1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26#include <linux/init.h>
27#include <linux/kernel.h>
28#include <linux/tracehook.h>
29#include <linux/errno.h>
30#include <linux/sched.h>
31#include <linux/security.h>
32#include <linux/xattr.h>
33#include <linux/capability.h>
34#include <linux/unistd.h>
35#include <linux/mm.h>
36#include <linux/mman.h>
37#include <linux/slab.h>
38#include <linux/pagemap.h>
39#include <linux/swap.h>
40#include <linux/spinlock.h>
41#include <linux/syscalls.h>
42#include <linux/file.h>
43#include <linux/fdtable.h>
44#include <linux/namei.h>
45#include <linux/mount.h>
46#include <linux/proc_fs.h>
47#include <linux/netfilter_ipv4.h>
48#include <linux/netfilter_ipv6.h>
49#include <linux/tty.h>
50#include <net/icmp.h>
51#include <net/ip.h>
52#include <net/tcp.h>
53#include <net/net_namespace.h>
54#include <net/netlabel.h>
55#include <linux/uaccess.h>
56#include <asm/ioctls.h>
57#include <asm/atomic.h>
58#include <linux/bitops.h>
59#include <linux/interrupt.h>
60#include <linux/netdevice.h>
61#include <linux/netlink.h>
62#include <linux/tcp.h>
63#include <linux/udp.h>
64#include <linux/dccp.h>
65#include <linux/quota.h>
66#include <linux/un.h>
67#include <net/af_unix.h>
68#include <linux/parser.h>
69#include <linux/nfs_mount.h>
70#include <net/ipv6.h>
71#include <linux/hugetlb.h>
72#include <linux/personality.h>
73#include <linux/sysctl.h>
74#include <linux/audit.h>
75#include <linux/string.h>
76#include <linux/selinux.h>
77#include <linux/mutex.h>
78
79#include "avc.h"
80#include "objsec.h"
81#include "netif.h"
82#include "netnode.h"
83#include "netport.h"
84#include "xfrm.h"
85#include "netlabel.h"
86#include "audit.h"
87
88#define XATTR_SELINUX_SUFFIX "selinux"
89#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
90
91#define NUM_SEL_MNT_OPTS 4
92
93extern unsigned int policydb_loaded_version;
94extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
95extern int selinux_compat_net;
96extern struct security_operations *security_ops;
97
98
99atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
100
101#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
102int selinux_enforcing;
103
104static int __init enforcing_setup(char *str)
105{
106 unsigned long enforcing;
107 if (!strict_strtoul(str, 0, &enforcing))
108 selinux_enforcing = enforcing ? 1 : 0;
109 return 1;
110}
111__setup("enforcing=", enforcing_setup);
112#endif
113
114#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
115int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
116
117static int __init selinux_enabled_setup(char *str)
118{
119 unsigned long enabled;
120 if (!strict_strtoul(str, 0, &enabled))
121 selinux_enabled = enabled ? 1 : 0;
122 return 1;
123}
124__setup("selinux=", selinux_enabled_setup);
125#else
126int selinux_enabled = 1;
127#endif
128
129
130
131
132
133
134static struct security_operations *secondary_ops;
135
136
137
138static LIST_HEAD(superblock_security_head);
139static DEFINE_SPINLOCK(sb_security_lock);
140
141static struct kmem_cache *sel_inode_cache;
142
143
144
145
146
147
148
149
150
151
152
153static int selinux_secmark_enabled(void)
154{
155 return (atomic_read(&selinux_secmark_refcount) > 0);
156}
157
158
159
160static int task_alloc_security(struct task_struct *task)
161{
162 struct task_security_struct *tsec;
163
164 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
165 if (!tsec)
166 return -ENOMEM;
167
168 tsec->osid = tsec->sid = SECINITSID_UNLABELED;
169 task->security = tsec;
170
171 return 0;
172}
173
174static void task_free_security(struct task_struct *task)
175{
176 struct task_security_struct *tsec = task->security;
177 task->security = NULL;
178 kfree(tsec);
179}
180
181static int inode_alloc_security(struct inode *inode)
182{
183 struct task_security_struct *tsec = current->security;
184 struct inode_security_struct *isec;
185
186 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
187 if (!isec)
188 return -ENOMEM;
189
190 mutex_init(&isec->lock);
191 INIT_LIST_HEAD(&isec->list);
192 isec->inode = inode;
193 isec->sid = SECINITSID_UNLABELED;
194 isec->sclass = SECCLASS_FILE;
195 isec->task_sid = tsec->sid;
196 inode->i_security = isec;
197
198 return 0;
199}
200
201static void inode_free_security(struct inode *inode)
202{
203 struct inode_security_struct *isec = inode->i_security;
204 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
205
206 spin_lock(&sbsec->isec_lock);
207 if (!list_empty(&isec->list))
208 list_del_init(&isec->list);
209 spin_unlock(&sbsec->isec_lock);
210
211 inode->i_security = NULL;
212 kmem_cache_free(sel_inode_cache, isec);
213}
214
215static int file_alloc_security(struct file *file)
216{
217 struct task_security_struct *tsec = current->security;
218 struct file_security_struct *fsec;
219
220 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
221 if (!fsec)
222 return -ENOMEM;
223
224 fsec->sid = tsec->sid;
225 fsec->fown_sid = tsec->sid;
226 file->f_security = fsec;
227
228 return 0;
229}
230
231static void file_free_security(struct file *file)
232{
233 struct file_security_struct *fsec = file->f_security;
234 file->f_security = NULL;
235 kfree(fsec);
236}
237
238static int superblock_alloc_security(struct super_block *sb)
239{
240 struct superblock_security_struct *sbsec;
241
242 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
243 if (!sbsec)
244 return -ENOMEM;
245
246 mutex_init(&sbsec->lock);
247 INIT_LIST_HEAD(&sbsec->list);
248 INIT_LIST_HEAD(&sbsec->isec_head);
249 spin_lock_init(&sbsec->isec_lock);
250 sbsec->sb = sb;
251 sbsec->sid = SECINITSID_UNLABELED;
252 sbsec->def_sid = SECINITSID_FILE;
253 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
254 sb->s_security = sbsec;
255
256 return 0;
257}
258
259static void superblock_free_security(struct super_block *sb)
260{
261 struct superblock_security_struct *sbsec = sb->s_security;
262
263 spin_lock(&sb_security_lock);
264 if (!list_empty(&sbsec->list))
265 list_del_init(&sbsec->list);
266 spin_unlock(&sb_security_lock);
267
268 sb->s_security = NULL;
269 kfree(sbsec);
270}
271
272static int sk_alloc_security(struct sock *sk, int family, gfp_t priority)
273{
274 struct sk_security_struct *ssec;
275
276 ssec = kzalloc(sizeof(*ssec), priority);
277 if (!ssec)
278 return -ENOMEM;
279
280 ssec->peer_sid = SECINITSID_UNLABELED;
281 ssec->sid = SECINITSID_UNLABELED;
282 sk->sk_security = ssec;
283
284 selinux_netlbl_sk_security_reset(ssec, family);
285
286 return 0;
287}
288
289static void sk_free_security(struct sock *sk)
290{
291 struct sk_security_struct *ssec = sk->sk_security;
292
293 sk->sk_security = NULL;
294 kfree(ssec);
295}
296
297
298
299extern int ss_initialized;
300
301
302
303static char *labeling_behaviors[6] = {
304 "uses xattr",
305 "uses transition SIDs",
306 "uses task SIDs",
307 "uses genfs_contexts",
308 "not configured for labeling",
309 "uses mountpoint labeling",
310};
311
312static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
313
314static inline int inode_doinit(struct inode *inode)
315{
316 return inode_doinit_with_dentry(inode, NULL);
317}
318
319enum {
320 Opt_error = -1,
321 Opt_context = 1,
322 Opt_fscontext = 2,
323 Opt_defcontext = 3,
324 Opt_rootcontext = 4,
325};
326
327static match_table_t tokens = {
328 {Opt_context, CONTEXT_STR "%s"},
329 {Opt_fscontext, FSCONTEXT_STR "%s"},
330 {Opt_defcontext, DEFCONTEXT_STR "%s"},
331 {Opt_rootcontext, ROOTCONTEXT_STR "%s"},
332 {Opt_error, NULL},
333};
334
335#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
336
337static int may_context_mount_sb_relabel(u32 sid,
338 struct superblock_security_struct *sbsec,
339 struct task_security_struct *tsec)
340{
341 int rc;
342
343 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
344 FILESYSTEM__RELABELFROM, NULL);
345 if (rc)
346 return rc;
347
348 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
349 FILESYSTEM__RELABELTO, NULL);
350 return rc;
351}
352
353static int may_context_mount_inode_relabel(u32 sid,
354 struct superblock_security_struct *sbsec,
355 struct task_security_struct *tsec)
356{
357 int rc;
358 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
359 FILESYSTEM__RELABELFROM, NULL);
360 if (rc)
361 return rc;
362
363 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
364 FILESYSTEM__ASSOCIATE, NULL);
365 return rc;
366}
367
368static int sb_finish_set_opts(struct super_block *sb)
369{
370 struct superblock_security_struct *sbsec = sb->s_security;
371 struct dentry *root = sb->s_root;
372 struct inode *root_inode = root->d_inode;
373 int rc = 0;
374
375 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
376
377
378
379
380
381 if (!root_inode->i_op->getxattr) {
382 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
383 "xattr support\n", sb->s_id, sb->s_type->name);
384 rc = -EOPNOTSUPP;
385 goto out;
386 }
387 rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
388 if (rc < 0 && rc != -ENODATA) {
389 if (rc == -EOPNOTSUPP)
390 printk(KERN_WARNING "SELinux: (dev %s, type "
391 "%s) has no security xattr handler\n",
392 sb->s_id, sb->s_type->name);
393 else
394 printk(KERN_WARNING "SELinux: (dev %s, type "
395 "%s) getxattr errno %d\n", sb->s_id,
396 sb->s_type->name, -rc);
397 goto out;
398 }
399 }
400
401 sbsec->initialized = 1;
402
403 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
404 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
405 sb->s_id, sb->s_type->name);
406 else
407 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
408 sb->s_id, sb->s_type->name,
409 labeling_behaviors[sbsec->behavior-1]);
410
411
412 rc = inode_doinit_with_dentry(root_inode, root);
413
414
415
416
417
418 spin_lock(&sbsec->isec_lock);
419next_inode:
420 if (!list_empty(&sbsec->isec_head)) {
421 struct inode_security_struct *isec =
422 list_entry(sbsec->isec_head.next,
423 struct inode_security_struct, list);
424 struct inode *inode = isec->inode;
425 spin_unlock(&sbsec->isec_lock);
426 inode = igrab(inode);
427 if (inode) {
428 if (!IS_PRIVATE(inode))
429 inode_doinit(inode);
430 iput(inode);
431 }
432 spin_lock(&sbsec->isec_lock);
433 list_del_init(&isec->list);
434 goto next_inode;
435 }
436 spin_unlock(&sbsec->isec_lock);
437out:
438 return rc;
439}
440
441
442
443
444
445
446static int selinux_get_mnt_opts(const struct super_block *sb,
447 struct security_mnt_opts *opts)
448{
449 int rc = 0, i;
450 struct superblock_security_struct *sbsec = sb->s_security;
451 char *context = NULL;
452 u32 len;
453 char tmp;
454
455 security_init_mnt_opts(opts);
456
457 if (!sbsec->initialized)
458 return -EINVAL;
459
460 if (!ss_initialized)
461 return -EINVAL;
462
463
464
465
466
467 tmp = sbsec->flags;
468
469 for (i = 0; i < 8; i++) {
470 if (tmp & 0x01)
471 opts->num_mnt_opts++;
472 tmp >>= 1;
473 }
474
475 opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
476 if (!opts->mnt_opts) {
477 rc = -ENOMEM;
478 goto out_free;
479 }
480
481 opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);
482 if (!opts->mnt_opts_flags) {
483 rc = -ENOMEM;
484 goto out_free;
485 }
486
487 i = 0;
488 if (sbsec->flags & FSCONTEXT_MNT) {
489 rc = security_sid_to_context(sbsec->sid, &context, &len);
490 if (rc)
491 goto out_free;
492 opts->mnt_opts[i] = context;
493 opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
494 }
495 if (sbsec->flags & CONTEXT_MNT) {
496 rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
497 if (rc)
498 goto out_free;
499 opts->mnt_opts[i] = context;
500 opts->mnt_opts_flags[i++] = CONTEXT_MNT;
501 }
502 if (sbsec->flags & DEFCONTEXT_MNT) {
503 rc = security_sid_to_context(sbsec->def_sid, &context, &len);
504 if (rc)
505 goto out_free;
506 opts->mnt_opts[i] = context;
507 opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;
508 }
509 if (sbsec->flags & ROOTCONTEXT_MNT) {
510 struct inode *root = sbsec->sb->s_root->d_inode;
511 struct inode_security_struct *isec = root->i_security;
512
513 rc = security_sid_to_context(isec->sid, &context, &len);
514 if (rc)
515 goto out_free;
516 opts->mnt_opts[i] = context;
517 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
518 }
519
520 BUG_ON(i != opts->num_mnt_opts);
521
522 return 0;
523
524out_free:
525 security_free_mnt_opts(opts);
526 return rc;
527}
528
529static int bad_option(struct superblock_security_struct *sbsec, char flag,
530 u32 old_sid, u32 new_sid)
531{
532
533 if (sbsec->initialized)
534 if (!(sbsec->flags & flag) ||
535 (old_sid != new_sid))
536 return 1;
537
538
539
540
541 if (!sbsec->initialized)
542 if (sbsec->flags & flag)
543 return 1;
544 return 0;
545}
546
547
548
549
550
551static int selinux_set_mnt_opts(struct super_block *sb,
552 struct security_mnt_opts *opts)
553{
554 int rc = 0, i;
555 struct task_security_struct *tsec = current->security;
556 struct superblock_security_struct *sbsec = sb->s_security;
557 const char *name = sb->s_type->name;
558 struct inode *inode = sbsec->sb->s_root->d_inode;
559 struct inode_security_struct *root_isec = inode->i_security;
560 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
561 u32 defcontext_sid = 0;
562 char **mount_options = opts->mnt_opts;
563 int *flags = opts->mnt_opts_flags;
564 int num_opts = opts->num_mnt_opts;
565
566 mutex_lock(&sbsec->lock);
567
568 if (!ss_initialized) {
569 if (!num_opts) {
570
571
572
573 spin_lock(&sb_security_lock);
574 if (list_empty(&sbsec->list))
575 list_add(&sbsec->list, &superblock_security_head);
576 spin_unlock(&sb_security_lock);
577 goto out;
578 }
579 rc = -EINVAL;
580 printk(KERN_WARNING "SELinux: Unable to set superblock options "
581 "before the security server is initialized\n");
582 goto out;
583 }
584
585
586
587
588
589
590
591
592
593
594
595
596 if (sbsec->initialized && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
597 && (num_opts == 0))
598 goto out;
599
600
601
602
603
604
605 for (i = 0; i < num_opts; i++) {
606 u32 sid;
607 rc = security_context_to_sid(mount_options[i],
608 strlen(mount_options[i]), &sid);
609 if (rc) {
610 printk(KERN_WARNING "SELinux: security_context_to_sid"
611 "(%s) failed for (dev %s, type %s) errno=%d\n",
612 mount_options[i], sb->s_id, name, rc);
613 goto out;
614 }
615 switch (flags[i]) {
616 case FSCONTEXT_MNT:
617 fscontext_sid = sid;
618
619 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
620 fscontext_sid))
621 goto out_double_mount;
622
623 sbsec->flags |= FSCONTEXT_MNT;
624 break;
625 case CONTEXT_MNT:
626 context_sid = sid;
627
628 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
629 context_sid))
630 goto out_double_mount;
631
632 sbsec->flags |= CONTEXT_MNT;
633 break;
634 case ROOTCONTEXT_MNT:
635 rootcontext_sid = sid;
636
637 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
638 rootcontext_sid))
639 goto out_double_mount;
640
641 sbsec->flags |= ROOTCONTEXT_MNT;
642
643 break;
644 case DEFCONTEXT_MNT:
645 defcontext_sid = sid;
646
647 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
648 defcontext_sid))
649 goto out_double_mount;
650
651 sbsec->flags |= DEFCONTEXT_MNT;
652
653 break;
654 default:
655 rc = -EINVAL;
656 goto out;
657 }
658 }
659
660 if (sbsec->initialized) {
661
662 if (sbsec->flags && !num_opts)
663 goto out_double_mount;
664 rc = 0;
665 goto out;
666 }
667
668 if (strcmp(sb->s_type->name, "proc") == 0)
669 sbsec->proc = 1;
670
671
672 rc = security_fs_use(sb->s_type->name, &sbsec->behavior, &sbsec->sid);
673 if (rc) {
674 printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
675 __func__, sb->s_type->name, rc);
676 goto out;
677 }
678
679
680 if (fscontext_sid) {
681
