1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26#include <linux/init.h>
27#include <linux/kernel.h>
28#include <linux/tracehook.h>
29#include <linux/errno.h>
30#include <linux/sched.h>
31#include <linux/security.h>
32#include <linux/xattr.h>
33#include <linux/capability.h>
34#include <linux/unistd.h>
35#include <linux/mm.h>
36#include <linux/mman.h>
37#include <linux/slab.h>
38#include <linux/pagemap.h>
39#include <linux/swap.h>
40#include <linux/spinlock.h>
41#include <linux/syscalls.h>
42#include <linux/file.h>
43#include <linux/fdtable.h>
44#include <linux/namei.h>
45#include <linux/mount.h>
46#include <linux/proc_fs.h>
47#include <linux/netfilter_ipv4.h>
48#include <linux/netfilter_ipv6.h>
49#include <linux/tty.h>
50#include <net/icmp.h>
51#include <net/ip.h>
52#include <net/tcp.h>
53#include <net/net_namespace.h>
54#include <net/netlabel.h>
55#include <linux/uaccess.h>
56#include <asm/ioctls.h>
57#include <asm/atomic.h>
58#include <linux/bitops.h>
59#include <linux/interrupt.h>
60#include <linux/netdevice.h>
61#include <linux/netlink.h>
62#include <linux/tcp.h>
63#include <linux/udp.h>
64#include <linux/dccp.h>
65#include <linux/quota.h>
66#include <linux/un.h>
67#include <net/af_unix.h>
68#include <linux/parser.h>
69#include <linux/nfs_mount.h>
70#include <net/ipv6.h>
71#include <linux/hugetlb.h>
72#include <linux/personality.h>
73#include <linux/sysctl.h>
74#include <linux/audit.h>
75#include <linux/string.h>
76#include <linux/selinux.h>
77#include <linux/mutex.h>
78#include <linux/posix-timers.h>
79
80#include "avc.h"
81#include "objsec.h"
82#include "netif.h"
83#include "netnode.h"
84#include "netport.h"
85#include "xfrm.h"
86#include "netlabel.h"
87#include "audit.h"
88
89#define XATTR_SELINUX_SUFFIX "selinux"
90#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
91
92#define NUM_SEL_MNT_OPTS 4
93
94extern unsigned int policydb_loaded_version;
95extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
96extern int selinux_compat_net;
97extern struct security_operations *security_ops;
98
99
100atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
101
102#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
103int selinux_enforcing;
104
105static int __init enforcing_setup(char *str)
106{
107 unsigned long enforcing;
108 if (!strict_strtoul(str, 0, &enforcing))
109 selinux_enforcing = enforcing ? 1 : 0;
110 return 1;
111}
112__setup("enforcing=", enforcing_setup);
113#endif
114
115#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
116int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
117
118static int __init selinux_enabled_setup(char *str)
119{
120 unsigned long enabled;
121 if (!strict_strtoul(str, 0, &enabled))
122 selinux_enabled = enabled ? 1 : 0;
123 return 1;
124}
125__setup("selinux=", selinux_enabled_setup);
126#else
127int selinux_enabled = 1;
128#endif
129
130
131
132
133
134
135static struct security_operations *secondary_ops;
136
137
138
139static LIST_HEAD(superblock_security_head);
140static DEFINE_SPINLOCK(sb_security_lock);
141
142static struct kmem_cache *sel_inode_cache;
143
144
145
146
147
148
149
150
151
152
153
154static int selinux_secmark_enabled(void)
155{
156 return (atomic_read(&selinux_secmark_refcount) > 0);
157}
158
159
160
161
162static void cred_init_security(void)
163{
164 struct cred *cred = (struct cred *) current->real_cred;
165 struct task_security_struct *tsec;
166
167 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
168 if (!tsec)
169 panic("SELinux: Failed to initialize initial task.\n");
170
171 tsec->osid = tsec->sid = SECINITSID_KERNEL;
172 cred->security = tsec;
173}
174
175
176
177
178static inline u32 cred_sid(const struct cred *cred)
179{
180 const struct task_security_struct *tsec;
181
182 tsec = cred->security;
183 return tsec->sid;
184}
185
186
187
188
189static inline u32 task_sid(const struct task_struct *task)
190{
191 u32 sid;
192
193 rcu_read_lock();
194 sid = cred_sid(__task_cred(task));
195 rcu_read_unlock();
196 return sid;
197}
198
199
200
201
202static inline u32 current_sid(void)
203{
204 const struct task_security_struct *tsec = current_cred()->security;
205
206 return tsec->sid;
207}
208
209
210
211static int inode_alloc_security(struct inode *inode)
212{
213 struct inode_security_struct *isec;
214 u32 sid = current_sid();
215
216 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
217 if (!isec)
218 return -ENOMEM;
219
220 mutex_init(&isec->lock);
221 INIT_LIST_HEAD(&isec->list);
222 isec->inode = inode;
223 isec->sid = SECINITSID_UNLABELED;
224 isec->sclass = SECCLASS_FILE;
225 isec->task_sid = sid;
226 inode->i_security = isec;
227
228 return 0;
229}
230
231static void inode_free_security(struct inode *inode)
232{
233 struct inode_security_struct *isec = inode->i_security;
234 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
235
236 spin_lock(&sbsec->isec_lock);
237 if (!list_empty(&isec->list))
238 list_del_init(&isec->list);
239 spin_unlock(&sbsec->isec_lock);
240
241 inode->i_security = NULL;
242 kmem_cache_free(sel_inode_cache, isec);
243}
244
245static int file_alloc_security(struct file *file)
246{
247 struct file_security_struct *fsec;
248 u32 sid = current_sid();
249
250 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
251 if (!fsec)
252 return -ENOMEM;
253
254 fsec->sid = sid;
255 fsec->fown_sid = sid;
256 file->f_security = fsec;
257
258 return 0;
259}
260
261static void file_free_security(struct file *file)
262{
263 struct file_security_struct *fsec = file->f_security;
264 file->f_security = NULL;
265 kfree(fsec);
266}
267
268static int superblock_alloc_security(struct super_block *sb)
269{
270 struct superblock_security_struct *sbsec;
271
272 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
273 if (!sbsec)
274 return -ENOMEM;
275
276 mutex_init(&sbsec->lock);
277 INIT_LIST_HEAD(&sbsec->list);
278 INIT_LIST_HEAD(&sbsec->isec_head);
279 spin_lock_init(&sbsec->isec_lock);
280 sbsec->sb = sb;
281 sbsec->sid = SECINITSID_UNLABELED;
282 sbsec->def_sid = SECINITSID_FILE;
283 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
284 sb->s_security = sbsec;
285
286 return 0;
287}
288
289static void superblock_free_security(struct super_block *sb)
290{
291 struct superblock_security_struct *sbsec = sb->s_security;
292
293 spin_lock(&sb_security_lock);
294 if (!list_empty(&sbsec->list))
295 list_del_init(&sbsec->list);
296 spin_unlock(&sb_security_lock);
297
298 sb->s_security = NULL;
299 kfree(sbsec);
300}
301
302static int sk_alloc_security(struct sock *sk, int family, gfp_t priority)
303{
304 struct sk_security_struct *ssec;
305
306 ssec = kzalloc(sizeof(*ssec), priority);
307 if (!ssec)
308 return -ENOMEM;
309
310 ssec->peer_sid = SECINITSID_UNLABELED;
311 ssec->sid = SECINITSID_UNLABELED;
312 sk->sk_security = ssec;
313
314 selinux_netlbl_sk_security_reset(ssec, family);
315
316 return 0;
317}
318
319static void sk_free_security(struct sock *sk)
320{
321 struct sk_security_struct *ssec = sk->sk_security;
322
323 sk->sk_security = NULL;
324 selinux_netlbl_sk_security_free(ssec);
325 kfree(ssec);
326}
327
328
329
330extern int ss_initialized;
331
332
333
334static char *labeling_behaviors[6] = {
335 "uses xattr",
336 "uses transition SIDs",
337 "uses task SIDs",
338 "uses genfs_contexts",
339 "not configured for labeling",
340 "uses mountpoint labeling",
341};
342
343static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
344
345static inline int inode_doinit(struct inode *inode)
346{
347 return inode_doinit_with_dentry(inode, NULL);
348}
349
350enum {
351 Opt_error = -1,
352 Opt_context = 1,
353 Opt_fscontext = 2,
354 Opt_defcontext = 3,
355 Opt_rootcontext = 4,
356};
357
358static const match_table_t tokens = {
359 {Opt_context, CONTEXT_STR "%s"},
360 {Opt_fscontext, FSCONTEXT_STR "%s"},
361 {Opt_defcontext, DEFCONTEXT_STR "%s"},
362 {Opt_rootcontext, ROOTCONTEXT_STR "%s"},
363 {Opt_error, NULL},
364};
365
366#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
367
368static int may_context_mount_sb_relabel(u32 sid,
369 struct superblock_security_struct *sbsec,
370 const struct cred *cred)
371{
372 const struct task_security_struct *tsec = cred->security;
373 int rc;
374
375 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
376 FILESYSTEM__RELABELFROM, NULL);
377 if (rc)
378 return rc;
379
380 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
381 FILESYSTEM__RELABELTO, NULL);
382 return rc;
383}
384
385static int may_context_mount_inode_relabel(u32 sid,
386 struct superblock_security_struct *sbsec,
387 const struct cred *cred)
388{
389 const struct task_security_struct *tsec = cred->security;
390 int rc;
391 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
392 FILESYSTEM__RELABELFROM, NULL);
393 if (rc)
394 return rc;
395
396 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
397 FILESYSTEM__ASSOCIATE, NULL);
398 return rc;
399}
400
401static int sb_finish_set_opts(struct super_block *sb)
402{
403 struct superblock_security_struct *sbsec = sb->s_security;
404 struct dentry *root = sb->s_root;
405 struct inode *root_inode = root->d_inode;
406 int rc = 0;
407
408 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
409
410
411
412
413
414 if (!root_inode->i_op->getxattr) {
415 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
416 "xattr support\n", sb->s_id, sb->s_type->name);
417 rc = -EOPNOTSUPP;
418 goto out;
419 }
420 rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
421 if (rc < 0 && rc != -ENODATA) {
422 if (rc == -EOPNOTSUPP)
423 printk(KERN_WARNING "SELinux: (dev %s, type "
424 "%s) has no security xattr handler\n",
425 sb->s_id, sb->s_type->name);
426 else
427 printk(KERN_WARNING "SELinux: (dev %s, type "
428 "%s) getxattr errno %d\n", sb->s_id,
429 sb->s_type->name, -rc);
430 goto out;
431 }
432 }
433
434 sbsec->initialized = 1;
435
436 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
437 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
438 sb->s_id, sb->s_type->name);
439 else
440 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
441 sb->s_id, sb->s_type->name,
442 labeling_behaviors[sbsec->behavior-1]);
443
444
445 rc = inode_doinit_with_dentry(root_inode, root);
446
447
448
449
450
451 spin_lock(&sbsec->isec_lock);
452next_inode:
453 if (!list_empty(&sbsec->isec_head)) {
454 struct inode_security_struct *isec =
455 list_entry(sbsec->isec_head.next,
456 struct inode_security_struct, list);
457 struct inode *inode = isec->inode;
458 spin_unlock(&sbsec->isec_lock);
459 inode = igrab(inode);
460 if (inode) {
461 if (!IS_PRIVATE(inode))
462 inode_doinit(inode);
463 iput(inode);
464 }
465 spin_lock(&sbsec->isec_lock);
466 list_del_init(&isec->list);
467 goto next_inode;
468 }
469 spin_unlock(&sbsec->isec_lock);
470out:
471 return rc;
472}
473
474
475
476
477
478
