099 fdt = files_fdtable(files);
2100 if (i >= fdt->max_fds)
2101 break;
2102 set = fdt->open_fds->fds_bits[j];
2103 if (!set)
2104 continue;
2105 spin_unlock(&files->file_lock);
2106 for ( ; set ; i++, set >>= 1) {
2107 if (set & 1) {
2108 file = fget(i);
2109 if (!file)
2110 continue;
2111 if (file_has_perm(current,
2112 file,
2113 file_to_av(file))) {
2114 sys_close(i);
2115 fd = get_unused_fd();
2116 if (fd != i) {
2117 if (fd >= 0)
2118 put_unused_fd(fd);
2119 fput(file);
2120 continue;
2121 }
2122 if (devnull) {
2123 get_file(devnull);
2124 } else {
2125 devnull = dentry_open(dget(selinux_null), mntget(selinuxfs_mount), O_RDWR);
2126 if (IS_ERR(devnull)) {
2127 devnull = NULL;
2128 put_unused_fd(fd);
2129 fput(file);
2130 continue;
2131 }
2132 }
2133 fd_install(fd, devnull);
2134 }
2135 fput(file);
2136 }
2137 }
2138 spin_lock(&files->file_lock);
2139
2140 }
2141 spin_unlock(&files->file_lock);
2142}
2143
2144static void selinux_bprm_apply_creds(struct linux_binprm *bprm, int unsafe)
2145{
2146 struct task_security_struct *tsec;
2147 struct bprm_security_struct *bsec;
2148 u32 sid;
2149 int rc;
2150
2151 secondary_ops->bprm_apply_creds(bprm, unsafe);
2152
2153 tsec = current->security;
2154
2155 bsec = bprm->security;
2156 sid = bsec->sid;
2157
2158 tsec->osid = tsec->sid;
2159 bsec->unsafe = 0;
2160 if (tsec->sid != sid) {
2161
2162
2163 if (unsafe & LSM_UNSAFE_SHARE) {
2164 rc = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
2165 PROCESS__SHARE, NULL);
2166 if (rc) {
2167 bsec->unsafe = 1;
2168 return;
2169 }
2170 }
2171
2172
2173
2174 if (unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
2175 struct task_struct *tracer;
2176 struct task_security_struct *sec;
2177 u32 ptsid = 0;
2178
2179 rcu_read_lock();
2180 tracer = task_tracer_task(current);
2181 if (likely(tracer != NULL)) {
2182 sec = tracer->security;
2183 ptsid = sec->sid;
2184 }
2185 rcu_read_unlock();
2186
2187 if (ptsid != 0) {
2188 rc = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
2189 PROCESS__PTRACE, NULL);
2190 if (rc) {
2191 bsec->unsafe = 1;
2192 return;
2193 }
2194 }
2195 }
2196 tsec->sid = sid;
2197 }
2198}
2199
2200
2201
2202
2203static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm)
2204{
2205 struct task_security_struct *tsec;
2206 struct rlimit *rlim, *initrlim;
2207 struct itimerval itimer;
2208 struct bprm_security_struct *bsec;
2209 int rc, i;
2210
2211 tsec = current->security;
2212 bsec = bprm->security;
2213
2214 if (bsec->unsafe) {
2215 force_sig_specific(SIGKILL, current);
2216 return;
2217 }
2218 if (tsec->osid == tsec->sid)
2219 return;
2220
2221
2222 flush_unauthorized_files(current->files);
2223
2224
2225
2226
2227
2228
2229
2230 rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS,
2231 PROCESS__SIGINH, NULL);
2232 if (rc) {
2233 memset(&itimer, 0, sizeof itimer);
2234 for (i = 0; i < 3; i++)
2235 do_setitimer(i, &itimer, NULL);
2236 flush_signals(current);
2237 spin_lock_irq(¤t->sighand->siglock);
2238 flush_signal_handlers(current, 1);
2239 sigemptyset(¤t->blocked);
2240 recalc_sigpending();
2241 spin_unlock_irq(¤t->sighand->siglock);
2242 }
2243
2244
2245 current->pdeath_signal = 0;
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257 rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS,
2258 PROCESS__RLIMITINH, NULL);
2259 if (rc) {
2260 for (i = 0; i < RLIM_NLIMITS; i++) {
2261 rlim = current->signal->rlim + i;
2262 initrlim = init_task.signal->rlim+i;
2263 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2264 }
2265 if (current->signal->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) {
2266
2267
2268
2269
2270 current->it_prof_expires = jiffies_to_cputime(1);
2271 }
2272 }
2273
2274
2275
2276 wake_up_interruptible(¤t->parent->signal->wait_chldexit);
2277}
2278
2279
2280
2281static int selinux_sb_alloc_security(struct super_block *sb)
2282{
2283 return superblock_alloc_security(sb);
2284}
2285
2286static void selinux_sb_free_security(struct super_block *sb)
2287{
2288 superblock_free_security(sb);
2289}
2290
2291static inline int match_prefix(char *prefix, int plen, char *option, int olen)
2292{
2293 if (plen > olen)
2294 return 0;
2295
2296 return !memcmp(prefix, option, plen);
2297}
2298
2299static inline int selinux_option(char *option, int len)
2300{
2301 return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) ||
2302 match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) ||
2303 match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) ||
2304 match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len));
2305}
2306
2307static inline void take_option(char **to, char *from, int *first, int len)
2308{
2309 if (!*first) {
2310 **to = ',';
2311 *to += 1;
2312 } else
2313 *first = 0;
2314 memcpy(*to, from, len);
2315 *to += len;
2316}
2317
2318static inline void take_selinux_option(char **to, char *from, int *first,
2319 int len)
2320{
2321 int current_size = 0;
2322
2323 if (!*first) {
2324 **to = '|';
2325 *to += 1;
2326 } else
2327 *first = 0;
2328
2329 while (current_size < len) {
2330 if (*from != '"') {
2331 **to = *from;
2332 *to += 1;
2333 }
2334 from += 1;
2335 current_size += 1;
2336 }
2337}
2338
2339static int selinux_sb_copy_data(char *orig, char *copy)
2340{
2341 int fnosec, fsec, rc = 0;
2342 char *in_save, *in_curr, *in_end;
2343 char *sec_curr, *nosec_save, *nosec;
2344 int open_quote = 0;
2345
2346 in_curr = orig;
2347 sec_curr = copy;
2348
2349 nosec = (char *)get_zeroed_page(GFP_KERNEL);
2350 if (!nosec) {
2351 rc = -ENOMEM;
2352 goto out;
2353 }
2354
2355 nosec_save = nosec;
2356 fnosec = fsec = 1;
2357 in_save = in_end = orig;
2358
2359 do {
2360 if (*in_end == '"')
2361 open_quote = !open_quote;
2362 if ((*in_end == ',' && open_quote == 0) ||
2363 *in_end == '\0') {
2364 int len = in_end - in_curr;
2365
2366 if (selinux_option(in_curr, len))
2367 take_selinux_option(&sec_curr, in_curr, &fsec, len);
2368 else
2369 take_option(&nosec, in_curr, &fnosec, len);
2370
2371 in_curr = in_end + 1;
2372 }
2373 } while (*in_end++);
2374
2375 strcpy(in_save, nosec_save);
2376 free_page((unsigned long)nosec_save);
2377out:
2378 return rc;
2379}
2380
2381static int selinux_sb_kern_mount(struct super_block *sb, void *data)
2382{
2383 struct avc_audit_data ad;
2384 int rc;
2385
2386 rc = superblock_doinit(sb, data);
2387 if (rc)
2388 return rc;
2389
2390 AVC_AUDIT_DATA_INIT(&ad, FS);
2391 ad.u.fs.path.dentry = sb->s_root;
2392 return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad);
2393}
2394
2395static int selinux_sb_statfs(struct dentry *dentry)
2396{
2397 struct avc_audit_data ad;
2398
2399 AVC_AUDIT_DATA_INIT(&ad, FS);
2400 ad.u.fs.path.dentry = dentry->d_sb->s_root;
2401 return superblock_has_perm(current, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2402}
2403
2404static int selinux_mount(char *dev_name,
2405 struct path *path,
2406 char *type,
2407 unsigned long flags,
2408 void *data)
2409{
2410 int rc;
2411
2412 rc = secondary_ops->sb_mount(dev_name, path, type, flags, data);
2413 if (rc)
2414 return rc;
2415
2416 if (flags & MS_REMOUNT)
2417 return superblock_has_perm(current, path->mnt->mnt_sb,
2418 FILESYSTEM__REMOUNT, NULL);
2419 else
2420 return dentry_has_perm(current, path->mnt, path->dentry,
2421 FILE__MOUNTON);
2422}
2423
2424static int selinux_umount(struct vfsmount *mnt, int flags)
2425{
2426 int rc;
2427
2428 rc = secondary_ops->sb_umount(mnt, flags);
2429 if (rc)
2430 return rc;
2431
2432 return superblock_has_perm(current, mnt->mnt_sb,
2433 FILESYSTEM__UNMOUNT, NULL);
2434}
2435
2436
2437
2438static int selinux_inode_alloc_security(struct inode *inode)
2439{
2440 return inode_alloc_security(inode);
2441}
2442
2443static void selinux_inode_free_security(struct inode *inode)
2444{
2445 inode_free_security(inode);
2446}
2447
2448static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2449 char **name, void **value,
2450 size_t *len)
2451{
2452 struct task_security_struct *tsec;
2453 struct inode_security_struct *dsec;
2454 struct superblock_security_struct *sbsec;
2455 u32 newsid, clen;
2456 int rc;
2457 char *namep = NULL, *context;
2458
2459 tsec = current->security;
2460 dsec = dir->i_security;
2461 sbsec = dir->i_sb->s_security;
2462
2463 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
2464 newsid = tsec->create_sid;
2465 } else {
2466 rc = security_transition_sid(tsec->sid, dsec->sid,
2467 inode_mode_to_security_class(inode->i_mode),
2468 &newsid);
2469 if (rc) {
2470 printk(KERN_WARNING "%s: "
2471 "security_transition_sid failed, rc=%d (dev=%s "
2472 "ino=%ld)\n",
2473 __func__,
2474 -rc, inode->i_sb->s_id, inode->i_ino);
2475 return rc;
2476 }
2477 }
2478
2479
2480 if (sbsec->initialized) {
2481 struct inode_security_struct *isec = inode->i_security;
2482 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2483 isec->sid = newsid;
2484 isec->initialized = 1;
2485 }
2486
2487 if (!ss_initialized || sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
2488 return -EOPNOTSUPP;
2489
2490 if (name) {
2491 namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS);
2492 if (!namep)
2493 return -ENOMEM;
2494 *name = namep;
2495 }
2496
2497 if (value && len) {
2498 rc = security_sid_to_context(newsid, &context, &clen);
2499 if (rc) {
2500 kfree(namep);
2501 return rc;
2502 }
2503 *value = context;
2504 *len = clen;
2505 }
2506
2507 return 0;
2508}
2509
2510static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask)
2511{
2512 return may_create(dir, dentry, SECCLASS_FILE);
2513}
2514
2515static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2516{
2517 int rc;
2518
2519 rc = secondary_ops->inode_link(old_dentry, dir, new_dentry);
2520 if (rc)
2521 return rc;
2522 return may_link(dir, old_dentry, MAY_LINK);
2523}
2524
2525static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2526{
2527 int rc;
2528
2529 rc = secondary_ops->inode_unlink(dir, dentry);
2530 if (rc)
2531 return rc;
2532 return may_link(dir, dentry, MAY_UNLINK);
2533}
2534
2535static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2536{
2537 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2538}
2539
2540static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask)
2541{
2542 return may_create(dir, dentry, SECCLASS_DIR);
2543}
2544
2545static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2546{
2547 return may_link(dir, dentry, MAY_RMDIR);
2548}
2549
2550static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
2551{
2552 int rc;
2553
2554 rc = secondary_ops->inode_mknod(dir, dentry, mode, dev);
2555 if (rc)
2556 return rc;
2557
2558 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2559}
2560
2561static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2562 struct inode *new_inode, struct dentry *new_dentry)
2563{
2564 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2565}
2566
2567static int selinux_inode_readlink(struct dentry *dentry)
2568{
2569 return dentry_has_perm(current, NULL, dentry, FILE__READ);
2570}
2571
2572static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
2573{
2574 int rc;
2575
2576 rc = secondary_ops->inode_follow_link(dentry, nameidata);
2577 if (rc)
2578 return rc;
2579 return dentry_has_perm(current, NULL, dentry, FILE__READ);
2580}
2581