682 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, tsec);
683 if (rc)
684 goto out;
685
686 sbsec->sid = fscontext_sid;
687 }
688
689
690
691
692
693
694 if (context_sid) {
695 if (!fscontext_sid) {
696 rc = may_context_mount_sb_relabel(context_sid, sbsec, tsec);
697 if (rc)
698 goto out;
699 sbsec->sid = context_sid;
700 } else {
701 rc = may_context_mount_inode_relabel(context_sid, sbsec, tsec);
702 if (rc)
703 goto out;
704 }
705 if (!rootcontext_sid)
706 rootcontext_sid = context_sid;
707
708 sbsec->mntpoint_sid = context_sid;
709 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
710 }
711
712 if (rootcontext_sid) {
713 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec, tsec);
714 if (rc)
715 goto out;
716
717 root_isec->sid = rootcontext_sid;
718 root_isec->initialized = 1;
719 }
720
721 if (defcontext_sid) {
722 if (sbsec->behavior != SECURITY_FS_USE_XATTR) {
723 rc = -EINVAL;
724 printk(KERN_WARNING "SELinux: defcontext option is "
725 "invalid for this filesystem type\n");
726 goto out;
727 }
728
729 if (defcontext_sid != sbsec->def_sid) {
730 rc = may_context_mount_inode_relabel(defcontext_sid,
731 sbsec, tsec);
732 if (rc)
733 goto out;
734 }
735
736 sbsec->def_sid = defcontext_sid;
737 }
738
739 rc = sb_finish_set_opts(sb);
740out:
741 mutex_unlock(&sbsec->lock);
742 return rc;
743out_double_mount:
744 rc = -EINVAL;
745 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
746 "security settings for (dev %s, type %s)\n", sb->s_id, name);
747 goto out;
748}
749
750static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
751 struct super_block *newsb)
752{
753 const struct superblock_security_struct *oldsbsec = oldsb->s_security;
754 struct superblock_security_struct *newsbsec = newsb->s_security;
755
756 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
757 int set_context = (oldsbsec->flags & CONTEXT_MNT);
758 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
759
760
761
762
763
764
765 if (!ss_initialized) {
766 spin_lock(&sb_security_lock);
767 if (list_empty(&newsbsec->list))
768 list_add(&newsbsec->list, &superblock_security_head);
769 spin_unlock(&sb_security_lock);
770 return;
771 }
772
773
774 BUG_ON(!oldsbsec->initialized);
775
776
777 if (newsbsec->initialized)
778 return;
779
780 mutex_lock(&newsbsec->lock);
781
782 newsbsec->flags = oldsbsec->flags;
783
784 newsbsec->sid = oldsbsec->sid;
785 newsbsec->def_sid = oldsbsec->def_sid;
786 newsbsec->behavior = oldsbsec->behavior;
787
788 if (set_context) {
789 u32 sid = oldsbsec->mntpoint_sid;
790
791 if (!set_fscontext)
792 newsbsec->sid = sid;
793 if (!set_rootcontext) {
794 struct inode *newinode = newsb->s_root->d_inode;
795 struct inode_security_struct *newisec = newinode->i_security;
796 newisec->sid = sid;
797 }
798 newsbsec->mntpoint_sid = sid;
799 }
800 if (set_rootcontext) {
801 const struct inode *oldinode = oldsb->s_root->d_inode;
802 const struct inode_security_struct *oldisec = oldinode->i_security;
803 struct inode *newinode = newsb->s_root->d_inode;
804 struct inode_security_struct *newisec = newinode->i_security;
805
806 newisec->sid = oldisec->sid;
807 }
808
809 sb_finish_set_opts(newsb);
810 mutex_unlock(&newsbsec->lock);
811}
812
813static int selinux_parse_opts_str(char *options,
814 struct security_mnt_opts *opts)
815{
816 char *p;
817 char *context = NULL, *defcontext = NULL;
818 char *fscontext = NULL, *rootcontext = NULL;
819 int rc, num_mnt_opts = 0;
820
821 opts->num_mnt_opts = 0;
822
823
824 while ((p = strsep(&options, "|")) != NULL) {
825 int token;
826 substring_t args[MAX_OPT_ARGS];
827
828 if (!*p)
829 continue;
830
831 token = match_token(p, tokens, args);
832
833 switch (token) {
834 case Opt_context:
835 if (context || defcontext) {
836 rc = -EINVAL;
837 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
838 goto out_err;
839 }
840 context = match_strdup(&args[0]);
841 if (!context) {
842 rc = -ENOMEM;
843 goto out_err;
844 }
845 break;
846
847 case Opt_fscontext:
848 if (fscontext) {
849 rc = -EINVAL;
850 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
851 goto out_err;
852 }
853 fscontext = match_strdup(&args[0]);
854 if (!fscontext) {
855 rc = -ENOMEM;
856 goto out_err;
857 }
858 break;
859
860 case Opt_rootcontext:
861 if (rootcontext) {
862 rc = -EINVAL;
863 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
864 goto out_err;
865 }
866 rootcontext = match_strdup(&args[0]);
867 if (!rootcontext) {
868 rc = -ENOMEM;
869 goto out_err;
870 }
871 break;
872
873 case Opt_defcontext:
874 if (context || defcontext) {
875 rc = -EINVAL;
876 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
877 goto out_err;
878 }
879 defcontext = match_strdup(&args[0]);
880 if (!defcontext) {
881 rc = -ENOMEM;
882 goto out_err;
883 }
884 break;
885
886 default:
887 rc = -EINVAL;
888 printk(KERN_WARNING "SELinux: unknown mount option\n");
889 goto out_err;
890
891 }
892 }
893
894 rc = -ENOMEM;
895 opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC);
896 if (!opts->mnt_opts)
897 goto out_err;
898
899 opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC);
900 if (!opts->mnt_opts_flags) {
901 kfree(opts->mnt_opts);
902 goto out_err;
903 }
904
905 if (fscontext) {
906 opts->mnt_opts[num_mnt_opts] = fscontext;
907 opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;
908 }
909 if (context) {
910 opts->mnt_opts[num_mnt_opts] = context;
911 opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;
912 }
913 if (rootcontext) {
914 opts->mnt_opts[num_mnt_opts] = rootcontext;
915 opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;
916 }
917 if (defcontext) {
918 opts->mnt_opts[num_mnt_opts] = defcontext;
919 opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;
920 }
921
922 opts->num_mnt_opts = num_mnt_opts;
923 return 0;
924
925out_err:
926 kfree(context);
927 kfree(defcontext);
928 kfree(fscontext);
929 kfree(rootcontext);
930 return rc;
931}
932
933
934
935static int superblock_doinit(struct super_block *sb, void *data)
936{
937 int rc = 0;
938 char *options = data;
939 struct security_mnt_opts opts;
940
941 security_init_mnt_opts(&opts);
942
943 if (!data)
944 goto out;
945
946 BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
947
948 rc = selinux_parse_opts_str(options, &opts);
949 if (rc)
950 goto out_err;
951
952out:
953 rc = selinux_set_mnt_opts(sb, &opts);
954
955out_err:
956 security_free_mnt_opts(&opts);
957 return rc;
958}
959
960void selinux_write_opts(struct seq_file *m, struct security_mnt_opts *opts)
961{
962 int i;
963 char *prefix;
964
965 for (i = 0; i < opts->num_mnt_opts; i++) {
966 char *has_comma = strchr(opts->mnt_opts[i], ',');
967
968 switch (opts->mnt_opts_flags[i]) {
969 case CONTEXT_MNT:
970 prefix = CONTEXT_STR;
971 break;
972 case FSCONTEXT_MNT:
973 prefix = FSCONTEXT_STR;
974 break;
975 case ROOTCONTEXT_MNT:
976 prefix = ROOTCONTEXT_STR;
977 break;
978 case DEFCONTEXT_MNT:
979 prefix = DEFCONTEXT_STR;
980 break;
981 default:
982 BUG();
983 };
984
985 seq_putc(m, ',');
986 seq_puts(m, prefix);
987 if (has_comma)
988 seq_putc(m, '\"');
989 seq_puts(m, opts->mnt_opts[i]);
990 if (has_comma)
991 seq_putc(m, '\"');
992 }
993}
994
995static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
996{
997 struct security_mnt_opts opts;
998 int rc;
999
1000 rc = selinux_get_mnt_opts(sb, &opts);
1001 if (rc) {
1002
1003 if (rc == -EINVAL)
1004 rc = 0;
1005 return rc;
1006 }
1007
1008 selinux_write_opts(m, &opts);
1009
1010 security_free_mnt_opts(&opts);
1011
1012 return rc;
1013}
1014
1015static inline u16 inode_mode_to_security_class(umode_t mode)
1016{
1017 switch (mode & S_IFMT) {
1018 case S_IFSOCK:
1019 return SECCLASS_SOCK_FILE;
1020 case S_IFLNK:
1021 return SECCLASS_LNK_FILE;
1022 case S_IFREG:
1023 return SECCLASS_FILE;
1024 case S_IFBLK:
1025 return SECCLASS_BLK_FILE;
1026 case S_IFDIR:
1027 return SECCLASS_DIR;
1028 case S_IFCHR:
1029 return SECCLASS_CHR_FILE;
1030 case S_IFIFO:
1031 return SECCLASS_FIFO_FILE;
1032
1033 }
1034
1035 return SECCLASS_FILE;
1036}
1037
1038static inline int default_protocol_stream(int protocol)
1039{
1040 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
1041}
1042
1043static inline int default_protocol_dgram(int protocol)
1044{
1045 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
1046}
1047
1048static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1049{
1050 switch (family) {
1051 case PF_UNIX:
1052 switch (type) {
1053 case SOCK_STREAM:
1054 case SOCK_SEQPACKET:
1055 return SECCLASS_UNIX_STREAM_SOCKET;
1056 case SOCK_DGRAM:
1057 return SECCLASS_UNIX_DGRAM_SOCKET;
1058 }
1059 break;
1060 case PF_INET:
1061 case PF_INET6:
1062 switch (type) {
1063 case SOCK_STREAM:
1064 if (default_protocol_stream(protocol))
1065 return SECCLASS_TCP_SOCKET;
1066 else
1067 return SECCLASS_RAWIP_SOCKET;
1068 case SOCK_DGRAM:
1069 if (default_protocol_dgram(protocol))
1070 return SECCLASS_UDP_SOCKET;
1071 else
1072 return SECCLASS_RAWIP_SOCKET;
1073 case SOCK_DCCP:
1074 return SECCLASS_DCCP_SOCKET;
1075 default:
1076 return SECCLASS_RAWIP_SOCKET;
1077 }
1078 break;
1079 case PF_NETLINK:
1080 switch (protocol) {
1081 case NETLINK_ROUTE:
1082 return SECCLASS_NETLINK_ROUTE_SOCKET;
1083 case NETLINK_FIREWALL:
1084 return SECCLASS_NETLINK_FIREWALL_SOCKET;
1085 case NETLINK_INET_DIAG:
1086 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1087 case NETLINK_NFLOG:
1088 return SECCLASS_NETLINK_NFLOG_SOCKET;
1089 case NETLINK_XFRM:
1090 return SECCLASS_NETLINK_XFRM_SOCKET;
1091 case NETLINK_SELINUX:
1092 return SECCLASS_NETLINK_SELINUX_SOCKET;
1093 case NETLINK_AUDIT:
1094 return SECCLASS_NETLINK_AUDIT_SOCKET;
1095 case NETLINK_IP6_FW:
1096 return SECCLASS_NETLINK_IP6FW_SOCKET;
1097 case NETLINK_DNRTMSG:
1098 return SECCLASS_NETLINK_DNRT_SOCKET;
1099 case NETLINK_KOBJECT_UEVENT:
1100 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1101 default:
1102 return SECCLASS_NETLINK_SOCKET;
1103 }
1104 case PF_PACKET:
1105 return SECCLASS_PACKET_SOCKET;
1106 case PF_KEY:
1107 return SECCLASS_KEY_SOCKET;
1108 case PF_APPLETALK:
1109 return SECCLASS_APPLETALK_SOCKET;
1110 }
1111
1112 return SECCLASS_SOCKET;
1113}
1114
1115#ifdef CONFIG_PROC_FS
1116static int selinux_proc_get_sid(struct proc_dir_entry *de,
1117 u16 tclass,
1118 u32 *sid)
1119{
1120 int buflen, rc;
1121 char *buffer, *path, *end;
1122
1123 buffer = (char *)__get_free_page(GFP_KERNEL);
1124 if (!buffer)
1125 return -ENOMEM;
1126
1127 buflen = PAGE_SIZE;
1128 end = buffer+buflen;
1129 *--end = '\0';
1130 buflen--;
1131 path = end-1;
1132 *path = '/';
1133 while (de && de != de->parent) {
1134 buflen -= de->namelen + 1;
1135 if (buflen < 0)
1136 break;
1137 end -= de->namelen;
1138 memcpy(end, de->name, de->namelen);
1139 *--end = '/';
1140 path = end;
1141 de = de->parent;
1142 }
1143 rc = security_genfs_sid("proc", path, tclass, sid);
1144 free_page((unsigned long)buffer);
1145 return rc;
1146}
1147#else
1148static int selinux_proc_get_sid(struct proc_dir_entry *de,
1149 u16 tclass,
1150 u32 *sid)
1151{
1152 return -EINVAL;
1153}
1154#endif
1155
1156
1157static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1158{
1159 struct superblock_security_struct *sbsec = NULL;
1160 struct inode_security_struct *isec = inode->i_security;
1161 u32 sid;
1162 struct dentry *dentry;
1163#define INITCONTEXTLEN 255
1164 char *context = NULL;
1165 unsigned len = 0;
1166 int rc = 0;
1167
1168 if (isec->initialized)
1169 goto out;
1170
1171 mutex_lock(&isec->lock);
1172 if (isec->initialized)
1173 goto out_unlock;
1174
1175 sbsec = inode->i_sb->s_security;
1176 if (!sbsec->initialized) {
1177
1178
1179
1180 spin_lock(&sbsec->isec_lock);
1181 if (list_empty(&isec->list))
1182 list_add(&isec->list, &sbsec->isec_head);
1183 spin_unlock(&sbsec->isec_lock);
1184 goto out_unlock;
1185 }
1186
1187 switch (sbsec->behavior) {
1188 case SECURITY_FS_USE_XATTR:
1189 if (!inode->i_op->getxattr) {
1190 isec->sid = sbsec->def_sid;
1191 break;
1192 }
1193
1194
1195
1196 if (opt_dentry) {
1197
1198 dentry = dget(opt_dentry);
1199 } else {
1200
1201 dentry = d_find_alias(inode);
1202 }
1203 if (!dentry) {
1204 printk(KERN_WARNING "SELinux: %s: no dentry for dev=%s "
1205 "ino=%ld\n", __func__, inode->i_sb->s_id,
1206 inode->i_ino);
1207 goto out_unlock;
1208 }
1209
1210 len = INITCONTEXTLEN;
1211 context = kmalloc(len, GFP_NOFS);
1212 if (!context) {
1213 rc = -ENOMEM;
1214 dput(dentry);
1215 goto out_unlock;
1216 }
1217 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1218 context, len);
1219 if (rc == -ERANGE) {
1220
1221 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1222 NULL, 0);
1223 if (rc < 0) {
1224 dput(dentry);
1225 goto out_unlock;
1226 }
1227 kfree(context);
1228 len = rc;
1229 context = kmalloc(len, GFP_NOFS);
1230 if (!context) {
1231 rc = -ENOMEM;
1232 dput(dentry);
1233 goto out_unlock;
1234 }
1235 rc = inode->i_op->getxattr(dentry,
1236 XATTR_NAME_SELINUX,
1237 context, len);
1238 }
1239 dput(dentry);
1240 if (rc < 0) {
1241 if (rc != -ENODATA) {
1242 printk(KERN_WARNING "SELinux: %s: getxattr returned "
1243 "%d for dev=%s ino=%ld\n", __func__,
1244 -rc, inode->i_sb->s_id, inode->i_ino);
1245 kfree(context);
1246 goto out_unlock;
1247 }
1248
1249 sid = sbsec->def_sid;
1250 rc = 0;
1251 } else {
1252 rc = security_context_to_sid_default(context, rc, &sid,
1253 sbsec->def_sid,
1254 GFP_NOFS);
1255 if (rc) {
1256 printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
1257 "returned %d for dev=%s ino=%ld\n",
1258 __func__, context, -rc,
1259 inode->i_sb->s_id, inode->i_ino);
1260 kfree(context);
1261
1262 rc = 0;
1263 break;
1264 }
1265 }
1266 kfree(context);
1267 isec->sid = sid;
1268 break;
1269 case SECURITY_FS_USE_TASK:
1270 isec->sid = isec->task_sid;
1271 break;
1272 case SECURITY_FS_USE_TRANS:
1273
1274 isec->sid = sbsec->sid;
1275
1276
1277 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1278 rc = security_transition_sid(isec->task_sid,
1279 sbsec->sid,
1280 isec->sclass,
1281 &sid);
1282 if (rc)
1283 goto out_unlock;
1284 isec->sid = sid;
1285 break;
1286 case SECURITY_FS_USE_MNTPOINT:
1287 isec->sid = sbsec->mntpoint_sid;
1288 break;
1289 default:
1290
1291 isec->sid = sbsec->sid;
1292
1293 if (sbsec->proc && !S_ISLNK(inode->i_mode)) {
1294 struct proc_inode *proci = PROC_I(inode);
1295 if (proci->pde) {
1296 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1297 rc = selinux_proc_get_sid(proci->pde,
1298 isec->sclass,
1299 &sid);
1300 if (rc)
1301 goto out_unlock;
1302 isec->sid = sid;
1303 }
1304 }
1305 break;
1306 }
1307
1308 isec->initialized = 1;
1309
1310out_unlock:
1311 mutex_unlock(&isec->lock);
1312out:
1313 if (isec->sclass == SECCLASS_FILE)
1314 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1315 return rc;
1316}
1317
1318
1319static inline u32 signal_to_av(int sig)
1320{
1321 u32 perm = 0;
1322
1323 switch (sig) {
1324 case SIGCHLD:
1325
1326 perm = PROCESS__SIGCHLD;
1327 break;
1328 case SIGKILL:
1329
1330 perm = PROCESS__SIGKILL;
1331 break;
1332 case SIGSTOP:
1333
1334 perm = PROCESS__SIGSTOP;
1335 break;
1336 default:
1337
1338 perm = PROCESS__SIGNAL;
1339 break;
1340 }
1341
1342 return perm;
1343}
1344
1345
1346
1347static int task_has_perm(struct task_struct *tsk1,
1348 struct task_struct *tsk2,
1349 u32 perms)
1350{
1351 struct task_security_struct *tsec1, *tsec2;
1352
1353 tsec1 = tsk1->security;
1354 tsec2 = tsk2->security;
1355 return avc_has_perm(tsec1->sid, tsec2->sid,
1356 SECCLASS_PROCESS, perms, NULL);
1357}
1358
1359#if CAP_LAST_CAP > 63
1360#error Fix SELinux to handle capabilities > 63.