479static int selinux_get_mnt_opts(const struct super_block *sb,
480 struct security_mnt_opts *opts)
481{
482 int rc = 0, i;
483 struct superblock_security_struct *sbsec = sb->s_security;
484 char *context = NULL;
485 u32 len;
486 char tmp;
487
488 security_init_mnt_opts(opts);
489
490 if (!sbsec->initialized)
491 return -EINVAL;
492
493 if (!ss_initialized)
494 return -EINVAL;
495
496
497
498
499
500 tmp = sbsec->flags;
501
502 for (i = 0; i < 8; i++) {
503 if (tmp & 0x01)
504 opts->num_mnt_opts++;
505 tmp >>= 1;
506 }
507
508 opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
509 if (!opts->mnt_opts) {
510 rc = -ENOMEM;
511 goto out_free;
512 }
513
514 opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);
515 if (!opts->mnt_opts_flags) {
516 rc = -ENOMEM;
517 goto out_free;
518 }
519
520 i = 0;
521 if (sbsec->flags & FSCONTEXT_MNT) {
522 rc = security_sid_to_context(sbsec->sid, &context, &len);
523 if (rc)
524 goto out_free;
525 opts->mnt_opts[i] = context;
526 opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
527 }
528 if (sbsec->flags & CONTEXT_MNT) {
529 rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
530 if (rc)
531 goto out_free;
532 opts->mnt_opts[i] = context;
533 opts->mnt_opts_flags[i++] = CONTEXT_MNT;
534 }
535 if (sbsec->flags & DEFCONTEXT_MNT) {
536 rc = security_sid_to_context(sbsec->def_sid, &context, &len);
537 if (rc)
538 goto out_free;
539 opts->mnt_opts[i] = context;
540 opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;
541 }
542 if (sbsec->flags & ROOTCONTEXT_MNT) {
543 struct inode *root = sbsec->sb->s_root->d_inode;
544 struct inode_security_struct *isec = root->i_security;
545
546 rc = security_sid_to_context(isec->sid, &context, &len);
547 if (rc)
548 goto out_free;
549 opts->mnt_opts[i] = context;
550 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
551 }
552
553 BUG_ON(i != opts->num_mnt_opts);
554
555 return 0;
556
557out_free:
558 security_free_mnt_opts(opts);
559 return rc;
560}
561
562static int bad_option(struct superblock_security_struct *sbsec, char flag,
563 u32 old_sid, u32 new_sid)
564{
565
566 if (sbsec->initialized)
567 if (!(sbsec->flags & flag) ||
568 (old_sid != new_sid))
569 return 1;
570
571
572
573
574 if (!sbsec->initialized)
575 if (sbsec->flags & flag)
576 return 1;
577 return 0;
578}
579
580
581
582
583
584static int selinux_set_mnt_opts(struct super_block *sb,
585 struct security_mnt_opts *opts)
586{
587 const struct cred *cred = current_cred();
588 int rc = 0, i;
589 struct superblock_security_struct *sbsec = sb->s_security;
590 const char *name = sb->s_type->name;
591 struct inode *inode = sbsec->sb->s_root->d_inode;
592 struct inode_security_struct *root_isec = inode->i_security;
593 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
594 u32 defcontext_sid = 0;
595 char **mount_options = opts->mnt_opts;
596 int *flags = opts->mnt_opts_flags;
597 int num_opts = opts->num_mnt_opts;
598
599 mutex_lock(&sbsec->lock);
600
601 if (!ss_initialized) {
602 if (!num_opts) {
603
604
605
606 spin_lock(&sb_security_lock);
607 if (list_empty(&sbsec->list))
608 list_add(&sbsec->list, &superblock_security_head);
609 spin_unlock(&sb_security_lock);
610 goto out;
611 }
612 rc = -EINVAL;
613 printk(KERN_WARNING "SELinux: Unable to set superblock options "
614 "before the security server is initialized\n");
615 goto out;
616 }
617
618
619
620
621
622
623
624
625
626
627
628
629 if (sbsec->initialized && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
630 && (num_opts == 0))
631 goto out;
632
633
634
635
636
637
638 for (i = 0; i < num_opts; i++) {
639 u32 sid;
640 rc = security_context_to_sid(mount_options[i],
641 strlen(mount_options[i]), &sid);
642 if (rc) {
643 printk(KERN_WARNING "SELinux: security_context_to_sid"
644 "(%s) failed for (dev %s, type %s) errno=%d\n",
645 mount_options[i], sb->s_id, name, rc);
646 goto out;
647 }
648 switch (flags[i]) {
649 case FSCONTEXT_MNT:
650 fscontext_sid = sid;
651
652 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
653 fscontext_sid))
654 goto out_double_mount;
655
656 sbsec->flags |= FSCONTEXT_MNT;
657 break;
658 case CONTEXT_MNT:
659 context_sid = sid;
660
661 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
662 context_sid))
663 goto out_double_mount;
664
665 sbsec->flags |= CONTEXT_MNT;
666 break;
667 case ROOTCONTEXT_MNT:
668 rootcontext_sid = sid;
669
670 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
671 rootcontext_sid))
672 goto out_double_mount;
673
674 sbsec->flags |= ROOTCONTEXT_MNT;
675
676 break;
677 case DEFCONTEXT_MNT:
678 defcontext_sid = sid;
679
680 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
681 defcontext_sid))
682 goto out_double_mount;
683
684 sbsec->flags |= DEFCONTEXT_MNT;
685
686 break;
687 default:
688 rc = -EINVAL;
689 goto out;
690 }
691 }
692
693 if (sbsec->initialized) {
694
695 if (sbsec->flags && !num_opts)
696 goto out_double_mount;
697 rc = 0;
698 goto out;
699 }
700
701 if (strcmp(sb->s_type->name, "proc") == 0)
702 sbsec->proc = 1;
703
704
705 rc = security_fs_use(sbsec->proc ? "proc" : sb->s_type->name, &sbsec->behavior, &sbsec->sid);
706 if (rc) {
707 printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
708 __func__, sb->s_type->name, rc);
709 goto out;
710 }
711
712
713 if (fscontext_sid) {
714 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
715 if (rc)
716 goto out;
717
718 sbsec->sid = fscontext_sid;
719 }
720
721
722
723
724
725
726 if (context_sid) {
727 if (!fscontext_sid) {
728 rc = may_context_mount_sb_relabel(context_sid, sbsec,
729 cred);
730 if (rc)
731 goto out;
732 sbsec->sid = context_sid;
733 } else {
734 rc = may_context_mount_inode_relabel(context_sid, sbsec,
735 cred);
736 if (rc)
737 goto out;
738 }
739 if (!rootcontext_sid)
740 rootcontext_sid = context_sid;
741
742 sbsec->mntpoint_sid = context_sid;
743 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
744 }
745
746 if (rootcontext_sid) {
747 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
748 cred);
749 if (rc)
750 goto out;
751
752 root_isec->sid = rootcontext_sid;
753 root_isec->initialized = 1;
754 }
755
756 if (defcontext_sid) {
757 if (sbsec->behavior != SECURITY_FS_USE_XATTR) {
758 rc = -EINVAL;
759 printk(KERN_WARNING "SELinux: defcontext option is "
760 "invalid for this filesystem type\n");
761 goto out;
762 }
763
764 if (defcontext_sid != sbsec->def_sid) {
765 rc = may_context_mount_inode_relabel(defcontext_sid,
766 sbsec, cred);
767 if (rc)
768 goto out;
769 }
770
771 sbsec->def_sid = defcontext_sid;
772 }
773
774 rc = sb_finish_set_opts(sb);
775out:
776 mutex_unlock(&sbsec->lock);
777 return rc;
778out_double_mount:
779 rc = -EINVAL;
780 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
781 "security settings for (dev %s, type %s)\n", sb->s_id, name);
782 goto out;
783}
784
785static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
786 struct super_block *newsb)
787{
788 const struct superblock_security_struct *oldsbsec = oldsb->s_security;
789 struct superblock_security_struct *newsbsec = newsb->s_security;
790
791 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
792 int set_context = (oldsbsec->flags & CONTEXT_MNT);
793 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
794
795
796
797
798
799
800 if (!ss_initialized) {
801 spin_lock(&sb_security_lock);
802 if (list_empty(&newsbsec->list))
803 list_add(&newsbsec->list, &superblock_security_head);
804 spin_unlock(&sb_security_lock);
805 return;
806 }
807
808
809 BUG_ON(!oldsbsec->initialized);
810
811
812 if (newsbsec->initialized)
813 return;
814
815 mutex_lock(&newsbsec->lock);
816
817 newsbsec->flags = oldsbsec->flags;
818
819 newsbsec->sid = oldsbsec->sid;
820 newsbsec->def_sid = oldsbsec->def_sid;
821 newsbsec->behavior = oldsbsec->behavior;
822
823 if (set_context) {
824 u32 sid = oldsbsec->mntpoint_sid;
825
826 if (!set_fscontext)
827 newsbsec->sid = sid;
828 if (!set_rootcontext) {
829 struct inode *newinode = newsb->s_root->d_inode;
830 struct inode_security_struct *newisec = newinode->i_security;
831 newisec->sid = sid;
832 }
833 newsbsec->mntpoint_sid = sid;
834 }
835 if (set_rootcontext) {
836 const struct inode *oldinode = oldsb->s_root->d_inode;
837 const struct inode_security_struct *oldisec = oldinode->i_security;
838 struct inode *newinode = newsb->s_root->d_inode;
839 struct inode_security_struct *newisec = newinode->i_security;
840
841 newisec->sid = oldisec->sid;
842 }
843
844 sb_finish_set_opts(newsb);
845 mutex_unlock(&newsbsec->lock);
846}
847
848static int selinux_parse_opts_str(char *options,
849 struct security_mnt_opts *opts)
850{
851 char *p;
852 char *context = NULL, *defcontext = NULL;
853 char *fscontext = NULL, *rootcontext = NULL;
854 int rc, num_mnt_opts = 0;
855
856 opts->num_mnt_opts = 0;
857
858
859 while ((p = strsep(&options, "|")) != NULL) {
860 int token;
861 substring_t args[MAX_OPT_ARGS];
862
863 if (!*p)
864 continue;
865
866 token = match_token(p, tokens, args);
867
868 switch (token) {
869 case Opt_context:
870 if (context || defcontext) {
871 rc = -EINVAL;
872 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
873 goto out_err;
874 }
875 context = match_strdup(&args[0]);
876 if (!context) {
877 rc = -ENOMEM;
878 goto out_err;
879 }
880 break;
881
882 case Opt_fscontext:
883 if (fscontext) {
884 rc = -EINVAL;
885 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
886 goto out_err;
887 }
888 fscontext = match_strdup(&args[0]);
889 if (!fscontext) {
890 rc = -ENOMEM;
891 goto out_err;
892 }
893 break;
894
895 case Opt_rootcontext:
896 if (rootcontext) {
897 rc = -EINVAL;
898 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
899 goto out_err;
900 }
901 rootcontext = match_strdup(&args[0]);
902 if (!rootcontext) {
903 rc = -ENOMEM;
904 goto out_err;
905 }
906 break;
907
908 case Opt_defcontext:
909 if (context || defcontext) {
910 rc = -EINVAL;
911 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
912 goto out_err;
913 }
914 defcontext = match_strdup(&args[0]);
915 if (!defcontext) {
916 rc = -ENOMEM;
917 goto out_err;
918 }
919 break;
920
921 default:
922 rc = -EINVAL;
923 printk(KERN_WARNING "SELinux: unknown mount option\n");
924 goto out_err;
925
926 }
927 }
928
929 rc = -ENOMEM;
930 opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC);
931 if (!opts->mnt_opts)
932 goto out_err;
933
934 opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC);
935 if (!opts->mnt_opts_flags) {
936 kfree(opts->mnt_opts);
937 goto out_err;
938 }
939
940 if (fscontext) {
941 opts->mnt_opts[num_mnt_opts] = fscontext;
942 opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;
943 }
944 if (context) {
945 opts->mnt_opts[num_mnt_opts] = context;
946 opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;
947 }
948 if (rootcontext) {