2582static int selinux_inode_permission(struct inode *inode, int mask,
2583 struct nameidata *nd)
2584{
2585 int rc;
2586
2587 rc = secondary_ops->inode_permission(inode, mask, nd);
2588 if (rc)
2589 return rc;
2590
2591 if (!mask) {
2592
2593 return 0;
2594 }
2595
2596 return inode_has_perm(current, inode,
2597 open_file_mask_to_av(inode->i_mode, mask), NULL);
2598}
2599
2600static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2601{
2602 int rc;
2603
2604 rc = secondary_ops->inode_setattr(dentry, iattr);
2605 if (rc)
2606 return rc;
2607
2608 if (iattr->ia_valid & ATTR_FORCE)
2609 return 0;
2610
2611 if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
2612 ATTR_ATIME_SET | ATTR_MTIME_SET))
2613 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
2614
2615 return dentry_has_perm(current, NULL, dentry, FILE__WRITE);
2616}
2617
2618static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
2619{
2620 return dentry_has_perm(current, mnt, dentry, FILE__GETATTR);
2621}
2622
2623static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
2624{
2625 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2626 sizeof XATTR_SECURITY_PREFIX - 1)) {
2627 if (!strcmp(name, XATTR_NAME_CAPS)) {
2628 if (!capable(CAP_SETFCAP))
2629 return -EPERM;
2630 } else if (!capable(CAP_SYS_ADMIN)) {
2631
2632
2633 return -EPERM;
2634 }
2635 }
2636
2637
2638
2639 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
2640}
2641
2642static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2643 const void *value, size_t size, int flags)
2644{
2645 struct task_security_struct *tsec = current->security;
2646 struct inode *inode = dentry->d_inode;
2647 struct inode_security_struct *isec = inode->i_security;
2648 struct superblock_security_struct *sbsec;
2649 struct avc_audit_data ad;
2650 u32 newsid;
2651 int rc = 0;
2652
2653 if (strcmp(name, XATTR_NAME_SELINUX))
2654 return selinux_inode_setotherxattr(dentry, name);
2655
2656 sbsec = inode->i_sb->s_security;
2657 if (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
2658 return -EOPNOTSUPP;
2659
2660 if (!is_owner_or_cap(inode))
2661 return -EPERM;
2662
2663 AVC_AUDIT_DATA_INIT(&ad, FS);
2664 ad.u.fs.path.dentry = dentry;
2665
2666 rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
2667 FILE__RELABELFROM, &ad);
2668 if (rc)
2669 return rc;
2670
2671 rc = security_context_to_sid(value, size, &newsid);
2672 if (rc)
2673 return rc;
2674
2675 rc = avc_has_perm(tsec->sid, newsid, isec->sclass,
2676 FILE__RELABELTO, &ad);
2677 if (rc)
2678 return rc;
2679
2680 rc = security_validate_transition(isec->sid, newsid, tsec->sid,
2681 isec->sclass);
2682 if (rc)
2683 return rc;
2684
2685 return avc_has_perm(newsid,
2686 sbsec->sid,
2687 SECCLASS_FILESYSTEM,
2688 FILESYSTEM__ASSOCIATE,
2689 &ad);
2690}
2691
2692static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
2693 const void *value, size_t size,
2694 int flags)
2695{
2696 struct inode *inode = dentry->d_inode;
2697 struct inode_security_struct *isec = inode->i_security;
2698 u32 newsid;
2699 int rc;
2700
2701 if (strcmp(name, XATTR_NAME_SELINUX)) {
2702
2703 return;
2704 }
2705
2706 rc = security_context_to_sid(value, size, &newsid);
2707 if (rc) {
2708 printk(KERN_WARNING "%s: unable to obtain SID for context "
2709 "%s, rc=%d\n", __func__, (char *)value, -rc);
2710 return;
2711 }
2712
2713 isec->sid = newsid;
2714 return;
2715}
2716
2717static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
2718{
2719 return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
2720}
2721
2722static int selinux_inode_listxattr(struct dentry *dentry)
2723{
2724 return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
2725}
2726
2727static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
2728{
2729 if (strcmp(name, XATTR_NAME_SELINUX))
2730 return selinux_inode_setotherxattr(dentry, name);
2731
2732
2733
2734 return -EACCES;
2735}
2736
2737
2738
2739
2740
2741
2742
2743
2744static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
2745{
2746 u32 size;
2747 int error;
2748 char *context = NULL;
2749 struct inode_security_struct *isec = inode->i_security;
2750
2751 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2752 return -EOPNOTSUPP;
2753
2754 error = security_sid_to_context(isec->sid, &context, &size);
2755 if (error)
2756 return error;
2757 error = size;
2758 if (alloc) {
2759 *buffer = context;
2760 goto out_nofree;
2761 }
2762 kfree(context);
2763out_nofree:
2764 return error;
2765}
2766
2767static int selinux_inode_setsecurity(struct inode *inode, const char *name,
2768 const void *value, size_t size, int flags)
2769{
2770 struct inode_security_struct *isec = inode->i_security;
2771 u32 newsid;
2772 int rc;
2773
2774 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2775 return -EOPNOTSUPP;
2776
2777 if (!value || !size)
2778 return -EACCES;
2779
2780 rc = security_context_to_sid((void *)value, size, &newsid);
2781 if (rc)
2782 return rc;
2783
2784 isec->sid = newsid;
2785 return 0;
2786}
2787
2788static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
2789{
2790 const int len = sizeof(XATTR_NAME_SELINUX);
2791 if (buffer && len <= buffer_size)
2792 memcpy(buffer, XATTR_NAME_SELINUX, len);
2793 return len;
2794}
2795
2796static int selinux_inode_need_killpriv(struct dentry *dentry)
2797{
2798 return secondary_ops->inode_need_killpriv(dentry);
2799}
2800
2801static int selinux_inode_killpriv(struct dentry *dentry)
2802{
2803 return secondary_ops->inode_killpriv(dentry);
2804}
2805
2806static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
2807{
2808 struct inode_security_struct *isec = inode->i_security;
2809 *secid = isec->sid;
2810}
2811
2812
2813
2814static int selinux_revalidate_file_permission(struct file *file, int mask)
2815{
2816 int rc;
2817 struct inode *inode = file->f_path.dentry->d_inode;
2818
2819 if (!mask) {
2820
2821 return 0;
2822 }
2823
2824
2825 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
2826 mask |= MAY_APPEND;
2827
2828 rc = file_has_perm(current, file,
2829 file_mask_to_av(inode->i_mode, mask));
2830 if (rc)
2831 return rc;
2832
2833 return selinux_netlbl_inode_permission(inode, mask);
2834}
2835
2836static int selinux_file_permission(struct file *file, int mask)
2837{
2838 struct inode *inode = file->f_path.dentry->d_inode;
2839 struct task_security_struct *tsec = current->security;
2840 struct file_security_struct *fsec = file->f_security;
2841 struct inode_security_struct *isec = inode->i_security;
2842
2843 if (!mask) {
2844
2845 return 0;
2846 }
2847
2848 if (tsec->sid == fsec->sid && fsec->isid == isec->sid
2849 && fsec->pseqno == avc_policy_seqno())
2850 return selinux_netlbl_inode_permission(inode, mask);
2851
2852 return selinux_revalidate_file_permission(file, mask);
2853}
2854
2855static int selinux_file_alloc_security(struct file *file)
2856{
2857 return file_alloc_security(file);
2858}
2859
2860static void selinux_file_free_security(struct file *file)
2861{
2862 file_free_security(file);
2863}
2864
2865static int selinux_file_ioctl(struct file *file, unsigned int cmd,
2866 unsigned long arg)
2867{
2868 int error = 0;
2869
2870 switch (cmd) {
2871 case FIONREAD:
2872
2873 case FIBMAP:
2874
2875 case FIGETBSZ:
2876
2877 case EXT2_IOC_GETFLAGS:
2878
2879 case EXT2_IOC_GETVERSION:
2880 error = file_has_perm(current, file, FILE__GETATTR);
2881 break;
2882
2883 case EXT2_IOC_SETFLAGS:
2884
2885 case EXT2_IOC_SETVERSION:
2886 error = file_has_perm(current, file, FILE__SETATTR);
2887 break;
2888
2889
2890 case FIONBIO:
2891
2892 case FIOASYNC:
2893 error = file_has_perm(current, file, 0);
2894 break;
2895
2896 case KDSKBENT:
2897 case KDSKBSENT:
2898 error = task_has_capability(current, CAP_SYS_TTY_CONFIG);
2899 break;
2900
2901
2902
2903
2904 default:
2905 error = file_has_perm(current, file, FILE__IOCTL);
2906 }
2907 return error;
2908}
2909
2910static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
2911{
2912#ifndef CONFIG_PPC32
2913 if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
2914
2915
2916
2917
2918
2919 int rc = task_has_perm(current, current, PROCESS__EXECMEM);
2920 if (rc)
2921 return rc;
2922 }
2923#endif
2924
2925 if (file) {
2926
2927 u32 av = FILE__READ;
2928
2929
2930 if (shared && (prot & PROT_WRITE))
2931 av |= FILE__WRITE;
2932
2933 if (prot & PROT_EXEC)
2934 av |= FILE__EXECUTE;
2935
2936 return file_has_perm(current, file, av);
2937 }
2938 return 0;
2939}
2940
2941static int selinux_file_mmap(struct file *file, unsigned long reqprot,
2942 unsigned long prot, unsigned long flags,
2943 unsigned long addr, unsigned long addr_only)
2944{
2945 int rc = 0;
2946 u32 sid = ((struct task_security_struct *)(current->security))->sid;
2947
2948 if (addr < mmap_min_addr)
2949 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
2950 MEMPROTECT__MMAP_ZERO, NULL);
2951 if (rc || addr_only)
2952 return rc;
2953
2954 if (selinux_checkreqprot)
2955 prot = reqprot;
2956
2957 return file_map_prot_check(file, prot,
2958 (flags & MAP_TYPE) == MAP_SHARED);
2959}
2960
2961static int selinux_file_mprotect(struct vm_area_struct *vma,
2962 unsigned long reqprot,
2963 unsigned long prot)
2964{
2965 int rc;
2966
2967 rc = secondary_ops->file_mprotect(vma, reqprot, prot);
2968 if (rc)
2969 return rc;
2970
2971 if (selinux_checkreqprot)
2972 prot = reqprot;
2973
2974#ifndef CONFIG_PPC32
2975 if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
2976 rc = 0;
2977 if (vma->vm_start >= vma->vm_mm->start_brk &&
2978 vma->vm_end <= vma->vm_mm->brk) {
2979 rc = task_has_perm(current, current,
2980 PROCESS__EXECHEAP);
2981 } else if (!vma->vm_file &&
2982 vma->vm_start <= vma->vm_mm->start_stack &&
2983 vma->vm_end >= vma->vm_mm->start_stack) {
2984 rc = task_has_perm(current, current, PROCESS__EXECSTACK);
2985 } else if (vma->vm_file && vma->anon_vma) {
2986
2987
2988
2989
2990
2991
2992
2993 rc = file_has_perm(current, vma->vm_file,
2994 FILE__EXECMOD);
2995 }
2996 if (rc)
2997 return rc;
2998 }
2999#endif
3000
3001 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3002}
3003
3004static int selinux_file_lock(struct file *file, unsigned int cmd)
3005{
3006 return file_has_perm(current, file, FILE__LOCK);
3007}
3008
3009static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3010 unsigned long arg)
3011{
3012 int err = 0;
3013
3014 switch (cmd) {
3015 case F_SETFL:
3016 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3017 err = -EINVAL;
3018 break;
3019 }
3020
3021 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3022 err = file_has_perm(current, file, FILE__WRITE);
3023 break;
3024 }
3025
3026 case F_SETOWN:
3027 case F_SETSIG:
3028 case F_GETFL:
3029 case F_GETOWN:
3030 case F_GETSIG:
3031
3032 err = file_has_perm(current, file, 0);
3033 break;
3034 case F_GETLK:
3035 case F_SETLK:
3036 case F_SETLKW:
3037#if BITS_PER_LONG == 32
3038 case F_GETLK64:
3039 case F_SETLK64:
3040 case F_SETLKW64:
3041#endif
3042 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3043 err = -EINVAL;
3044 break;
3045 }
3046 err = file_has_perm(current, file, FILE__LOCK);
3047 break;
3048 }
3049
3050 return err;
3051}
3052
3053static int selinux_file_set_fowner(struct file *file)
3054{
3055 struct task_security_struct *tsec;
3056 struct file_security_struct *fsec;