1361#endif
1362
1363
1364static int task_has_capability(struct task_struct *tsk,
1365 int cap)
1366{
1367 struct task_security_struct *tsec;
1368 struct avc_audit_data ad;
1369 u16 sclass;
1370 u32 av = CAP_TO_MASK(cap);
1371
1372 tsec = tsk->security;
1373
1374 AVC_AUDIT_DATA_INIT(&ad, CAP);
1375 ad.tsk = tsk;
1376 ad.u.cap = cap;
1377
1378 switch (CAP_TO_INDEX(cap)) {
1379 case 0:
1380 sclass = SECCLASS_CAPABILITY;
1381 break;
1382 case 1:
1383 sclass = SECCLASS_CAPABILITY2;
1384 break;
1385 default:
1386 printk(KERN_ERR
1387 "SELinux: out of range capability %d\n", cap);
1388 BUG();
1389 }
1390 return avc_has_perm(tsec->sid, tsec->sid, sclass, av, &ad);
1391}
1392
1393
1394static int task_has_system(struct task_struct *tsk,
1395 u32 perms)
1396{
1397 struct task_security_struct *tsec;
1398
1399 tsec = tsk->security;
1400
1401 return avc_has_perm(tsec->sid, SECINITSID_KERNEL,
1402 SECCLASS_SYSTEM, perms, NULL);
1403}
1404
1405
1406
1407
1408static int inode_has_perm(struct task_struct *tsk,
1409 struct inode *inode,
1410 u32 perms,
1411 struct avc_audit_data *adp)
1412{
1413 struct task_security_struct *tsec;
1414 struct inode_security_struct *isec;
1415 struct avc_audit_data ad;
1416
1417 if (unlikely(IS_PRIVATE(inode)))
1418 return 0;
1419
1420 tsec = tsk->security;
1421 isec = inode->i_security;
1422
1423 if (!adp) {
1424 adp = &ad;
1425 AVC_AUDIT_DATA_INIT(&ad, FS);
1426 ad.u.fs.inode = inode;
1427 }
1428
1429 return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, adp);
1430}
1431
1432
1433
1434
1435static inline int dentry_has_perm(struct task_struct *tsk,
1436 struct vfsmount *mnt,
1437 struct dentry *dentry,
1438 u32 av)
1439{
1440 struct inode *inode = dentry->d_inode;
1441 struct avc_audit_data ad;
1442 AVC_AUDIT_DATA_INIT(&ad, FS);
1443 ad.u.fs.path.mnt = mnt;
1444 ad.u.fs.path.dentry = dentry;
1445 return inode_has_perm(tsk, inode, av, &ad);
1446}
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456static int file_has_perm(struct task_struct *tsk,
1457 struct file *file,
1458 u32 av)
1459{
1460 struct task_security_struct *tsec = tsk->security;
1461 struct file_security_struct *fsec = file->f_security;
1462 struct inode *inode = file->f_path.dentry->d_inode;
1463 struct avc_audit_data ad;
1464 int rc;
1465
1466 AVC_AUDIT_DATA_INIT(&ad, FS);
1467 ad.u.fs.path = file->f_path;
1468
1469 if (tsec->sid != fsec->sid) {
1470 rc = avc_has_perm(tsec->sid, fsec->sid,
1471 SECCLASS_FD,
1472 FD__USE,
1473 &ad);
1474 if (rc)
1475 return rc;
1476 }
1477
1478
1479 if (av)
1480 return inode_has_perm(tsk, inode, av, &ad);
1481
1482 return 0;
1483}
1484
1485
1486static int may_create(struct inode *dir,
1487 struct dentry *dentry,
1488 u16 tclass)
1489{
1490 struct task_security_struct *tsec;
1491 struct inode_security_struct *dsec;
1492 struct superblock_security_struct *sbsec;
1493 u32 newsid;
1494 struct avc_audit_data ad;
1495 int rc;
1496
1497 tsec = current->security;
1498 dsec = dir->i_security;
1499 sbsec = dir->i_sb->s_security;
1500
1501 AVC_AUDIT_DATA_INIT(&ad, FS);
1502 ad.u.fs.path.dentry = dentry;
1503
1504 rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR,
1505 DIR__ADD_NAME | DIR__SEARCH,
1506 &ad);
1507 if (rc)
1508 return rc;
1509
1510 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
1511 newsid = tsec->create_sid;
1512 } else {
1513 rc = security_transition_sid(tsec->sid, dsec->sid, tclass,
1514 &newsid);
1515 if (rc)
1516 return rc;
1517 }
1518
1519 rc = avc_has_perm(tsec->sid, newsid, tclass, FILE__CREATE, &ad);
1520 if (rc)
1521 return rc;
1522
1523 return avc_has_perm(newsid, sbsec->sid,
1524 SECCLASS_FILESYSTEM,
1525 FILESYSTEM__ASSOCIATE, &ad);
1526}
1527
1528
1529static int may_create_key(u32 ksid,
1530 struct task_struct *ctx)
1531{
1532 struct task_security_struct *tsec;
1533
1534 tsec = ctx->security;
1535
1536 return avc_has_perm(tsec->sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1537}
1538
1539#define MAY_LINK 0
1540#define MAY_UNLINK 1
1541#define MAY_RMDIR 2
1542
1543
1544static int may_link(struct inode *dir,
1545 struct dentry *dentry,
1546 int kind)
1547
1548{
1549 struct task_security_struct *tsec;
1550 struct inode_security_struct *dsec, *isec;
1551 struct avc_audit_data ad;
1552 u32 av;
1553 int rc;
1554
1555 tsec = current->security;
1556 dsec = dir->i_security;
1557 isec = dentry->d_inode->i_security;
1558
1559 AVC_AUDIT_DATA_INIT(&ad, FS);
1560 ad.u.fs.path.dentry = dentry;
1561
1562 av = DIR__SEARCH;
1563 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1564 rc = avc_has_perm(tsec->sid, dsec->sid, SECCLASS_DIR, av, &ad);
1565 if (rc)
1566 return rc;
1567
1568 switch (kind) {
1569 case MAY_LINK:
1570 av = FILE__LINK;
1571 break;
1572 case MAY_UNLINK:
1573 av = FILE__UNLINK;
1574 break;
1575 case MAY_RMDIR:
1576 av = DIR__RMDIR;
1577 break;
1578 default:
1579 printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
1580 __func__, kind);
1581 return 0;
1582 }
1583
1584 rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass, av, &ad);
1585 return rc;
1586}
1587
1588static inline int may_rename(struct inode *old_dir,
1589 struct dentry *old_dentry,
1590 struct inode *new_dir,
1591 struct dentry *new_dentry)
1592{
1593 struct task_security_struct *tsec;
1594 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1595 struct avc_audit_data ad;
1596 u32 av;
1597 int old_is_dir, new_is_dir;
1598 int rc;
1599
1600 tsec = current->security;
1601 old_dsec = old_dir->i_security;
1602 old_isec = old_dentry->d_inode->i_security;
1603 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
1604 new_dsec = new_dir->i_security;
1605
1606 AVC_AUDIT_DATA_INIT(&ad, FS);
1607
1608 ad.u.fs.path.dentry = old_dentry;
1609 rc = avc_has_perm(tsec->sid, old_dsec->sid, SECCLASS_DIR,
1610 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1611 if (rc)
1612 return rc;
1613 rc = avc_has_perm(tsec->sid, old_isec->sid,
1614 old_isec->sclass, FILE__RENAME, &ad);
1615 if (rc)
1616 return rc;
1617 if (old_is_dir && new_dir != old_dir) {
1618 rc = avc_has_perm(tsec->sid, old_isec->sid,
1619 old_isec->sclass, DIR__REPARENT, &ad);
1620 if (rc)
1621 return rc;
1622 }
1623
1624 ad.u.fs.path.dentry = new_dentry;
1625 av = DIR__ADD_NAME | DIR__SEARCH;
1626 if (new_dentry->d_inode)
1627 av |= DIR__REMOVE_NAME;
1628 rc = avc_has_perm(tsec->sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1629 if (rc)
1630 return rc;
1631 if (new_dentry->d_inode) {
1632 new_isec = new_dentry->d_inode->i_security;
1633 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
1634 rc = avc_has_perm(tsec->sid, new_isec->sid,
1635 new_isec->sclass,
1636 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1637 if (rc)
1638 return rc;
1639 }
1640
1641 return 0;
1642}
1643
1644
1645static int superblock_has_perm(struct task_struct *tsk,
1646 struct super_block *sb,
1647 u32 perms,
1648 struct avc_audit_data *ad)
1649{
1650 struct task_security_struct *tsec;
1651 struct superblock_security_struct *sbsec;
1652
1653 tsec = tsk->security;
1654 sbsec = sb->s_security;
1655 return avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
1656 perms, ad);
1657}
1658
1659
1660static inline u32 file_mask_to_av(int mode, int mask)
1661{
1662 u32 av = 0;
1663
1664 if ((mode & S_IFMT) != S_IFDIR) {
1665 if (mask & MAY_EXEC)
1666 av |= FILE__EXECUTE;
1667 if (mask & MAY_READ)
1668 av |= FILE__READ;
1669
1670 if (mask & MAY_APPEND)
1671 av |= FILE__APPEND;
1672 else if (mask & MAY_WRITE)
1673 av |= FILE__WRITE;
1674
1675 } else {
1676 if (mask & MAY_EXEC)
1677 av |= DIR__SEARCH;
1678 if (mask & MAY_WRITE)
1679 av |= DIR__WRITE;
1680 if (mask & MAY_READ)
1681 av |= DIR__READ;
1682 }
1683
1684 return av;
1685}
1686
1687
1688
1689
1690
1691static inline u32 open_file_mask_to_av(int mode, int mask)
1692{
1693 u32 av = file_mask_to_av(mode, mask);
1694
1695 if (selinux_policycap_openperm) {
1696
1697
1698
1699 if (S_ISREG(mode))
1700 av |= FILE__OPEN;
1701 else if (S_ISCHR(mode))
1702 av |= CHR_FILE__OPEN;
1703 else if (S_ISBLK(mode))
1704 av |= BLK_FILE__OPEN;
1705 else if (S_ISFIFO(mode))
1706 av |= FIFO_FILE__OPEN;
1707 else if (S_ISDIR(mode))
1708 av |= DIR__OPEN;
1709 else
1710 printk(KERN_ERR "SELinux: WARNING: inside %s with "
1711 "unknown mode:%x\n", __func__, mode);
1712 }
1713 return av;
1714}
1715
1716
1717static inline u32 file_to_av(struct file *file)
1718{
1719 u32 av = 0;
1720
1721 if (file->f_mode & FMODE_READ)
1722 av |= FILE__READ;
1723 if (file->f_mode & FMODE_WRITE) {
1724 if (file->f_flags & O_APPEND)
1725 av |= FILE__APPEND;
1726 else
1727 av |= FILE__WRITE;
1728 }
1729 if (!av) {
1730
1731
1732
1733 av = FILE__IOCTL;
1734 }
1735
1736 return av;
1737}
1738
1739
1740
1741static int selinux_ptrace_may_access(struct task_struct *child,
1742 unsigned int mode)
1743{
1744 int rc;
1745
1746 rc = secondary_ops->ptrace_may_access(child, mode);
1747 if (rc)
1748 return rc;
1749
1750 if (mode == PTRACE_MODE_READ) {
1751 struct task_security_struct *tsec = current->security;
1752 struct task_security_struct *csec = child->security;
1753 return avc_has_perm(tsec->sid, csec->sid,
1754 SECCLASS_FILE, FILE__READ, NULL);
1755 }
1756
1757 return task_has_perm(current, child, PROCESS__PTRACE);
1758}
1759
1760static int selinux_ptrace_traceme(struct task_struct *parent)
1761{
1762 int rc;
1763
1764 rc = secondary_ops->ptrace_traceme(parent);
1765 if (rc)
1766 return rc;
1767
1768 return task_has_perm(parent, current, PROCESS__PTRACE);
1769}
1770
1771static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
1772 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1773{
1774 int error;
1775
1776 error = task_has_perm(current, target, PROCESS__GETCAP);
1777 if (error)
1778 return error;
1779
1780 return secondary_ops->capget(target, effective, inheritable, permitted);
1781}
1782
1783static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effective,
1784 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1785{
1786 int error;
1787
1788 error = secondary_ops->capset_check(target, effective, inheritable, permitted);
1789 if (error)
1790 return error;
1791
1792 return task_has_perm(current, target, PROCESS__SETCAP);
1793}
1794
1795static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective,
1796 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1797{
1798 secondary_ops->capset_set(target, effective, inheritable, permitted);
1799}
1800
1801static int selinux_capable(struct task_struct *tsk, int cap)
1802{
1803 int rc;
1804
1805 rc = secondary_ops->capable(tsk, cap);
1806 if (rc)
1807 return rc;
1808
1809 return task_has_capability(tsk, cap);
1810}
1811
1812static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid)
1813{
1814 int buflen, rc;
1815 char *buffer, *path, *end;
1816
1817 rc = -ENOMEM;
1818 buffer = (char *)__get_free_page(GFP_KERNEL);
1819 if (!buffer)
1820 goto out;
1821
1822 buflen = PAGE_SIZE;
1823 end = buffer+buflen;
1824 *--end = '\0';
1825 buflen--;
1826 path = end-1;
1827 *path = '/';
1828 while (table) {
1829 const char *name = table->procname;
1830 size_t namelen = strlen(name);
1831 buflen -= namelen + 1;
1832 if (buflen < 0)
1833 goto out_free;
1834 end -= namelen;
1835 memcpy(end, name, namelen);
1836 *--end = '/';
1837 path = end;
1838 table = table->parent;
1839 }
1840 buflen -= 4;
1841 if (buflen < 0)
1842 goto out_free;
1843 end -= 4;
1844 memcpy(end, "/sys", 4);
1845 path = end;
1846 rc = security_genfs_sid("proc", path, tclass, sid);
1847out_free:
1848 free_page((unsigned long)buffer);
1849out:
1850 return rc;
1851}
1852
1853static int selinux_sysctl(ctl_table *table, int op)
1854{
1855 int error = 0;
1856 u32 av;
1857 struct task_security_struct *tsec;
1858 u32 tsid;
1859 int rc;
1860
1861 rc = secondary_ops->sysctl(table, op);
1862 if (rc)
1863 return rc;
1864
1865 tsec = current->security;
1866
1867 rc = selinux_sysctl_get_sid(table, (op == 0001) ?