949 opts->mnt_opts[num_mnt_opts] = rootcontext;
950 opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;
951 }
952 if (defcontext) {
953 opts->mnt_opts[num_mnt_opts] = defcontext;
954 opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;
955 }
956
957 opts->num_mnt_opts = num_mnt_opts;
958 return 0;
959
960out_err:
961 kfree(context);
962 kfree(defcontext);
963 kfree(fscontext);
964 kfree(rootcontext);
965 return rc;
966}
967
968
969
970static int superblock_doinit(struct super_block *sb, void *data)
971{
972 int rc = 0;
973 char *options = data;
974 struct security_mnt_opts opts;
975
976 security_init_mnt_opts(&opts);
977
978 if (!data)
979 goto out;
980
981 BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
982
983 rc = selinux_parse_opts_str(options, &opts);
984 if (rc)
985 goto out_err;
986
987out:
988 rc = selinux_set_mnt_opts(sb, &opts);
989
990out_err:
991 security_free_mnt_opts(&opts);
992 return rc;
993}
994
995static void selinux_write_opts(struct seq_file *m,
996 struct security_mnt_opts *opts)
997{
998 int i;
999 char *prefix;
1000
1001 for (i = 0; i < opts->num_mnt_opts; i++) {
1002 char *has_comma = strchr(opts->mnt_opts[i], ',');
1003
1004 switch (opts->mnt_opts_flags[i]) {
1005 case CONTEXT_MNT:
1006 prefix = CONTEXT_STR;
1007 break;
1008 case FSCONTEXT_MNT:
1009 prefix = FSCONTEXT_STR;
1010 break;
1011 case ROOTCONTEXT_MNT:
1012 prefix = ROOTCONTEXT_STR;
1013 break;
1014 case DEFCONTEXT_MNT:
1015 prefix = DEFCONTEXT_STR;
1016 break;
1017 default:
1018 BUG();
1019 };
1020
1021 seq_putc(m, ',');
1022 seq_puts(m, prefix);
1023 if (has_comma)
1024 seq_putc(m, '\"');
1025 seq_puts(m, opts->mnt_opts[i]);
1026 if (has_comma)
1027 seq_putc(m, '\"');
1028 }
1029}
1030
1031static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
1032{
1033 struct security_mnt_opts opts;
1034 int rc;
1035
1036 rc = selinux_get_mnt_opts(sb, &opts);
1037 if (rc) {
1038
1039 if (rc == -EINVAL)
1040 rc = 0;
1041 return rc;
1042 }
1043
1044 selinux_write_opts(m, &opts);
1045
1046 security_free_mnt_opts(&opts);
1047
1048 return rc;
1049}
1050
1051static inline u16 inode_mode_to_security_class(umode_t mode)
1052{
1053 switch (mode & S_IFMT) {
1054 case S_IFSOCK:
1055 return SECCLASS_SOCK_FILE;
1056 case S_IFLNK:
1057 return SECCLASS_LNK_FILE;
1058 case S_IFREG:
1059 return SECCLASS_FILE;
1060 case S_IFBLK:
1061 return SECCLASS_BLK_FILE;
1062 case S_IFDIR:
1063 return SECCLASS_DIR;
1064 case S_IFCHR:
1065 return SECCLASS_CHR_FILE;
1066 case S_IFIFO:
1067 return SECCLASS_FIFO_FILE;
1068
1069 }
1070
1071 return SECCLASS_FILE;
1072}
1073
1074static inline int default_protocol_stream(int protocol)
1075{
1076 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
1077}
1078
1079static inline int default_protocol_dgram(int protocol)
1080{
1081 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
1082}
1083
1084static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1085{
1086 switch (family) {
1087 case PF_UNIX:
1088 switch (type) {
1089 case SOCK_STREAM:
1090 case SOCK_SEQPACKET:
1091 return SECCLASS_UNIX_STREAM_SOCKET;
1092 case SOCK_DGRAM:
1093 return SECCLASS_UNIX_DGRAM_SOCKET;
1094 }
1095 break;
1096 case PF_INET:
1097 case PF_INET6:
1098 switch (type) {
1099 case SOCK_STREAM:
1100 if (default_protocol_stream(protocol))
1101 return SECCLASS_TCP_SOCKET;
1102 else
1103 return SECCLASS_RAWIP_SOCKET;
1104 case SOCK_DGRAM:
1105 if (default_protocol_dgram(protocol))
1106 return SECCLASS_UDP_SOCKET;
1107 else
1108 return SECCLASS_RAWIP_SOCKET;
1109 case SOCK_DCCP:
1110 return SECCLASS_DCCP_SOCKET;
1111 default:
1112 return SECCLASS_RAWIP_SOCKET;
1113 }
1114 break;
1115 case PF_NETLINK:
1116 switch (protocol) {
1117 case NETLINK_ROUTE:
1118 return SECCLASS_NETLINK_ROUTE_SOCKET;
1119 case NETLINK_FIREWALL:
1120 return SECCLASS_NETLINK_FIREWALL_SOCKET;
1121 case NETLINK_INET_DIAG:
1122 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1123 case NETLINK_NFLOG:
1124 return SECCLASS_NETLINK_NFLOG_SOCKET;
1125 case NETLINK_XFRM:
1126 return SECCLASS_NETLINK_XFRM_SOCKET;
1127 case NETLINK_SELINUX:
1128 return SECCLASS_NETLINK_SELINUX_SOCKET;
1129 case NETLINK_AUDIT:
1130 return SECCLASS_NETLINK_AUDIT_SOCKET;
1131 case NETLINK_IP6_FW:
1132 return SECCLASS_NETLINK_IP6FW_SOCKET;
1133 case NETLINK_DNRTMSG:
1134 return SECCLASS_NETLINK_DNRT_SOCKET;
1135 case NETLINK_KOBJECT_UEVENT:
1136 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1137 default:
1138 return SECCLASS_NETLINK_SOCKET;
1139 }
1140 case PF_PACKET:
1141 return SECCLASS_PACKET_SOCKET;
1142 case PF_KEY:
1143 return SECCLASS_KEY_SOCKET;
1144 case PF_APPLETALK:
1145 return SECCLASS_APPLETALK_SOCKET;
1146 }
1147
1148 return SECCLASS_SOCKET;
1149}
1150
1151#ifdef CONFIG_PROC_FS
1152static int selinux_proc_get_sid(struct proc_dir_entry *de,
1153 u16 tclass,
1154 u32 *sid)
1155{
1156 int buflen, rc;
1157 char *buffer, *path, *end;
1158
1159 buffer = (char *)__get_free_page(GFP_KERNEL);
1160 if (!buffer)
1161 return -ENOMEM;
1162
1163 buflen = PAGE_SIZE;
1164 end = buffer+buflen;
1165 *--end = '\0';
1166 buflen--;
1167 path = end-1;
1168 *path = '/';
1169 while (de && de != de->parent) {
1170 buflen -= de->namelen + 1;
1171 if (buflen < 0)
1172 break;
1173 end -= de->namelen;
1174 memcpy(end, de->name, de->namelen);
1175 *--end = '/';
1176 path = end;
1177 de = de->parent;
1178 }
1179 rc = security_genfs_sid("proc", path, tclass, sid);
1180 free_page((unsigned long)buffer);
1181 return rc;
1182}
1183#else
1184static int selinux_proc_get_sid(struct proc_dir_entry *de,
1185 u16 tclass,
1186 u32 *sid)
1187{
1188 return -EINVAL;
1189}
1190#endif
1191
1192
1193static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1194{
1195 struct superblock_security_struct *sbsec = NULL;
1196 struct inode_security_struct *isec = inode->i_security;
1197 u32 sid;
1198 struct dentry *dentry;
1199#define INITCONTEXTLEN 255
1200 char *context = NULL;
1201 unsigned len = 0;
1202 int rc = 0;
1203
1204 if (isec->initialized)
1205 goto out;
1206
1207 mutex_lock(&isec->lock);
1208 if (isec->initialized)
1209 goto out_unlock;
1210
1211 sbsec = inode->i_sb->s_security;
1212 if (!sbsec->initialized) {
1213
1214
1215
1216 spin_lock(&sbsec->isec_lock);
1217 if (list_empty(&isec->list))
1218 list_add(&isec->list, &sbsec->isec_head);
1219 spin_unlock(&sbsec->isec_lock);
1220 goto out_unlock;
1221 }
1222
1223 switch (sbsec->behavior) {
1224 case SECURITY_FS_USE_XATTR:
1225 if (!inode->i_op->getxattr) {
1226 isec->sid = sbsec->def_sid;
1227 break;
1228 }
1229
1230
1231
1232 if (opt_dentry) {
1233
1234 dentry = dget(opt_dentry);
1235 } else {
1236
1237 dentry = d_find_alias(inode);
1238 }
1239 if (!dentry) {
1240 printk(KERN_WARNING "SELinux: %s: no dentry for dev=%s "
1241 "ino=%ld\n", __func__, inode->i_sb->s_id,
1242 inode->i_ino);
1243 goto out_unlock;
1244 }
1245
1246 len = INITCONTEXTLEN;
1247 context = kmalloc(len, GFP_NOFS);
1248 if (!context) {
1249 rc = -ENOMEM;
1250 dput(dentry);
1251 goto out_unlock;
1252 }
1253 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1254 context, len);
1255 if (rc == -ERANGE) {
1256
1257 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1258 NULL, 0);
1259 if (rc < 0) {
1260 dput(dentry);
1261 goto out_unlock;
1262 }
1263 kfree(context);
1264 len = rc;
1265 context = kmalloc(len, GFP_NOFS);
1266 if (!context) {
1267 rc = -ENOMEM;
1268 dput(dentry);
1269 goto out_unlock;
1270 }
1271 rc = inode->i_op->getxattr(dentry,
1272 XATTR_NAME_SELINUX,
1273 context, len);
1274 }
1275 dput(dentry);
1276 if (rc < 0) {
1277 if (rc != -ENODATA) {
1278 printk(KERN_WARNING "SELinux: %s: getxattr returned "
1279 "%d for dev=%s ino=%ld\n", __func__,
1280 -rc, inode->i_sb->s_id, inode->i_ino);
1281 kfree(context);
1282 goto out_unlock;
1283 }
1284
1285 sid = sbsec->def_sid;
1286 rc = 0;
1287 } else {
1288 rc = security_context_to_sid_default(context, rc, &sid,
1289 sbsec->def_sid,
1290 GFP_NOFS);
1291 if (rc) {
1292 printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
1293 "returned %d for dev=%s ino=%ld\n",
1294 __func__, context, -rc,
1295 inode->i_sb->s_id, inode->i_ino);
1296 kfree(context);
1297
1298 rc = 0;
1299 break;
1300 }
1301 }
1302 kfree(context);
1303 isec->sid = sid;
1304 break;
1305 case SECURITY_FS_USE_TASK:
1306 isec->sid = isec->task_sid;
1307 break;
1308 case SECURITY_FS_USE_TRANS:
1309
1310 isec->sid = sbsec->sid;
1311
1312
1313 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1314 rc = security_transition_sid(isec->task_sid,
1315 sbsec->sid,
1316 isec->sclass,
1317 &sid);
1318 if (rc)
1319 goto out_unlock;
1320 isec->sid = sid;
1321 break;
1322 case SECURITY_FS_USE_MNTPOINT:
1323 isec->sid = sbsec->mntpoint_sid;
1324 break;
1325 default:
1326
1327 isec->sid = sbsec->sid;
1328
1329 if (sbsec->proc && !S_ISLNK(inode->i_mode)) {
1330 struct proc_inode *proci = PROC_I(inode);
1331 if (proci->pde) {
1332 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1333 rc = selinux_proc_get_sid(proci->pde,
1334 isec->sclass,
1335 &sid);
1336 if (rc)
1337 goto out_unlock;
1338 isec->sid = sid;
1339 }
1340 }
1341 break;
1342 }
1343
1344 isec->initialized = 1;
1345
1346out_unlock:
1347 mutex_unlock(&isec->lock);
1348out:
1349 if (isec->sclass == SECCLASS_FILE)
1350 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1351 return rc;
1352}
1353
1354
1355static inline u32 signal_to_av(int sig)
1356{
1357 u32 perm = 0;
1358
1359 switch (sig) {
1360 case SIGCHLD:
1361
1362 perm = PROCESS__SIGCHLD;
1363 break;
1364 case SIGKILL:
1365
1366 perm = PROCESS__SIGKILL;
1367 break;
1368 case SIGSTOP:
1369
1370 perm = PROCESS__SIGSTOP;
1371 break;
1372 default:
1373
1374 perm = PROCESS__SIGNAL;
1375 break;
1376 }
1377
1378 return perm;
1379}
1380
1381
1382
1383
1384
1385static int cred_has_perm(const struct cred *actor,
1386 const struct cred *target,
1387 u32 perms)
1388{
1389 u32 asid = cred_sid(actor), tsid = cred_sid(target);
1390
1391 return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL);
1392}
1393
1394
1395
1396
1397
1398
1399
1400static int task_has_perm(const struct task_struct *tsk1,
1401 const struct task_struct *tsk2,
1402 u32 perms)
1403{
1404 const struct task_security_struct *__tsec1, *__tsec2;
1405 u32 sid1, sid2;
1406
1407 rcu_read_lock();
1408 __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid;
1409 __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid;
1410 rcu_read_unlock();
1411 return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL);
1412}
1413
1414
1415
1416
1417
1418
1419
1420static int current_has_perm(const struct task_struct *tsk,
1421 u32 perms)
1422{
1423 u32 sid, tsid;
1424
1425 sid = current_sid();
1426 tsid = task_sid(tsk);
1427 return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL);
1428}
1429
1430#if CAP_LAST_CAP > 63
1431#error Fix SELinux to handle capabilities > 63.