3057
3058 tsec = current->security;
3059 fsec = file->f_security;
3060 fsec->fown_sid = tsec->sid;
3061
3062 return 0;
3063}
3064
3065static int selinux_file_send_sigiotask(struct task_struct *tsk,
3066 struct fown_struct *fown, int signum)
3067{
3068 struct file *file;
3069 u32 perm;
3070 struct task_security_struct *tsec;
3071 struct file_security_struct *fsec;
3072
3073
3074 file = container_of(fown, struct file, f_owner);
3075
3076 tsec = tsk->security;
3077 fsec = file->f_security;
3078
3079 if (!signum)
3080 perm = signal_to_av(SIGIO);
3081 else
3082 perm = signal_to_av(signum);
3083
3084 return avc_has_perm(fsec->fown_sid, tsec->sid,
3085 SECCLASS_PROCESS, perm, NULL);
3086}
3087
3088static int selinux_file_receive(struct file *file)
3089{
3090 return file_has_perm(current, file, file_to_av(file));
3091}
3092
3093static int selinux_dentry_open(struct file *file)
3094{
3095 struct file_security_struct *fsec;
3096 struct inode *inode;
3097 struct inode_security_struct *isec;
3098 inode = file->f_path.dentry->d_inode;
3099 fsec = file->f_security;
3100 isec = inode->i_security;
3101
3102
3103
3104
3105
3106
3107
3108 fsec->isid = isec->sid;
3109 fsec->pseqno = avc_policy_seqno();
3110
3111
3112
3113
3114
3115
3116
3117
3118 return inode_has_perm(current, inode, file_to_av(file), NULL);
3119}
3120
3121
3122
3123static int selinux_task_create(unsigned long clone_flags)
3124{
3125 int rc;
3126
3127 rc = secondary_ops->task_create(clone_flags);
3128 if (rc)
3129 return rc;
3130
3131 return task_has_perm(current, current, PROCESS__FORK);
3132}
3133
3134static int selinux_task_alloc_security(struct task_struct *tsk)
3135{
3136 struct task_security_struct *tsec1, *tsec2;
3137 int rc;
3138
3139 tsec1 = current->security;
3140
3141 rc = task_alloc_security(tsk);
3142 if (rc)
3143 return rc;
3144 tsec2 = tsk->security;
3145
3146 tsec2->osid = tsec1->osid;
3147 tsec2->sid = tsec1->sid;
3148
3149
3150 tsec2->exec_sid = tsec1->exec_sid;
3151 tsec2->create_sid = tsec1->create_sid;
3152 tsec2->keycreate_sid = tsec1->keycreate_sid;
3153 tsec2->sockcreate_sid = tsec1->sockcreate_sid;
3154
3155 return 0;
3156}
3157
3158static void selinux_task_free_security(struct task_struct *tsk)
3159{
3160 task_free_security(tsk);
3161}
3162
3163static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
3164{
3165
3166
3167
3168
3169
3170
3171 return 0;
3172}
3173
3174static int selinux_task_post_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
3175{
3176 return secondary_ops->task_post_setuid(id0, id1, id2, flags);
3177}
3178
3179static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags)
3180{
3181
3182 return 0;
3183}
3184
3185static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
3186{
3187 return task_has_perm(current, p, PROCESS__SETPGID);
3188}
3189
3190static int selinux_task_getpgid(struct task_struct *p)
3191{
3192 return task_has_perm(current, p, PROCESS__GETPGID);
3193}
3194
3195static int selinux_task_getsid(struct task_struct *p)
3196{
3197 return task_has_perm(current, p, PROCESS__GETSESSION);
3198}
3199
3200static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
3201{
3202 struct task_security_struct *tsec = p->security;
3203 *secid = tsec->sid;
3204}
3205
3206static int selinux_task_setgroups(struct group_info *group_info)
3207{
3208
3209 return 0;
3210}
3211
3212static int selinux_task_setnice(struct task_struct *p, int nice)
3213{
3214 int rc;
3215
3216 rc = secondary_ops->task_setnice(p, nice);
3217 if (rc)
3218 return rc;
3219
3220 return task_has_perm(current, p, PROCESS__SETSCHED);
3221}
3222
3223static int selinux_task_setioprio(struct task_struct *p, int ioprio)
3224{
3225 int rc;
3226
3227 rc = secondary_ops->task_setioprio(p, ioprio);
3228 if (rc)
3229 return rc;
3230
3231 return task_has_perm(current, p, PROCESS__SETSCHED);
3232}
3233
3234static int selinux_task_getioprio(struct task_struct *p)
3235{
3236 return task_has_perm(current, p, PROCESS__GETSCHED);
3237}
3238
3239static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim)
3240{
3241 struct rlimit *old_rlim = current->signal->rlim + resource;
3242 int rc;
3243
3244 rc = secondary_ops->task_setrlimit(resource, new_rlim);
3245 if (rc)
3246 return rc;
3247
3248
3249
3250
3251
3252 if (old_rlim->rlim_max != new_rlim->rlim_max)
3253 return task_has_perm(current, current, PROCESS__SETRLIMIT);
3254
3255 return 0;
3256}
3257
3258static int selinux_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp)
3259{
3260 int rc;
3261
3262 rc = secondary_ops->task_setscheduler(p, policy, lp);
3263 if (rc)
3264 return rc;
3265
3266 return task_has_perm(current, p, PROCESS__SETSCHED);
3267}
3268
3269static int selinux_task_getscheduler(struct task_struct *p)
3270{
3271 return task_has_perm(current, p, PROCESS__GETSCHED);
3272}
3273
3274static int selinux_task_movememory(struct task_struct *p)
3275{
3276 return task_has_perm(current, p, PROCESS__SETSCHED);
3277}
3278
3279static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
3280 int sig, u32 secid)
3281{
3282 u32 perm;
3283 int rc;
3284 struct task_security_struct *tsec;
3285
3286 rc = secondary_ops->task_kill(p, info, sig, secid);
3287 if (rc)
3288 return rc;
3289
3290 if (!sig)
3291 perm = PROCESS__SIGNULL;
3292 else
3293 perm = signal_to_av(sig);
3294 tsec = p->security;
3295 if (secid)
3296 rc = avc_has_perm(secid, tsec->sid, SECCLASS_PROCESS, perm, NULL);
3297 else
3298 rc = task_has_perm(current, p, perm);
3299 return rc;
3300}
3301
3302static int selinux_task_prctl(int option,
3303 unsigned long arg2,
3304 unsigned long arg3,
3305 unsigned long arg4,
3306 unsigned long arg5,
3307 long *rc_p)
3308{
3309
3310
3311
3312 return secondary_ops->task_prctl(option, arg2, arg3, arg4, arg5, rc_p);
3313}
3314
3315static int selinux_task_wait(struct task_struct *p)
3316{
3317 return task_has_perm(p, current, PROCESS__SIGCHLD);
3318}
3319
3320static void selinux_task_reparent_to_init(struct task_struct *p)
3321{
3322 struct task_security_struct *tsec;
3323
3324 secondary_ops->task_reparent_to_init(p);
3325
3326 tsec = p->security;
3327 tsec->osid = tsec->sid;
3328 tsec->sid = SECINITSID_KERNEL;
3329 return;
3330}
3331
3332static void selinux_task_to_inode(struct task_struct *p,
3333 struct inode *inode)
3334{
3335 struct task_security_struct *tsec = p->security;
3336 struct inode_security_struct *isec = inode->i_security;
3337
3338 isec->sid = tsec->sid;
3339 isec->initialized = 1;
3340 return;
3341}
3342
3343
3344static int selinux_parse_skb_ipv4(struct sk_buff *skb,
3345 struct avc_audit_data *ad, u8 *proto)
3346{
3347 int offset, ihlen, ret = -EINVAL;
3348 struct iphdr _iph, *ih;
3349
3350 offset = skb_network_offset(skb);
3351 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
3352 if (ih == NULL)
3353 goto out;
3354
3355 ihlen = ih->ihl * 4;
3356 if (ihlen < sizeof(_iph))
3357 goto out;
3358
3359 ad->u.net.v4info.saddr = ih->saddr;
3360 ad->u.net.v4info.daddr = ih->daddr;
3361 ret = 0;
3362
3363 if (proto)
3364 *proto = ih->protocol;
3365
3366 switch (ih->protocol) {
3367 case IPPROTO_TCP: {
3368 struct tcphdr _tcph, *th;
3369
3370 if (ntohs(ih->frag_off) & IP_OFFSET)
3371 break;
3372
3373 offset += ihlen;
3374 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3375 if (th == NULL)
3376 break;
3377
3378 ad->u.net.sport = th->source;
3379 ad->u.net.dport = th->dest;
3380 break;
3381 }
3382
3383 case IPPROTO_UDP: {
3384 struct udphdr _udph, *uh;
3385
3386 if (ntohs(ih->frag_off) & IP_OFFSET)
3387 break;
3388
3389 offset += ihlen;
3390 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3391 if (uh == NULL)
3392 break;
3393
3394 ad->u.net.sport = uh->source;
3395 ad->u.net.dport = uh->dest;
3396 break;
3397 }
3398
3399 case IPPROTO_DCCP: {
3400 struct dccp_hdr _dccph, *dh;
3401
3402 if (ntohs(ih->frag_off) & IP_OFFSET)
3403 break;
3404
3405 offset += ihlen;
3406 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3407 if (dh == NULL)
3408 break;
3409
3410 ad->u.net.sport = dh->dccph_sport;
3411 ad->u.net.dport = dh->dccph_dport;
3412 break;
3413 }
3414
3415 default:
3416 break;
3417 }
3418out:
3419 return ret;
3420}
3421
3422#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3423
3424
3425static int selinux_parse_skb_ipv6(struct sk_buff *skb,
3426 struct avc_audit_data *ad, u8 *proto)
3427{
3428 u8 nexthdr;
3429 int ret = -EINVAL, offset;
3430 struct ipv6hdr _ipv6h, *ip6;
3431
3432 offset = skb_network_offset(skb);
3433 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3434 if (ip6 == NULL)
3435 goto out;
3436
3437 ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr);
3438 ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr);
3439 ret = 0;
3440
3441 nexthdr = ip6->nexthdr;
3442 offset += sizeof(_ipv6h);
3443 offset = ipv6_skip_exthdr(skb, offset, &nexthdr);
3444 if (offset < 0)
3445 goto out;
3446
3447 if (proto)
3448 *proto = nexthdr;
3449
3450 switch (nexthdr) {
3451 case IPPROTO_TCP: {
3452 struct tcphdr _tcph, *th;
3453
3454 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3455 if (th == NULL)
3456 break;
3457
3458 ad->u.net.sport = th->source;
3459 ad->u.net.dport = th->dest;
3460 break;
3461 }
3462
3463 case IPPROTO_UDP: {
3464 struct udphdr _udph, *uh;
3465
3466 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3467 if (uh == NULL)
3468 break;
3469
3470 ad->u.net.sport = uh->source;
3471 ad->u.net.dport = uh->dest;
3472 break;
3473 }
3474
3475 case IPPROTO_DCCP: {
3476 struct dccp_hdr _dccph, *dh;
3477
3478 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3479 if (dh == NULL)
3480 break;
3481
3482 ad->u.net.sport = dh->dccph_sport;
3483 ad->u.net.dport = dh->dccph_dport;
3484 break;
3485 }
3486
3487
3488 default:
3489 break;
3490 }
3491out:
3492 return ret;
3493}
3494
3495#endif
3496
3497static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad,
3498 char **addrp, int src, u8 *proto)
3499{
3500 int ret = 0;
3501
3502 switch (ad->u.net.family) {
3503 case PF_INET:
3504 ret = selinux_parse_skb_ipv4(skb, ad, proto);
3505 if (ret || !addrp)
3506 break;
3507 *addrp = (char *)(src ? &ad->u.net.v4info.saddr :
3508 &ad->u.net.v4info.daddr);
3509 break;
3510
3511#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3512 case PF_INET6:
3513 ret = selinux_parse_skb_ipv6(skb, ad, proto);
3514 if (ret || !addrp)
3515 break;
3516 *addrp = (char *)(src ? &ad->u.net.v6info.saddr :
3517 &ad->u.net.v6info.daddr);
3518 break;
3519#endif
3520 default:
3521 break;
3522 }
3523
3524 if (unlikely(ret))
3525 printk(KERN_WARNING
3526 "SELinux: failure in selinux_parse_skb(),"
3527 " unable to parse packet\n");
3528
3529 return ret;
3530}
3531
3532
3533
3534
3535
3536
3537
3538
3539
3540
3541
3542
3543
3544
3545
3546
3547static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
3548{
3549 int err;
3550 u32 xfrm_sid;
3551 u32 nlbl_sid;
3552 u32 nlbl_type;
3553
3554 selinux_skb_xfrm_sid(skb, &xfrm_sid);
3555 selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
3556
3557 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
3558 if (unlikely(err)) {
3559 printk(KERN_WARNING
3560 "SELinux: failure in selinux_skb_peerlbl_sid(),"
3561 " unable to determine packet's peer label\n");
3562 return -EACCES;
3563 }
3564
3565 return 0;
3566}
3567