1868 SECCLASS_DIR : SECCLASS_FILE, &tsid);
1869 if (rc) {
1870
1871 tsid = SECINITSID_SYSCTL;
1872 }
1873
1874
1875
1876 if (op == 001) {
1877 error = avc_has_perm(tsec->sid, tsid,
1878 SECCLASS_DIR, DIR__SEARCH, NULL);
1879 } else {
1880 av = 0;
1881 if (op & 004)
1882 av |= FILE__READ;
1883 if (op & 002)
1884 av |= FILE__WRITE;
1885 if (av)
1886 error = avc_has_perm(tsec->sid, tsid,
1887 SECCLASS_FILE, av, NULL);
1888 }
1889
1890 return error;
1891}
1892
1893static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1894{
1895 int rc = 0;
1896
1897 if (!sb)
1898 return 0;
1899
1900 switch (cmds) {
1901 case Q_SYNC:
1902 case Q_QUOTAON:
1903 case Q_QUOTAOFF:
1904 case Q_SETINFO:
1905 case Q_SETQUOTA:
1906 rc = superblock_has_perm(current, sb, FILESYSTEM__QUOTAMOD,
1907 NULL);
1908 break;
1909 case Q_GETFMT:
1910 case Q_GETINFO:
1911 case Q_GETQUOTA:
1912 rc = superblock_has_perm(current, sb, FILESYSTEM__QUOTAGET,
1913 NULL);
1914 break;
1915 default:
1916 rc = 0;
1917 break;
1918 }
1919 return rc;
1920}
1921
1922static int selinux_quota_on(struct dentry *dentry)
1923{
1924 return dentry_has_perm(current, NULL, dentry, FILE__QUOTAON);
1925}
1926
1927static int selinux_syslog(int type)
1928{
1929 int rc;
1930
1931 rc = secondary_ops->syslog(type);
1932 if (rc)
1933 return rc;
1934
1935 switch (type) {
1936 case 3:
1937 case 10:
1938 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
1939 break;
1940 case 6:
1941 case 7:
1942 case 8:
1943 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
1944 break;
1945 case 0:
1946 case 1:
1947 case 2:
1948 case 4:
1949 case 5:
1950 default:
1951 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
1952 break;
1953 }
1954 return rc;
1955}
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
1970{
1971 int rc, cap_sys_admin = 0;
1972 struct task_security_struct *tsec = current->security;
1973
1974 rc = secondary_ops->capable(current, CAP_SYS_ADMIN);
1975 if (rc == 0)
1976 rc = avc_has_perm_noaudit(tsec->sid, tsec->sid,
1977 SECCLASS_CAPABILITY,
1978 CAP_TO_MASK(CAP_SYS_ADMIN),
1979 0,
1980 NULL);
1981
1982 if (rc == 0)
1983 cap_sys_admin = 1;
1984
1985 return __vm_enough_memory(mm, pages, cap_sys_admin);
1986}
1987
1988
1989
1990static int selinux_bprm_alloc_security(struct linux_binprm *bprm)
1991{
1992 struct bprm_security_struct *bsec;
1993
1994 bsec = kzalloc(sizeof(struct bprm_security_struct), GFP_KERNEL);
1995 if (!bsec)
1996 return -ENOMEM;
1997
1998 bsec->sid = SECINITSID_UNLABELED;
1999 bsec->set = 0;
2000
2001 bprm->security = bsec;
2002 return 0;
2003}
2004
2005static int selinux_bprm_set_security(struct linux_binprm *bprm)
2006{
2007 struct task_security_struct *tsec;
2008 struct inode *inode = bprm->file->f_path.dentry->d_inode;
2009 struct inode_security_struct *isec;
2010 struct bprm_security_struct *bsec;
2011 u32 newsid;
2012 struct avc_audit_data ad;
2013 int rc;
2014
2015 rc = secondary_ops->bprm_set_security(bprm);
2016 if (rc)
2017 return rc;
2018
2019 bsec = bprm->security;
2020
2021 if (bsec->set)
2022 return 0;
2023
2024 tsec = current->security;
2025 isec = inode->i_security;
2026
2027
2028 bsec->sid = tsec->sid;
2029
2030
2031 tsec->create_sid = 0;
2032 tsec->keycreate_sid = 0;
2033 tsec->sockcreate_sid = 0;
2034
2035 if (tsec->exec_sid) {
2036 newsid = tsec->exec_sid;
2037
2038 tsec->exec_sid = 0;
2039 } else {
2040
2041 rc = security_transition_sid(tsec->sid, isec->sid,
2042 SECCLASS_PROCESS, &newsid);
2043 if (rc)
2044 return rc;
2045 }
2046
2047 AVC_AUDIT_DATA_INIT(&ad, FS);
2048 ad.u.fs.path = bprm->file->f_path;
2049
2050 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
2051 newsid = tsec->sid;
2052
2053 if (tsec->sid == newsid) {
2054 rc = avc_has_perm(tsec->sid, isec->sid,
2055 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2056 if (rc)
2057 return rc;
2058 } else {
2059
2060 rc = avc_has_perm(tsec->sid, newsid,
2061 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2062 if (rc)
2063 return rc;
2064
2065 rc = avc_has_perm(newsid, isec->sid,
2066 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2067 if (rc)
2068 return rc;
2069
2070
2071 current->personality &= ~PER_CLEAR_ON_SETID;
2072
2073
2074 bsec->sid = newsid;
2075 }
2076
2077 bsec->set = 1;
2078 return 0;
2079}
2080
2081static int selinux_bprm_check_security(struct linux_binprm *bprm)
2082{
2083 return secondary_ops->bprm_check_security(bprm);
2084}
2085
2086
2087static int selinux_bprm_secureexec(struct linux_binprm *bprm)
2088{
2089 struct task_security_struct *tsec = current->security;
2090 int atsecure = 0;
2091
2092 if (tsec->osid != tsec->sid) {
2093
2094
2095
2096 atsecure = avc_has_perm(tsec->osid, tsec->sid,
2097 SECCLASS_PROCESS,
2098 PROCESS__NOATSECURE, NULL);
2099 }
2100
2101 return (atsecure || secondary_ops->bprm_secureexec(bprm));
2102}
2103
2104static void selinux_bprm_free_security(struct linux_binprm *bprm)
2105{
2106 kfree(bprm->security);
2107 bprm->security = NULL;
2108}
2109
2110extern struct vfsmount *selinuxfs_mount;
2111extern struct dentry *selinux_null;
2112
2113
2114static inline void flush_unauthorized_files(struct files_struct *files)
2115{
2116 struct avc_audit_data ad;
2117 struct file *file, *devnull = NULL;
2118 struct tty_struct *tty;
2119 struct fdtable *fdt;
2120 long j = -1;
2121 int drop_tty = 0;
2122
2123 mutex_lock(&tty_mutex);
2124 tty = get_current_tty();
2125 if (tty) {
2126 file_list_lock();
2127 file = list_entry(tty->tty_files.next, typeof(*file), f_u.fu_list);
2128 if (file) {
2129
2130
2131
2132
2133
2134 struct inode *inode = file->f_path.dentry->d_inode;
2135 if (inode_has_perm(current, inode,
2136 FILE__READ | FILE__WRITE, NULL)) {
2137 drop_tty = 1;
2138 }
2139 }
2140 file_list_unlock();
2141 }
2142 mutex_unlock(&tty_mutex);
2143
2144 if (drop_tty)
2145 no_tty();
2146
2147
2148
2149 AVC_AUDIT_DATA_INIT(&ad, FS);
2150
2151 spin_lock(&files->file_lock);
2152 for (;;) {
2153 unsigned long set, i;
2154 int fd;
2155
2156 j++;
2157 i = j * __NFDBITS;
2158 fdt = files_fdtable(files);
2159 if (i >= fdt->max_fds)
2160 break;
2161 set = fdt->open_fds->fds_bits[j];
2162 if (!set)
2163 continue;
2164 spin_unlock(&files->file_lock);
2165 for ( ; set ; i++, set >>= 1) {
2166 if (set & 1) {
2167 file = fget(i);
2168 if (!file)
2169 continue;
2170 if (file_has_perm(current,
2171 file,
2172 file_to_av(file))) {
2173 sys_close(i);
2174 fd = get_unused_fd();
2175 if (fd != i) {
2176 if (fd >= 0)
2177 put_unused_fd(fd);
2178 fput(file);
2179 continue;
2180 }
2181 if (devnull) {
2182 get_file(devnull);
2183 } else {
2184 devnull = dentry_open(dget(selinux_null), mntget(selinuxfs_mount), O_RDWR);
2185 if (IS_ERR(devnull)) {
2186 devnull = NULL;
2187 put_unused_fd(fd);
2188 fput(file);
2189 continue;
2190 }
2191 }
2192 fd_install(fd, devnull);
2193 }
2194 fput(file);
2195 }
2196 }
2197 spin_lock(&files->file_lock);
2198
2199 }
2200 spin_unlock(&files->file_lock);
2201}
2202
2203static void selinux_bprm_apply_creds(struct linux_binprm *bprm, int unsafe)
2204{
2205 struct task_security_struct *tsec;
2206 struct bprm_security_struct *bsec;
2207 u32 sid;
2208 int rc;
2209
2210 secondary_ops->bprm_apply_creds(bprm, unsafe);
2211
2212 tsec = current->security;
2213
2214 bsec = bprm->security;
2215 sid = bsec->sid;
2216
2217 tsec->osid = tsec->sid;
2218 bsec->unsafe = 0;
2219 if (tsec->sid != sid) {
2220
2221
2222 if (unsafe & LSM_UNSAFE_SHARE) {
2223 rc = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
2224 PROCESS__SHARE, NULL);
2225 if (rc) {
2226 bsec->unsafe = 1;
2227 return;
2228 }
2229 }
2230
2231
2232
2233 if (unsafe & (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
2234 struct task_struct *tracer;
2235 struct task_security_struct *sec;
2236 u32 ptsid = 0;
2237
2238 rcu_read_lock();
2239 tracer = tracehook_tracer_task(current);
2240 if (likely(tracer != NULL)) {
2241 sec = tracer->security;
2242 ptsid = sec->sid;
2243 }
2244 rcu_read_unlock();
2245
2246 if (ptsid != 0) {
2247 rc = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
2248 PROCESS__PTRACE, NULL);
2249 if (rc) {
2250 bsec->unsafe = 1;
2251 return;
2252 }
2253 }
2254 }
2255 tsec->sid = sid;
2256 }
2257}
2258
2259
2260
2261
2262static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm)
2263{
2264 struct task_security_struct *tsec;
2265 struct rlimit *rlim, *initrlim;
2266 struct itimerval itimer;
2267 struct bprm_security_struct *bsec;
2268 int rc, i;
2269
2270 tsec = current->security;
2271 bsec = bprm->security;
2272
2273 if (bsec->unsafe) {
2274 force_sig_specific(SIGKILL, current);
2275 return;
2276 }
2277 if (tsec->osid == tsec->sid)
2278 return;
2279
2280
2281 flush_unauthorized_files(current->files);
2282
2283
2284
2285
2286
2287
2288
2289 rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS,
2290 PROCESS__SIGINH, NULL);
2291 if (rc) {
2292 memset(&itimer, 0, sizeof itimer);
2293 for (i = 0; i < 3; i++)
2294 do_setitimer(i, &itimer, NULL);
2295 flush_signals(current);
2296 spin_lock_irq(¤t->sighand->siglock);
2297 flush_signal_handlers(current, 1);
2298 sigemptyset(¤t->blocked);
2299 recalc_sigpending();
2300 spin_unlock_irq(¤t->sighand->siglock);
2301 }
2302
2303
2304 current->pdeath_signal = 0;
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316 rc = avc_has_perm(tsec->osid, tsec->sid, SECCLASS_PROCESS,
2317 PROCESS__RLIMITINH, NULL);
2318 if (rc) {
2319 for (i = 0; i < RLIM_NLIMITS; i++) {
2320 rlim = current->signal->rlim + i;
2321 initrlim = init_task.signal->rlim+i;
2322 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2323 }
2324 if (current->signal->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) {
2325
2326
2327
2328
2329 current->it_prof_expires = jiffies_to_cputime(1);
2330 }
2331 }
2332
2333
2334
2335 wake_up_interruptible(¤t->parent->signal->wait_chldexit);
2336}
2337
2338
2339
2340static int selinux_sb_alloc_security(struct super_block *sb)
2341{
2342 return superblock_alloc_security(sb);
2343}
2344
2345static void selinux_sb_free_security(struct super_block *sb)
2346{
2347 superblock_free_security(sb);
2348}
2349
2350static inline int match_prefix(char *prefix, int plen, char *option, int olen)
2351{
2352 if (plen > olen)
2353 return 0;
2354
2355 return !memcmp(prefix, option, plen);
2356}
2357
2358static inline int selinux_option(char *option, int len)
2359{
2360 return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) ||
2361 match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) ||
2362 match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) ||
2363 match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len));
2364}
2365
2366static inline void take_option(char **to, char *from, int *first, int len)
2367{
2368 if (!*first) {
2369 **to = ',';
2370 *to += 1;
2371 } else
2372 *first = 0;
2373 memcpy(*to, from, len);
2374 *to += len;
2375}
2376
2377static inline void take_selinux_option(char **to, char *from, int *first,
2378 int len)
2379{
2380 int current_size = 0;
2381
2382 if (!*first) {
2383 **to = '|';
2384 *to += 1;
2385 } else
2386 *first = 0;
2387
2388 while (current_size < len) {
2389 if (*from != '"') {
2390 **to = *from;
2391 *to += 1;
2392 }
2393 from += 1;
2394 current_size += 1;
2395 }
2396}
2397
2398static int selinux_sb_copy_data(char *orig, char *copy)
2399{
2400 int fnosec, fsec, rc = 0;
2401 char *in_save, *in_curr, *in_end;
2402 char *sec_curr, *nosec_save, *nosec;
2403 int open_quote = 0;
2404
2405 in_curr = orig;
2406 sec_curr = copy;
2407
2408 nosec = (char *)get_zeroed_page(GFP_KERNEL);
2409 if (!nosec) {
2410 rc = -ENOMEM;
2411 goto out;
2412 }
2413
2414 nosec_save = nosec;
2415 fnosec = fsec = 1;
2416 in_save = in_end = orig;
2417
2418 do {
2419 if (*in_end == '"')
2420 open_quote = !open_quote;
2421 if ((*in_end == ',' && open_quote == 0) ||
2422 *in_end == '\0') {
2423 int len = in_end - in_curr;
2424
2425 if (selinux_option(in_curr, len))
2426 take_selinux_option(&sec_curr, in_curr, &fsec, len);
2427 else
2428 take_option(&nosec, in_curr, &fnosec, len);
2429
2430 in_curr = in_end + 1;
2431 }
2432 } while (*in_end++);
2433
2434 strcpy(in_save, nosec_save);
2435 free_page((unsigned long)nosec_save);
2436out:
2437 return rc;
2438}
2439
2440static int selinux_sb_kern_mount(struct super_block *sb, void *data)
2441{
2442 struct avc_audit_data ad;
2443 int rc;
2444
2445 rc = superblock_doinit(sb, data);
2446 if (rc)
2447 return rc;
2448
2449 AVC_AUDIT_DATA_INIT(&ad, FS);
2450 ad.u.fs.path.dentry = sb->s_root;
2451 return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad);
2452}
2453
2454static int selinux_sb_statfs(struct dentry *dentry)
2455{
2456 struct avc_audit_data ad;
2457
2458 AVC_AUDIT_DATA_INIT(&ad, FS);
2459 ad.u.fs.path.dentry = dentry->d_sb->s_root;
2460 return superblock_has_perm(current, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2461}
2462
2463static int selinux_mount(char *dev_name,
2464 struct path *path,
2465 char *type,
2466 unsigned long flags,
2467 void *data)
2468{
2469 int rc;
2470
2471 rc = secondary_ops->sb_mount(dev_name, path, type, flags, data);
2472 if (rc)
2473 return rc;
2474
2475 if (flags & MS_REMOUNT)
2476 return superblock_has_perm(current, path->mnt->mnt_sb,
2477 FILESYSTEM__REMOUNT, NULL);
2478 else
2479 return dentry_has_perm(current, path->mnt, path->dentry,
2480 FILE__MOUNTON);
2481}
2482
2483static int selinux_umount(struct vfsmount *mnt, int flags)
2484{
2485 int rc;
2486
2487 rc = secondary_ops->sb_umount(mnt, flags);
2488 if (rc)
2489 return rc;
2490
2491 return superblock_has_perm(current, mnt->mnt_sb,
2492 FILESYSTEM__UNMOUNT, NULL);
2493}
2494
2495
2496
2497static int selinux_inode_alloc_security(struct inode *inode)
2498{
2499 return inode_alloc_security(inode);
2500}
2501
2502static void selinux_inode_free_security(struct inode *inode)
2503{
2504 inode_free_security(inode);
2505}
2506
2507static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2508 char **name, void **value,
2509 size_t *len)
2510{
2511 struct task_security_struct *tsec;
2512 struct inode_security_struct *dsec;
2513 struct superblock_security_struct *sbsec;
2514 u32 newsid, clen;
2515 int rc;
2516 char *namep = NULL, *context;
2517
2518 tsec = current->security;
2519 dsec = dir->i_security;
2520 sbsec = dir->i_sb->s_security;
2521
2522 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
2523 newsid = tsec->create_sid;
2524 } else {
2525 rc = security_transition_sid(tsec->sid, dsec->sid,
2526 inode_mode_to_security_class(inode->i_mode),
2527 &newsid);
2528 if (rc) {
2529 printk(KERN_WARNING "%s: "
2530 "security_transition_sid failed, rc=%d (dev=%s "
2531 "ino=%ld)\n",
2532 __func__,
2533 -rc, inode->i_sb->s_id, inode->i_ino);
2534 return rc;
2535 }
2536 }
2537
2538
2539 if (sbsec->initialized) {
2540 struct inode_security_struct *isec = inode->i_security;
2541 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2542 isec->sid = newsid;
2543 isec->initialized = 1;
2544 }
2545
2546 if (!ss_initialized || sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
2547 return -EOPNOTSUPP;
2548
2549 if (name) {
2550 namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS);
2551 if (!namep)
2552 return -ENOMEM;
2553 *name = namep;
2554 }
2555
2556 if (value && len) {
2557 rc = security_sid_to_context_force(newsid, &context, &clen);
2558 if (rc) {
2559 kfree(namep);
2560 return rc;
2561 }
2562 *value = context;
2563 *len = clen;
2564 }
2565
2566 return 0;
2567}
2568
2569static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask)
2570{
2571 return may_create(dir, dentry, SECCLASS_FILE);
2572}
2573
2574static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2575{
2576 int rc;
2577
2578 rc = secondary_ops->inode_link(old_dentry, dir, new_dentry);
2579 if (rc)
2580 return rc;
2581 return may_link(dir, old_dentry, MAY_LINK);
2582}
2583
2584static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2585{
2586 int rc;
2587
2588 rc = secondary_ops->inode_unlink(dir, dentry);
2589 if (rc)
2590 return rc;
2591 return may_link(dir, dentry, MAY_UNLINK);
2592}
2593
2594static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2595{
2596 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2597}
2598
2599static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask)
2600{
2601 return may_create(dir, dentry, SECCLASS_DIR);
2602}
2603
2604static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2605{
2606 return may_link(dir, dentry, MAY_RMDIR);
2607}
2608