1432#endif
1433
1434
1435static int task_has_capability(struct task_struct *tsk,
1436 const struct cred *cred,
1437 int cap, int audit)
1438{
1439 struct avc_audit_data ad;
1440 struct av_decision avd;
1441 u16 sclass;
1442 u32 sid = cred_sid(cred);
1443 u32 av = CAP_TO_MASK(cap);
1444 int rc;
1445
1446 AVC_AUDIT_DATA_INIT(&ad, CAP);
1447 ad.tsk = tsk;
1448 ad.u.cap = cap;
1449
1450 switch (CAP_TO_INDEX(cap)) {
1451 case 0:
1452 sclass = SECCLASS_CAPABILITY;
1453 break;
1454 case 1:
1455 sclass = SECCLASS_CAPABILITY2;
1456 break;
1457 default:
1458 printk(KERN_ERR
1459 "SELinux: out of range capability %d\n", cap);
1460 BUG();
1461 }
1462
1463 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
1464 if (audit == SECURITY_CAP_AUDIT)
1465 avc_audit(sid, sid, sclass, av, &avd, rc, &ad);
1466 return rc;
1467}
1468
1469
1470static int task_has_system(struct task_struct *tsk,
1471 u32 perms)
1472{
1473 u32 sid = task_sid(tsk);
1474
1475 return avc_has_perm(sid, SECINITSID_KERNEL,
1476 SECCLASS_SYSTEM, perms, NULL);
1477}
1478
1479
1480
1481
1482static int inode_has_perm(const struct cred *cred,
1483 struct inode *inode,
1484 u32 perms,
1485 struct avc_audit_data *adp)
1486{
1487 struct inode_security_struct *isec;
1488 struct avc_audit_data ad;
1489 u32 sid;
1490
1491 if (unlikely(IS_PRIVATE(inode)))
1492 return 0;
1493
1494 sid = cred_sid(cred);
1495 isec = inode->i_security;
1496
1497 if (!adp) {
1498 adp = &ad;
1499 AVC_AUDIT_DATA_INIT(&ad, FS);
1500 ad.u.fs.inode = inode;
1501 }
1502
1503 return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);
1504}
1505
1506
1507
1508
1509static inline int dentry_has_perm(const struct cred *cred,
1510 struct vfsmount *mnt,
1511 struct dentry *dentry,
1512 u32 av)
1513{
1514 struct inode *inode = dentry->d_inode;
1515 struct avc_audit_data ad;
1516
1517 AVC_AUDIT_DATA_INIT(&ad, FS);
1518 ad.u.fs.path.mnt = mnt;
1519 ad.u.fs.path.dentry = dentry;
1520 return inode_has_perm(cred, inode, av, &ad);
1521}
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531static int file_has_perm(const struct cred *cred,
1532 struct file *file,
1533 u32 av)
1534{
1535 struct file_security_struct *fsec = file->f_security;
1536 struct inode *inode = file->f_path.dentry->d_inode;
1537 struct avc_audit_data ad;
1538 u32 sid = cred_sid(cred);
1539 int rc;
1540
1541 AVC_AUDIT_DATA_INIT(&ad, FS);
1542 ad.u.fs.path = file->f_path;
1543
1544 if (sid != fsec->sid) {
1545 rc = avc_has_perm(sid, fsec->sid,
1546 SECCLASS_FD,
1547 FD__USE,
1548 &ad);
1549 if (rc)
1550 goto out;
1551 }
1552
1553
1554 rc = 0;
1555 if (av)
1556 rc = inode_has_perm(cred, inode, av, &ad);
1557
1558out:
1559 return rc;
1560}
1561
1562
1563static int may_create(struct inode *dir,
1564 struct dentry *dentry,
1565 u16 tclass)
1566{
1567 const struct cred *cred = current_cred();
1568 const struct task_security_struct *tsec = cred->security;
1569 struct inode_security_struct *dsec;
1570 struct superblock_security_struct *sbsec;
1571 u32 sid, newsid;
1572 struct avc_audit_data ad;
1573 int rc;
1574
1575 dsec = dir->i_security;
1576 sbsec = dir->i_sb->s_security;
1577
1578 sid = tsec->sid;
1579 newsid = tsec->create_sid;
1580
1581 AVC_AUDIT_DATA_INIT(&ad, FS);
1582 ad.u.fs.path.dentry = dentry;
1583
1584 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
1585 DIR__ADD_NAME | DIR__SEARCH,
1586 &ad);
1587 if (rc)
1588 return rc;
1589
1590 if (!newsid || sbsec->behavior == SECURITY_FS_USE_MNTPOINT) {
1591 rc = security_transition_sid(sid, dsec->sid, tclass, &newsid);
1592 if (rc)
1593 return rc;
1594 }
1595
1596 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);
1597 if (rc)
1598 return rc;
1599
1600 return avc_has_perm(newsid, sbsec->sid,
1601 SECCLASS_FILESYSTEM,
1602 FILESYSTEM__ASSOCIATE, &ad);
1603}
1604
1605
1606static int may_create_key(u32 ksid,
1607 struct task_struct *ctx)
1608{
1609 u32 sid = task_sid(ctx);
1610
1611 return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1612}
1613
1614#define MAY_LINK 0
1615#define MAY_UNLINK 1
1616#define MAY_RMDIR 2
1617
1618
1619static int may_link(struct inode *dir,
1620 struct dentry *dentry,
1621 int kind)
1622
1623{
1624 struct inode_security_struct *dsec, *isec;
1625 struct avc_audit_data ad;
1626 u32 sid = current_sid();
1627 u32 av;
1628 int rc;
1629
1630 dsec = dir->i_security;
1631 isec = dentry->d_inode->i_security;
1632
1633 AVC_AUDIT_DATA_INIT(&ad, FS);
1634 ad.u.fs.path.dentry = dentry;
1635
1636 av = DIR__SEARCH;
1637 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1638 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);
1639 if (rc)
1640 return rc;
1641
1642 switch (kind) {
1643 case MAY_LINK:
1644 av = FILE__LINK;
1645 break;
1646 case MAY_UNLINK:
1647 av = FILE__UNLINK;
1648 break;
1649 case MAY_RMDIR:
1650 av = DIR__RMDIR;
1651 break;
1652 default:
1653 printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
1654 __func__, kind);
1655 return 0;
1656 }
1657
1658 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);
1659 return rc;
1660}
1661
1662static inline int may_rename(struct inode *old_dir,
1663 struct dentry *old_dentry,
1664 struct inode *new_dir,
1665 struct dentry *new_dentry)
1666{
1667 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1668 struct avc_audit_data ad;
1669 u32 sid = current_sid();
1670 u32 av;
1671 int old_is_dir, new_is_dir;
1672 int rc;
1673
1674 old_dsec = old_dir->i_security;
1675 old_isec = old_dentry->d_inode->i_security;
1676 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
1677 new_dsec = new_dir->i_security;
1678
1679 AVC_AUDIT_DATA_INIT(&ad, FS);
1680
1681 ad.u.fs.path.dentry = old_dentry;
1682 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
1683 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1684 if (rc)
1685 return rc;
1686 rc = avc_has_perm(sid, old_isec->sid,
1687 old_isec->sclass, FILE__RENAME, &ad);
1688 if (rc)
1689 return rc;
1690 if (old_is_dir && new_dir != old_dir) {
1691 rc = avc_has_perm(sid, old_isec->sid,
1692 old_isec->sclass, DIR__REPARENT, &ad);
1693 if (rc)
1694 return rc;
1695 }
1696
1697 ad.u.fs.path.dentry = new_dentry;
1698 av = DIR__ADD_NAME | DIR__SEARCH;
1699 if (new_dentry->d_inode)
1700 av |= DIR__REMOVE_NAME;
1701 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1702 if (rc)
1703 return rc;
1704 if (new_dentry->d_inode) {
1705 new_isec = new_dentry->d_inode->i_security;
1706 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
1707 rc = avc_has_perm(sid, new_isec->sid,
1708 new_isec->sclass,
1709 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1710 if (rc)
1711 return rc;
1712 }
1713
1714 return 0;
1715}
1716
1717
1718static int superblock_has_perm(const struct cred *cred,
1719 struct super_block *sb,
1720 u32 perms,
1721 struct avc_audit_data *ad)
1722{
1723 struct superblock_security_struct *sbsec;
1724 u32 sid = cred_sid(cred);
1725
1726 sbsec = sb->s_security;
1727 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
1728}
1729
1730
1731static inline u32 file_mask_to_av(int mode, int mask)
1732{
1733 u32 av = 0;
1734
1735 if ((mode & S_IFMT) != S_IFDIR) {
1736 if (mask & MAY_EXEC)
1737 av |= FILE__EXECUTE;
1738 if (mask & MAY_READ)
1739 av |= FILE__READ;
1740
1741 if (mask & MAY_APPEND)
1742 av |= FILE__APPEND;
1743 else if (mask & MAY_WRITE)
1744 av |= FILE__WRITE;
1745
1746 } else {
1747 if (mask & MAY_EXEC)
1748 av |= DIR__SEARCH;
1749 if (mask & MAY_WRITE)
1750 av |= DIR__WRITE;
1751 if (mask & MAY_READ)
1752 av |= DIR__READ;
1753 }
1754
1755 return av;
1756}
1757
1758
1759static inline u32 file_to_av(struct file *file)
1760{
1761 u32 av = 0;
1762
1763 if (file->f_mode & FMODE_READ)
1764 av |= FILE__READ;
1765 if (file->f_mode & FMODE_WRITE) {
1766 if (file->f_flags & O_APPEND)
1767 av |= FILE__APPEND;
1768 else
1769 av |= FILE__WRITE;
1770 }
1771 if (!av) {
1772
1773
1774
1775 av = FILE__IOCTL;
1776 }
1777
1778 return av;
1779}
1780
1781
1782
1783
1784
1785static inline u32 open_file_to_av(struct file *file)
1786{
1787 u32 av = file_to_av(file);
1788
1789 if (selinux_policycap_openperm) {
1790 mode_t mode = file->f_path.dentry->d_inode->i_mode;
1791
1792
1793
1794 if (S_ISREG(mode))
1795 av |= FILE__OPEN;
1796 else if (S_ISCHR(mode))
1797 av |= CHR_FILE__OPEN;
1798 else if (S_ISBLK(mode))
1799 av |= BLK_FILE__OPEN;
1800 else if (S_ISFIFO(mode))
1801 av |= FIFO_FILE__OPEN;
1802 else if (S_ISDIR(mode))
1803 av |= DIR__OPEN;
1804 else
1805 printk(KERN_ERR "SELinux: WARNING: inside %s with "
1806 "unknown mode:%o\n", __func__, mode);
1807 }
1808 return av;
1809}
1810
1811
1812
1813static int selinux_ptrace_may_access(struct task_struct *child,
1814 unsigned int mode)
1815{
1816 int rc;
1817
1818 rc = secondary_ops->ptrace_may_access(child, mode);
1819 if (rc)
1820 return rc;
1821
1822 if (mode == PTRACE_MODE_READ) {
1823 u32 sid = current_sid();
1824 u32 csid = task_sid(child);
1825 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
1826 }
1827
1828 return current_has_perm(child, PROCESS__PTRACE);
1829}
1830
1831static int selinux_ptrace_traceme(struct task_struct *parent)
1832{
1833 int rc;
1834
1835 rc = secondary_ops->ptrace_traceme(parent);
1836 if (rc)
1837 return rc;
1838
1839 return task_has_perm(parent, current, PROCESS__PTRACE);
1840}
1841
1842static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
1843 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1844{
1845 int error;
1846
1847 error = current_has_perm(target, PROCESS__GETCAP);
1848 if (error)
1849 return error;
1850
1851 return secondary_ops->capget(target, effective, inheritable, permitted);
1852}
1853
1854static int selinux_capset(struct cred *new, const struct cred *old,
1855 const kernel_cap_t *effective,
1856 const kernel_cap_t *inheritable,
1857 const kernel_cap_t *permitted)
1858{
1859 int error;
1860
1861 error = secondary_ops->capset(new, old,
1862 effective, inheritable, permitted);
1863 if (error)
1864 return error;
1865
1866 return cred_has_perm(old, new, PROCESS__SETCAP);
1867}
1868
1869static int selinux_capable(struct task_struct *tsk, const struct cred *cred,
1870 int cap, int audit)
1871{
1872 int rc;
1873
1874 rc = secondary_ops->capable(tsk, cred, cap, audit);
1875 if (rc)
1876 return rc;
1877
1878 return task_has_capability(tsk, cred, cap, audit);
1879}
1880
1881static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid)
1882{
1883 int buflen, rc;
1884 char *buffer, *path, *end;
1885
1886 rc = -ENOMEM;
1887 buffer = (char *)__get_free_page(GFP_KERNEL);
1888 if (!buffer)
1889 goto out;
1890
1891 buflen = PAGE_SIZE;
1892 end = buffer+buflen;
1893 *--end = '\0';
1894 buflen--;
1895 path = end-1;
1896 *path = '/';
1897 while (table) {
1898 const char *name = table->procname;
1899 size_t namelen = strlen(name);
1900 buflen -= namelen + 1;
1901 if (buflen < 0)
1902 goto out_free;
1903 end -= namelen;
1904 memcpy(end, name, namelen);
1905 *--end = '/';
1906 path = end;
1907 table = table->parent;
1908 }
1909 buflen -= 4;
1910 if (buflen < 0)
1911 goto out_free;
1912 end -= 4;
1913 memcpy(end, "/sys", 4);
1914 path = end;
1915 rc = security_genfs_sid("proc", path, tclass, sid);
1916out_free:
1917 free_page((unsigned long)buffer);
1918out:
1919 return rc;
1920}
1921
1922static int selinux_sysctl(ctl_table *table, int op)
1923{
1924 int error = 0;
1925 u32 av;
1926 u32 tsid, sid;
1927 int rc;
1928
1929 rc = secondary_ops->sysctl(table, op);
1930 if (rc)
1931 return rc;
1932
1933 sid = current_sid();
1934
1935 rc = selinux_sysctl_get_sid(table, (op == 0001) ?