3568
3569static int socket_has_perm(struct task_struct *task, struct socket *sock,
3570 u32 perms)
3571{
3572 struct inode_security_struct *isec;
3573 struct task_security_struct *tsec;
3574 struct avc_audit_data ad;
3575 int err = 0;
3576
3577 tsec = task->security;
3578 isec = SOCK_INODE(sock)->i_security;
3579
3580 if (isec->sid == SECINITSID_KERNEL)
3581 goto out;
3582
3583 AVC_AUDIT_DATA_INIT(&ad, NET);
3584 ad.u.net.sk = sock->sk;
3585 err = avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad);
3586
3587out:
3588 return err;
3589}
3590
3591static int selinux_socket_create(int family, int type,
3592 int protocol, int kern)
3593{
3594 int err = 0;
3595 struct task_security_struct *tsec;
3596 u32 newsid;
3597
3598 if (kern)
3599 goto out;
3600
3601 tsec = current->security;
3602 newsid = tsec->sockcreate_sid ? : tsec->sid;
3603 err = avc_has_perm(tsec->sid, newsid,
3604 socket_type_to_security_class(family, type,
3605 protocol), SOCKET__CREATE, NULL);
3606
3607out:
3608 return err;
3609}
3610
3611static int selinux_socket_post_create(struct socket *sock, int family,
3612 int type, int protocol, int kern)
3613{
3614 int err = 0;
3615 struct inode_security_struct *isec;
3616 struct task_security_struct *tsec;
3617 struct sk_security_struct *sksec;
3618 u32 newsid;
3619
3620 isec = SOCK_INODE(sock)->i_security;
3621
3622 tsec = current->security;
3623 newsid = tsec->sockcreate_sid ? : tsec->sid;
3624 isec->sclass = socket_type_to_security_class(family, type, protocol);
3625 isec->sid = kern ? SECINITSID_KERNEL : newsid;
3626 isec->initialized = 1;
3627
3628 if (sock->sk) {
3629 sksec = sock->sk->sk_security;
3630 sksec->sid = isec->sid;
3631 sksec->sclass = isec->sclass;
3632 err = selinux_netlbl_socket_post_create(sock);
3633 }
3634
3635 return err;
3636}
3637
3638
3639
3640
3641
3642static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
3643{
3644 u16 family;
3645 int err;
3646
3647 err = socket_has_perm(current, sock, SOCKET__BIND);
3648 if (err)
3649 goto out;
3650
3651
3652
3653
3654
3655
3656 family = sock->sk->sk_family;
3657 if (family == PF_INET || family == PF_INET6) {
3658 char *addrp;
3659 struct inode_security_struct *isec;
3660 struct task_security_struct *tsec;
3661 struct avc_audit_data ad;
3662 struct sockaddr_in *addr4 = NULL;
3663 struct sockaddr_in6 *addr6 = NULL;
3664 unsigned short snum;
3665 struct sock *sk = sock->sk;
3666 u32 sid, node_perm, addrlen;
3667
3668 tsec = current->security;
3669 isec = SOCK_INODE(sock)->i_security;
3670
3671 if (family == PF_INET) {
3672 addr4 = (struct sockaddr_in *)address;
3673 snum = ntohs(addr4->sin_port);
3674 addrlen = sizeof(addr4->sin_addr.s_addr);
3675 addrp = (char *)&addr4->sin_addr.s_addr;
3676 } else {
3677 addr6 = (struct sockaddr_in6 *)address;
3678 snum = ntohs(addr6->sin6_port);
3679 addrlen = sizeof(addr6->sin6_addr.s6_addr);
3680 addrp = (char *)&addr6->sin6_addr.s6_addr;
3681 }
3682
3683 if (snum) {
3684 int low, high;
3685
3686 inet_get_local_port_range(&low, &high);
3687
3688 if (snum < max(PROT_SOCK, low) || snum > high) {
3689 err = sel_netport_sid(sk->sk_protocol,
3690 snum, &sid);
3691 if (err)
3692 goto out;
3693 AVC_AUDIT_DATA_INIT(&ad, NET);
3694 ad.u.net.sport = htons(snum);
3695 ad.u.net.family = family;
3696 err = avc_has_perm(isec->sid, sid,
3697 isec->sclass,
3698 SOCKET__NAME_BIND, &ad);
3699 if (err)
3700 goto out;
3701 }
3702 }
3703
3704 switch (isec->sclass) {
3705 case SECCLASS_TCP_SOCKET:
3706 node_perm = TCP_SOCKET__NODE_BIND;
3707 break;
3708
3709 case SECCLASS_UDP_SOCKET:
3710 node_perm = UDP_SOCKET__NODE_BIND;
3711 break;
3712
3713 case SECCLASS_DCCP_SOCKET:
3714 node_perm = DCCP_SOCKET__NODE_BIND;
3715 break;
3716
3717 default:
3718 node_perm = RAWIP_SOCKET__NODE_BIND;
3719 break;
3720 }
3721
3722 err = sel_netnode_sid(addrp, family, &sid);
3723 if (err)
3724 goto out;
3725
3726 AVC_AUDIT_DATA_INIT(&ad, NET);
3727 ad.u.net.sport = htons(snum);
3728 ad.u.net.family = family;
3729
3730 if (family == PF_INET)
3731 ad.u.net.v4info.saddr = addr4->sin_addr.s_addr;
3732 else
3733 ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr);
3734
3735 err = avc_has_perm(isec->sid, sid,
3736 isec->sclass, node_perm, &ad);
3737 if (err)
3738 goto out;
3739 }
3740out:
3741 return err;
3742}
3743
3744static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
3745{
3746 struct inode_security_struct *isec;
3747 int err;
3748
3749 err = socket_has_perm(current, sock, SOCKET__CONNECT);
3750 if (err)
3751 return err;
3752
3753
3754
3755
3756 isec = SOCK_INODE(sock)->i_security;
3757 if (isec->sclass == SECCLASS_TCP_SOCKET ||
3758 isec->sclass == SECCLASS_DCCP_SOCKET) {
3759 struct sock *sk = sock->sk;
3760 struct avc_audit_data ad;
3761 struct sockaddr_in *addr4 = NULL;
3762 struct sockaddr_in6 *addr6 = NULL;
3763 unsigned short snum;
3764 u32 sid, perm;
3765
3766 if (sk->sk_family == PF_INET) {
3767 addr4 = (struct sockaddr_in *)address;
3768 if (addrlen < sizeof(struct sockaddr_in))
3769 return -EINVAL;
3770 snum = ntohs(addr4->sin_port);
3771 } else {
3772 addr6 = (struct sockaddr_in6 *)address;
3773 if (addrlen < SIN6_LEN_RFC2133)
3774 return -EINVAL;
3775 snum = ntohs(addr6->sin6_port);
3776 }
3777
3778 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
3779 if (err)
3780 goto out;
3781
3782 perm = (isec->sclass == SECCLASS_TCP_SOCKET) ?
3783 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
3784
3785 AVC_AUDIT_DATA_INIT(&ad, NET);
3786 ad.u.net.dport = htons(snum);
3787 ad.u.net.family = sk->sk_family;
3788 err = avc_has_perm(isec->sid, sid, isec->sclass, perm, &ad);
3789 if (err)
3790 goto out;
3791 }
3792
3793out:
3794 return err;
3795}
3796
3797static int selinux_socket_listen(struct socket *sock, int backlog)
3798{
3799 return socket_has_perm(current, sock, SOCKET__LISTEN);
3800}
3801
3802static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
3803{
3804 int err;
3805 struct inode_security_struct *isec;
3806 struct inode_security_struct *newisec;
3807
3808 err = socket_has_perm(current, sock, SOCKET__ACCEPT);
3809 if (err)
3810 return err;
3811
3812 newisec = SOCK_INODE(newsock)->i_security;
3813
3814 isec = SOCK_INODE(sock)->i_security;
3815 newisec->sclass = isec->sclass;
3816 newisec->sid = isec->sid;
3817 newisec->initialized = 1;
3818
3819 return 0;
3820}
3821
3822static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3823 int size)
3824{
3825 int rc;
3826
3827 rc = socket_has_perm(current, sock, SOCKET__WRITE);
3828 if (rc)
3829 return rc;
3830
3831 return selinux_netlbl_inode_permission(SOCK_INODE(sock), MAY_WRITE);
3832}
3833
3834static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
3835 int size, int flags)
3836{
3837 return socket_has_perm(current, sock, SOCKET__READ);
3838}
3839
3840static int selinux_socket_getsockname(struct socket *sock)
3841{
3842 return socket_has_perm(current, sock, SOCKET__GETATTR);
3843}
3844
3845static int selinux_socket_getpeername(struct socket *sock)
3846{
3847 return socket_has_perm(current, sock, SOCKET__GETATTR);
3848}
3849
3850static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
3851{
3852 int err;
3853
3854 err = socket_has_perm(current, sock, SOCKET__SETOPT);
3855 if (err)
3856 return err;
3857
3858 return selinux_netlbl_socket_setsockopt(sock, level, optname);
3859}
3860
3861static int selinux_socket_getsockopt(struct socket *sock, int level,
3862 int optname)
3863{
3864 return socket_has_perm(current, sock, SOCKET__GETOPT);
3865}
3866
3867static int selinux_socket_shutdown(struct socket *sock, int how)
3868{
3869 return socket_has_perm(current, sock, SOCKET__SHUTDOWN);
3870}
3871
3872static int selinux_socket_unix_stream_connect(struct socket *sock,
3873 struct socket *other,
3874 struct sock *newsk)
3875{
3876 struct sk_security_struct *ssec;
3877 struct inode_security_struct *isec;
3878 struct inode_security_struct *other_isec;
3879 struct avc_audit_data ad;
3880 int err;
3881
3882 err = secondary_ops->unix_stream_connect(sock, other, newsk);
3883 if (err)
3884 return err;
3885
3886 isec = SOCK_INODE(sock)->i_security;
3887 other_isec = SOCK_INODE(other)->i_security;
3888
3889 AVC_AUDIT_DATA_INIT(&ad, NET);
3890 ad.u.net.sk = other->sk;
3891
3892 err = avc_has_perm(isec->sid, other_isec->sid,
3893 isec->sclass,
3894 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
3895 if (err)
3896 return err;
3897
3898
3899 ssec = sock->sk->sk_security;
3900 ssec->peer_sid = other_isec->sid;
3901
3902
3903 ssec = newsk->sk_security;
3904 ssec->peer_sid = isec->sid;
3905 err = security_sid_mls_copy(other_isec->sid, ssec->peer_sid, &ssec->sid);
3906
3907 return err;
3908}
3909
3910static int selinux_socket_unix_may_send(struct socket *sock,
3911 struct socket *other)
3912{
3913 struct inode_security_struct *isec;
3914 struct inode_security_struct *other_isec;
3915 struct avc_audit_data ad;
3916 int err;
3917
3918 isec = SOCK_INODE(sock)->i_security;
3919 other_isec = SOCK_INODE(other)->i_security;
3920
3921 AVC_AUDIT_DATA_INIT(&ad, NET);
3922 ad.u.net.sk = other->sk;
3923
3924 err = avc_has_perm(isec->sid, other_isec->sid,
3925 isec->sclass, SOCKET__SENDTO, &ad);
3926 if (err)
3927 return err;
3928
3929 return 0;
3930}
3931
3932static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family,
3933 u32 peer_sid,
3934 struct avc_audit_data *ad)
3935{
3936 int err;
3937 u32 if_sid;
3938 u32 node_sid;
3939
3940 err = sel_netif_sid(ifindex, &if_sid);
3941 if (err)
3942 return err;
3943 err = avc_has_perm(peer_sid, if_sid,
3944 SECCLASS_NETIF, NETIF__INGRESS, ad);
3945 if (err)
3946 return err;
3947
3948 err = sel_netnode_sid(addrp, family, &node_sid);
3949 if (err)
3950 return err;
3951 return avc_has_perm(peer_sid, node_sid,
3952 SECCLASS_NODE, NODE__RECVFROM, ad);
3953}
3954
3955static int selinux_sock_rcv_skb_iptables_compat(struct sock *sk,
3956 struct sk_buff *skb,
3957 struct avc_audit_data *ad,
3958 u16 family,
3959 char *addrp)
3960{
3961 int err;
3962 struct sk_security_struct *sksec = sk->sk_security;
3963 u16 sk_class;
3964 u32 netif_perm, node_perm, recv_perm;
3965 u32 port_sid, node_sid, if_sid, sk_sid;
3966
3967 sk_sid = sksec->sid;
3968 sk_class = sksec->sclass;
3969
3970 switch (sk_class) {
3971 case SECCLASS_UDP_SOCKET:
3972 netif_perm = NETIF__UDP_RECV;
3973 node_perm = NODE__UDP_RECV;
3974 recv_perm = UDP_SOCKET__RECV_MSG;
3975 break;
3976 case SECCLASS_TCP_SOCKET:
3977 netif_perm = NETIF__TCP_RECV;
3978 node_perm = NODE__TCP_RECV;
3979 recv_perm = TCP_SOCKET__RECV_MSG;
3980 break;
3981 case SECCLASS_DCCP_SOCKET:
3982 netif_perm = NETIF__DCCP_RECV;
3983 node_perm = NODE__DCCP_RECV;
3984 recv_perm = DCCP_SOCKET__RECV_MSG;
3985 break;
3986 default:
3987 netif_perm = NETIF__RAWIP_RECV;
3988 node_perm = NODE__RAWIP_RECV;
3989 recv_perm = 0;
3990 break;
3991 }
3992
3993 err = sel_netif_sid(skb->iif, &if_sid);
3994 if (err)
3995 return err;
3996 err = avc_has_perm(sk_sid, if_sid, SECCLASS_NETIF, netif_perm, ad);
3997 if (err)
3998 return err;
3999
4000 err = sel_netnode_sid(addrp, family, &node_sid);
4001 if (err)
4002 return err;
4003 err = avc_has_perm(sk_sid, node_sid, SECCLASS_NODE, node_perm, ad);
4004 if (err)
4005 return err;
4006
4007 if (!recv_perm)
4008 return 0;
4009 err = sel_netport_sid(sk->sk_protocol,