2609static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
2610{
2611 int rc;
2612
2613 rc = secondary_ops->inode_mknod(dir, dentry, mode, dev);
2614 if (rc)
2615 return rc;
2616
2617 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2618}
2619
2620static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2621 struct inode *new_inode, struct dentry *new_dentry)
2622{
2623 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2624}
2625
2626static int selinux_inode_readlink(struct dentry *dentry)
2627{
2628 return dentry_has_perm(current, NULL, dentry, FILE__READ);
2629}
2630
2631static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
2632{
2633 int rc;
2634
2635 rc = secondary_ops->inode_follow_link(dentry, nameidata);
2636 if (rc)
2637 return rc;
2638 return dentry_has_perm(current, NULL, dentry, FILE__READ);
2639}
2640
2641static int selinux_inode_permission(struct inode *inode, int mask)
2642{
2643 int rc;
2644
2645 rc = secondary_ops->inode_permission(inode, mask);
2646 if (rc)
2647 return rc;
2648
2649 if (!mask) {
2650
2651 return 0;
2652 }
2653
2654 return inode_has_perm(current, inode,
2655 open_file_mask_to_av(inode->i_mode, mask), NULL);
2656}
2657
2658static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2659{
2660 int rc;
2661
2662 rc = secondary_ops->inode_setattr(dentry, iattr);
2663 if (rc)
2664 return rc;
2665
2666 if (iattr->ia_valid & ATTR_FORCE)
2667 return 0;
2668
2669 if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
2670 ATTR_ATIME_SET | ATTR_MTIME_SET))
2671 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
2672
2673 return dentry_has_perm(current, NULL, dentry, FILE__WRITE);
2674}
2675
2676static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
2677{
2678 return dentry_has_perm(current, mnt, dentry, FILE__GETATTR);
2679}
2680
2681static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
2682{
2683 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2684 sizeof XATTR_SECURITY_PREFIX - 1)) {
2685 if (!strcmp(name, XATTR_NAME_CAPS)) {
2686 if (!capable(CAP_SETFCAP))
2687 return -EPERM;
2688 } else if (!capable(CAP_SYS_ADMIN)) {
2689
2690
2691 return -EPERM;
2692 }
2693 }
2694
2695
2696
2697 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
2698}
2699
2700static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2701 const void *value, size_t size, int flags)
2702{
2703 struct task_security_struct *tsec = current->security;
2704 struct inode *inode = dentry->d_inode;
2705 struct inode_security_struct *isec = inode->i_security;
2706 struct superblock_security_struct *sbsec;
2707 struct avc_audit_data ad;
2708 u32 newsid;
2709 int rc = 0;
2710
2711 if (strcmp(name, XATTR_NAME_SELINUX))
2712 return selinux_inode_setotherxattr(dentry, name);
2713
2714 sbsec = inode->i_sb->s_security;
2715 if (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
2716 return -EOPNOTSUPP;
2717
2718 if (!is_owner_or_cap(inode))
2719 return -EPERM;
2720
2721 AVC_AUDIT_DATA_INIT(&ad, FS);
2722 ad.u.fs.path.dentry = dentry;
2723
2724 rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
2725 FILE__RELABELFROM, &ad);
2726 if (rc)
2727 return rc;
2728
2729 rc = security_context_to_sid(value, size, &newsid);
2730 if (rc == -EINVAL) {
2731 if (!capable(CAP_MAC_ADMIN))
2732 return rc;
2733 rc = security_context_to_sid_force(value, size, &newsid);
2734 }
2735 if (rc)
2736 return rc;
2737
2738 rc = avc_has_perm(tsec->sid, newsid, isec->sclass,
2739 FILE__RELABELTO, &ad);
2740 if (rc)
2741 return rc;
2742
2743 rc = security_validate_transition(isec->sid, newsid, tsec->sid,
2744 isec->sclass);
2745 if (rc)
2746 return rc;
2747
2748 return avc_has_perm(newsid,
2749 sbsec->sid,
2750 SECCLASS_FILESYSTEM,
2751 FILESYSTEM__ASSOCIATE,
2752 &ad);
2753}
2754
2755static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
2756 const void *value, size_t size,
2757 int flags)
2758{
2759 struct inode *inode = dentry->d_inode;
2760 struct inode_security_struct *isec = inode->i_security;
2761 u32 newsid;
2762 int rc;
2763
2764 if (strcmp(name, XATTR_NAME_SELINUX)) {
2765
2766 return;
2767 }
2768
2769 rc = security_context_to_sid_force(value, size, &newsid);
2770 if (rc) {
2771 printk(KERN_ERR "SELinux: unable to map context to SID"
2772 "for (%s, %lu), rc=%d\n",
2773 inode->i_sb->s_id, inode->i_ino, -rc);
2774 return;
2775 }
2776
2777 isec->sid = newsid;
2778 return;
2779}
2780
2781static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
2782{
2783 return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
2784}
2785
2786static int selinux_inode_listxattr(struct dentry *dentry)
2787{
2788 return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
2789}
2790
2791static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
2792{
2793 if (strcmp(name, XATTR_NAME_SELINUX))
2794 return selinux_inode_setotherxattr(dentry, name);
2795
2796
2797
2798 return -EACCES;
2799}
2800
2801
2802
2803
2804
2805
2806static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
2807{
2808 u32 size;
2809 int error;
2810 char *context = NULL;
2811 struct task_security_struct *tsec = current->security;
2812 struct inode_security_struct *isec = inode->i_security;
2813
2814 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2815 return -EOPNOTSUPP;
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826 error = secondary_ops->capable(current, CAP_MAC_ADMIN);
2827 if (!error)
2828 error = avc_has_perm_noaudit(tsec->sid, tsec->sid,
2829 SECCLASS_CAPABILITY2,
2830 CAPABILITY2__MAC_ADMIN,
2831 0,
2832 NULL);
2833 if (!error)
2834 error = security_sid_to_context_force(isec->sid, &context,
2835 &size);
2836 else
2837 error = security_sid_to_context(isec->sid, &context, &size);
2838 if (error)
2839 return error;
2840 error = size;
2841 if (alloc) {
2842 *buffer = context;
2843 goto out_nofree;
2844 }
2845 kfree(context);
2846out_nofree:
2847 return error;
2848}
2849
2850static int selinux_inode_setsecurity(struct inode *inode, const char *name,
2851 const void *value, size_t size, int flags)
2852{
2853 struct inode_security_struct *isec = inode->i_security;
2854 u32 newsid;
2855 int rc;
2856
2857 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2858 return -EOPNOTSUPP;
2859
2860 if (!value || !size)
2861 return -EACCES;
2862
2863 rc = security_context_to_sid((void *)value, size, &newsid);
2864 if (rc)
2865 return rc;
2866
2867 isec->sid = newsid;
2868 return 0;
2869}
2870
2871static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
2872{
2873 const int len = sizeof(XATTR_NAME_SELINUX);
2874 if (buffer && len <= buffer_size)
2875 memcpy(buffer, XATTR_NAME_SELINUX, len);
2876 return len;
2877}
2878
2879static int selinux_inode_need_killpriv(struct dentry *dentry)
2880{
2881 return secondary_ops->inode_need_killpriv(dentry);
2882}
2883
2884static int selinux_inode_killpriv(struct dentry *dentry)
2885{
2886 return secondary_ops->inode_killpriv(dentry);
2887}
2888
2889static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
2890{
2891 struct inode_security_struct *isec = inode->i_security;
2892 *secid = isec->sid;
2893}
2894
2895
2896
2897static int selinux_revalidate_file_permission(struct file *file, int mask)
2898{
2899 int rc;
2900 struct inode *inode = file->f_path.dentry->d_inode;
2901
2902 if (!mask) {
2903
2904 return 0;
2905 }
2906
2907
2908 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
2909 mask |= MAY_APPEND;
2910
2911 rc = file_has_perm(current, file,
2912 file_mask_to_av(inode->i_mode, mask));
2913 if (rc)
2914 return rc;
2915
2916 return selinux_netlbl_inode_permission(inode, mask);
2917}
2918
2919static int selinux_file_permission(struct file *file, int mask)
2920{
2921 struct inode *inode = file->f_path.dentry->d_inode;
2922 struct task_security_struct *tsec = current->security;
2923 struct file_security_struct *fsec = file->f_security;
2924 struct inode_security_struct *isec = inode->i_security;
2925
2926 if (!mask) {
2927
2928 return 0;
2929 }
2930
2931 if (tsec->sid == fsec->sid && fsec->isid == isec->sid
2932 && fsec->pseqno == avc_policy_seqno())
2933 return selinux_netlbl_inode_permission(inode, mask);
2934
2935 return selinux_revalidate_file_permission(file, mask);
2936}
2937
2938static int selinux_file_alloc_security(struct file *file)
2939{
2940 return file_alloc_security(file);
2941}
2942
2943static void selinux_file_free_security(struct file *file)
2944{
2945 file_free_security(file);
2946}
2947
2948static int selinux_file_ioctl(struct file *file, unsigned int cmd,
2949 unsigned long arg)
2950{
2951 u32 av = 0;
2952
2953 if (_IOC_DIR(cmd) & _IOC_WRITE)
2954 av |= FILE__WRITE;
2955 if (_IOC_DIR(cmd) & _IOC_READ)
2956 av |= FILE__READ;
2957 if (!av)
2958 av = FILE__IOCTL;
2959
2960 return file_has_perm(current, file, av);
2961}
2962
2963static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
2964{
2965#ifndef CONFIG_PPC32
2966 if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
2967
2968
2969
2970
2971
2972 int rc = task_has_perm(current, current, PROCESS__EXECMEM);
2973 if (rc)
2974 return rc;
2975 }
2976#endif
2977
2978 if (file) {
2979
2980 u32 av = FILE__READ;
2981
2982
2983 if (shared && (prot & PROT_WRITE))
2984 av |= FILE__WRITE;
2985
2986 if (prot & PROT_EXEC)
2987 av |= FILE__EXECUTE;
2988
2989 return file_has_perm(current, file, av);
2990 }
2991 return 0;
2992}
2993
2994static int selinux_file_mmap(struct file *file, unsigned long reqprot,
2995 unsigned long prot, unsigned long flags,
2996 unsigned long addr, unsigned long addr_only)
2997{
2998 int rc = 0;
2999 u32 sid = ((struct task_security_struct *)(current->security))->sid;
3000
3001 if (addr < mmap_min_addr)
3002 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
3003 MEMPROTECT__MMAP_ZERO, NULL);
3004 if (rc || addr_only)
3005 return rc;
3006
3007 if (selinux_checkreqprot)
3008 prot = reqprot;
3009
3010 return file_map_prot_check(file, prot,
3011 (flags & MAP_TYPE) == MAP_SHARED);
3012}
3013
3014static int selinux_file_mprotect(struct vm_area_struct *vma,
3015 unsigned long reqprot,
3016 unsigned long prot)
3017{
3018 int rc;
3019
3020 rc = secondary_ops->file_mprotect(vma, reqprot, prot);
3021 if (rc)
3022 return rc;
3023
3024 if (selinux_checkreqprot)
3025 prot = reqprot;
3026
3027#ifndef CONFIG_PPC32
3028 if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3029 rc = 0;
3030 if (vma->vm_start >= vma->vm_mm->start_brk &&
3031 vma->vm_end <= vma->vm_mm->brk) {
3032 rc = task_has_perm(current, current,
3033 PROCESS__EXECHEAP);
3034 } else if (!vma->vm_file &&
3035 vma->vm_start <= vma->vm_mm->start_stack &&
3036 vma->vm_end >= vma->vm_mm->start_stack) {
3037 rc = task_has_perm(current, current, PROCESS__EXECSTACK);
3038 } else if (vma->vm_file && vma->anon_vma) {
3039
3040
3041
3042
3043
3044
3045
3046 rc = file_has_perm(current, vma->vm_file,
3047 FILE__EXECMOD);
3048 }
3049 if (rc)
3050 return rc;
3051 }
3052#endif
3053
3054 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3055}
3056
3057static int selinux_file_lock(struct file *file, unsigned int cmd)
3058{
3059 return file_has_perm(current, file, FILE__LOCK);
3060}
3061
3062static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3063 unsigned long arg)
3064{
3065 int err = 0;
3066
3067 switch (cmd) {
3068 case F_SETFL:
3069 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3070 err = -EINVAL;
3071 break;
3072 }
3073
3074 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3075 err = file_has_perm(current, file, FILE__WRITE);
3076 break;
3077 }
3078
3079 case F_SETOWN:
3080 case F_SETSIG:
3081 case F_GETFL:
3082 case F_GETOWN:
3083 case F_GETSIG:
3084
3085 err = file_has_perm(current, file, 0);
3086 break;
3087 case F_GETLK:
3088 case F_SETLK:
3089 case F_SETLKW:
3090#if BITS_PER_LONG == 32
3091 case F_GETLK64:
3092 case F_SETLK64:
3093 case F_SETLKW64:
3094#endif
3095 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3096 err = -EINVAL;
3097 break;
3098 }
3099 err = file_has_perm(current, file, FILE__LOCK);
3100 break;
3101 }
3102
3103 return err;
3104}
3105
3106static int selinux_file_set_fowner(struct file *file)
3107{
3108 struct task_security_struct *tsec;
3109 struct file_security_struct *fsec;
3110
3111 tsec = current->security;
3112 fsec = file->f_security;
3113 fsec->fown_sid = tsec->sid;
3114
3115 return 0;
3116}
3117
3118static int selinux_file_send_sigiotask(struct task_struct *tsk,
3119 struct fown_struct *fown, int signum)
3120{
3121 struct file *file;
3122 u32 perm;
3123 struct task_security_struct *tsec;
3124 struct file_security_struct *fsec;
3125
3126
3127 file = container_of(fown, struct file, f_owner);
3128
3129 tsec = tsk->security;
3130 fsec = file->f_security;
3131
3132 if (!signum)
3133 perm = signal_to_av(SIGIO);
3134 else
3135 perm = signal_to_av(signum);
3136
3137 return avc_has_perm(fsec->fown_sid, tsec->sid,
3138 SECCLASS_PROCESS, perm, NULL);
3139}
3140
3141static int selinux_file_receive(struct file *file)
3142{
3143 return file_has_perm(current, file, file_to_av(file));
3144}
3145
3146static int selinux_dentry_open(struct file *file)
3147{
3148 struct file_security_struct *fsec;
3149 struct inode *inode;
3150 struct inode_security_struct *isec;
3151 inode = file->f_path.dentry->d_inode;
3152 fsec = file->f_security;
3153 isec = inode->i_security;
3154
3155
3156
3157
3158
3159
3160
3161 fsec->isid = isec->sid;
3162 fsec->pseqno = avc_policy_seqno();
3163
3164
3165
3166
3167
3168
3169
3170
3171 return inode_has_perm(current, inode, file_to_av(file), NULL);
3172}
3173
3174
3175
3176static int selinux_task_create(unsigned long clone_flags)
3177{
3178 int rc;
3179
3180 rc = secondary_ops->task_create(clone_flags);
3181 if (rc)
3182 return rc;
3183
3184 return task_has_perm(current, current, PROCESS__FORK);
3185}
3186
3187static int selinux_task_alloc_security(struct task_struct *tsk)
3188{
3189 struct task_security_struct *tsec1, *tsec2;
3190 int rc;
3191
3192 tsec1 = current->security;
3193
3194 rc = task_alloc_security(tsk);
3195 if (rc)
3196 return rc;
3197 tsec2 = tsk->security;
3198
3199 tsec2->osid = tsec1->osid;
3200 tsec2->sid = tsec1->sid;
3201
3202
3203 tsec2->exec_sid = tsec1->exec_sid;
3204 tsec2->create_sid = tsec1->create_sid;
3205 tsec2->keycreate_sid = tsec1->keycreate_sid;
3206 tsec2->sockcreate_sid = tsec1->sockcreate_sid;
3207
3208 return 0;
3209}
3210
3211static void selinux_task_free_security(struct task_struct *tsk)
3212{
3213 task_free_security(tsk);
3214}
3215
3216static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
3217{
3218
3219
3220
3221
3222
3223
3224 return 0;
3225}
3226
3227static int selinux_task_post_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
3228{
3229 return secondary_ops->task_post_setuid(id0, id1, id2, flags);
3230}
3231
3232static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags)
3233{
3234
3235 return 0;
3236}
3237
3238static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
3239{
3240 return task_has_perm(current, p, PROCESS__SETPGID);
3241}
3242
3243static int selinux_task_getpgid(struct task_struct *p)
3244{
3245 return task_has_perm(current, p, PROCESS__GETPGID);
3246}
3247
3248static int selinux_task_getsid(struct task_struct *p)
3249{
3250 return task_has_perm(current, p, PROCESS__GETSESSION);
3251}
3252
3253static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
3254{
3255 struct task_security_struct *tsec = p->security;
3256 *secid = tsec->sid;
3257}
3258
3259static int selinux_task_setgroups(struct group_info *group_info)
3260{
3261
3262 return 0;
3263}
3264
3265static int selinux_task_setnice(struct task_struct *p, int nice)
3266{
3267 int rc;
3268
3269 rc = secondary_ops->task_setnice(p, nice);
3270 if (rc)
3271 return rc;
3272
3273 return task_has_perm(current, p, PROCESS__SETSCHED);
3274}
3275
3276static int selinux_task_setioprio(struct task_struct *p, int ioprio)
3277{
3278 int rc;
3279
3280 rc = secondary_ops->task_setioprio(p, ioprio);
3281 if (rc)
3282 return rc;
3283
3284 return task_has_perm(current, p, PROCESS__SETSCHED);
3285}
3286
3287static int selinux_task_getioprio(struct task_struct *p)
3288{
3289 return task_has_perm(current, p, PROCESS__GETSCHED);
3290}
3291
3292static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim)
3293{
3294 struct rlimit *old_rlim = current->signal->rlim + resource;
3295 int rc;
3296
3297 rc = secondary_ops->task_setrlimit(resource, new_rlim);
3298 if (rc)
3299 return rc;
3300
3301
3302
3303
3304
3305 if (old_rlim->rlim_max != new_rlim->rlim_max)