1936 SECCLASS_DIR : SECCLASS_FILE, &tsid);
1937 if (rc) {
1938
1939 tsid = SECINITSID_SYSCTL;
1940 }
1941
1942
1943
1944 if (op == 001) {
1945 error = avc_has_perm(sid, tsid,
1946 SECCLASS_DIR, DIR__SEARCH, NULL);
1947 } else {
1948 av = 0;
1949 if (op & 004)
1950 av |= FILE__READ;
1951 if (op & 002)
1952 av |= FILE__WRITE;
1953 if (av)
1954 error = avc_has_perm(sid, tsid,
1955 SECCLASS_FILE, av, NULL);
1956 }
1957
1958 return error;
1959}
1960
1961static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1962{
1963 const struct cred *cred = current_cred();
1964 int rc = 0;
1965
1966 if (!sb)
1967 return 0;
1968
1969 switch (cmds) {
1970 case Q_SYNC:
1971 case Q_QUOTAON:
1972 case Q_QUOTAOFF:
1973 case Q_SETINFO:
1974 case Q_SETQUOTA:
1975 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
1976 break;
1977 case Q_GETFMT:
1978 case Q_GETINFO:
1979 case Q_GETQUOTA:
1980 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
1981 break;
1982 default:
1983 rc = 0;
1984 break;
1985 }
1986 return rc;
1987}
1988
1989static int selinux_quota_on(struct dentry *dentry)
1990{
1991 const struct cred *cred = current_cred();
1992
1993 return dentry_has_perm(cred, NULL, dentry, FILE__QUOTAON);
1994}
1995
1996static int selinux_syslog(int type)
1997{
1998 int rc;
1999
2000 rc = secondary_ops->syslog(type);
2001 if (rc)
2002 return rc;
2003
2004 switch (type) {
2005 case 3:
2006 case 10:
2007 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
2008 break;
2009 case 6:
2010 case 7:
2011 case 8:
2012 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
2013 break;
2014 case 0:
2015 case 1:
2016 case 2:
2017 case 4:
2018 case 5:
2019 default:
2020 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
2021 break;
2022 }
2023 return rc;
2024}
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
2039{
2040 int rc, cap_sys_admin = 0;
2041
2042 rc = selinux_capable(current, current_cred(), CAP_SYS_ADMIN,
2043 SECURITY_CAP_NOAUDIT);
2044 if (rc == 0)
2045 cap_sys_admin = 1;
2046
2047 return __vm_enough_memory(mm, pages, cap_sys_admin);
2048}
2049
2050
2051
2052static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2053{
2054 const struct task_security_struct *old_tsec;
2055 struct task_security_struct *new_tsec;
2056 struct inode_security_struct *isec;
2057 struct avc_audit_data ad;
2058 struct inode *inode = bprm->file->f_path.dentry->d_inode;
2059 int rc;
2060
2061 rc = secondary_ops->bprm_set_creds(bprm);
2062 if (rc)
2063 return rc;
2064
2065
2066
2067 if (bprm->cred_prepared)
2068 return 0;
2069
2070 old_tsec = current_security();
2071 new_tsec = bprm->cred->security;
2072 isec = inode->i_security;
2073
2074
2075 new_tsec->sid = old_tsec->sid;
2076 new_tsec->osid = old_tsec->sid;
2077
2078
2079 new_tsec->create_sid = 0;
2080 new_tsec->keycreate_sid = 0;
2081 new_tsec->sockcreate_sid = 0;
2082
2083 if (old_tsec->exec_sid) {
2084 new_tsec->sid = old_tsec->exec_sid;
2085
2086 new_tsec->exec_sid = 0;
2087 } else {
2088
2089 rc = security_transition_sid(old_tsec->sid, isec->sid,
2090 SECCLASS_PROCESS, &new_tsec->sid);
2091 if (rc)
2092 return rc;
2093 }
2094
2095 AVC_AUDIT_DATA_INIT(&ad, FS);
2096 ad.u.fs.path = bprm->file->f_path;
2097
2098 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
2099 new_tsec->sid = old_tsec->sid;
2100
2101 if (new_tsec->sid == old_tsec->sid) {
2102 rc = avc_has_perm(old_tsec->sid, isec->sid,
2103 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2104 if (rc)
2105 return rc;
2106 } else {
2107
2108 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2109 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2110 if (rc)
2111 return rc;
2112
2113 rc = avc_has_perm(new_tsec->sid, isec->sid,
2114 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2115 if (rc)
2116 return rc;
2117
2118
2119 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2120 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2121 SECCLASS_PROCESS, PROCESS__SHARE,
2122 NULL);
2123 if (rc)
2124 return -EPERM;
2125 }
2126
2127
2128
2129 if (bprm->unsafe &
2130 (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
2131 struct task_struct *tracer;
2132 struct task_security_struct *sec;
2133 u32 ptsid = 0;
2134
2135 rcu_read_lock();
2136 tracer = tracehook_tracer_task(current);
2137 if (likely(tracer != NULL)) {
2138 sec = __task_cred(tracer)->security;
2139 ptsid = sec->sid;
2140 }
2141 rcu_read_unlock();
2142
2143 if (ptsid != 0) {
2144 rc = avc_has_perm(ptsid, new_tsec->sid,
2145 SECCLASS_PROCESS,
2146 PROCESS__PTRACE, NULL);
2147 if (rc)
2148 return -EPERM;
2149 }
2150 }
2151
2152
2153 bprm->per_clear |= PER_CLEAR_ON_SETID;
2154 }
2155
2156 return 0;
2157}
2158
2159static int selinux_bprm_check_security(struct linux_binprm *bprm)
2160{
2161 return secondary_ops->bprm_check_security(bprm);
2162}
2163
2164static int selinux_bprm_secureexec(struct linux_binprm *bprm)
2165{
2166 const struct cred *cred = current_cred();
2167 const struct task_security_struct *tsec = cred->security;
2168 u32 sid, osid;
2169 int atsecure = 0;
2170
2171 sid = tsec->sid;
2172 osid = tsec->osid;
2173
2174 if (osid != sid) {
2175
2176
2177
2178 atsecure = avc_has_perm(osid, sid,
2179 SECCLASS_PROCESS,
2180 PROCESS__NOATSECURE, NULL);
2181 }
2182
2183 return (atsecure || secondary_ops->bprm_secureexec(bprm));
2184}
2185
2186extern struct vfsmount *selinuxfs_mount;
2187extern struct dentry *selinux_null;
2188
2189
2190static inline void flush_unauthorized_files(const struct cred *cred,
2191 struct files_struct *files)
2192{
2193 struct avc_audit_data ad;
2194 struct file *file, *devnull = NULL;
2195 struct tty_struct *tty;
2196 struct fdtable *fdt;
2197 long j = -1;
2198 int drop_tty = 0;
2199
2200 tty = get_current_tty();
2201 if (tty) {
2202 file_list_lock();
2203 if (!list_empty(&tty->tty_files)) {
2204 struct inode *inode;
2205
2206
2207
2208
2209
2210
2211 file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list);
2212 inode = file->f_path.dentry->d_inode;
2213 if (inode_has_perm(cred, inode,
2214 FILE__READ | FILE__WRITE, NULL)) {
2215 drop_tty = 1;
2216 }
2217 }
2218 file_list_unlock();
2219 tty_kref_put(tty);
2220 }
2221
2222 if (drop_tty)
2223 no_tty();
2224
2225
2226
2227 AVC_AUDIT_DATA_INIT(&ad, FS);
2228
2229 spin_lock(&files->file_lock);
2230 for (;;) {
2231 unsigned long set, i;
2232 int fd;
2233
2234 j++;
2235 i = j * __NFDBITS;
2236 fdt = files_fdtable(files);
2237 if (i >= fdt->max_fds)
2238 break;
2239 set = fdt->open_fds->fds_bits[j];
2240 if (!set)
2241 continue;
2242 spin_unlock(&files->file_lock);
2243 for ( ; set ; i++, set >>= 1) {
2244 if (set & 1) {
2245 file = fget(i);
2246 if (!file)
2247 continue;
2248 if (file_has_perm(cred,
2249 file,
2250 file_to_av(file))) {
2251 sys_close(i);
2252 fd = get_unused_fd();
2253 if (fd != i) {
2254 if (fd >= 0)
2255 put_unused_fd(fd);
2256 fput(file);
2257 continue;
2258 }
2259 if (devnull) {
2260 get_file(devnull);
2261 } else {
2262 devnull = dentry_open(
2263 dget(selinux_null),
2264 mntget(selinuxfs_mount),
2265 O_RDWR, cred);
2266 if (IS_ERR(devnull)) {
2267 devnull = NULL;
2268 put_unused_fd(fd);
2269 fput(file);
2270 continue;
2271 }
2272 }
2273 fd_install(fd, devnull);
2274 }
2275 fput(file);
2276 }
2277 }
2278 spin_lock(&files->file_lock);
2279
2280 }
2281 spin_unlock(&files->file_lock);
2282}
2283
2284
2285
2286
2287static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2288{
2289 struct task_security_struct *new_tsec;
2290 struct rlimit *rlim, *initrlim;
2291 int rc, i;
2292
2293 secondary_ops->bprm_committing_creds(bprm);
2294
2295 new_tsec = bprm->cred->security;
2296 if (new_tsec->sid == new_tsec->osid)
2297 return;
2298
2299
2300 flush_unauthorized_files(bprm->cred, current->files);
2301
2302
2303 current->pdeath_signal = 0;
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2316 PROCESS__RLIMITINH, NULL);
2317 if (rc) {
2318 for (i = 0; i < RLIM_NLIMITS; i++) {
2319 rlim = current->signal->rlim + i;
2320 initrlim = init_task.signal->rlim + i;
2321 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2322 }
2323 update_rlimit_cpu(rlim->rlim_cur);
2324 }
2325}
2326
2327
2328
2329
2330
2331static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2332{
2333 const struct task_security_struct *tsec = current_security();
2334 struct itimerval itimer;
2335 struct sighand_struct *psig;
2336 u32 osid, sid;
2337 int rc, i;
2338 unsigned long flags;
2339
2340 secondary_ops->bprm_committed_creds(bprm);
2341
2342 osid = tsec->osid;
2343 sid = tsec->sid;
2344
2345 if (sid == osid)
2346 return;
2347
2348
2349
2350
2351
2352
2353
2354
2355 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2356 if (rc) {
2357 memset(&itimer, 0, sizeof itimer);
2358 for (i = 0; i < 3; i++)
2359 do_setitimer(i, &itimer, NULL);
2360 flush_signals(current);
2361 spin_lock_irq(¤t->sighand->siglock);
2362 flush_signal_handlers(current, 1);
2363 sigemptyset(¤t->blocked);
2364 recalc_sigpending();
2365 spin_unlock_irq(¤t->sighand->siglock);
2366 }
2367
2368
2369
2370 read_lock_irq(&tasklist_lock);
2371 psig = current->parent->sighand;
2372 spin_lock_irqsave(&psig->siglock, flags);
2373 wake_up_interruptible(¤t->parent->signal->wait_chldexit);
2374 spin_unlock_irqrestore(&psig->siglock, flags);
2375 read_unlock_irq(&tasklist_lock);
2376}
2377
2378
2379
2380static int selinux_sb_alloc_security(struct super_block *sb)
2381{
2382 return superblock_alloc_security(sb);
2383}
2384
2385static void selinux_sb_free_security(struct super_block *sb)
2386{
2387 superblock_free_security(sb);
2388}
2389
2390static inline int match_prefix(char *prefix, int plen, char *option, int olen)
2391{
2392 if (plen > olen)
2393 return 0;
2394
2395 return !memcmp(prefix, option, plen);
2396}
2397
2398static inline int selinux_option(char *option, int len)
2399{
2400 return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) ||
2401 match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) ||
2402 match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) ||
2403 match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len));
2404}
2405
2406static inline void take_option(char **to, char *from, int *first, int len)
2407{
2408 if (!*first) {
2409 **to = ',';
2410 *to += 1;
2411 } else
2412 *first = 0;
2413 memcpy(*to, from, len);
2414 *to += len;
2415}
2416
2417static inline void take_selinux_option(char **to, char *from, int *first,
2418 int len)
2419{
2420 int current_size = 0;
2421
2422 if (!*first) {
2423 **to = '|';
2424 *to += 1;
2425 } else
2426 *first = 0;
2427
2428 while (current_size < len) {
2429 if (*from != '"') {
2430 **to = *from;
2431 *to += 1;
2432 }
2433 from += 1;
2434 current_size += 1;
2435 }
2436}
2437
2438static int selinux_sb_copy_data(char *orig, char *copy)
2439{
2440 int fnosec, fsec, rc = 0;
2441 char *in_save, *in_curr, *in_end;
2442 char *sec_curr, *nosec_save, *nosec;
2443 int open_quote = 0;
2444
2445 in_curr = orig;
2446 sec_curr = copy;
2447
2448 nosec = (char *)get_zeroed_page(GFP_KERNEL);
2449 if (!nosec) {
2450 rc = -ENOMEM;
2451 goto out;
2452 }
2453
2454 nosec_save = nosec;
2455 fnosec = fsec = 1;
2456 in_save = in_end = orig;
2457
2458 do {
2459 if (*in_end == '"')
2460 open_quote = !open_quote;
2461 if ((*in_end == ',' && open_quote == 0) ||
2462 *in_end == '\0') {
2463 int len = in_end - in_curr;
2464
2465 if (selinux_option(in_curr, len))
2466 take_selinux_option(&sec_curr, in_curr, &fsec, len);
2467 else
2468 take_option(&nosec, in_curr, &fnosec, len);
2469
2470 in_curr = in_end + 1;
2471 }
2472 } while (*in_end++);
2473
2474 strcpy(in_save, nosec_save);
2475 free_page((unsigned long)nosec_save);
2476out:
2477 return rc;
2478}
2479
2480static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2481{
2482 const struct cred *cred = current_cred();
2483 struct avc_audit_data ad;
2484 int rc;
2485
2486 rc = superblock_doinit(sb, data);
2487 if (rc)
2488 return rc;
2489
2490
2491 if (flags & MS_KERNMOUNT)
2492 return 0;
2493
2494 AVC_AUDIT_DATA_INIT(&ad, FS);
2495 ad.u.fs.path.dentry = sb->s_root;
2496 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2497}
2498
2499static int selinux_sb_statfs(struct dentry *dentry)
2500{
2501 const struct cred *cred = current_cred();
2502 struct avc_audit_data ad;
2503
2504 AVC_AUDIT_DATA_INIT(&ad, FS);
2505 ad.u.fs.path.dentry = dentry->d_sb->s_root;
2506 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2507}
2508
2509static int selinux_mount(char *dev_name,
2510 struct path *path,
2511 char *type,
2512 unsigned long flags,
2513 void *data)
2514{
2515 const struct cred *cred = current_cred();
2516 int rc;
2517
2518 rc = secondary_ops->sb_mount(dev_name, path, type, flags, data);
2519 if (rc)
2520 return rc;
2521