4010 ntohs(ad->u.net.sport), &port_sid);
4011 if (unlikely(err)) {
4012 printk(KERN_WARNING
4013 "SELinux: failure in"
4014 " selinux_sock_rcv_skb_iptables_compat(),"
4015 " network port label not found\n");
4016 return err;
4017 }
4018 return avc_has_perm(sk_sid, port_sid, sk_class, recv_perm, ad);
4019}
4020
4021static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4022 struct avc_audit_data *ad,
4023 u16 family, char *addrp)
4024{
4025 int err;
4026 struct sk_security_struct *sksec = sk->sk_security;
4027 u32 peer_sid;
4028 u32 sk_sid = sksec->sid;
4029
4030 if (selinux_compat_net)
4031 err = selinux_sock_rcv_skb_iptables_compat(sk, skb, ad,
4032 family, addrp);
4033 else
4034 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4035 PACKET__RECV, ad);
4036 if (err)
4037 return err;
4038
4039 if (selinux_policycap_netpeer) {
4040 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4041 if (err)
4042 return err;
4043 err = avc_has_perm(sk_sid, peer_sid,
4044 SECCLASS_PEER, PEER__RECV, ad);
4045 } else {
4046 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, ad);
4047 if (err)
4048 return err;
4049 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, ad);
4050 }
4051
4052 return err;
4053}
4054
4055static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4056{
4057 int err;
4058 struct sk_security_struct *sksec = sk->sk_security;
4059 u16 family = sk->sk_family;
4060 u32 sk_sid = sksec->sid;
4061 struct avc_audit_data ad;
4062 char *addrp;
4063
4064 if (family != PF_INET && family != PF_INET6)
4065 return 0;
4066
4067
4068 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4069 family = PF_INET;
4070
4071 AVC_AUDIT_DATA_INIT(&ad, NET);
4072 ad.u.net.netif = skb->iif;
4073 ad.u.net.family = family;
4074 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4075 if (err)
4076 return err;
4077
4078
4079
4080
4081
4082 if (selinux_compat_net || !selinux_policycap_netpeer)
4083 return selinux_sock_rcv_skb_compat(sk, skb, &ad,
4084 family, addrp);
4085
4086 if (netlbl_enabled() || selinux_xfrm_enabled()) {
4087 u32 peer_sid;
4088
4089 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4090 if (err)
4091 return err;
4092 err = selinux_inet_sys_rcv_skb(skb->iif, addrp, family,
4093 peer_sid, &ad);
4094 if (err)
4095 return err;
4096 err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
4097 PEER__RECV, &ad);
4098 }
4099
4100 if (selinux_secmark_enabled()) {
4101 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4102 PACKET__RECV, &ad);
4103 if (err)
4104 return err;
4105 }
4106
4107 return err;
4108}
4109
4110static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
4111 int __user *optlen, unsigned len)
4112{
4113 int err = 0;
4114 char *scontext;
4115 u32 scontext_len;
4116 struct sk_security_struct *ssec;
4117 struct inode_security_struct *isec;
4118 u32 peer_sid = SECSID_NULL;
4119
4120 isec = SOCK_INODE(sock)->i_security;
4121
4122 if (isec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
4123 isec->sclass == SECCLASS_TCP_SOCKET) {
4124 ssec = sock->sk->sk_security;
4125 peer_sid = ssec->peer_sid;
4126 }
4127 if (peer_sid == SECSID_NULL) {
4128 err = -ENOPROTOOPT;
4129 goto out;
4130 }
4131
4132 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
4133
4134 if (err)
4135 goto out;
4136
4137 if (scontext_len > len) {
4138 err = -ERANGE;
4139 goto out_len;
4140 }
4141
4142 if (copy_to_user(optval, scontext, scontext_len))
4143 err = -EFAULT;
4144
4145out_len:
4146 if (put_user(scontext_len, optlen))
4147 err = -EFAULT;
4148
4149 kfree(scontext);
4150out:
4151 return err;
4152}
4153
4154static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
4155{
4156 u32 peer_secid = SECSID_NULL;
4157 u16 family;
4158
4159 if (sock)
4160 family = sock->sk->sk_family;
4161 else if (skb && skb->sk)
4162 family = skb->sk->sk_family;
4163 else
4164 goto out;
4165
4166 if (sock && family == PF_UNIX)
4167 selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
4168 else if (skb)
4169 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
4170
4171out:
4172 *secid = peer_secid;
4173 if (peer_secid == SECSID_NULL)
4174 return -EINVAL;
4175 return 0;
4176}
4177
4178static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
4179{
4180 return sk_alloc_security(sk, family, priority);
4181}
4182
4183static void selinux_sk_free_security(struct sock *sk)
4184{
4185 sk_free_security(sk);
4186}
4187
4188static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
4189{
4190 struct sk_security_struct *ssec = sk->sk_security;
4191 struct sk_security_struct *newssec = newsk->sk_security;
4192
4193 newssec->sid = ssec->sid;
4194 newssec->peer_sid = ssec->peer_sid;
4195 newssec->sclass = ssec->sclass;
4196
4197 selinux_netlbl_sk_security_reset(newssec, newsk->sk_family);
4198}
4199
4200static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
4201{
4202 if (!sk)
4203 *secid = SECINITSID_ANY_SOCKET;
4204 else {
4205 struct sk_security_struct *sksec = sk->sk_security;
4206
4207 *secid = sksec->sid;
4208 }
4209}
4210
4211static void selinux_sock_graft(struct sock *sk, struct socket *parent)
4212{
4213 struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
4214 struct sk_security_struct *sksec = sk->sk_security;
4215
4216 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
4217 sk->sk_family == PF_UNIX)
4218 isec->sid = sksec->sid;
4219 sksec->sclass = isec->sclass;
4220
4221 selinux_netlbl_sock_graft(sk, parent);
4222}
4223
4224static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4225 struct request_sock *req)
4226{
4227 struct sk_security_struct *sksec = sk->sk_security;
4228 int err;
4229 u32 newsid;
4230 u32 peersid;
4231
4232 err = selinux_skb_peerlbl_sid(skb, sk->sk_family, &peersid);
4233 if (err)
4234 return err;
4235 if (peersid == SECSID_NULL) {
4236 req->secid = sksec->sid;
4237 req->peer_secid = SECSID_NULL;
4238 return 0;
4239 }
4240
4241 err = security_sid_mls_copy(sksec->sid, peersid, &newsid);
4242 if (err)
4243 return err;
4244
4245 req->secid = newsid;
4246 req->peer_secid = peersid;
4247 return 0;
4248}
4249
4250static void selinux_inet_csk_clone(struct sock *newsk,
4251 const struct request_sock *req)
4252{
4253 struct sk_security_struct *newsksec = newsk->sk_security;
4254
4255 newsksec->sid = req->secid;
4256 newsksec->peer_sid = req->peer_secid;
4257
4258
4259
4260
4261
4262
4263
4264 selinux_netlbl_sk_security_reset(newsksec, req->rsk_ops->family);
4265}
4266
4267static void selinux_inet_conn_established(struct sock *sk,
4268 struct sk_buff *skb)
4269{
4270 struct sk_security_struct *sksec = sk->sk_security;
4271
4272 selinux_skb_peerlbl_sid(skb, sk->sk_family, &sksec->peer_sid);
4273}
4274
4275static void selinux_req_classify_flow(const struct request_sock *req,
4276 struct flowi *fl)
4277{
4278 fl->secid = req->secid;
4279}
4280
4281static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
4282{
4283 int err = 0;
4284 u32 perm;
4285 struct nlmsghdr *nlh;
4286 struct socket *sock = sk->sk_socket;
4287 struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;
4288
4289 if (skb->len < NLMSG_SPACE(0)) {
4290 err = -EINVAL;
4291 goto out;
4292 }
4293 nlh = nlmsg_hdr(skb);
4294
4295 err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
4296 if (err) {
4297 if (err == -EINVAL) {
4298 audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR,
4299 "SELinux: unrecognized netlink message"
4300 " type=%hu for sclass=%hu\n",
4301 nlh->nlmsg_type, isec->sclass);
4302 if (!selinux_enforcing)
4303 err = 0;
4304 }
4305
4306
4307 if (err == -ENOENT)
4308 err = 0;
4309 goto out;
4310 }
4311
4312 err = socket_has_perm(current, sock, perm);
4313out:
4314 return err;
4315}
4316
4317#ifdef CONFIG_NETFILTER
4318
4319static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
4320 u16 family)
4321{
4322 char *addrp;
4323 u32 peer_sid;
4324 struct avc_audit_data ad;
4325 u8 secmark_active;
4326 u8 peerlbl_active;
4327
4328 if (!selinux_policycap_netpeer)
4329 return NF_ACCEPT;
4330
4331 secmark_active = selinux_secmark_enabled();
4332 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4333 if (!secmark_active && !peerlbl_active)
4334 return NF_ACCEPT;
4335
4336 AVC_AUDIT_DATA_INIT(&ad, NET);
4337 ad.u.net.netif = ifindex;
4338 ad.u.net.family = family;
4339 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
4340 return NF_DROP;
4341
4342 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
4343 return NF_DROP;
4344
4345 if (peerlbl_active)
4346 if (selinux_inet_sys_rcv_skb(ifindex, addrp, family,
4347 peer_sid, &ad) != 0)
4348 return NF_DROP;
4349
4350 if (secmark_active)
4351 if (avc_has_perm(peer_sid, skb->secmark,
4352 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
4353 return NF_DROP;
4354
4355 return NF_ACCEPT;
4356}
4357
4358static unsigned int selinux_ipv4_forward(unsigned int hooknum,
4359 struct sk_buff *skb,
4360 const struct net_device *in,
4361 const struct net_device *out,
4362 int (*okfn)(struct sk_buff *))
4363{
4364 return selinux_ip_forward(skb, in->ifindex, PF_INET);
4365}
4366
4367#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4368static unsigned int selinux_ipv6_forward(unsigned int hooknum,
4369 struct sk_buff *skb,
4370 const struct net_device *in,
4371 const struct net_device *out,
4372 int (*okfn)(struct sk_buff *))
4373{
4374 return selinux_ip_forward(skb, in->ifindex, PF_INET6);
4375}
4376#endif
4377
4378static int selinux_ip_postroute_iptables_compat(struct sock *sk,
4379 int ifindex,
4380 struct avc_audit_data *ad,
4381 u16 family, char *addrp)
4382{
4383 int err;
4384 struct sk_security_struct *sksec = sk->sk_security;
4385 u16 sk_class;
4386 u32 netif_perm, node_perm, send_perm;
4387 u32 port_sid, node_sid, if_sid, sk_sid;
4388
4389 sk_sid = sksec->sid;
4390 sk_class = sksec->sclass;
4391
4392 switch (sk_class) {
4393 case SECCLASS_UDP_SOCKET:
4394 netif_perm = NETIF__UDP_SEND;
4395 node_perm = NODE__UDP_SEND;
4396 send_perm = UDP_SOCKET__SEND_MSG;
4397 break;
4398 case SECCLASS_TCP_SOCKET:
4399 netif_perm = NETIF__TCP_SEND;
4400 node_perm = NODE__TCP_SEND;
4401 send_perm = TCP_SOCKET__SEND_MSG;
4402 break;
4403 case SECCLASS_DCCP_SOCKET:
4404 netif_perm = NETIF__DCCP_SEND;
4405 node_perm = NODE__DCCP_SEND;
4406 send_perm = DCCP_SOCKET__SEND_MSG;
4407 break;
4408 default:
4409 netif_perm = NETIF__RAWIP_SEND;
4410 node_perm = NODE__RAWIP_SEND;
4411 send_perm = 0;
4412 break;
4413 }
4414
4415 err = sel_netif_sid(ifindex, &if_sid);
4416 if (err)
4417 return err;
4418 err = avc_has_perm(sk_sid, if_sid, SECCLASS_NETIF, netif_perm, ad);
4419 return err;
4420
4421 err = sel_netnode_sid(addrp, family, &node_sid);
4422 if (err)
4423 return err;
4424 err = avc_has_perm(sk_sid, node_sid, SECCLASS_NODE, node_perm, ad);
4425 if (err)
4426 return err;
4427
4428 if (send_perm != 0)
4429 return 0;
4430
4431 err = sel_netport_sid(sk->sk_protocol,
4432 ntohs(ad->u.net.dport), &port_sid);
4433 if (unlikely(err)) {
4434 printk(KERN_WARNING
4435 "SELinux: failure in"
4436 " selinux_ip_postroute_iptables_compat(),"
4437 " network port label not found\n");
4438 return err;
4439 }
4440 return avc_has_perm(sk_sid, port_sid, sk_class, send_perm, ad);
4441}
4442
4443static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4444 int ifindex,