3306 return task_has_perm(current, current, PROCESS__SETRLIMIT);
3307
3308 return 0;
3309}
3310
3311static int selinux_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp)
3312{
3313 int rc;
3314
3315 rc = secondary_ops->task_setscheduler(p, policy, lp);
3316 if (rc)
3317 return rc;
3318
3319 return task_has_perm(current, p, PROCESS__SETSCHED);
3320}
3321
3322static int selinux_task_getscheduler(struct task_struct *p)
3323{
3324 return task_has_perm(current, p, PROCESS__GETSCHED);
3325}
3326
3327static int selinux_task_movememory(struct task_struct *p)
3328{
3329 return task_has_perm(current, p, PROCESS__SETSCHED);
3330}
3331
3332static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
3333 int sig, u32 secid)
3334{
3335 u32 perm;
3336 int rc;
3337 struct task_security_struct *tsec;
3338
3339 rc = secondary_ops->task_kill(p, info, sig, secid);
3340 if (rc)
3341 return rc;
3342
3343 if (!sig)
3344 perm = PROCESS__SIGNULL;
3345 else
3346 perm = signal_to_av(sig);
3347 tsec = p->security;
3348 if (secid)
3349 rc = avc_has_perm(secid, tsec->sid, SECCLASS_PROCESS, perm, NULL);
3350 else
3351 rc = task_has_perm(current, p, perm);
3352 return rc;
3353}
3354
3355static int selinux_task_prctl(int option,
3356 unsigned long arg2,
3357 unsigned long arg3,
3358 unsigned long arg4,
3359 unsigned long arg5,
3360 long *rc_p)
3361{
3362
3363
3364
3365 return secondary_ops->task_prctl(option, arg2, arg3, arg4, arg5, rc_p);
3366}
3367
3368static int selinux_task_wait(struct task_struct *p)
3369{
3370 return task_has_perm(p, current, PROCESS__SIGCHLD);
3371}
3372
3373static void selinux_task_reparent_to_init(struct task_struct *p)
3374{
3375 struct task_security_struct *tsec;
3376
3377 secondary_ops->task_reparent_to_init(p);
3378
3379 tsec = p->security;
3380 tsec->osid = tsec->sid;
3381 tsec->sid = SECINITSID_KERNEL;
3382 return;
3383}
3384
3385static void selinux_task_to_inode(struct task_struct *p,
3386 struct inode *inode)
3387{
3388 struct task_security_struct *tsec = p->security;
3389 struct inode_security_struct *isec = inode->i_security;
3390
3391 isec->sid = tsec->sid;
3392 isec->initialized = 1;
3393 return;
3394}
3395
3396
3397static int selinux_parse_skb_ipv4(struct sk_buff *skb,
3398 struct avc_audit_data *ad, u8 *proto)
3399{
3400 int offset, ihlen, ret = -EINVAL;
3401 struct iphdr _iph, *ih;
3402
3403 offset = skb_network_offset(skb);
3404 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
3405 if (ih == NULL)
3406 goto out;
3407
3408 ihlen = ih->ihl * 4;
3409 if (ihlen < sizeof(_iph))
3410 goto out;
3411
3412 ad->u.net.v4info.saddr = ih->saddr;
3413 ad->u.net.v4info.daddr = ih->daddr;
3414 ret = 0;
3415
3416 if (proto)
3417 *proto = ih->protocol;
3418
3419 switch (ih->protocol) {
3420 case IPPROTO_TCP: {
3421 struct tcphdr _tcph, *th;
3422
3423 if (ntohs(ih->frag_off) & IP_OFFSET)
3424 break;
3425
3426 offset += ihlen;
3427 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3428 if (th == NULL)
3429 break;
3430
3431 ad->u.net.sport = th->source;
3432 ad->u.net.dport = th->dest;
3433 break;
3434 }
3435
3436 case IPPROTO_UDP: {
3437 struct udphdr _udph, *uh;
3438
3439 if (ntohs(ih->frag_off) & IP_OFFSET)
3440 break;
3441
3442 offset += ihlen;
3443 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3444 if (uh == NULL)
3445 break;
3446
3447 ad->u.net.sport = uh->source;
3448 ad->u.net.dport = uh->dest;
3449 break;
3450 }
3451
3452 case IPPROTO_DCCP: {
3453 struct dccp_hdr _dccph, *dh;
3454
3455 if (ntohs(ih->frag_off) & IP_OFFSET)
3456 break;
3457
3458 offset += ihlen;
3459 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3460 if (dh == NULL)
3461 break;
3462
3463 ad->u.net.sport = dh->dccph_sport;
3464 ad->u.net.dport = dh->dccph_dport;
3465 break;
3466 }
3467
3468 default:
3469 break;
3470 }
3471out:
3472 return ret;
3473}
3474
3475#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3476
3477
3478static int selinux_parse_skb_ipv6(struct sk_buff *skb,
3479 struct avc_audit_data *ad, u8 *proto)
3480{
3481 u8 nexthdr;
3482 int ret = -EINVAL, offset;
3483 struct ipv6hdr _ipv6h, *ip6;
3484
3485 offset = skb_network_offset(skb);
3486 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3487 if (ip6 == NULL)
3488 goto out;
3489
3490 ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr);
3491 ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr);
3492 ret = 0;
3493
3494 nexthdr = ip6->nexthdr;
3495 offset += sizeof(_ipv6h);
3496 offset = ipv6_skip_exthdr(skb, offset, &nexthdr);
3497 if (offset < 0)
3498 goto out;
3499
3500 if (proto)
3501 *proto = nexthdr;
3502
3503 switch (nexthdr) {
3504 case IPPROTO_TCP: {
3505 struct tcphdr _tcph, *th;
3506
3507 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3508 if (th == NULL)
3509 break;
3510
3511 ad->u.net.sport = th->source;
3512 ad->u.net.dport = th->dest;
3513 break;
3514 }
3515
3516 case IPPROTO_UDP: {
3517 struct udphdr _udph, *uh;
3518
3519 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3520 if (uh == NULL)
3521 break;
3522
3523 ad->u.net.sport = uh->source;
3524 ad->u.net.dport = uh->dest;
3525 break;
3526 }
3527
3528 case IPPROTO_DCCP: {
3529 struct dccp_hdr _dccph, *dh;
3530
3531 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3532 if (dh == NULL)
3533 break;
3534
3535 ad->u.net.sport = dh->dccph_sport;
3536 ad->u.net.dport = dh->dccph_dport;
3537 break;
3538 }
3539
3540
3541 default:
3542 break;
3543 }
3544out:
3545 return ret;
3546}
3547
3548#endif
3549
3550static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad,
3551 char **addrp, int src, u8 *proto)
3552{
3553 int ret = 0;
3554
3555 switch (ad->u.net.family) {
3556 case PF_INET:
3557 ret = selinux_parse_skb_ipv4(skb, ad, proto);
3558 if (ret || !addrp)
3559 break;
3560 *addrp = (char *)(src ? &ad->u.net.v4info.saddr :
3561 &ad->u.net.v4info.daddr);
3562 break;
3563
3564#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3565 case PF_INET6:
3566 ret = selinux_parse_skb_ipv6(skb, ad, proto);
3567 if (ret || !addrp)
3568 break;
3569 *addrp = (char *)(src ? &ad->u.net.v6info.saddr :
3570 &ad->u.net.v6info.daddr);
3571 break;
3572#endif
3573 default:
3574 break;
3575 }
3576
3577 if (unlikely(ret))
3578 printk(KERN_WARNING
3579 "SELinux: failure in selinux_parse_skb(),"
3580 " unable to parse packet\n");
3581
3582 return ret;
3583}
3584
3585
3586
3587
3588
3589
3590
3591
3592
3593
3594
3595
3596
3597
3598
3599
3600static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
3601{
3602 int err;
3603 u32 xfrm_sid;
3604 u32 nlbl_sid;
3605 u32 nlbl_type;
3606
3607 selinux_skb_xfrm_sid(skb, &xfrm_sid);
3608 selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
3609
3610 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
3611 if (unlikely(err)) {
3612 printk(KERN_WARNING
3613 "SELinux: failure in selinux_skb_peerlbl_sid(),"
3614 " unable to determine packet's peer label\n");
3615 return -EACCES;
3616 }
3617
3618 return 0;
3619}
3620
3621
3622static int socket_has_perm(struct task_struct *task, struct socket *sock,
3623 u32 perms)
3624{
3625 struct inode_security_struct *isec;
3626 struct task_security_struct *tsec;
3627 struct avc_audit_data ad;
3628 int err = 0;
3629
3630 tsec = task->security;
3631 isec = SOCK_INODE(sock)->i_security;
3632
3633 if (isec->sid == SECINITSID_KERNEL)
3634 goto out;
3635
3636 AVC_AUDIT_DATA_INIT(&ad, NET);
3637 ad.u.net.sk = sock->sk;
3638 err = avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad);
3639
3640out:
3641 return err;
3642}
3643
3644static int selinux_socket_create(int family, int type,
3645 int protocol, int kern)
3646{
3647 int err = 0;
3648 struct task_security_struct *tsec;
3649 u32 newsid;
3650
3651 if (kern)
3652 goto out;
3653
3654 tsec = current->security;
3655 newsid = tsec->sockcreate_sid ? : tsec->sid;
3656 err = avc_has_perm(tsec->sid, newsid,
3657 socket_type_to_security_class(family, type,
3658 protocol), SOCKET__CREATE, NULL);
3659
3660out:
3661 return err;
3662}
3663
3664static int selinux_socket_post_create(struct socket *sock, int family,
3665 int type, int protocol, int kern)
3666{
3667 int err = 0;
3668 struct inode_security_struct *isec;
3669 struct task_security_struct *tsec;
3670 struct sk_security_struct *sksec;
3671 u32 newsid;
3672
3673 isec = SOCK_INODE(sock)->i_security;
3674
3675 tsec = current->security;
3676 newsid = tsec->sockcreate_sid ? : tsec->sid;
3677 isec->sclass = socket_type_to_security_class(family, type, protocol);
3678 isec->sid = kern ? SECINITSID_KERNEL : newsid;
3679 isec->initialized = 1;
3680
3681 if (sock->sk) {
3682 sksec = sock->sk->sk_security;
3683 sksec->sid = isec->sid;
3684 sksec->sclass = isec->sclass;
3685 err = selinux_netlbl_socket_post_create(sock);
3686 }
3687
3688 return err;
3689}
3690
3691
3692
3693
3694
3695static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
3696{
3697 u16 family;
3698 int err;
3699
3700 err = socket_has_perm(current, sock, SOCKET__BIND);
3701 if (err)
3702 goto out;
3703
3704
3705
3706
3707
3708
3709 family = sock->sk->sk_family;
3710 if (family == PF_INET || family == PF_INET6) {
3711 char *addrp;
3712 struct inode_security_struct *isec;
3713 struct task_security_struct *tsec;
3714 struct avc_audit_data ad;
3715 struct sockaddr_in *addr4 = NULL;
3716 struct sockaddr_in6 *addr6 = NULL;
3717 unsigned short snum;
3718 struct sock *sk = sock->sk;
3719 u32 sid, node_perm;
3720
3721 tsec = current->security;
3722 isec = SOCK_INODE(sock)->i_security;
3723
3724 if (family == PF_INET) {
3725 addr4 = (struct sockaddr_in *)address;
3726 snum = ntohs(addr4->sin_port);
3727 addrp = (char *)&addr4->sin_addr.s_addr;
3728 } else {
3729 addr6 = (struct sockaddr_in6 *)address;
3730 snum = ntohs(addr6->sin6_port);
3731 addrp = (char *)&addr6->sin6_addr.s6_addr;
3732 }
3733
3734 if (snum) {
3735 int low, high;
3736
3737 inet_get_local_port_range(&low, &high);
3738
3739 if (snum < max(PROT_SOCK, low) || snum > high) {
3740 err = sel_netport_sid(sk->sk_protocol,
3741 snum, &sid);
3742 if (err)
3743 goto out;
3744 AVC_AUDIT_DATA_INIT(&ad, NET);
3745 ad.u.net.sport = htons(snum);
3746 ad.u.net.family = family;
3747 err = avc_has_perm(isec->sid, sid,
3748 isec->sclass,
3749 SOCKET__NAME_BIND, &ad);
3750 if (err)
3751 goto out;
3752 }
3753 }
3754
3755 switch (isec->sclass) {
3756 case SECCLASS_TCP_SOCKET:
3757 node_perm = TCP_SOCKET__NODE_BIND;
3758 break;
3759
3760 case SECCLASS_UDP_SOCKET:
3761 node_perm = UDP_SOCKET__NODE_BIND;
3762 break;
3763
3764 case SECCLASS_DCCP_SOCKET:
3765 node_perm = DCCP_SOCKET__NODE_BIND;
3766 break;
3767
3768 default:
3769 node_perm = RAWIP_SOCKET__NODE_BIND;
3770 break;
3771 }
3772
3773 err = sel_netnode_sid(addrp, family, &sid);
3774 if (err)
3775 goto out;
3776
3777 AVC_AUDIT_DATA_INIT(&ad, NET);
3778 ad.u.net.sport = htons(snum);
3779 ad.u.net.family = family;
3780
3781 if (family == PF_INET)
3782 ad.u.net.v4info.saddr = addr4->sin_addr.s_addr;
3783 else
3784 ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr);
3785
3786 err = avc_has_perm(isec->sid, sid,
3787 isec->sclass, node_perm, &ad);
3788 if (err)
3789 goto out;
3790 }
3791out:
3792 return err;
3793}
3794
3795static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
3796{
3797 struct inode_security_struct *isec;
3798 int err;
3799
3800 err = socket_has_perm(current, sock, SOCKET__CONNECT);
3801 if (err)
3802 return err;
3803
3804
3805
3806
3807 isec = SOCK_INODE(sock)->i_security;
3808 if (isec->sclass == SECCLASS_TCP_SOCKET ||
3809 isec->sclass == SECCLASS_DCCP_SOCKET) {
3810 struct sock *sk = sock->sk;
3811 struct avc_audit_data ad;
3812 struct sockaddr_in *addr4 = NULL;
3813 struct sockaddr_in6 *addr6 = NULL;
3814 unsigned short snum;
3815 u32 sid, perm;
3816
3817 if (sk->sk_family == PF_INET) {
3818 addr4 = (struct sockaddr_in *)address;
3819 if (addrlen < sizeof(struct sockaddr_in))
3820 return -EINVAL;
3821 snum = ntohs(addr4->sin_port);
3822 } else {
3823 addr6 = (struct sockaddr_in6 *)address;
3824 if (addrlen < SIN6_LEN_RFC2133)
3825 return -EINVAL;
3826 snum = ntohs(addr6->sin6_port);
3827 }
3828
3829 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
3830 if (err)
3831 goto out;
3832
3833 perm = (isec->sclass == SECCLASS_TCP_SOCKET) ?
3834 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
3835
3836 AVC_AUDIT_DATA_INIT(&ad, NET);
3837 ad.u.net.dport = htons(snum);
3838 ad.u.net.family = sk->sk_family;
3839 err = avc_has_perm(isec->sid, sid, isec->sclass, perm, &ad);
3840 if (err)
3841 goto out;
3842 }
3843
3844out:
3845 return err;
3846}
3847
3848static int selinux_socket_listen(struct socket *sock, int backlog)
3849{
3850 return socket_has_perm(current, sock, SOCKET__LISTEN);
3851}
3852
3853static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
3854{
3855 int err;
3856 struct inode_security_struct *isec;
3857 struct inode_security_struct *newisec;
3858
3859 err = socket_has_perm(current, sock, SOCKET__ACCEPT);
3860 if (err)
3861 return err;
3862
3863 newisec = SOCK_INODE(newsock)->i_security;
3864
3865 isec = SOCK_INODE(sock)->i_security;
3866 newisec->sclass = isec->sclass;
3867 newisec->sid = isec->sid;
3868 newisec->initialized = 1;
3869
3870 return 0;
3871}
3872
3873static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3874 int size)
3875{
3876 int rc;
3877
3878 rc = socket_has_perm(current, sock, SOCKET__WRITE);
3879 if (rc)
3880 return rc;
3881
3882 return selinux_netlbl_inode_permission(SOCK_INODE(sock), MAY_WRITE);
3883}
3884
3885static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
3886 int size, int flags)
3887{
3888 return socket_has_perm(current, sock, SOCKET__READ);
3889}
3890
3891static int selinux_socket_getsockname(struct socket *sock)
3892{
3893 return socket_has_perm(current, sock, SOCKET__GETATTR);
3894}
3895
3896static int selinux_socket_getpeername(struct socket *sock)
3897{
3898 return socket_has_perm(current, sock, SOCKET__GETATTR);
3899}
3900
3901static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
3902{
3903 int err;
3904
3905 err = socket_has_perm(current, sock, SOCKET__SETOPT);
3906 if (err)
3907 return err;
3908
3909 return selinux_netlbl_socket_setsockopt(sock, level, optname);
3910}
3911
3912static int selinux_socket_getsockopt(struct socket *sock, int level,
3913 int optname)
3914{
3915 return socket_has_perm(current, sock, SOCKET__GETOPT);
3916}
3917
3918static int selinux_socket_shutdown(struct socket *sock, int how)
3919{
3920 return socket_has_perm(current, sock, SOCKET__SHUTDOWN);
3921}
3922
3923static int selinux_socket_unix_stream_connect(struct socket *sock,
3924 struct socket *other,
3925 struct sock *newsk)
3926{
3927 struct sk_security_struct *ssec;
3928 struct inode_security_struct *isec;
3929 struct inode_security_struct *other_isec;
3930 struct avc_audit_data ad;
3931 int err;
3932
3933 err = secondary_ops->unix_stream_connect(sock, other, newsk);
3934 if (err)
3935 return err;
3936
3937 isec = SOCK_INODE(sock)->i_security;
3938 other_isec = SOCK_INODE(other)->i_security;
3939
3940 AVC_AUDIT_DATA_INIT(&ad, NET);
3941 ad.u.net.sk = other->sk;
3942
3943 err = avc_has_perm(isec->sid, other_isec->sid,
3944 isec->sclass,
3945 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
3946 if (err)
3947 return err;
3948
3949
3950 ssec = sock->sk->sk_security;
3951 ssec->peer_sid = other_isec->sid;
3952
3953
3954 ssec = newsk->sk_security;
3955 ssec->peer_sid = isec->sid;
3956 err = security_sid_mls_copy(other_isec->sid, ssec->peer_sid, &ssec->sid);
3957
3958 return err;
3959}
3960
3961static int selinux_socket_unix_may_send(struct socket *sock,
3962 struct socket *other)
3963{
3964 struct inode_security_struct *isec;
3965 struct inode_security_struct *other_isec;
3966 struct avc_audit_data ad;
3967 int err;
3968
3969 isec = SOCK_INODE(sock)->i_security;
3970 other_isec = SOCK_INODE(other)->i_security;
3971
3972 AVC_AUDIT_DATA_INIT(&ad, NET);
3973 ad.u.net.sk = other->sk;
3974
3975 err = avc_has_perm(isec->sid, other_isec->sid,
3976 isec->sclass, SOCKET__SENDTO, &ad);
3977 if (err)
3978 return err;
3979
3980 return 0;
3981}
3982
3983static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family,
3984 u32 peer_sid,
3985 struct avc_audit_data *ad)
3986{
3987 int err;
3988 u32 if_sid;
3989 u32 node_sid;
3990
3991 err = sel_netif_sid(ifindex, &if_sid);
3992 if (err)
3993 return err;
3994 err = avc_has_perm(peer_sid, if_sid,
3995 SECCLASS_NETIF, NETIF__INGRESS, ad);
3996 if (err)
3997 return err;
3998