2522 if (flags & MS_REMOUNT)
2523 return superblock_has_perm(cred, path->mnt->mnt_sb,
2524 FILESYSTEM__REMOUNT, NULL);
2525 else
2526 return dentry_has_perm(cred, path->mnt, path->dentry,
2527 FILE__MOUNTON);
2528}
2529
2530static int selinux_umount(struct vfsmount *mnt, int flags)
2531{
2532 const struct cred *cred = current_cred();
2533 int rc;
2534
2535 rc = secondary_ops->sb_umount(mnt, flags);
2536 if (rc)
2537 return rc;
2538
2539 return superblock_has_perm(cred, mnt->mnt_sb,
2540 FILESYSTEM__UNMOUNT, NULL);
2541}
2542
2543
2544
2545static int selinux_inode_alloc_security(struct inode *inode)
2546{
2547 return inode_alloc_security(inode);
2548}
2549
2550static void selinux_inode_free_security(struct inode *inode)
2551{
2552 inode_free_security(inode);
2553}
2554
2555static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2556 char **name, void **value,
2557 size_t *len)
2558{
2559 const struct cred *cred = current_cred();
2560 const struct task_security_struct *tsec = cred->security;
2561 struct inode_security_struct *dsec;
2562 struct superblock_security_struct *sbsec;
2563 u32 sid, newsid, clen;
2564 int rc;
2565 char *namep = NULL, *context;
2566
2567 dsec = dir->i_security;
2568 sbsec = dir->i_sb->s_security;
2569
2570 sid = tsec->sid;
2571 newsid = tsec->create_sid;
2572
2573 if (!newsid || sbsec->behavior == SECURITY_FS_USE_MNTPOINT) {
2574 rc = security_transition_sid(sid, dsec->sid,
2575 inode_mode_to_security_class(inode->i_mode),
2576 &newsid);
2577 if (rc) {
2578 printk(KERN_WARNING "%s: "
2579 "security_transition_sid failed, rc=%d (dev=%s "
2580 "ino=%ld)\n",
2581 __func__,
2582 -rc, inode->i_sb->s_id, inode->i_ino);
2583 return rc;
2584 }
2585 }
2586
2587
2588 if (sbsec->initialized) {
2589 struct inode_security_struct *isec = inode->i_security;
2590 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2591 isec->sid = newsid;
2592 isec->initialized = 1;
2593 }
2594
2595 if (!ss_initialized || sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
2596 return -EOPNOTSUPP;
2597
2598 if (name) {
2599 namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS);
2600 if (!namep)
2601 return -ENOMEM;
2602 *name = namep;
2603 }
2604
2605 if (value && len) {
2606 rc = security_sid_to_context_force(newsid, &context, &clen);
2607 if (rc) {
2608 kfree(namep);
2609 return rc;
2610 }
2611 *value = context;
2612 *len = clen;
2613 }
2614
2615 return 0;
2616}
2617
2618static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask)
2619{
2620 return may_create(dir, dentry, SECCLASS_FILE);
2621}
2622
2623static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2624{
2625 int rc;
2626
2627 rc = secondary_ops->inode_link(old_dentry, dir, new_dentry);
2628 if (rc)
2629 return rc;
2630 return may_link(dir, old_dentry, MAY_LINK);
2631}
2632
2633static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2634{
2635 int rc;
2636
2637 rc = secondary_ops->inode_unlink(dir, dentry);
2638 if (rc)
2639 return rc;
2640 return may_link(dir, dentry, MAY_UNLINK);
2641}
2642
2643static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2644{
2645 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2646}
2647
2648static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask)
2649{
2650 return may_create(dir, dentry, SECCLASS_DIR);
2651}
2652
2653static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2654{
2655 return may_link(dir, dentry, MAY_RMDIR);
2656}
2657
2658static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
2659{
2660 int rc;
2661
2662 rc = secondary_ops->inode_mknod(dir, dentry, mode, dev);
2663 if (rc)
2664 return rc;
2665
2666 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2667}
2668
2669static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2670 struct inode *new_inode, struct dentry *new_dentry)
2671{
2672 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2673}
2674
2675static int selinux_inode_readlink(struct dentry *dentry)
2676{
2677 const struct cred *cred = current_cred();
2678
2679 return dentry_has_perm(cred, NULL, dentry, FILE__READ);
2680}
2681
2682static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
2683{
2684 const struct cred *cred = current_cred();
2685 int rc;
2686
2687 rc = secondary_ops->inode_follow_link(dentry, nameidata);
2688 if (rc)
2689 return rc;
2690 return dentry_has_perm(cred, NULL, dentry, FILE__READ);
2691}
2692
2693static int selinux_inode_permission(struct inode *inode, int mask)
2694{
2695 const struct cred *cred = current_cred();
2696 int rc;
2697
2698 rc = secondary_ops->inode_permission(inode, mask);
2699 if (rc)
2700 return rc;
2701
2702 if (!mask) {
2703
2704 return 0;
2705 }
2706
2707 return inode_has_perm(cred, inode,
2708 file_mask_to_av(inode->i_mode, mask), NULL);
2709}
2710
2711static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2712{
2713 const struct cred *cred = current_cred();
2714 int rc;
2715
2716 rc = secondary_ops->inode_setattr(dentry, iattr);
2717 if (rc)
2718 return rc;
2719
2720 if (iattr->ia_valid & ATTR_FORCE)
2721 return 0;
2722
2723 if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
2724 ATTR_ATIME_SET | ATTR_MTIME_SET))
2725 return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR);
2726
2727 return dentry_has_perm(cred, NULL, dentry, FILE__WRITE);
2728}
2729
2730static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
2731{
2732 const struct cred *cred = current_cred();
2733
2734 return dentry_has_perm(cred, mnt, dentry, FILE__GETATTR);
2735}
2736
2737static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
2738{
2739 const struct cred *cred = current_cred();
2740
2741 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2742 sizeof XATTR_SECURITY_PREFIX - 1)) {
2743 if (!strcmp(name, XATTR_NAME_CAPS)) {
2744 if (!capable(CAP_SETFCAP))
2745 return -EPERM;
2746 } else if (!capable(CAP_SYS_ADMIN)) {
2747
2748
2749 return -EPERM;
2750 }
2751 }
2752
2753
2754
2755 return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR);
2756}
2757
2758static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2759 const void *value, size_t size, int flags)
2760{
2761 struct inode *inode = dentry->d_inode;
2762 struct inode_security_struct *isec = inode->i_security;
2763 struct superblock_security_struct *sbsec;
2764 struct avc_audit_data ad;
2765 u32 newsid, sid = current_sid();
2766 int rc = 0;
2767
2768 if (strcmp(name, XATTR_NAME_SELINUX))
2769 return selinux_inode_setotherxattr(dentry, name);
2770
2771 sbsec = inode->i_sb->s_security;
2772 if (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
2773 return -EOPNOTSUPP;
2774
2775 if (!is_owner_or_cap(inode))
2776 return -EPERM;
2777
2778 AVC_AUDIT_DATA_INIT(&ad, FS);
2779 ad.u.fs.path.dentry = dentry;
2780
2781 rc = avc_has_perm(sid, isec->sid, isec->sclass,
2782 FILE__RELABELFROM, &ad);
2783 if (rc)
2784 return rc;
2785
2786 rc = security_context_to_sid(value, size, &newsid);
2787 if (rc == -EINVAL) {
2788 if (!capable(CAP_MAC_ADMIN))
2789 return rc;
2790 rc = security_context_to_sid_force(value, size, &newsid);
2791 }
2792 if (rc)
2793 return rc;
2794
2795 rc = avc_has_perm(sid, newsid, isec->sclass,
2796 FILE__RELABELTO, &ad);
2797 if (rc)
2798 return rc;
2799
2800 rc = security_validate_transition(isec->sid, newsid, sid,
2801 isec->sclass);
2802 if (rc)
2803 return rc;
2804
2805 return avc_has_perm(newsid,
2806 sbsec->sid,
2807 SECCLASS_FILESYSTEM,
2808 FILESYSTEM__ASSOCIATE,
2809 &ad);
2810}
2811
2812static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
2813 const void *value, size_t size,
2814 int flags)
2815{
2816 struct inode *inode = dentry->d_inode;
2817 struct inode_security_struct *isec = inode->i_security;
2818 u32 newsid;
2819 int rc;
2820
2821 if (strcmp(name, XATTR_NAME_SELINUX)) {
2822
2823 return;
2824 }
2825
2826 rc = security_context_to_sid_force(value, size, &newsid);
2827 if (rc) {
2828 printk(KERN_ERR "SELinux: unable to map context to SID"
2829 "for (%s, %lu), rc=%d\n",
2830 inode->i_sb->s_id, inode->i_ino, -rc);
2831 return;
2832 }
2833
2834 isec->sid = newsid;
2835 return;
2836}
2837
2838static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
2839{
2840 const struct cred *cred = current_cred();
2841
2842 return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR);
2843}
2844
2845static int selinux_inode_listxattr(struct dentry *dentry)
2846{
2847 const struct cred *cred = current_cred();
2848
2849 return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR);
2850}
2851
2852static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
2853{
2854 if (strcmp(name, XATTR_NAME_SELINUX))
2855 return selinux_inode_setotherxattr(dentry, name);
2856
2857
2858
2859 return -EACCES;
2860}
2861
2862
2863
2864
2865
2866
2867static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
2868{
2869 u32 size;
2870 int error;
2871 char *context = NULL;
2872 struct inode_security_struct *isec = inode->i_security;
2873
2874 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2875 return -EOPNOTSUPP;
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
2886 error = selinux_capable(current, current_cred(), CAP_MAC_ADMIN,
2887 SECURITY_CAP_NOAUDIT);
2888 if (!error)
2889 error = security_sid_to_context_force(isec->sid, &context,
2890 &size);
2891 else
2892 error = security_sid_to_context(isec->sid, &context, &size);
2893 if (error)
2894 return error;
2895 error = size;
2896 if (alloc) {
2897 *buffer = context;
2898 goto out_nofree;
2899 }
2900 kfree(context);
2901out_nofree:
2902 return error;
2903}
2904
2905static int selinux_inode_setsecurity(struct inode *inode, const char *name,
2906 const void *value, size_t size, int flags)
2907{
2908 struct inode_security_struct *isec = inode->i_security;
2909 u32 newsid;
2910 int rc;
2911
2912 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2913 return -EOPNOTSUPP;
2914
2915 if (!value || !size)
2916 return -EACCES;
2917
2918 rc = security_context_to_sid((void *)value, size, &newsid);
2919 if (rc)
2920 return rc;
2921
2922 isec->sid = newsid;
2923 return 0;
2924}
2925
2926static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
2927{
2928 const int len = sizeof(XATTR_NAME_SELINUX);
2929 if (buffer && len <= buffer_size)
2930 memcpy(buffer, XATTR_NAME_SELINUX, len);
2931 return len;
2932}
2933
2934static int selinux_inode_need_killpriv(struct dentry *dentry)
2935{
2936 return secondary_ops->inode_need_killpriv(dentry);
2937}
2938
2939static int selinux_inode_killpriv(struct dentry *dentry)
2940{
2941 return secondary_ops->inode_killpriv(dentry);
2942}
2943
2944static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
2945{
2946 struct inode_security_struct *isec = inode->i_security;
2947 *secid = isec->sid;
2948}
2949
2950
2951
2952static int selinux_revalidate_file_permission(struct file *file, int mask)
2953{
2954 const struct cred *cred = current_cred();
2955 int rc;
2956 struct inode *inode = file->f_path.dentry->d_inode;
2957
2958 if (!mask) {
2959
2960 return 0;
2961 }
2962
2963
2964 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
2965 mask |= MAY_APPEND;
2966
2967 rc = file_has_perm(cred, file,
2968 file_mask_to_av(inode->i_mode, mask));
2969 if (rc)
2970 return rc;
2971
2972 return selinux_netlbl_inode_permission(inode, mask);
2973}
2974
2975static int selinux_file_permission(struct file *file, int mask)
2976{
2977 struct inode *inode = file->f_path.dentry->d_inode;
2978 struct file_security_struct *fsec = file->f_security;
2979 struct inode_security_struct *isec = inode->i_security;
2980 u32 sid = current_sid();
2981
2982 if (!mask) {
2983
2984 return 0;
2985 }
2986
2987 if (sid == fsec->sid && fsec->isid == isec->sid
2988 && fsec->pseqno == avc_policy_seqno())
2989 return selinux_netlbl_inode_permission(inode, mask);
2990
2991 return selinux_revalidate_file_permission(file, mask);
2992}
2993
2994static int selinux_file_alloc_security(struct file *file)
2995{
2996 return file_alloc_security(file);
2997}
2998
2999static void selinux_file_free_security(struct file *file)
3000{
3001 file_free_security(file);
3002}
3003
3004static int selinux_file_ioctl(struct file *file, unsigned int cmd,
3005 unsigned long arg)
3006{
3007 const struct cred *cred = current_cred();
3008 u32 av = 0;
3009
3010 if (_IOC_DIR(cmd) & _IOC_WRITE)
3011 av |= FILE__WRITE;
3012 if (_IOC_DIR(cmd) & _IOC_READ)
3013 av |= FILE__READ;
3014 if (!av)
3015 av = FILE__IOCTL;
3016
3017 return file_has_perm(cred, file, av);
3018}
3019
3020static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
3021{
3022 const struct cred *cred = current_cred();
3023 int rc = 0;
3024
3025#ifndef CONFIG_PPC32
3026 if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
3027
3028
3029
3030
3031