4445 struct avc_audit_data *ad,
4446 u16 family,
4447 char *addrp,
4448 u8 proto)
4449{
4450 struct sock *sk = skb->sk;
4451 struct sk_security_struct *sksec;
4452
4453 if (sk == NULL)
4454 return NF_ACCEPT;
4455 sksec = sk->sk_security;
4456
4457 if (selinux_compat_net) {
4458 if (selinux_ip_postroute_iptables_compat(skb->sk, ifindex,
4459 ad, family, addrp))
4460 return NF_DROP;
4461 } else {
4462 if (avc_has_perm(sksec->sid, skb->secmark,
4463 SECCLASS_PACKET, PACKET__SEND, ad))
4464 return NF_DROP;
4465 }
4466
4467 if (selinux_policycap_netpeer)
4468 if (selinux_xfrm_postroute_last(sksec->sid, skb, ad, proto))
4469 return NF_DROP;
4470
4471 return NF_ACCEPT;
4472}
4473
4474static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4475 u16 family)
4476{
4477 u32 secmark_perm;
4478 u32 peer_sid;
4479 struct sock *sk;
4480 struct avc_audit_data ad;
4481 char *addrp;
4482 u8 proto;
4483 u8 secmark_active;
4484 u8 peerlbl_active;
4485
4486 AVC_AUDIT_DATA_INIT(&ad, NET);
4487 ad.u.net.netif = ifindex;
4488 ad.u.net.family = family;
4489 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
4490 return NF_DROP;
4491
4492
4493
4494
4495
4496 if (selinux_compat_net || !selinux_policycap_netpeer)
4497 return selinux_ip_postroute_compat(skb, ifindex, &ad,
4498 family, addrp, proto);
4499
4500
4501
4502
4503
4504
4505
4506 if (skb->dst != NULL && skb->dst->xfrm != NULL)
4507 return NF_ACCEPT;
4508
4509 secmark_active = selinux_secmark_enabled();
4510 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4511 if (!secmark_active && !peerlbl_active)
4512 return NF_ACCEPT;
4513
4514
4515
4516
4517
4518 sk = skb->sk;
4519 if (sk) {
4520 struct sk_security_struct *sksec = sk->sk_security;
4521 peer_sid = sksec->sid;
4522 secmark_perm = PACKET__SEND;
4523 } else {
4524 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
4525 return NF_DROP;
4526 secmark_perm = PACKET__FORWARD_OUT;
4527 }
4528
4529 if (secmark_active)
4530 if (avc_has_perm(peer_sid, skb->secmark,
4531 SECCLASS_PACKET, secmark_perm, &ad))
4532 return NF_DROP;
4533
4534 if (peerlbl_active) {
4535 u32 if_sid;
4536 u32 node_sid;
4537
4538 if (sel_netif_sid(ifindex, &if_sid))
4539 return NF_DROP;
4540 if (avc_has_perm(peer_sid, if_sid,
4541 SECCLASS_NETIF, NETIF__EGRESS, &ad))
4542 return NF_DROP;
4543
4544 if (sel_netnode_sid(addrp, family, &node_sid))
4545 return NF_DROP;
4546 if (avc_has_perm(peer_sid, node_sid,
4547 SECCLASS_NODE, NODE__SENDTO, &ad))
4548 return NF_DROP;
4549 }
4550
4551 return NF_ACCEPT;
4552}
4553
4554static unsigned int selinux_ipv4_postroute(unsigned int hooknum,
4555 struct sk_buff *skb,
4556 const struct net_device *in,
4557 const struct net_device *out,
4558 int (*okfn)(struct sk_buff *))
4559{
4560 return selinux_ip_postroute(skb, out->ifindex, PF_INET);
4561}
4562
4563#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4564static unsigned int selinux_ipv6_postroute(unsigned int hooknum,
4565 struct sk_buff *skb,
4566 const struct net_device *in,
4567 const struct net_device *out,
4568 int (*okfn)(struct sk_buff *))
4569{
4570 return selinux_ip_postroute(skb, out->ifindex, PF_INET6);
4571}
4572#endif
4573
4574#endif
4575
4576static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
4577{
4578 int err;
4579
4580 err = secondary_ops->netlink_send(sk, skb);
4581 if (err)
4582 return err;
4583
4584 if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS)
4585 err = selinux_nlmsg_perm(sk, skb);
4586
4587 return err;
4588}
4589
4590static int selinux_netlink_recv(struct sk_buff *skb, int capability)
4591{
4592 int err;
4593 struct avc_audit_data ad;
4594
4595 err = secondary_ops->netlink_recv(skb, capability);
4596 if (err)
4597 return err;
4598
4599 AVC_AUDIT_DATA_INIT(&ad, CAP);
4600 ad.u.cap = capability;
4601
4602 return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid,
4603 SECCLASS_CAPABILITY, CAP_TO_MASK(capability), &ad);
4604}
4605
4606static int ipc_alloc_security(struct task_struct *task,
4607 struct kern_ipc_perm *perm,
4608 u16 sclass)
4609{
4610 struct task_security_struct *tsec = task->security;
4611 struct ipc_security_struct *isec;
4612
4613 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
4614 if (!isec)
4615 return -ENOMEM;
4616
4617 isec->sclass = sclass;
4618 isec->sid = tsec->sid;
4619 perm->security = isec;
4620
4621 return 0;
4622}
4623
4624static void ipc_free_security(struct kern_ipc_perm *perm)
4625{
4626 struct ipc_security_struct *isec = perm->security;
4627 perm->security = NULL;
4628 kfree(isec);
4629}
4630
4631static int msg_msg_alloc_security(struct msg_msg *msg)
4632{
4633 struct msg_security_struct *msec;
4634
4635 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
4636 if (!msec)
4637 return -ENOMEM;
4638
4639 msec->sid = SECINITSID_UNLABELED;
4640 msg->security = msec;
4641
4642 return 0;
4643}
4644
4645static void msg_msg_free_security(struct msg_msg *msg)
4646{
4647 struct msg_security_struct *msec = msg->security;
4648
4649 msg->security = NULL;
4650 kfree(msec);
4651}
4652
4653static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
4654 u32 perms)
4655{
4656 struct task_security_struct *tsec;
4657 struct ipc_security_struct *isec;
4658 struct avc_audit_data ad;
4659
4660 tsec = current->security;
4661 isec = ipc_perms->security;
4662
4663 AVC_AUDIT_DATA_INIT(&ad, IPC);
4664 ad.u.ipc_id = ipc_perms->key;
4665
4666 return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad);
4667}
4668
4669static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
4670{
4671 return msg_msg_alloc_security(msg);
4672}
4673
4674static void selinux_msg_msg_free_security(struct msg_msg *msg)
4675{
4676 msg_msg_free_security(msg);
4677}
4678
4679
4680static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4681{
4682 struct task_security_struct *tsec;
4683 struct ipc_security_struct *isec;
4684 struct avc_audit_data ad;
4685 int rc;
4686
4687 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
4688 if (rc)
4689 return rc;
4690
4691 tsec = current->security;
4692 isec = msq->q_perm.security;
4693
4694 AVC_AUDIT_DATA_INIT(&ad, IPC);
4695 ad.u.ipc_id = msq->q_perm.key;
4696
4697 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
4698 MSGQ__CREATE, &ad);
4699 if (rc) {
4700 ipc_free_security(&msq->q_perm);
4701 return rc;
4702 }
4703 return 0;
4704}
4705
4706static void selinux_msg_queue_free_security(struct msg_queue *msq)
4707{
4708 ipc_free_security(&msq->q_perm);
4709}
4710
4711static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
4712{
4713 struct task_security_struct *tsec;
4714 struct ipc_security_struct *isec;
4715 struct avc_audit_data ad;
4716
4717 tsec = current->security;
4718 isec = msq->q_perm.security;
4719
4720 AVC_AUDIT_DATA_INIT(&ad, IPC);
4721 ad.u.ipc_id = msq->q_perm.key;
4722
4723 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
4724 MSGQ__ASSOCIATE, &ad);
4725}
4726
4727static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
4728{
4729 int err;
4730 int perms;
4731
4732 switch (cmd) {
4733 case IPC_INFO:
4734 case MSG_INFO:
4735
4736 return task_has_system(current, SYSTEM__IPC_INFO);
4737 case IPC_STAT:
4738 case MSG_STAT:
4739 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
4740 break;
4741 case IPC_SET:
4742 perms = MSGQ__SETATTR;
4743 break;
4744 case IPC_RMID:
4745 perms = MSGQ__DESTROY;
4746 break;
4747 default:
4748 return 0;
4749 }
4750
4751 err = ipc_has_perm(&msq->q_perm, perms);
4752 return err;
4753}
4754
4755static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
4756{
4757 struct task_security_struct *tsec;
4758 struct ipc_security_struct *isec;
4759 struct msg_security_struct *msec;
4760 struct avc_audit_data ad;
4761 int rc;
4762
4763 tsec = current->security;
4764 isec = msq->q_perm.security;
4765 msec = msg->security;
4766
4767
4768
4769
4770 if (msec->sid == SECINITSID_UNLABELED) {
4771
4772
4773
4774
4775 rc = security_transition_sid(tsec->sid,
4776 isec->sid,
4777 SECCLASS_MSG,
4778 &msec->sid);
4779 if (rc)
4780 return rc;
4781 }
4782
4783 AVC_AUDIT_DATA_INIT(&ad, IPC);
4784 ad.u.ipc_id = msq->q_perm.key;
4785
4786
4787 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
4788 MSGQ__WRITE, &ad);
4789 if (!rc)
4790
4791 rc = avc_has_perm(tsec->sid, msec->sid,
4792 SECCLASS_MSG, MSG__SEND, &ad);
4793 if (!rc)
4794
4795 rc = avc_has_perm(msec->sid, isec->sid,
4796 SECCLASS_MSGQ, MSGQ__ENQUEUE, &ad);
4797
4798 return rc;
4799}
4800
4801static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
4802 struct task_struct *target,
4803 long type, int mode)
4804{
4805 struct task_security_struct *tsec;
4806 struct ipc_security_struct *isec;
4807 struct msg_security_struct *msec;
4808 struct avc_audit_data ad;
4809 int rc;
4810
4811 tsec = target->security;
4812 isec = msq->q_perm.security;
4813 msec = msg->security;
4814
4815 AVC_AUDIT_DATA_INIT(&ad, IPC);
4816 ad.u.ipc_id = msq->q_perm.key;
4817
4818 rc = avc_has_perm(tsec->sid, isec->sid,
4819 SECCLASS_MSGQ, MSGQ__READ, &ad);
4820 if (!rc)
4821 rc = avc_has_perm(tsec->sid, msec->sid,
4822 SECCLASS_MSG, MSG__RECEIVE, &ad);
4823 return rc;
4824}
4825
4826
4827static int selinux_shm_alloc_security(struct shmid_kernel *shp)
4828{
4829 struct task_security_struct *tsec;
4830 struct ipc_security_struct *isec;
4831 struct avc_audit_data ad;
4832 int rc;
4833
4834 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
4835 if (rc)
4836 return rc;
4837
4838 tsec = current->security;
4839 isec = shp->shm_perm.security;
4840
4841 AVC_AUDIT_DATA_INIT(&ad, IPC);
4842 ad.u.ipc_id = shp->shm_perm.key;
4843
4844 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM,
4845 SHM__CREATE, &ad);
4846 if (rc) {
4847 ipc_free_security(&shp->shm_perm);
4848 return rc;
4849 }
4850 return 0;
4851}
4852
4853static void selinux_shm_free_security(struct shmid_kernel *shp)
4854{
4855 ipc_free_security(&shp->shm_perm);
4856}
4857
4858static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
4859{
4860 struct task_security_struct *tsec;
4861 struct ipc_security_struct *isec;
4862 struct avc_audit_data ad;
4863
4864 tsec = current->security;
4865 isec = shp->shm_perm.security;
4866
4867 AVC_AUDIT_DATA_INIT(&ad, IPC);
4868 ad.u.ipc_id = shp->shm_perm.key;
4869
4870 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM,
4871 SHM__ASSOCIATE, &ad);
4872}
4873
4874
4875static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
4876{
4877 int perms;
4878 int err;
4879
4880 switch (cmd) {
4881 case IPC_INFO:
4882 case SHM_INFO:
4883
4884 return task_has_system(current, SYSTEM__IPC_INFO);
4885 case IPC_STAT:
4886 case SHM_STAT:
4887 perms = SHM__GETATTR | SHM__ASSOCIATE;
4888 break;
4889 case IPC_SET:
4890 perms = SHM__SETATTR;
4891 break;
4892 case SHM_LOCK:
4893 case SHM_UNLOCK:
4894 perms = SHM__LOCK;
4895 break;
4896 case IPC_RMID:
4897 perms = SHM__DESTROY;
4898 break;
4899 default:
4900 return 0;
4901 }
4902
4903 err = ipc_has_perm(&shp->shm_perm, perms);
4904 return err;
4905}
4906
4907static int selinux_shm_shmat(struct shmid_kernel *shp,
4908 char __user *shmaddr, int shmflg)
4909{
4910 u32 perms;
4911 int rc;
4912
4913 rc = secondary_ops->shm_shmat(shp, shmaddr, shmflg);
4914 if (rc)
4915 return rc;
4916
4917 if (shmflg & SHM_RDONLY)
4918 perms = SHM__READ;
4919 else