3999 err = sel_netnode_sid(addrp, family, &node_sid);
4000 if (err)
4001 return err;
4002 return avc_has_perm(peer_sid, node_sid,
4003 SECCLASS_NODE, NODE__RECVFROM, ad);
4004}
4005
4006static int selinux_sock_rcv_skb_iptables_compat(struct sock *sk,
4007 struct sk_buff *skb,
4008 struct avc_audit_data *ad,
4009 u16 family,
4010 char *addrp)
4011{
4012 int err;
4013 struct sk_security_struct *sksec = sk->sk_security;
4014 u16 sk_class;
4015 u32 netif_perm, node_perm, recv_perm;
4016 u32 port_sid, node_sid, if_sid, sk_sid;
4017
4018 sk_sid = sksec->sid;
4019 sk_class = sksec->sclass;
4020
4021 switch (sk_class) {
4022 case SECCLASS_UDP_SOCKET:
4023 netif_perm = NETIF__UDP_RECV;
4024 node_perm = NODE__UDP_RECV;
4025 recv_perm = UDP_SOCKET__RECV_MSG;
4026 break;
4027 case SECCLASS_TCP_SOCKET:
4028 netif_perm = NETIF__TCP_RECV;
4029 node_perm = NODE__TCP_RECV;
4030 recv_perm = TCP_SOCKET__RECV_MSG;
4031 break;
4032 case SECCLASS_DCCP_SOCKET:
4033 netif_perm = NETIF__DCCP_RECV;
4034 node_perm = NODE__DCCP_RECV;
4035 recv_perm = DCCP_SOCKET__RECV_MSG;
4036 break;
4037 default:
4038 netif_perm = NETIF__RAWIP_RECV;
4039 node_perm = NODE__RAWIP_RECV;
4040 recv_perm = 0;
4041 break;
4042 }
4043
4044 err = sel_netif_sid(skb->iif, &if_sid);
4045 if (err)
4046 return err;
4047 err = avc_has_perm(sk_sid, if_sid, SECCLASS_NETIF, netif_perm, ad);
4048 if (err)
4049 return err;
4050
4051 err = sel_netnode_sid(addrp, family, &node_sid);
4052 if (err)
4053 return err;
4054 err = avc_has_perm(sk_sid, node_sid, SECCLASS_NODE, node_perm, ad);
4055 if (err)
4056 return err;
4057
4058 if (!recv_perm)
4059 return 0;
4060 err = sel_netport_sid(sk->sk_protocol,
4061 ntohs(ad->u.net.sport), &port_sid);
4062 if (unlikely(err)) {
4063 printk(KERN_WARNING
4064 "SELinux: failure in"
4065 " selinux_sock_rcv_skb_iptables_compat(),"
4066 " network port label not found\n");
4067 return err;
4068 }
4069 return avc_has_perm(sk_sid, port_sid, sk_class, recv_perm, ad);
4070}
4071
4072static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4073 struct avc_audit_data *ad,
4074 u16 family, char *addrp)
4075{
4076 int err;
4077 struct sk_security_struct *sksec = sk->sk_security;
4078 u32 peer_sid;
4079 u32 sk_sid = sksec->sid;
4080
4081 if (selinux_compat_net)
4082 err = selinux_sock_rcv_skb_iptables_compat(sk, skb, ad,
4083 family, addrp);
4084 else
4085 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4086 PACKET__RECV, ad);
4087 if (err)
4088 return err;
4089
4090 if (selinux_policycap_netpeer) {
4091 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4092 if (err)
4093 return err;
4094 err = avc_has_perm(sk_sid, peer_sid,
4095 SECCLASS_PEER, PEER__RECV, ad);
4096 } else {
4097 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, ad);
4098 if (err)
4099 return err;
4100 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, ad);
4101 }
4102
4103 return err;
4104}
4105
4106static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4107{
4108 int err;
4109 struct sk_security_struct *sksec = sk->sk_security;
4110 u16 family = sk->sk_family;
4111 u32 sk_sid = sksec->sid;
4112 struct avc_audit_data ad;
4113 char *addrp;
4114
4115 if (family != PF_INET && family != PF_INET6)
4116 return 0;
4117
4118
4119 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4120 family = PF_INET;
4121
4122 AVC_AUDIT_DATA_INIT(&ad, NET);
4123 ad.u.net.netif = skb->iif;
4124 ad.u.net.family = family;
4125 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4126 if (err)
4127 return err;
4128
4129
4130
4131
4132
4133 if (selinux_compat_net || !selinux_policycap_netpeer)
4134 return selinux_sock_rcv_skb_compat(sk, skb, &ad,
4135 family, addrp);
4136
4137 if (netlbl_enabled() || selinux_xfrm_enabled()) {
4138 u32 peer_sid;
4139
4140 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4141 if (err)
4142 return err;
4143 err = selinux_inet_sys_rcv_skb(skb->iif, addrp, family,
4144 peer_sid, &ad);
4145 if (err)
4146 return err;
4147 err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
4148 PEER__RECV, &ad);
4149 }
4150
4151 if (selinux_secmark_enabled()) {
4152 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4153 PACKET__RECV, &ad);
4154 if (err)
4155 return err;
4156 }
4157
4158 return err;
4159}
4160
4161static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
4162 int __user *optlen, unsigned len)
4163{
4164 int err = 0;
4165 char *scontext;
4166 u32 scontext_len;
4167 struct sk_security_struct *ssec;
4168 struct inode_security_struct *isec;
4169 u32 peer_sid = SECSID_NULL;
4170
4171 isec = SOCK_INODE(sock)->i_security;
4172
4173 if (isec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
4174 isec->sclass == SECCLASS_TCP_SOCKET) {
4175 ssec = sock->sk->sk_security;
4176 peer_sid = ssec->peer_sid;
4177 }
4178 if (peer_sid == SECSID_NULL) {
4179 err = -ENOPROTOOPT;
4180 goto out;
4181 }
4182
4183 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
4184
4185 if (err)
4186 goto out;
4187
4188 if (scontext_len > len) {
4189 err = -ERANGE;
4190 goto out_len;
4191 }
4192
4193 if (copy_to_user(optval, scontext, scontext_len))
4194 err = -EFAULT;
4195
4196out_len:
4197 if (put_user(scontext_len, optlen))
4198 err = -EFAULT;
4199
4200 kfree(scontext);
4201out:
4202 return err;
4203}
4204
4205static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
4206{
4207 u32 peer_secid = SECSID_NULL;
4208 u16 family;
4209
4210 if (sock)
4211 family = sock->sk->sk_family;
4212 else if (skb && skb->sk)
4213 family = skb->sk->sk_family;
4214 else
4215 goto out;
4216
4217 if (sock && family == PF_UNIX)
4218 selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
4219 else if (skb)
4220 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
4221
4222out:
4223 *secid = peer_secid;
4224 if (peer_secid == SECSID_NULL)
4225 return -EINVAL;
4226 return 0;
4227}
4228
4229static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
4230{
4231 return sk_alloc_security(sk, family, priority);
4232}
4233
4234static void selinux_sk_free_security(struct sock *sk)
4235{
4236 sk_free_security(sk);
4237}
4238
4239static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
4240{
4241 struct sk_security_struct *ssec = sk->sk_security;
4242 struct sk_security_struct *newssec = newsk->sk_security;
4243
4244 newssec->sid = ssec->sid;
4245 newssec->peer_sid = ssec->peer_sid;
4246 newssec->sclass = ssec->sclass;
4247
4248 selinux_netlbl_sk_security_reset(newssec, newsk->sk_family);
4249}
4250
4251static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
4252{
4253 if (!sk)
4254 *secid = SECINITSID_ANY_SOCKET;
4255 else {
4256 struct sk_security_struct *sksec = sk->sk_security;
4257
4258 *secid = sksec->sid;
4259 }
4260}
4261
4262static void selinux_sock_graft(struct sock *sk, struct socket *parent)
4263{
4264 struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
4265 struct sk_security_struct *sksec = sk->sk_security;
4266
4267 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
4268 sk->sk_family == PF_UNIX)
4269 isec->sid = sksec->sid;
4270 sksec->sclass = isec->sclass;
4271
4272 selinux_netlbl_sock_graft(sk, parent);
4273}
4274
4275static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4276 struct request_sock *req)
4277{
4278 struct sk_security_struct *sksec = sk->sk_security;
4279 int err;
4280 u32 newsid;
4281 u32 peersid;
4282
4283 err = selinux_skb_peerlbl_sid(skb, sk->sk_family, &peersid);
4284 if (err)
4285 return err;
4286 if (peersid == SECSID_NULL) {
4287 req->secid = sksec->sid;
4288 req->peer_secid = SECSID_NULL;
4289 return 0;
4290 }
4291
4292 err = security_sid_mls_copy(sksec->sid, peersid, &newsid);
4293 if (err)
4294 return err;
4295
4296 req->secid = newsid;
4297 req->peer_secid = peersid;
4298 return 0;
4299}
4300
4301static void selinux_inet_csk_clone(struct sock *newsk,
4302 const struct request_sock *req)
4303{
4304 struct sk_security_struct *newsksec = newsk->sk_security;
4305
4306 newsksec->sid = req->secid;
4307 newsksec->peer_sid = req->peer_secid;
4308
4309
4310
4311
4312
4313
4314
4315 selinux_netlbl_sk_security_reset(newsksec, req->rsk_ops->family);
4316}
4317
4318static void selinux_inet_conn_established(struct sock *sk,
4319 struct sk_buff *skb)
4320{
4321 struct sk_security_struct *sksec = sk->sk_security;
4322
4323 selinux_skb_peerlbl_sid(skb, sk->sk_family, &sksec->peer_sid);
4324}
4325
4326static void selinux_req_classify_flow(const struct request_sock *req,
4327 struct flowi *fl)
4328{
4329 fl->secid = req->secid;
4330}
4331
4332static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
4333{
4334 int err = 0;
4335 u32 perm;
4336 struct nlmsghdr *nlh;
4337 struct socket *sock = sk->sk_socket;
4338 struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;
4339
4340 if (skb->len < NLMSG_SPACE(0)) {
4341 err = -EINVAL;
4342 goto out;
4343 }
4344 nlh = nlmsg_hdr(skb);
4345
4346 err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
4347 if (err) {
4348 if (err == -EINVAL) {
4349 audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR,
4350 "SELinux: unrecognized netlink message"
4351 " type=%hu for sclass=%hu\n",
4352 nlh->nlmsg_type, isec->sclass);
4353 if (!selinux_enforcing)
4354 err = 0;
4355 }
4356
4357
4358 if (err == -ENOENT)
4359 err = 0;
4360 goto out;
4361 }
4362
4363 err = socket_has_perm(current, sock, perm);
4364out:
4365 return err;
4366}
4367
4368#ifdef CONFIG_NETFILTER
4369
4370static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
4371 u16 family)
4372{
4373 char *addrp;
4374 u32 peer_sid;
4375 struct avc_audit_data ad;
4376 u8 secmark_active;
4377 u8 peerlbl_active;
4378
4379 if (!selinux_policycap_netpeer)
4380 return NF_ACCEPT;
4381
4382 secmark_active = selinux_secmark_enabled();
4383 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4384 if (!secmark_active && !peerlbl_active)
4385 return NF_ACCEPT;
4386
4387 AVC_AUDIT_DATA_INIT(&ad, NET);
4388 ad.u.net.netif = ifindex;
4389 ad.u.net.family = family;
4390 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
4391 return NF_DROP;
4392
4393 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
4394 return NF_DROP;
4395
4396 if (peerlbl_active)
4397 if (selinux_inet_sys_rcv_skb(ifindex, addrp, family,
4398 peer_sid, &ad) != 0)
4399 return NF_DROP;
4400
4401 if (secmark_active)
4402 if (avc_has_perm(peer_sid, skb->secmark,
4403 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
4404 return NF_DROP;
4405
4406 return NF_ACCEPT;
4407}
4408
4409static unsigned int selinux_ipv4_forward(unsigned int hooknum,
4410 struct sk_buff *skb,
4411 const struct net_device *in,
4412 const struct net_device *out,
4413 int (*okfn)(struct sk_buff *))
4414{
4415 return selinux_ip_forward(skb, in->ifindex, PF_INET);
4416}
4417
4418#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4419static unsigned int selinux_ipv6_forward(unsigned int hooknum,
4420 struct sk_buff *skb,
4421 const struct net_device *in,
4422 const struct net_device *out,
4423 int (*okfn)(struct sk_buff *))
4424{
4425 return selinux_ip_forward(skb, in->ifindex, PF_INET6);
4426}
4427#endif
4428
4429static int selinux_ip_postroute_iptables_compat(struct sock *sk,
4430 int ifindex,
4431 struct avc_audit_data *ad,
4432 u16 family, char *addrp)
4433{
4434 int err;
4435 struct sk_security_struct *sksec = sk->sk_security;
4436 u16 sk_class;
4437 u32 netif_perm, node_perm, send_perm;
4438 u32 port_sid, node_sid, if_sid, sk_sid;
4439
4440 sk_sid = sksec->sid;
4441 sk_class = sksec->sclass;
4442
4443 switch (sk_class) {
4444 case SECCLASS_UDP_SOCKET:
4445 netif_perm = NETIF__UDP_SEND;
4446 node_perm = NODE__UDP_SEND;
4447 send_perm = UDP_SOCKET__SEND_MSG;
4448 break;
4449 case SECCLASS_TCP_SOCKET:
4450 netif_perm = NETIF__TCP_SEND;
4451 node_perm = NODE__TCP_SEND;
4452 send_perm = TCP_SOCKET__SEND_MSG;
4453 break;
4454 case SECCLASS_DCCP_SOCKET:
4455 netif_perm = NETIF__DCCP_SEND;
4456 node_perm = NODE__DCCP_SEND;
4457 send_perm = DCCP_SOCKET__SEND_MSG;
4458 break;
4459 default:
4460 netif_perm = NETIF__RAWIP_SEND;
4461 node_perm = NODE__RAWIP_SEND;
4462 send_perm = 0;
4463 break;
4464 }
4465
4466 err = sel_netif_sid(ifindex, &if_sid);
4467 if (err)
4468 return err;
4469 err = avc_has_perm(sk_sid, if_sid, SECCLASS_NETIF, netif_perm, ad);
4470 if (err)
4471 return err;
4472
4473 err = sel_netnode_sid(addrp, family, &node_sid);
4474 if (err)
4475 return err;
4476 err = avc_has_perm(sk_sid, node_sid, SECCLASS_NODE, node_perm, ad);
4477 if (err)
4478 return err;
4479
4480 if (!send_perm)
4481 return 0;
4482
4483 err = sel_netport_sid(sk->sk_protocol,
4484 ntohs(ad->u.net.dport), &port_sid);
4485 if (unlikely(err)) {
4486 printk(KERN_WARNING
4487 "SELinux: failure in"
4488 " selinux_ip_postroute_iptables_compat(),"
4489 " network port label not found\n");
4490 return err;
4491 }
4492 return avc_has_perm(sk_sid, port_sid, sk_class, send_perm, ad);
4493}
4494
4495static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4496 int ifindex,
4497 struct avc_audit_data *ad,
4498 u16 family,
4499 char *addrp,
4500 u8 proto)
4501{
4502 struct sock *sk = skb->sk;
4503 struct sk_security_struct *sksec;
4504
4505 if (sk == NULL)
4506 return NF_ACCEPT;
4507 sksec = sk->sk_security;
4508
4509 if (selinux_compat_net) {
4510 if (selinux_ip_postroute_iptables_compat(skb->sk, ifindex,
4511 ad, family, addrp))
4512 return NF_DROP;
4513 } else {
4514 if (avc_has_perm(sksec->sid, skb->secmark,
4515 SECCLASS_PACKET, PACKET__SEND, ad))
4516 return NF_DROP;
4517 }
4518
4519 if (selinux_policycap_netpeer)
4520 if (selinux_xfrm_postroute_last(sksec->sid, skb, ad, proto))
4521 return NF_DROP;
4522
4523 return NF_ACCEPT;
4524}
4525
4526static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4527 u16 family)
4528{
4529 u32 secmark_perm;
4530 u32 peer_sid;
4531 struct sock *sk;
4532 struct avc_audit_data ad;
4533 char *addrp;
4534 u8 proto;
4535 u8 secmark_active;
4536 u8 peerlbl_active;
4537
4538 AVC_AUDIT_DATA_INIT(&ad, NET);
4539 ad.u.net.netif = ifindex;
4540 ad.u.net.family = family;
4541 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
4542 return NF_DROP;
4543
4544
4545
4546
4547
4548 if (selinux_compat_net || !selinux_policycap_netpeer)
4549 return selinux_ip_postroute_compat(skb, ifindex, &ad,
4550 family, addrp, proto);
4551
4552
4553
4554
4555
4556
4557
4558 if (skb->dst != NULL && skb->dst->xfrm != NULL)
4559 return NF_ACCEPT;
4560
4561 secmark_active = selinux_secmark_enabled();
4562 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4563 if (!secmark_active && !peerlbl_active)
4564 return NF_ACCEPT;
4565
4566
4567
4568
4569
4570 sk = skb->sk;
4571 if (sk) {
4572 struct sk_security_struct *sksec = sk->sk_security;
4573 peer_sid = sksec->sid;
4574 secmark_perm = PACKET__SEND;
4575 } else {
4576 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
4577 return NF_DROP;
4578 secmark_perm = PACKET__FORWARD_OUT;
4579 }
4580
4581 if (secmark_active)
4582 if (avc_has_perm(peer_sid, skb->secmark,
4583 SECCLASS_PACKET, secmark_perm, &ad))
4584 return NF_DROP;
4585
4586 if (peerlbl_active) {
4587 u32 if_sid;
4588 u32 node_sid;
4589
4590 if (sel_netif_sid(ifindex, &if_sid))
4591 return NF_DROP;
4592 if (avc_has_perm(peer_sid, if_sid,
4593 SECCLASS_NETIF, NETIF__EGRESS, &ad))
4594 return NF_DROP;
4595
4596 if (sel_netnode_sid(addrp, family, &node_sid))
4597 return NF_DROP;
4598 if (avc_has_perm(peer_sid, node_sid,
4599 SECCLASS_NODE, NODE__SENDTO, &ad))
4600 return NF_DROP;
4601 }
4602
4603 return NF_ACCEPT;
4604}
4605
4606static unsigned int selinux_ipv4_postroute(unsigned int hooknum,
4607 struct sk_buff *skb,
4608 const struct net_device *in,
4609 const struct net_device *out,
4610 int (*okfn)(struct sk_buff *))
4611{
4612 return selinux_ip_postroute(skb, out->ifindex, PF_INET);
4613}
4614
4615#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4616static unsigned int selinux_ipv6_postroute(unsigned int hooknum,
4617 struct sk_buff *skb,
4618 const struct net_device *in,
4619 const struct net_device *out,
4620 int (*okfn)(struct sk_buff *))
4621{
4622 return selinux_ip_postroute(skb, out->ifindex, PF_INET6);
4623}
4624#endif
4625
4626#endif
4627
4628static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
4629{
4630 int err;
4631
4632 err = secondary_ops->netlink_send(sk, skb);
4633 if (err)
4634 return err;
4635
4636 if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS)
4637 err = selinux_nlmsg_perm(sk, skb);
4638
4639 return err;
4640}
4641