3032 rc = cred_has_perm(cred, cred, PROCESS__EXECMEM);
3033 if (rc)
3034 goto error;
3035 }
3036#endif
3037
3038 if (file) {
3039
3040 u32 av = FILE__READ;
3041
3042
3043 if (shared && (prot & PROT_WRITE))
3044 av |= FILE__WRITE;
3045
3046 if (prot & PROT_EXEC)
3047 av |= FILE__EXECUTE;
3048
3049 return file_has_perm(cred, file, av);
3050 }
3051
3052error:
3053 return rc;
3054}
3055
3056static int selinux_file_mmap(struct file *file, unsigned long reqprot,
3057 unsigned long prot, unsigned long flags,
3058 unsigned long addr, unsigned long addr_only)
3059{
3060 int rc = 0;
3061 u32 sid = current_sid();
3062
3063 if (addr < mmap_min_addr)
3064 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
3065 MEMPROTECT__MMAP_ZERO, NULL);
3066 if (rc || addr_only)
3067 return rc;
3068
3069 if (selinux_checkreqprot)
3070 prot = reqprot;
3071
3072 return file_map_prot_check(file, prot,
3073 (flags & MAP_TYPE) == MAP_SHARED);
3074}
3075
3076static int selinux_file_mprotect(struct vm_area_struct *vma,
3077 unsigned long reqprot,
3078 unsigned long prot)
3079{
3080 const struct cred *cred = current_cred();
3081 int rc;
3082
3083 rc = secondary_ops->file_mprotect(vma, reqprot, prot);
3084 if (rc)
3085 return rc;
3086
3087 if (selinux_checkreqprot)
3088 prot = reqprot;
3089
3090#ifndef CONFIG_PPC32
3091 if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3092 rc = 0;
3093 if (vma->vm_start >= vma->vm_mm->start_brk &&
3094 vma->vm_end <= vma->vm_mm->brk) {
3095 rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP);
3096 } else if (!vma->vm_file &&
3097 vma->vm_start <= vma->vm_mm->start_stack &&
3098 vma->vm_end >= vma->vm_mm->start_stack) {
3099 rc = current_has_perm(current, PROCESS__EXECSTACK);
3100 } else if (vma->vm_file && vma->anon_vma) {
3101
3102
3103
3104
3105
3106
3107
3108 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3109 }
3110 if (rc)
3111 return rc;
3112 }
3113#endif
3114
3115 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3116}
3117
3118static int selinux_file_lock(struct file *file, unsigned int cmd)
3119{
3120 const struct cred *cred = current_cred();
3121
3122 return file_has_perm(cred, file, FILE__LOCK);
3123}
3124
3125static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3126 unsigned long arg)
3127{
3128 const struct cred *cred = current_cred();
3129 int err = 0;
3130
3131 switch (cmd) {
3132 case F_SETFL:
3133 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3134 err = -EINVAL;
3135 break;
3136 }
3137
3138 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3139 err = file_has_perm(cred, file, FILE__WRITE);
3140 break;
3141 }
3142
3143 case F_SETOWN:
3144 case F_SETSIG:
3145 case F_GETFL:
3146 case F_GETOWN:
3147 case F_GETSIG:
3148
3149 err = file_has_perm(cred, file, 0);
3150 break;
3151 case F_GETLK:
3152 case F_SETLK:
3153 case F_SETLKW:
3154#if BITS_PER_LONG == 32
3155 case F_GETLK64:
3156 case F_SETLK64:
3157 case F_SETLKW64:
3158#endif
3159 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3160 err = -EINVAL;
3161 break;
3162 }
3163 err = file_has_perm(cred, file, FILE__LOCK);
3164 break;
3165 }
3166
3167 return err;
3168}
3169
3170static int selinux_file_set_fowner(struct file *file)
3171{
3172 struct file_security_struct *fsec;
3173
3174 fsec = file->f_security;
3175 fsec->fown_sid = current_sid();
3176
3177 return 0;
3178}
3179
3180static int selinux_file_send_sigiotask(struct task_struct *tsk,
3181 struct fown_struct *fown, int signum)
3182{
3183 struct file *file;
3184 u32 sid = current_sid();
3185 u32 perm;
3186 struct file_security_struct *fsec;
3187
3188
3189 file = container_of(fown, struct file, f_owner);
3190
3191 fsec = file->f_security;
3192
3193 if (!signum)
3194 perm = signal_to_av(SIGIO);
3195 else
3196 perm = signal_to_av(signum);
3197
3198 return avc_has_perm(fsec->fown_sid, sid,
3199 SECCLASS_PROCESS, perm, NULL);
3200}
3201
3202static int selinux_file_receive(struct file *file)
3203{
3204 const struct cred *cred = current_cred();
3205
3206 return file_has_perm(cred, file, file_to_av(file));
3207}
3208
3209static int selinux_dentry_open(struct file *file, const struct cred *cred)
3210{
3211 struct file_security_struct *fsec;
3212 struct inode *inode;
3213 struct inode_security_struct *isec;
3214
3215 inode = file->f_path.dentry->d_inode;
3216 fsec = file->f_security;
3217 isec = inode->i_security;
3218
3219
3220
3221
3222
3223
3224
3225 fsec->isid = isec->sid;
3226 fsec->pseqno = avc_policy_seqno();
3227
3228
3229
3230
3231
3232
3233
3234
3235 return inode_has_perm(cred, inode, open_file_to_av(file), NULL);
3236}
3237
3238
3239
3240static int selinux_task_create(unsigned long clone_flags)
3241{
3242 int rc;
3243
3244 rc = secondary_ops->task_create(clone_flags);
3245 if (rc)
3246 return rc;
3247
3248 return current_has_perm(current, PROCESS__FORK);
3249}
3250
3251
3252
3253
3254static void selinux_cred_free(struct cred *cred)
3255{
3256 struct task_security_struct *tsec = cred->security;
3257 cred->security = NULL;
3258 kfree(tsec);
3259}
3260
3261
3262
3263
3264static int selinux_cred_prepare(struct cred *new, const struct cred *old,
3265 gfp_t gfp)
3266{
3267 const struct task_security_struct *old_tsec;
3268 struct task_security_struct *tsec;
3269
3270 old_tsec = old->security;
3271
3272 tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp);
3273 if (!tsec)
3274 return -ENOMEM;
3275
3276 new->security = tsec;
3277 return 0;
3278}
3279
3280
3281
3282
3283static void selinux_cred_commit(struct cred *new, const struct cred *old)
3284{
3285 secondary_ops->cred_commit(new, old);
3286}
3287
3288
3289
3290
3291
3292static int selinux_kernel_act_as(struct cred *new, u32 secid)
3293{
3294 struct task_security_struct *tsec = new->security;
3295 u32 sid = current_sid();
3296 int ret;
3297
3298 ret = avc_has_perm(sid, secid,
3299 SECCLASS_KERNEL_SERVICE,
3300 KERNEL_SERVICE__USE_AS_OVERRIDE,
3301 NULL);
3302 if (ret == 0) {
3303 tsec->sid = secid;
3304 tsec->create_sid = 0;
3305 tsec->keycreate_sid = 0;
3306 tsec->sockcreate_sid = 0;
3307 }
3308 return ret;
3309}
3310
3311
3312
3313
3314
3315static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3316{
3317 struct inode_security_struct *isec = inode->i_security;
3318 struct task_security_struct *tsec = new->security;
3319 u32 sid = current_sid();
3320 int ret;
3321
3322 ret = avc_has_perm(sid, isec->sid,
3323 SECCLASS_KERNEL_SERVICE,
3324 KERNEL_SERVICE__CREATE_FILES_AS,
3325 NULL);
3326
3327 if (ret == 0)
3328 tsec->create_sid = isec->sid;
3329 return 0;
3330}
3331
3332static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
3333{
3334
3335
3336
3337
3338
3339
3340 return 0;
3341}
3342
3343static int selinux_task_fix_setuid(struct cred *new, const struct cred *old,
3344 int flags)
3345{
3346 return secondary_ops->task_fix_setuid(new, old, flags);
3347}
3348
3349static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags)
3350{
3351
3352 return 0;
3353}
3354
3355static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
3356{
3357 return current_has_perm(p, PROCESS__SETPGID);
3358}
3359
3360static int selinux_task_getpgid(struct task_struct *p)
3361{
3362 return current_has_perm(p, PROCESS__GETPGID);
3363}
3364
3365static int selinux_task_getsid(struct task_struct *p)
3366{
3367 return current_has_perm(p, PROCESS__GETSESSION);
3368}
3369
3370static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
3371{
3372 *secid = task_sid(p);
3373}
3374
3375static int selinux_task_setgroups(struct group_info *group_info)
3376{
3377
3378 return 0;
3379}
3380
3381static int selinux_task_setnice(struct task_struct *p, int nice)
3382{
3383 int rc;
3384
3385 rc = secondary_ops->task_setnice(p, nice);
3386 if (rc)
3387 return rc;
3388
3389 return current_has_perm(p, PROCESS__SETSCHED);
3390}
3391
3392static int selinux_task_setioprio(struct task_struct *p, int ioprio)
3393{
3394 int rc;
3395
3396 rc = secondary_ops->task_setioprio(p, ioprio);
3397 if (rc)
3398 return rc;
3399
3400 return current_has_perm(p, PROCESS__SETSCHED);
3401}
3402
3403static int selinux_task_getioprio(struct task_struct *p)
3404{
3405 return current_has_perm(p, PROCESS__GETSCHED);
3406}
3407
3408static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim)
3409{
3410 struct rlimit *old_rlim = current->signal->rlim + resource;
3411 int rc;
3412
3413 rc = secondary_ops->task_setrlimit(resource, new_rlim);
3414 if (rc)
3415 return rc;
3416
3417
3418
3419
3420
3421 if (old_rlim->rlim_max != new_rlim->rlim_max)
3422 return current_has_perm(current, PROCESS__SETRLIMIT);
3423
3424 return 0;
3425}
3426
3427static int selinux_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp)
3428{
3429 int rc;
3430
3431 rc = secondary_ops->task_setscheduler(p, policy, lp);
3432 if (rc)
3433 return rc;
3434
3435 return current_has_perm(p, PROCESS__SETSCHED);
3436}
3437
3438static int selinux_task_getscheduler(struct task_struct *p)
3439{
3440 return current_has_perm(p, PROCESS__GETSCHED);
3441}
3442
3443static int selinux_task_movememory(struct task_struct *p)
3444{
3445 return current_has_perm(p, PROCESS__SETSCHED);
3446}
3447
3448static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
3449 int sig, u32 secid)
3450{
3451 u32 perm;
3452 int rc;
3453
3454 rc = secondary_ops->task_kill(p, info, sig, secid);
3455 if (rc)
3456 return rc;
3457
3458 if (!sig)
3459 perm = PROCESS__SIGNULL;
3460 else
3461 perm = signal_to_av(sig);
3462 if (secid)
3463 rc = avc_has_perm(secid, task_sid(p),
3464 SECCLASS_PROCESS, perm, NULL);
3465 else
3466 rc = current_has_perm(p, perm);
3467 return rc;
3468}
3469
3470static int selinux_task_prctl(int option,
3471 unsigned long arg2,
3472 unsigned long arg3,
3473 unsigned long arg4,
3474 unsigned long arg5)
3475{
3476
3477
3478
3479 return secondary_ops->task_prctl(option, arg2, arg3, arg4, arg5);
3480}
3481
3482static int selinux_task_wait(struct task_struct *p)
3483{
3484 return task_has_perm(p, current, PROCESS__SIGCHLD);
3485}
3486
3487static void selinux_task_to_inode(struct task_struct *p,
3488 struct inode *inode)
3489{
3490 struct inode_security_struct *isec = inode->i_security;
3491 u32 sid = task_sid(p);
3492
3493 isec->sid = sid;
3494 isec->initialized = 1;
3495}
3496
3497
3498static int selinux_parse_skb_ipv4(struct sk_buff *skb,
3499 struct avc_audit_data *ad, u8 *proto)
3500{
3501 int offset, ihlen, ret = -EINVAL;
3502 struct iphdr _iph, *ih;
3503
3504 offset = skb_network_offset(skb);
3505 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
3506 if (ih == NULL)
3507 goto out;
3508
3509 ihlen = ih->ihl * 4;
3510 if (ihlen < sizeof(_iph))
3511 goto out;
3512
3513 ad->u.net.v4info.saddr = ih->saddr;
3514 ad->u.net.v4info.daddr = ih->daddr;
3515 ret = 0;
3516
3517 if (proto)
3518 *proto = ih->protocol;
3519
3520 switch (ih->protocol) {
3521 case IPPROTO_TCP: {
3522 struct tcphdr _tcph, *th;
3523
3524 if (ntohs(ih->frag_off) & IP_OFFSET)
3525 break;
3526
3527 offset += ihlen;
3528 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3529 if (th == NULL)
3530 break;
3531
3532 ad->u.net.sport = th->source;
3533 ad->u.net.dport = th->dest;
3534 break;
3535 }
3536
3537 case IPPROTO_UDP: {
3538 struct udphdr _udph, *uh;
3539
3540 if (ntohs(ih->frag_off) & IP_OFFSET)
3541 break;
3542
3543 offset += ihlen;
3544 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3545 if (uh == NULL)
3546 break;
3547
3548 ad->u.net.sport = uh->source;
3549 ad->u.net.dport = uh->dest;
3550 break;
3551 }
3552
3553 case IPPROTO_DCCP: {
3554 struct dccp_hdr _dccph, *dh;
3555
3556 if (ntohs(ih->frag_off) & IP_OFFSET)
3557 break;
3558
3559 offset += ihlen;
3560 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3561 if (dh == NULL)
3562 break;
3563
3564 ad->u.net.sport = dh->dccph_sport;
3565 ad->u.net.dport = dh->dccph_dport;
3566 break;
3567 }
3568
3569 default:
3570 break;
3571 }
3572out:
3573 return ret;
3574}
3575
3576#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3577
3578
3579static int selinux_parse_skb_ipv6(struct sk_buff *skb,
3580 struct avc_audit_data *ad, u8 *proto)
3581{
3582 u8 nexthdr;
3583 int ret = -EINVAL, offset;
3584 struct ipv6hdr _ipv6h, *ip6;
3585
3586 offset = skb_network_offset(skb);
3587 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3588 if (ip6 == NULL)
3589 goto out;
3590
3591 ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr);
3592 ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr);
3593 ret = 0;
3594
3595 nexthdr = ip6->nexthdr;
3596 offset += sizeof(_ipv6h);
3597 offset = ipv6_skip_exthdr(skb, offset, &nexthdr);
3598 if (offset < 0)
3599 goto out;
3600
3601 if (proto)
3602 *proto = nexthdr;
3603
3604 switch (nexthdr) {
3605 case IPPROTO_TCP: {
3606 struct tcphdr _tcph, *th;
3607