4920 perms = SHM__READ | SHM__WRITE;
4921
4922 return ipc_has_perm(&shp->shm_perm, perms);
4923}
4924
4925
4926static int selinux_sem_alloc_security(struct sem_array *sma)
4927{
4928 struct task_security_struct *tsec;
4929 struct ipc_security_struct *isec;
4930 struct avc_audit_data ad;
4931 int rc;
4932
4933 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
4934 if (rc)
4935 return rc;
4936
4937 tsec = current->security;
4938 isec = sma->sem_perm.security;
4939
4940 AVC_AUDIT_DATA_INIT(&ad, IPC);
4941 ad.u.ipc_id = sma->sem_perm.key;
4942
4943 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM,
4944 SEM__CREATE, &ad);
4945 if (rc) {
4946 ipc_free_security(&sma->sem_perm);
4947 return rc;
4948 }
4949 return 0;
4950}
4951
4952static void selinux_sem_free_security(struct sem_array *sma)
4953{
4954 ipc_free_security(&sma->sem_perm);
4955}
4956
4957static int selinux_sem_associate(struct sem_array *sma, int semflg)
4958{
4959 struct task_security_struct *tsec;
4960 struct ipc_security_struct *isec;
4961 struct avc_audit_data ad;
4962
4963 tsec = current->security;
4964 isec = sma->sem_perm.security;
4965
4966 AVC_AUDIT_DATA_INIT(&ad, IPC);
4967 ad.u.ipc_id = sma->sem_perm.key;
4968
4969 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM,
4970 SEM__ASSOCIATE, &ad);
4971}
4972
4973
4974static int selinux_sem_semctl(struct sem_array *sma, int cmd)
4975{
4976 int err;
4977 u32 perms;
4978
4979 switch (cmd) {
4980 case IPC_INFO:
4981 case SEM_INFO:
4982
4983 return task_has_system(current, SYSTEM__IPC_INFO);
4984 case GETPID:
4985 case GETNCNT:
4986 case GETZCNT:
4987 perms = SEM__GETATTR;
4988 break;
4989 case GETVAL:
4990 case GETALL:
4991 perms = SEM__READ;
4992 break;
4993 case SETVAL:
4994 case SETALL:
4995 perms = SEM__WRITE;
4996 break;
4997 case IPC_RMID:
4998 perms = SEM__DESTROY;
4999 break;
5000 case IPC_SET:
5001 perms = SEM__SETATTR;
5002 break;
5003 case IPC_STAT:
5004 case SEM_STAT:
5005 perms = SEM__GETATTR | SEM__ASSOCIATE;
5006 break;
5007 default:
5008 return 0;
5009 }
5010
5011 err = ipc_has_perm(&sma->sem_perm, perms);
5012 return err;
5013}
5014
5015static int selinux_sem_semop(struct sem_array *sma,
5016 struct sembuf *sops, unsigned nsops, int alter)
5017{
5018 u32 perms;
5019
5020 if (alter)
5021 perms = SEM__READ | SEM__WRITE;
5022 else
5023 perms = SEM__READ;
5024
5025 return ipc_has_perm(&sma->sem_perm, perms);
5026}
5027
5028static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
5029{
5030 u32 av = 0;
5031
5032 av = 0;
5033 if (flag & S_IRUGO)
5034 av |= IPC__UNIX_READ;
5035 if (flag & S_IWUGO)
5036 av |= IPC__UNIX_WRITE;
5037
5038 if (av == 0)
5039 return 0;
5040
5041 return ipc_has_perm(ipcp, av);
5042}
5043
5044static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
5045{
5046 struct ipc_security_struct *isec = ipcp->security;
5047 *secid = isec->sid;
5048}
5049
5050
5051static int selinux_register_security(const char *name, struct security_operations *ops)
5052{
5053 if (secondary_ops != original_ops) {
5054 printk(KERN_ERR "%s: There is already a secondary security "
5055 "module registered.\n", __func__);
5056 return -EINVAL;
5057 }
5058
5059 secondary_ops = ops;
5060
5061 printk(KERN_INFO "%s: Registering secondary module %s\n",
5062 __func__,
5063 name);
5064
5065 return 0;
5066}
5067
5068static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
5069{
5070 if (inode)
5071 inode_doinit_with_dentry(inode, dentry);
5072}
5073
5074static int selinux_getprocattr(struct task_struct *p,
5075 char *name, char **value)
5076{
5077 struct task_security_struct *tsec;
5078 u32 sid;
5079 int error;
5080 unsigned len;
5081
5082 if (current != p) {
5083 error = task_has_perm(current, p, PROCESS__GETATTR);
5084 if (error)
5085 return error;
5086 }
5087
5088 tsec = p->security;
5089
5090 if (!strcmp(name, "current"))
5091 sid = tsec->sid;
5092 else if (!strcmp(name, "prev"))
5093 sid = tsec->osid;
5094 else if (!strcmp(name, "exec"))
5095 sid = tsec->exec_sid;
5096 else if (!strcmp(name, "fscreate"))
5097 sid = tsec->create_sid;
5098 else if (!strcmp(name, "keycreate"))
5099 sid = tsec->keycreate_sid;
5100 else if (!strcmp(name, "sockcreate"))
5101 sid = tsec->sockcreate_sid;
5102 else
5103 return -EINVAL;
5104
5105 if (!sid)
5106 return 0;
5107
5108 error = security_sid_to_context(sid, value, &len);
5109 if (error)
5110 return error;
5111 return len;
5112}
5113
5114static int selinux_setprocattr(struct task_struct *p,
5115 char *name, void *value, size_t size)
5116{
5117 struct task_security_struct *tsec;
5118 struct task_struct *tracer;
5119 u32 sid = 0;
5120 int error;
5121 char *str = value;
5122
5123 if (current != p) {
5124
5125
5126 return -EACCES;
5127 }
5128
5129
5130
5131
5132
5133
5134 if (!strcmp(name, "exec"))
5135 error = task_has_perm(current, p, PROCESS__SETEXEC);
5136 else if (!strcmp(name, "fscreate"))
5137 error = task_has_perm(current, p, PROCESS__SETFSCREATE);
5138 else if (!strcmp(name, "keycreate"))
5139 error = task_has_perm(current, p, PROCESS__SETKEYCREATE);
5140 else if (!strcmp(name, "sockcreate"))
5141 error = task_has_perm(current, p, PROCESS__SETSOCKCREATE);
5142 else if (!strcmp(name, "current"))
5143 error = task_has_perm(current, p, PROCESS__SETCURRENT);
5144 else
5145 error = -EINVAL;
5146 if (error)
5147 return error;
5148
5149
5150 if (size && str[1] && str[1] != '\n') {
5151 if (str[size-1] == '\n') {
5152 str[size-1] = 0;
5153 size--;
5154 }
5155 error = security_context_to_sid(value, size, &sid);
5156 if (error)
5157 return error;
5158 }
5159
5160
5161
5162
5163
5164
5165
5166 tsec = p->security;
5167 if (!strcmp(name, "exec"))
5168 tsec->exec_sid = sid;
5169 else if (!strcmp(name, "fscreate"))
5170 tsec->create_sid = sid;
5171 else if (!strcmp(name, "keycreate")) {
5172 error = may_create_key(sid, p);
5173 if (error)
5174 return error;
5175 tsec->keycreate_sid = sid;
5176 } else if (!strcmp(name, "sockcreate"))
5177 tsec->sockcreate_sid = sid;
5178 else if (!strcmp(name, "current")) {
5179 struct av_decision avd;
5180
5181 if (sid == 0)
5182 return -EINVAL;
5183
5184
5185 if (atomic_read(&p->mm->mm_users) != 1) {
5186 struct task_struct *g, *t;
5187 struct mm_struct *mm = p->mm;
5188 read_lock(&tasklist_lock);
5189 do_each_thread(g, t)
5190 if (t->mm == mm && t != p) {
5191 read_unlock(&tasklist_lock);
5192 return -EPERM;
5193 }
5194 while_each_thread(g, t);
5195 read_unlock(&tasklist_lock);
5196 }
5197
5198
5199 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
5200 PROCESS__DYNTRANSITION, NULL);
5201 if (error)
5202 return error;
5203
5204
5205
5206 task_lock(p);
5207 rcu_read_lock();
5208 tracer = task_tracer_task(p);
5209 if (tracer != NULL) {
5210 struct task_security_struct *ptsec = tracer->security;
5211 u32 ptsid = ptsec->sid;
5212 rcu_read_unlock();
5213 error = avc_has_perm_noaudit(ptsid, sid,
5214 SECCLASS_PROCESS,
5215 PROCESS__PTRACE, 0, &avd);
5216 if (!error)
5217 tsec->sid = sid;
5218 task_unlock(p);
5219 avc_audit(ptsid, sid, SECCLASS_PROCESS,
5220 PROCESS__PTRACE, &avd, error, NULL);
5221 if (error)
5222 return error;
5223 } else {
5224 rcu_read_unlock();
5225 tsec->sid = sid;
5226 task_unlock(p);
5227 }
5228 } else
5229 return -EINVAL;
5230
5231 return size;
5232}
5233
5234static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
5235{
5236 return security_sid_to_context(secid, secdata, seclen);
5237}
5238
5239static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
5240{
5241 return security_context_to_sid(secdata, seclen, secid);
5242}
5243
5244static void selinux_release_secctx(char *secdata, u32 seclen)
5245{
5246 kfree(secdata);
5247}
5248
5249#ifdef CONFIG_KEYS
5250
5251static int selinux_key_alloc(struct key *k, struct task_struct *tsk,
5252 unsigned long flags)
5253{
5254 struct task_security_struct *tsec = tsk->security;
5255 struct key_security_struct *ksec;
5256
5257 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
5258 if (!ksec)
5259 return -ENOMEM;
5260
5261 if (tsec->keycreate_sid)
5262 ksec->sid = tsec->keycreate_sid;
5263 else
5264 ksec->sid = tsec->sid;
5265 k->security = ksec;
5266
5267 return 0;
5268}
5269
5270static void selinux_key_free(struct key *k)
5271{
5272 struct key_security_struct *ksec = k->security;
5273
5274 k->security = NULL;
5275 kfree(ksec);
5276}
5277
5278static int selinux_key_permission(key_ref_t key_ref,
5279 struct task_struct *ctx,
5280 key_perm_t perm)
5281{
5282 struct key *key;
5283 struct task_security_struct *tsec;
5284 struct key_security_struct *ksec;
5285
5286 key = key_ref_to_ptr(key_ref);
5287
5288 tsec = ctx->security;
5289 ksec = key->security;
5290
5291
5292
5293
5294 if (perm == 0)
5295 return 0;
5296
5297 return avc_has_perm(tsec->sid, ksec->sid,
5298 SECCLASS_KEY, perm, NULL);
5299}
5300
5301static int selinux_key_getsecurity(struct key *key, char **_buffer)
5302{
5303 struct key_security_struct *ksec = key->security;
5304 char *context = NULL;
5305 unsigned len;
5306 int rc;
5307
5308 rc = security_sid_to_context(ksec->sid, &context, &len);
5309 if (!rc)
5310 rc = len;
5311 *_buffer = context;
5312 return rc;
5313}
5314
5315#endif
5316
5317static struct security_operations selinux_ops = {
5318 .name = "selinux",
5319
5320 .ptrace = selinux_ptrace,
5321 .capget = selinux_capget,
5322 .capset_check = selinux_capset_check,
5323 .capset_set = selinux_capset_set,
5324 .sysctl = selinux_sysctl,
5325 .capable = selinux_capable,
5326 .quotactl = selinux_quotactl,
5327 .quota_on = selinux_quota_on,
5328 .syslog = selinux_syslog,
5329 .vm_enough_memory = selinux_vm_enough_memory,
5330
5331 .netlink_send = selinux_netlink_send,
5332 .netlink_recv = selinux_netlink_recv,
5333
5334 .bprm_alloc_security = selinux_bprm_alloc_security,
5335 .bprm_free_security = selinux_bprm_free_security,
5336 .bprm_apply_creds = selinux_bprm_apply_creds,
5337 .bprm_post_apply_creds = selinux_bprm_post_apply_creds,
5338 .bprm_set_security = selinux_bprm_set_security,
5339 .bprm_check_security = selinux_bprm_check_security,
5340 .bprm_secureexec = selinux_bprm_secureexec,
5341
5342 .sb_alloc_security = selinux_sb_alloc_security,
5343 .sb_free_security = selinux_sb_free_security,
5344 .sb_copy_data = selinux_sb_copy_data,
5345 .sb_kern_mount = selinux_sb_kern_mount,
5346 .sb_statfs = selinux_sb_statfs,
5347 .sb_mount = selinux_mount,
5348 .sb_umount = selinux_umount,
5349 .sb_get_mnt_opts = selinux_get_mnt_opts,
5350 .sb_set_mnt_opts = selinux_set_mnt_opts,
5351 .sb_clone_mnt_opts = selinux_sb_clone_mnt_opts,
5352 .sb_parse_opts_str = selinux_parse_opts_str,
5353
5354
5355 .inode_alloc_security = selinux_inode_alloc_security,
5356 .inode_free_security = selinux_inode_free_security,
5357 .inode_init_security = selinux_inode_init_security,
5358 .inode_create = selinux_inode_create,
5359 .inode_link = selinux_inode_link,
5360 .inode_unlink = selinux_inode_unlink,
5361 .inode_symlink = selinux_inode_symlink,
5362 .inode_mkdir = selinux_inode_mkdir,
5363 .inode_rmdir = selinux_inode_rmdir,
5364 .inode_mknod = selinux_inode_mknod,
5365 .inode_rename = selinux_inode_rename,
5366 .inode_readlink = selinux_inode_readlink,
5367 .inode_follow_link = selinux_inode_follow_link,
5368 .inode_permission = selinux_inode_permission,
5369 .inode_setattr = selinux_inode_setattr,