4642static int selinux_netlink_recv(struct sk_buff *skb, int capability)
4643{
4644 int err;
4645 struct avc_audit_data ad;
4646
4647 err = secondary_ops->netlink_recv(skb, capability);
4648 if (err)
4649 return err;
4650
4651 AVC_AUDIT_DATA_INIT(&ad, CAP);
4652 ad.u.cap = capability;
4653
4654 return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid,
4655 SECCLASS_CAPABILITY, CAP_TO_MASK(capability), &ad);
4656}
4657
4658static int ipc_alloc_security(struct task_struct *task,
4659 struct kern_ipc_perm *perm,
4660 u16 sclass)
4661{
4662 struct task_security_struct *tsec = task->security;
4663 struct ipc_security_struct *isec;
4664
4665 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
4666 if (!isec)
4667 return -ENOMEM;
4668
4669 isec->sclass = sclass;
4670 isec->sid = tsec->sid;
4671 perm->security = isec;
4672
4673 return 0;
4674}
4675
4676static void ipc_free_security(struct kern_ipc_perm *perm)
4677{
4678 struct ipc_security_struct *isec = perm->security;
4679 perm->security = NULL;
4680 kfree(isec);
4681}
4682
4683static int msg_msg_alloc_security(struct msg_msg *msg)
4684{
4685 struct msg_security_struct *msec;
4686
4687 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
4688 if (!msec)
4689 return -ENOMEM;
4690
4691 msec->sid = SECINITSID_UNLABELED;
4692 msg->security = msec;
4693
4694 return 0;
4695}
4696
4697static void msg_msg_free_security(struct msg_msg *msg)
4698{
4699 struct msg_security_struct *msec = msg->security;
4700
4701 msg->security = NULL;
4702 kfree(msec);
4703}
4704
4705static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
4706 u32 perms)
4707{
4708 struct task_security_struct *tsec;
4709 struct ipc_security_struct *isec;
4710 struct avc_audit_data ad;
4711
4712 tsec = current->security;
4713 isec = ipc_perms->security;
4714
4715 AVC_AUDIT_DATA_INIT(&ad, IPC);
4716 ad.u.ipc_id = ipc_perms->key;
4717
4718 return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad);
4719}
4720
4721static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
4722{
4723 return msg_msg_alloc_security(msg);
4724}
4725
4726static void selinux_msg_msg_free_security(struct msg_msg *msg)
4727{
4728 msg_msg_free_security(msg);
4729}
4730
4731
4732static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4733{
4734 struct task_security_struct *tsec;
4735 struct ipc_security_struct *isec;
4736 struct avc_audit_data ad;
4737 int rc;
4738
4739 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
4740 if (rc)
4741 return rc;
4742
4743 tsec = current->security;
4744 isec = msq->q_perm.security;
4745
4746 AVC_AUDIT_DATA_INIT(&ad, IPC);
4747 ad.u.ipc_id = msq->q_perm.key;
4748
4749 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
4750 MSGQ__CREATE, &ad);
4751 if (rc) {
4752 ipc_free_security(&msq->q_perm);
4753 return rc;
4754 }
4755 return 0;
4756}
4757
4758static void selinux_msg_queue_free_security(struct msg_queue *msq)
4759{
4760 ipc_free_security(&msq->q_perm);
4761}
4762
4763static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
4764{
4765 struct task_security_struct *tsec;
4766 struct ipc_security_struct *isec;
4767 struct avc_audit_data ad;
4768
4769 tsec = current->security;
4770 isec = msq->q_perm.security;
4771
4772 AVC_AUDIT_DATA_INIT(&ad, IPC);
4773 ad.u.ipc_id = msq->q_perm.key;
4774
4775 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
4776 MSGQ__ASSOCIATE, &ad);
4777}
4778
4779static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
4780{
4781 int err;
4782 int perms;
4783
4784 switch (cmd) {
4785 case IPC_INFO:
4786 case MSG_INFO:
4787
4788 return task_has_system(current, SYSTEM__IPC_INFO);
4789 case IPC_STAT:
4790 case MSG_STAT:
4791 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
4792 break;
4793 case IPC_SET:
4794 perms = MSGQ__SETATTR;
4795 break;
4796 case IPC_RMID:
4797 perms = MSGQ__DESTROY;
4798 break;
4799 default:
4800 return 0;
4801 }
4802
4803 err = ipc_has_perm(&msq->q_perm, perms);
4804 return err;
4805}
4806
4807static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
4808{
4809 struct task_security_struct *tsec;
4810 struct ipc_security_struct *isec;
4811 struct msg_security_struct *msec;
4812 struct avc_audit_data ad;
4813 int rc;
4814
4815 tsec = current->security;
4816 isec = msq->q_perm.security;
4817 msec = msg->security;
4818
4819
4820
4821
4822 if (msec->sid == SECINITSID_UNLABELED) {
4823
4824
4825
4826
4827 rc = security_transition_sid(tsec->sid,
4828 isec->sid,
4829 SECCLASS_MSG,
4830 &msec->sid);
4831 if (rc)
4832 return rc;
4833 }
4834
4835 AVC_AUDIT_DATA_INIT(&ad, IPC);
4836 ad.u.ipc_id = msq->q_perm.key;
4837
4838
4839 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
4840 MSGQ__WRITE, &ad);
4841 if (!rc)
4842
4843 rc = avc_has_perm(tsec->sid, msec->sid,
4844 SECCLASS_MSG, MSG__SEND, &ad);
4845 if (!rc)
4846
4847 rc = avc_has_perm(msec->sid, isec->sid,
4848 SECCLASS_MSGQ, MSGQ__ENQUEUE, &ad);
4849
4850 return rc;
4851}
4852
4853static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
4854 struct task_struct *target,
4855 long type, int mode)
4856{
4857 struct task_security_struct *tsec;
4858 struct ipc_security_struct *isec;
4859 struct msg_security_struct *msec;
4860 struct avc_audit_data ad;
4861 int rc;
4862
4863 tsec = target->security;
4864 isec = msq->q_perm.security;
4865 msec = msg->security;
4866
4867 AVC_AUDIT_DATA_INIT(&ad, IPC);
4868 ad.u.ipc_id = msq->q_perm.key;
4869
4870 rc = avc_has_perm(tsec->sid, isec->sid,
4871 SECCLASS_MSGQ, MSGQ__READ, &ad);
4872 if (!rc)
4873 rc = avc_has_perm(tsec->sid, msec->sid,
4874 SECCLASS_MSG, MSG__RECEIVE, &ad);
4875 return rc;
4876}
4877
4878
4879static int selinux_shm_alloc_security(struct shmid_kernel *shp)
4880{
4881 struct task_security_struct *tsec;
4882 struct ipc_security_struct *isec;
4883 struct avc_audit_data ad;
4884 int rc;
4885
4886 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
4887 if (rc)
4888 return rc;
4889
4890 tsec = current->security;
4891 isec = shp->shm_perm.security;
4892
4893 AVC_AUDIT_DATA_INIT(&ad, IPC);
4894 ad.u.ipc_id = shp->shm_perm.key;
4895
4896 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM,
4897 SHM__CREATE, &ad);
4898 if (rc) {
4899 ipc_free_security(&shp->shm_perm);
4900 return rc;
4901 }
4902 return 0;
4903}
4904
4905static void selinux_shm_free_security(struct shmid_kernel *shp)
4906{
4907 ipc_free_security(&shp->shm_perm);
4908}
4909
4910static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
4911{
4912 struct task_security_struct *tsec;
4913 struct ipc_security_struct *isec;
4914 struct avc_audit_data ad;
4915
4916 tsec = current->security;
4917 isec = shp->shm_perm.security;
4918
4919 AVC_AUDIT_DATA_INIT(&ad, IPC);
4920 ad.u.ipc_id = shp->shm_perm.key;
4921
4922 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM,
4923 SHM__ASSOCIATE, &ad);
4924}
4925
4926
4927static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
4928{
4929 int perms;
4930 int err;
4931
4932 switch (cmd) {
4933 case IPC_INFO:
4934 case SHM_INFO:
4935
4936 return task_has_system(current, SYSTEM__IPC_INFO);
4937 case IPC_STAT:
4938 case SHM_STAT:
4939 perms = SHM__GETATTR | SHM__ASSOCIATE;
4940 break;
4941 case IPC_SET:
4942 perms = SHM__SETATTR;
4943 break;
4944 case SHM_LOCK:
4945 case SHM_UNLOCK:
4946 perms = SHM__LOCK;
4947 break;
4948 case IPC_RMID:
4949 perms = SHM__DESTROY;
4950 break;
4951 default:
4952 return 0;
4953 }
4954
4955 err = ipc_has_perm(&shp->shm_perm, perms);
4956 return err;
4957}
4958
4959static int selinux_shm_shmat(struct shmid_kernel *shp,
4960 char __user *shmaddr, int shmflg)
4961{
4962 u32 perms;
4963 int rc;
4964
4965 rc = secondary_ops->shm_shmat(shp, shmaddr, shmflg);
4966 if (rc)
4967 return rc;
4968
4969 if (shmflg & SHM_RDONLY)
4970 perms = SHM__READ;
4971 else
4972 perms = SHM__READ | SHM__WRITE;
4973
4974 return ipc_has_perm(&shp->shm_perm, perms);
4975}
4976
4977
4978static int selinux_sem_alloc_security(struct sem_array *sma)
4979{
4980 struct task_security_struct *tsec;
4981 struct ipc_security_struct *isec;
4982 struct avc_audit_data ad;
4983 int rc;
4984
4985 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
4986 if (rc)
4987 return rc;
4988
4989 tsec = current->security;
4990 isec = sma->sem_perm.security;
4991
4992 AVC_AUDIT_DATA_INIT(&ad, IPC);
4993 ad.u.ipc_id = sma->sem_perm.key;
4994
4995 rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM,
4996 SEM__CREATE, &ad);
4997 if (rc) {
4998 ipc_free_security(&sma->sem_perm);
4999 return rc;
5000 }
5001 return 0;
5002}
5003
5004static void selinux_sem_free_security(struct sem_array *sma)
5005{
5006 ipc_free_security(&sma->sem_perm);
5007}
5008
5009static int selinux_sem_associate(struct sem_array *sma, int semflg)
5010{
5011 struct task_security_struct *tsec;
5012 struct ipc_security_struct *isec;
5013 struct avc_audit_data ad;
5014
5015 tsec = current->security;
5016 isec = sma->sem_perm.security;
5017
5018 AVC_AUDIT_DATA_INIT(&ad, IPC);
5019 ad.u.ipc_id = sma->sem_perm.key;
5020
5021 return avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM,
5022 SEM__ASSOCIATE, &ad);
5023}
5024
5025
5026static int selinux_sem_semctl(struct sem_array *sma, int cmd)
5027{
5028 int err;
5029 u32 perms;
5030
5031 switch (cmd) {
5032 case IPC_INFO:
5033 case SEM_INFO:
5034
5035 return task_has_system(current, SYSTEM__IPC_INFO);
5036 case GETPID:
5037 case GETNCNT:
5038 case GETZCNT:
5039 perms = SEM__GETATTR;
5040 break;
5041 case GETVAL:
5042 case GETALL:
5043 perms = SEM__READ;
5044 break;
5045 case SETVAL:
5046 case SETALL:
5047 perms = SEM__WRITE;
5048 break;
5049 case IPC_RMID:
5050 perms = SEM__DESTROY;
5051 break;
5052 case IPC_SET:
5053 perms = SEM__SETATTR;
5054 break;
5055 case IPC_STAT:
5056 case SEM_STAT:
5057 perms = SEM__GETATTR | SEM__ASSOCIATE;
5058 break;
5059 default:
5060 return 0;
5061 }
5062
5063 err = ipc_has_perm(&sma->sem_perm, perms);
5064 return err;
5065}
5066
5067static int selinux_sem_semop(struct sem_array *sma,
5068 struct sembuf *sops, unsigned nsops, int alter)
5069{
5070 u32 perms;
5071
5072 if (alter)
5073 perms = SEM__READ | SEM__WRITE;
5074 else
5075 perms = SEM__READ;
5076
5077 return ipc_has_perm(&sma->sem_perm, perms);
5078}
5079
5080static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
5081{
5082 u32 av = 0;
5083
5084 av = 0;
5085 if (flag & S_IRUGO)
5086 av |= IPC__UNIX_READ;
5087 if (flag & S_IWUGO)
5088 av |= IPC__UNIX_WRITE;
5089
5090 if (av == 0)
5091 return 0;
5092
5093 return ipc_has_perm(ipcp, av);
5094}
5095
5096static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
5097{
5098 struct ipc_security_struct *isec = ipcp->security;
5099 *secid = isec->sid;
5100}
5101
5102static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
5103{
5104 if (inode)
5105 inode_doinit_with_dentry(inode, dentry);
5106}
5107
5108static int selinux_getprocattr(struct task_struct *p,
5109 char *name, char **value)
5110{
5111 struct task_security_struct *tsec;
5112 u32 sid;
5113 int error;
5114 unsigned len;
5115
5116 if (current != p) {
5117 error = task_has_perm(current, p, PROCESS__GETATTR);
5118 if (error)
5119 return error;
5120 }
5121
5122 tsec = p->security;
5123
5124 if (!strcmp(name, "current"))
5125 sid = tsec->sid;
5126 else if (!strcmp(name, "prev"))
5127 sid = tsec->osid;
5128 else if (!strcmp(name, "exec"))
5129 sid = tsec->exec_sid;
5130 else if (!strcmp(name, "fscreate"))
5131 sid = tsec->create_sid;
5132 else if (!strcmp(name, "keycreate"))
5133 sid = tsec->keycreate_sid;
5134 else if (!strcmp(name, "sockcreate"))
5135 sid = tsec->sockcreate_sid;
5136 else
5137 return -EINVAL;
5138
5139 if (!sid)
5140 return 0;
5141
5142 error = security_sid_to_context(sid, value, &len);
5143 if (error)
5144 return error;
5145 return len;
5146}
5147
5148static int selinux_setprocattr(struct task_struct *p,
5149 char *name, void *value, size_t size)
5150{
5151 struct task_security_struct *tsec;
5152 struct task_struct *tracer;
5153 u32 sid = 0;
5154 int error;
5155 char *str = value;
5156
5157 if (current != p) {
5158
5159
5160 return -EACCES;
5161 }
5162
5163
5164
5165
5166
5167
5168 if (!strcmp(name, "exec"))
5169 error = task_has_perm(current, p, PROCESS__SETEXEC);
5170 else if (!strcmp(name, "fscreate"))
5171 error = task_has_perm(current, p, PROCESS__SETFSCREATE);
5172 else if (!strcmp(name, "keycreate"))
5173 error = task_has_perm(current, p, PROCESS__SETKEYCREATE);
5174 else if (!strcmp(name, "sockcreate"))
5175 error = task_has_perm(current, p, PROCESS__SETSOCKCREATE);
5176 else if (!strcmp(name, "current"))
5177 error = task_has_perm(current, p, PROCESS__SETCURRENT);
5178 else
5179 error = -EINVAL;
5180 if (error)
5181 return error;
5182
5183
5184 if (size && str[1] && str[1] != '\n') {
5185 if (str[size-1] == '\n') {
5186 str[size-1] = 0;
5187 size--;
5188 }
5189 error = security_context_to_sid(value, size, &sid);
5190 if (error == -EINVAL && !strcmp(name, "fscreate")) {
5191 if (!capable(CAP_MAC_ADMIN))
5192 return error;
5193 error = security_context_to_sid_force(value, size,
5194 &sid);
5195 }
5196 if (error)
5197 return error;
5198 }
5199
5200
5201
5202
5203
5204
5205
5206 tsec = p->security;
5207 if (!strcmp(name, "exec"))
5208 tsec->exec_sid = sid;
5209 else if (!strcmp(name, "fscreate"))
5210 tsec->create_sid = sid;
5211 else if (!strcmp(name, "keycreate")) {
5212 error = may_create_key(sid, p);
5213 if (error)
5214 return error;
5215 tsec->keycreate_sid = sid;
5216 } else if (!strcmp(name, "sockcreate"))
5217 tsec->sockcreate_sid = sid;
5218 else if (!strcmp(name, "current")) {
5219 struct av_decision avd;
5220
5221 if (sid == 0)
5222 return -EINVAL;
5223
5224
5225 if (atomic_read(&p->mm->mm_users) != 1) {
5226 struct task_struct *g, *t;
5227 struct mm_struct *mm = p->mm;
5228 read_lock(&tasklist_lock);
5229 do_each_thread(g, t) {
5230 if (t->mm == mm && t != p) {
5231 read_unlock(&tasklist_lock);
5232 return -EPERM;
5233 }
5234 } while_each_thread(g, t);
5235 read_unlock(&tasklist_lock);
5236 }
5237
5238
5239 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
5240 PROCESS__DYNTRANSITION, NULL);
5241 if (error)
5242 return error;
5243
5244
5245
5246 task_lock(p);
5247 rcu_read_lock();
5248 tracer = tracehook_tracer_task(p);
5249 if (tracer != NULL) {
5250 struct task_security_struct *ptsec = tracer->security;
5251 u32 ptsid = ptsec->sid;
5252 rcu_read_unlock();
5253 error = avc_has_perm_noaudit(ptsid, sid,
5254 SECCLASS_PROCESS,
5255 PROCESS__PTRACE, 0, &avd);
5256 if (!error)
5257 tsec->sid = sid;
5258 task_unlock(p);
5259 avc_audit(ptsid, sid, SECCLASS_PROCESS,
5260 PROCESS__PTRACE, &avd, error, NULL);
5261 if (error)
5262 return error;
5263 } else {
5264 rcu_read_unlock();
5265 tsec->sid = sid;
5266 task_unlock(p);
5267 }
5268 } else
5269 return -EINVAL;
5270
5271 return size;
5272}
5273
5274static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
5275{
5276 return security_sid_to_context(secid, secdata, seclen);
5277}
5278
5279static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
5280{
5281 return security_context_to_sid(secdata, seclen, secid);
5282}
5283
5284static void selinux_release_secctx(char *secdata, u32 seclen)
5285{
5286 kfree(secdata);
5287}
5288
5289#ifdef CONFIG_KEYS
5290
5291static int selinux_key_alloc(struct key *k, struct task_struct *tsk,
5292 unsigned long flags)
5293{
5294 struct task_security_struct *tsec = tsk->security;
5295 struct key_security_struct *ksec;
5296
5297 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
5298 if (!ksec)
5299 return -ENOMEM;
5300
5301 if (tsec->keycreate_sid)
5302 ksec->sid = tsec->keycreate_sid;
5303 else
5304 ksec->sid = tsec->sid;
5305 k->security = ksec;
5306
5307 return 0;
5308}
5309
5310static void selinux_key_free(struct key *k)
5311{
5312 struct key_security_struct *ksec = k->security;
5313
5314 k->security = NULL;
5315 kfree(ksec);
5316}
5317
5318static int selinux_key_permission(key_ref_t key_ref,
5319 struct task_struct *ctx,
5320 key_perm_t perm)
5321{
5322 struct key *key;
5323 struct task_security_struct *tsec;
5324 struct key_security_struct *ksec;
5325
5326 key = key_ref_to_ptr(key_ref);
5327
5328 tsec = ctx->security;
5329 ksec = key->security;
5330
5331
5332
5333
5334 if (perm == 0)
5335 return 0;
5336
5337 return avc_has_perm(tsec->sid, ksec->sid,
5338 SECCLASS_KEY, perm, NULL);
5339}
5340
5341static int selinux_key_getsecurity(struct key *key, char **_buffer)
5342{
5343 struct key_security_struct *ksec = key->security;
5344 char *context = NULL;
5345 unsigned len;