5370 .inode_getattr = selinux_inode_getattr,
5371 .inode_setxattr = selinux_inode_setxattr,
5372 .inode_post_setxattr = selinux_inode_post_setxattr,
5373 .inode_getxattr = selinux_inode_getxattr,
5374 .inode_listxattr = selinux_inode_listxattr,
5375 .inode_removexattr = selinux_inode_removexattr,
5376 .inode_getsecurity = selinux_inode_getsecurity,
5377 .inode_setsecurity = selinux_inode_setsecurity,
5378 .inode_listsecurity = selinux_inode_listsecurity,
5379 .inode_need_killpriv = selinux_inode_need_killpriv,
5380 .inode_killpriv = selinux_inode_killpriv,
5381 .inode_getsecid = selinux_inode_getsecid,
5382
5383 .file_permission = selinux_file_permission,
5384 .file_alloc_security = selinux_file_alloc_security,
5385 .file_free_security = selinux_file_free_security,
5386 .file_ioctl = selinux_file_ioctl,
5387 .file_mmap = selinux_file_mmap,
5388 .file_mprotect = selinux_file_mprotect,
5389 .file_lock = selinux_file_lock,
5390 .file_fcntl = selinux_file_fcntl,
5391 .file_set_fowner = selinux_file_set_fowner,
5392 .file_send_sigiotask = selinux_file_send_sigiotask,
5393 .file_receive = selinux_file_receive,
5394
5395 .dentry_open = selinux_dentry_open,
5396
5397 .task_create = selinux_task_create,
5398 .task_alloc_security = selinux_task_alloc_security,
5399 .task_free_security = selinux_task_free_security,
5400 .task_setuid = selinux_task_setuid,
5401 .task_post_setuid = selinux_task_post_setuid,
5402 .task_setgid = selinux_task_setgid,
5403 .task_setpgid = selinux_task_setpgid,
5404 .task_getpgid = selinux_task_getpgid,
5405 .task_getsid = selinux_task_getsid,
5406 .task_getsecid = selinux_task_getsecid,
5407 .task_setgroups = selinux_task_setgroups,
5408 .task_setnice = selinux_task_setnice,
5409 .task_setioprio = selinux_task_setioprio,
5410 .task_getioprio = selinux_task_getioprio,
5411 .task_setrlimit = selinux_task_setrlimit,
5412 .task_setscheduler = selinux_task_setscheduler,
5413 .task_getscheduler = selinux_task_getscheduler,
5414 .task_movememory = selinux_task_movememory,
5415 .task_kill = selinux_task_kill,
5416 .task_wait = selinux_task_wait,
5417 .task_prctl = selinux_task_prctl,
5418 .task_reparent_to_init = selinux_task_reparent_to_init,
5419 .task_to_inode = selinux_task_to_inode,
5420
5421 .ipc_permission = selinux_ipc_permission,
5422 .ipc_getsecid = selinux_ipc_getsecid,
5423
5424 .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
5425 .msg_msg_free_security = selinux_msg_msg_free_security,
5426
5427 .msg_queue_alloc_security = selinux_msg_queue_alloc_security,
5428 .msg_queue_free_security = selinux_msg_queue_free_security,
5429 .msg_queue_associate = selinux_msg_queue_associate,
5430 .msg_queue_msgctl = selinux_msg_queue_msgctl,
5431 .msg_queue_msgsnd = selinux_msg_queue_msgsnd,
5432 .msg_queue_msgrcv = selinux_msg_queue_msgrcv,
5433
5434 .shm_alloc_security = selinux_shm_alloc_security,
5435 .shm_free_security = selinux_shm_free_security,
5436 .shm_associate = selinux_shm_associate,
5437 .shm_shmctl = selinux_shm_shmctl,
5438 .shm_shmat = selinux_shm_shmat,
5439
5440 .sem_alloc_security = selinux_sem_alloc_security,
5441 .sem_free_security = selinux_sem_free_security,
5442 .sem_associate = selinux_sem_associate,
5443 .sem_semctl = selinux_sem_semctl,
5444 .sem_semop = selinux_sem_semop,
5445
5446 .register_security = selinux_register_security,
5447
5448 .d_instantiate = selinux_d_instantiate,
5449
5450 .getprocattr = selinux_getprocattr,
5451 .setprocattr = selinux_setprocattr,
5452
5453 .secid_to_secctx = selinux_secid_to_secctx,
5454 .secctx_to_secid = selinux_secctx_to_secid,
5455 .release_secctx = selinux_release_secctx,
5456
5457 .unix_stream_connect = selinux_socket_unix_stream_connect,
5458 .unix_may_send = selinux_socket_unix_may_send,
5459
5460 .socket_create = selinux_socket_create,
5461 .socket_post_create = selinux_socket_post_create,
5462 .socket_bind = selinux_socket_bind,
5463 .socket_connect = selinux_socket_connect,
5464 .socket_listen = selinux_socket_listen,
5465 .socket_accept = selinux_socket_accept,
5466 .socket_sendmsg = selinux_socket_sendmsg,
5467 .socket_recvmsg = selinux_socket_recvmsg,
5468 .socket_getsockname = selinux_socket_getsockname,
5469 .socket_getpeername = selinux_socket_getpeername,
5470 .socket_getsockopt = selinux_socket_getsockopt,
5471 .socket_setsockopt = selinux_socket_setsockopt,
5472 .socket_shutdown = selinux_socket_shutdown,
5473 .socket_sock_rcv_skb = selinux_socket_sock_rcv_skb,
5474 .socket_getpeersec_stream = selinux_socket_getpeersec_stream,
5475 .socket_getpeersec_dgram = selinux_socket_getpeersec_dgram,
5476 .sk_alloc_security = selinux_sk_alloc_security,
5477 .sk_free_security = selinux_sk_free_security,
5478 .sk_clone_security = selinux_sk_clone_security,
5479 .sk_getsecid = selinux_sk_getsecid,
5480 .sock_graft = selinux_sock_graft,
5481 .inet_conn_request = selinux_inet_conn_request,
5482 .inet_csk_clone = selinux_inet_csk_clone,
5483 .inet_conn_established = selinux_inet_conn_established,
5484 .req_classify_flow = selinux_req_classify_flow,
5485
5486#ifdef CONFIG_SECURITY_NETWORK_XFRM
5487 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc,
5488 .xfrm_policy_clone_security = selinux_xfrm_policy_clone,
5489 .xfrm_policy_free_security = selinux_xfrm_policy_free,
5490 .xfrm_policy_delete_security = selinux_xfrm_policy_delete,
5491 .xfrm_state_alloc_security = selinux_xfrm_state_alloc,
5492 .xfrm_state_free_security = selinux_xfrm_state_free,
5493 .xfrm_state_delete_security = selinux_xfrm_state_delete,
5494 .xfrm_policy_lookup = selinux_xfrm_policy_lookup,
5495 .xfrm_state_pol_flow_match = selinux_xfrm_state_pol_flow_match,
5496 .xfrm_decode_session = selinux_xfrm_decode_session,
5497#endif
5498
5499#ifdef CONFIG_KEYS
5500 .key_alloc = selinux_key_alloc,
5501 .key_free = selinux_key_free,
5502 .key_permission = selinux_key_permission,
5503 .key_getsecurity = selinux_key_getsecurity,
5504#endif
5505
5506#ifdef CONFIG_AUDIT
5507 .audit_rule_init = selinux_audit_rule_init,
5508 .audit_rule_known = selinux_audit_rule_known,
5509 .audit_rule_match = selinux_audit_rule_match,
5510 .audit_rule_free = selinux_audit_rule_free,
5511#endif
5512};
5513
5514static __init int selinux_init(void)
5515{
5516 struct task_security_struct *tsec;
5517
5518 if (!security_module_enable(&selinux_ops)) {
5519 selinux_enabled = 0;
5520 return 0;
5521 }
5522
5523 if (!selinux_enabled) {
5524 printk(KERN_INFO "SELinux: Disabled at boot.\n");
5525 return 0;
5526 }
5527
5528 printk(KERN_INFO "SELinux: Initializing.\n");
5529
5530
5531 if (task_alloc_security(current))
5532 panic("SELinux: Failed to initialize initial task.\n");
5533 tsec = current->security;
5534 tsec->osid = tsec->sid = SECINITSID_KERNEL;
5535
5536 sel_inode_cache = kmem_cache_create("selinux_inode_security",
5537 sizeof(struct inode_security_struct),
5538 0, SLAB_PANIC, NULL);
5539 avc_init();
5540
5541 original_ops = secondary_ops = security_ops;
5542 if (!secondary_ops)
5543 panic("SELinux: No initial security operations\n");
5544 if (register_security(&selinux_ops))
5545 panic("SELinux: Unable to register with kernel.\n");
5546
5547 if (selinux_enforcing)
5548 printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
5549 else
5550 printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
5551
5552 return 0;
5553}
5554
5555void selinux_complete_init(void)
5556{
5557 printk(KERN_DEBUG "SELinux: Completing initialization.\n");
5558
5559
5560 printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
5561 spin_lock(&sb_lock);
5562 spin_lock(&sb_security_lock);
5563next_sb:
5564 if (!list_empty(&superblock_security_head)) {
5565 struct superblock_security_struct *sbsec =
5566 list_entry(superblock_security_head.next,
5567 struct superblock_security_struct,
5568 list);
5569 struct super_block *sb = sbsec->sb;
5570 sb->s_count++;
5571 spin_unlock(&sb_security_lock);
5572 spin_unlock(&sb_lock);
5573 down_read(&sb->s_umount);
5574 if (sb->s_root)
5575 superblock_doinit(sb, NULL);
5576 drop_super(sb);
5577 spin_lock(&sb_lock);
5578 spin_lock(&sb_security_lock);
5579 list_del_init(&sbsec->list);
5580 goto next_sb;
5581 }
5582 spin_unlock(&sb_security_lock);
5583 spin_unlock(&sb_lock);
5584}
5585
5586
5587
5588security_initcall(selinux_init);
5589
5590#if defined(CONFIG_NETFILTER)
5591
5592static struct nf_hook_ops selinux_ipv4_ops[] = {
5593 {
5594 .hook = selinux_ipv4_postroute,
5595 .owner = THIS_MODULE,
5596 .pf = PF_INET,
5597 .hooknum = NF_INET_POST_ROUTING,
5598 .priority = NF_IP_PRI_SELINUX_LAST,
5599 },
5600 {
5601 .hook = selinux_ipv4_forward,
5602 .owner = THIS_MODULE,
5603 .pf = PF_INET,
5604 .hooknum = NF_INET_FORWARD,
5605 .priority = NF_IP_PRI_SELINUX_FIRST,
5606 }
5607};
5608
5609#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5610
5611static struct nf_hook_ops selinux_ipv6_ops[] = {
5612 {
5613 .hook = selinux_ipv6_postroute,
5614 .owner = THIS_MODULE,
5615 .pf = PF_INET6,
5616 .hooknum = NF_INET_POST_ROUTING,
5617 .priority = NF_IP6_PRI_SELINUX_LAST,
5618 },
5619 {
5620 .hook = selinux_ipv6_forward,
5621 .owner = THIS_MODULE,
5622 .pf = PF_INET6,
5623 .hooknum = NF_INET_FORWARD,
5624 .priority = NF_IP6_PRI_SELINUX_FIRST,
5625 }
5626};
5627
5628#endif
5629
5630static int __init selinux_nf_ip_init(void)
5631{
5632 int err = 0;
5633 u32 iter;
5634
5635 if (!selinux_enabled)
5636 goto out;
5637
5638 printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
5639
5640 for (iter = 0; iter < ARRAY_SIZE(selinux_ipv4_ops); iter++) {
5641 err = nf_register_hook(&selinux_ipv4_ops[iter]);
5642 if (err)
5643 panic("SELinux: nf_register_hook for IPv4: error %d\n",
5644 err);
5645 }
5646
5647#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5648 for (iter = 0; iter < ARRAY_SIZE(selinux_ipv6_ops); iter++) {
5649 err = nf_register_hook(&selinux_ipv6_ops[iter]);
5650 if (err)
5651 panic("SELinux: nf_register_hook for IPv6: error %d\n",
5652 err);
5653 }
5654#endif
5655
5656out:
5657 return err;
5658}
5659
5660__initcall(selinux_nf_ip_init);
5661
5662#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5663static void selinux_nf_ip_exit(void)
5664{
5665 u32 iter;
5666
5667 printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
5668
5669 for (iter = 0; iter < ARRAY_SIZE(selinux_ipv4_ops); iter++)
5670 nf_unregister_hook(&selinux_ipv4_ops[iter]);
5671#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5672 for (iter = 0; iter < ARRAY_SIZE(selinux_ipv6_ops); iter++)
5673 nf_unregister_hook(&selinux_ipv6_ops[iter]);
5674#endif
5675}
5676#endif
5677
5678#else
5679
5680#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5681#define selinux_nf_ip_exit()
5682#endif
5683
5684#endif
5685
5686#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5687static int selinux_disabled;
5688
5689int selinux_disable(void)
5690{
5691 extern void exit_sel_fs(void);
5692
5693 if (ss_initialized) {
5694
5695 return -EINVAL;
5696 }
5697
5698 if (selinux_disabled) {
5699
5700 return -EINVAL;
5701 }
5702
5703 printk(KERN_INFO "SELinux: Disabled at runtime.\n");
5704
5705 selinux_disabled = 1;
5706 selinux_enabled = 0;
5707
5708
5709 security_ops = secondary_ops;
5710
5711
5712 selinux_nf_ip_exit();
5713
5714
5715 exit_sel_fs();
5716
5717 return 0;
5718}
5719#endif
5720