3608 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3609 if (th == NULL)
3610 break;
3611
3612 ad->u.net.sport = th->source;
3613 ad->u.net.dport = th->dest;
3614 break;
3615 }
3616
3617 case IPPROTO_UDP: {
3618 struct udphdr _udph, *uh;
3619
3620 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3621 if (uh == NULL)
3622 break;
3623
3624 ad->u.net.sport = uh->source;
3625 ad->u.net.dport = uh->dest;
3626 break;
3627 }
3628
3629 case IPPROTO_DCCP: {
3630 struct dccp_hdr _dccph, *dh;
3631
3632 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3633 if (dh == NULL)
3634 break;
3635
3636 ad->u.net.sport = dh->dccph_sport;
3637 ad->u.net.dport = dh->dccph_dport;
3638 break;
3639 }
3640
3641
3642 default:
3643 break;
3644 }
3645out:
3646 return ret;
3647}
3648
3649#endif
3650
3651static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad,
3652 char **_addrp, int src, u8 *proto)
3653{
3654 char *addrp;
3655 int ret;
3656
3657 switch (ad->u.net.family) {
3658 case PF_INET:
3659 ret = selinux_parse_skb_ipv4(skb, ad, proto);
3660 if (ret)
3661 goto parse_error;
3662 addrp = (char *)(src ? &ad->u.net.v4info.saddr :
3663 &ad->u.net.v4info.daddr);
3664 goto okay;
3665
3666#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3667 case PF_INET6:
3668 ret = selinux_parse_skb_ipv6(skb, ad, proto);
3669 if (ret)
3670 goto parse_error;
3671 addrp = (char *)(src ? &ad->u.net.v6info.saddr :
3672 &ad->u.net.v6info.daddr);
3673 goto okay;
3674#endif
3675 default:
3676 addrp = NULL;
3677 goto okay;
3678 }
3679
3680parse_error:
3681 printk(KERN_WARNING
3682 "SELinux: failure in selinux_parse_skb(),"
3683 " unable to parse packet\n");
3684 return ret;
3685
3686okay:
3687 if (_addrp)
3688 *_addrp = addrp;
3689 return 0;
3690}
3691
3692
3693
3694
3695
3696
3697
3698
3699
3700
3701
3702
3703
3704
3705
3706
3707static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
3708{
3709 int err;
3710 u32 xfrm_sid;
3711 u32 nlbl_sid;
3712 u32 nlbl_type;
3713
3714 selinux_skb_xfrm_sid(skb, &xfrm_sid);
3715 selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
3716
3717 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
3718 if (unlikely(err)) {
3719 printk(KERN_WARNING
3720 "SELinux: failure in selinux_skb_peerlbl_sid(),"
3721 " unable to determine packet's peer label\n");
3722 return -EACCES;
3723 }
3724
3725 return 0;
3726}
3727
3728
3729static int socket_has_perm(struct task_struct *task, struct socket *sock,
3730 u32 perms)
3731{
3732 struct inode_security_struct *isec;
3733 struct avc_audit_data ad;
3734 u32 sid;
3735 int err = 0;
3736
3737 isec = SOCK_INODE(sock)->i_security;
3738
3739 if (isec->sid == SECINITSID_KERNEL)
3740 goto out;
3741 sid = task_sid(task);
3742
3743 AVC_AUDIT_DATA_INIT(&ad, NET);
3744 ad.u.net.sk = sock->sk;
3745 err = avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
3746
3747out:
3748 return err;
3749}
3750
3751static int selinux_socket_create(int family, int type,
3752 int protocol, int kern)
3753{
3754 const struct cred *cred = current_cred();
3755 const struct task_security_struct *tsec = cred->security;
3756 u32 sid, newsid;
3757 u16 secclass;
3758 int err = 0;
3759
3760 if (kern)
3761 goto out;
3762
3763 sid = tsec->sid;
3764 newsid = tsec->sockcreate_sid ?: sid;
3765
3766 secclass = socket_type_to_security_class(family, type, protocol);
3767 err = avc_has_perm(sid, newsid, secclass, SOCKET__CREATE, NULL);
3768
3769out:
3770 return err;
3771}
3772
3773static int selinux_socket_post_create(struct socket *sock, int family,
3774 int type, int protocol, int kern)
3775{
3776 const struct cred *cred = current_cred();
3777 const struct task_security_struct *tsec = cred->security;
3778 struct inode_security_struct *isec;
3779 struct sk_security_struct *sksec;
3780 u32 sid, newsid;
3781 int err = 0;
3782
3783 sid = tsec->sid;
3784 newsid = tsec->sockcreate_sid;
3785
3786 isec = SOCK_INODE(sock)->i_security;
3787
3788 if (kern)
3789 isec->sid = SECINITSID_KERNEL;
3790 else if (newsid)
3791 isec->sid = newsid;
3792 else
3793 isec->sid = sid;
3794
3795 isec->sclass = socket_type_to_security_class(family, type, protocol);
3796 isec->initialized = 1;
3797
3798 if (sock->sk) {
3799 sksec = sock->sk->sk_security;
3800 sksec->sid = isec->sid;
3801 sksec->sclass = isec->sclass;
3802 err = selinux_netlbl_socket_post_create(sock);
3803 }
3804
3805 return err;
3806}
3807
3808
3809
3810
3811
3812static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
3813{
3814 u16 family;
3815 int err;
3816
3817 err = socket_has_perm(current, sock, SOCKET__BIND);
3818 if (err)
3819 goto out;
3820
3821
3822
3823
3824
3825
3826 family = sock->sk->sk_family;
3827 if (family == PF_INET || family == PF_INET6) {
3828 char *addrp;
3829 struct inode_security_struct *isec;
3830 struct avc_audit_data ad;
3831 struct sockaddr_in *addr4 = NULL;
3832 struct sockaddr_in6 *addr6 = NULL;
3833 unsigned short snum;
3834 struct sock *sk = sock->sk;
3835 u32 sid, node_perm;
3836
3837 isec = SOCK_INODE(sock)->i_security;
3838
3839 if (family == PF_INET) {
3840 addr4 = (struct sockaddr_in *)address;
3841 snum = ntohs(addr4->sin_port);
3842 addrp = (char *)&addr4->sin_addr.s_addr;
3843 } else {
3844 addr6 = (struct sockaddr_in6 *)address;
3845 snum = ntohs(addr6->sin6_port);
3846 addrp = (char *)&addr6->sin6_addr.s6_addr;
3847 }
3848
3849 if (snum) {
3850 int low, high;
3851
3852 inet_get_local_port_range(&low, &high);
3853
3854 if (snum < max(PROT_SOCK, low) || snum > high) {
3855 err = sel_netport_sid(sk->sk_protocol,
3856 snum, &sid);
3857 if (err)
3858 goto out;
3859 AVC_AUDIT_DATA_INIT(&ad, NET);
3860 ad.u.net.sport = htons(snum);
3861 ad.u.net.family = family;
3862 err = avc_has_perm(isec->sid, sid,
3863 isec->sclass,
3864 SOCKET__NAME_BIND, &ad);
3865 if (err)
3866 goto out;
3867 }
3868 }
3869
3870 switch (isec->sclass) {
3871 case SECCLASS_TCP_SOCKET:
3872 node_perm = TCP_SOCKET__NODE_BIND;
3873 break;
3874
3875 case SECCLASS_UDP_SOCKET:
3876 node_perm = UDP_SOCKET__NODE_BIND;
3877 break;
3878
3879 case SECCLASS_DCCP_SOCKET:
3880 node_perm = DCCP_SOCKET__NODE_BIND;
3881 break;
3882
3883 default:
3884 node_perm = RAWIP_SOCKET__NODE_BIND;
3885 break;
3886 }
3887
3888 err = sel_netnode_sid(addrp, family, &sid);
3889 if (err)
3890 goto out;
3891
3892 AVC_AUDIT_DATA_INIT(&ad, NET);
3893 ad.u.net.sport = htons(snum);
3894 ad.u.net.family = family;
3895
3896 if (family == PF_INET)
3897 ad.u.net.v4info.saddr = addr4->sin_addr.s_addr;
3898 else
3899 ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr);
3900
3901 err = avc_has_perm(isec->sid, sid,
3902 isec->sclass, node_perm, &ad);
3903 if (err)
3904 goto out;
3905 }
3906out:
3907 return err;
3908}
3909
3910static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
3911{
3912 struct sock *sk = sock->sk;
3913 struct inode_security_struct *isec;
3914 int err;
3915
3916 err = socket_has_perm(current, sock, SOCKET__CONNECT);
3917 if (err)
3918 return err;
3919
3920
3921
3922
3923 isec = SOCK_INODE(sock)->i_security;
3924 if (isec->sclass == SECCLASS_TCP_SOCKET ||
3925 isec->sclass == SECCLASS_DCCP_SOCKET) {
3926 struct avc_audit_data ad;
3927 struct sockaddr_in *addr4 = NULL;
3928 struct sockaddr_in6 *addr6 = NULL;
3929 unsigned short snum;
3930 u32 sid, perm;
3931
3932 if (sk->sk_family == PF_INET) {
3933 addr4 = (struct sockaddr_in *)address;
3934 if (addrlen < sizeof(struct sockaddr_in))
3935 return -EINVAL;
3936 snum = ntohs(addr4->sin_port);
3937 } else {
3938 addr6 = (struct sockaddr_in6 *)address;
3939 if (addrlen < SIN6_LEN_RFC2133)
3940 return -EINVAL;
3941 snum = ntohs(addr6->sin6_port);
3942 }
3943
3944 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
3945 if (err)
3946 goto out;
3947
3948 perm = (isec->sclass == SECCLASS_TCP_SOCKET) ?
3949 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
3950
3951 AVC_AUDIT_DATA_INIT(&ad, NET);
3952 ad.u.net.dport = htons(snum);
3953 ad.u.net.family = sk->sk_family;
3954 err = avc_has_perm(isec->sid, sid, isec->sclass, perm, &ad);
3955 if (err)
3956 goto out;
3957 }
3958
3959 err = selinux_netlbl_socket_connect(sk, address);
3960
3961out:
3962 return err;
3963}
3964
3965static int selinux_socket_listen(struct socket *sock, int backlog)
3966{
3967 return socket_has_perm(current, sock, SOCKET__LISTEN);
3968}
3969
3970static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
3971{
3972 int err;
3973 struct inode_security_struct *isec;
3974 struct inode_security_struct *newisec;
3975
3976 err = socket_has_perm(current, sock, SOCKET__ACCEPT);
3977 if (err)
3978 return err;
3979
3980 newisec = SOCK_INODE(newsock)->i_security;
3981
3982 isec = SOCK_INODE(sock)->i_security;
3983 newisec->sclass = isec->sclass;
3984 newisec->sid = isec->sid;
3985 newisec->initialized = 1;
3986
3987 return 0;
3988}
3989
3990static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3991 int size)
3992{
3993 int rc;
3994
3995 rc = socket_has_perm(current, sock, SOCKET__WRITE);
3996 if (rc)
3997 return rc;
3998
3999 return selinux_netlbl_inode_permission(SOCK_INODE(sock), MAY_WRITE);
4000}
4001
4002static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
4003 int size, int flags)
4004{
4005 return socket_has_perm(current, sock, SOCKET__READ);
4006}
4007
4008static int selinux_socket_getsockname(struct socket *sock)
4009{
4010 return socket_has_perm(current, sock, SOCKET__GETATTR);
4011}
4012
4013static int selinux_socket_getpeername(struct socket *sock)
4014{
4015 return socket_has_perm(current, sock, SOCKET__GETATTR);
4016}
4017
4018static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
4019{
4020 int err;
4021
4022 err = socket_has_perm(current, sock, SOCKET__SETOPT);
4023 if (err)
4024 return err;
4025
4026 return selinux_netlbl_socket_setsockopt(sock, level, optname);
4027}
4028
4029static int selinux_socket_getsockopt(struct socket *sock, int level,
4030 int optname)
4031{
4032 return socket_has_perm(current, sock, SOCKET__GETOPT);
4033}
4034
4035static int selinux_socket_shutdown(struct socket *sock, int how)
4036{
4037 return socket_has_perm(current, sock, SOCKET__SHUTDOWN);
4038}
4039
4040static int selinux_socket_unix_stream_connect(struct socket *sock,
4041 struct socket *other,
4042 struct sock *newsk)
4043{
4044 struct sk_security_struct *ssec;
4045 struct inode_security_struct *isec;
4046 struct inode_security_struct *other_isec;
4047 struct avc_audit_data ad;
4048 int err;
4049
4050 err = secondary_ops->unix_stream_connect(sock, other, newsk);
4051 if (err)
4052 return err;
4053
4054 isec = SOCK_INODE(sock)->i_security;
4055 other_isec = SOCK_INODE(other)->i_security;
4056
4057 AVC_AUDIT_DATA_INIT(&ad, NET);
4058 ad.u.net.sk = other->sk;
4059
4060 err = avc_has_perm(isec->sid, other_isec->sid,
4061 isec->sclass,
4062 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
4063 if (err)
4064 return err;
4065
4066
4067 ssec = sock->sk->sk_security;
4068 ssec->peer_sid = other_isec->sid;
4069
4070
4071 ssec = newsk->sk_security;
4072 ssec->peer_sid = isec->sid;
4073 err = security_sid_mls_copy(other_isec->sid, ssec->peer_sid, &ssec->sid);
4074
4075 return err;
4076}
4077
4078static int selinux_socket_unix_may_send(struct socket *sock,
4079 struct socket *other)
4080{
4081 struct inode_security_struct *isec;
4082 struct inode_security_struct *other_isec;
4083 struct avc_audit_data ad;
4084 int err;
4085
4086 isec = SOCK_INODE(sock)->i_security;
4087 other_isec = SOCK_INODE(other)->i_security;
4088
4089 AVC_AUDIT_DATA_INIT(&ad, NET);
4090 ad.u.net.sk = other->sk;
4091
4092 err = avc_has_perm(isec->sid, other_isec->sid,
4093 isec->sclass, SOCKET__SENDTO, &ad);
4094 if (err)
4095 return err;
4096
4097 return 0;
4098}
4099
4100static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family,
4101 u32 peer_sid,
4102 struct avc_audit_data *ad)
4103{
4104 int err;
4105 u32 if_sid;
4106 u32 node_sid;
4107
4108 err = sel_netif_sid(ifindex, &if_sid);
4109 if (err)
4110 return err;
4111 err = avc_has_perm(peer_sid, if_sid,
4112 SECCLASS_NETIF, NETIF__INGRESS, ad);
4113 if (err)
4114 return err;
4115
4116 err = sel_netnode_sid(addrp, family, &node_sid);
4117 if (err)
4118 return err;
4119 return avc_has_perm(peer_sid, node_sid,
4120 SECCLASS_NODE, NODE__RECVFROM, ad);
4121}
4122
4123static int selinux_sock_rcv_skb_iptables_compat(struct sock *sk,
4124 struct sk_buff *skb,
4125 struct avc_audit_data *ad,
4126 u16 family,
4127 char *addrp)
4128{
4129 int err;
4130 struct sk_security_struct *sksec = sk->sk_security;
4131 u16 sk_class;
4132 u32 netif_perm, node_perm, recv_perm;
4133 u32 port_sid, node_sid, if_sid, sk_sid;
4134
4135 sk_sid = sksec->sid;
4136 sk_class = sksec->sclass;
4137
4138 switch (sk_class) {
4139 case SECCLASS_UDP_SOCKET:
4140 netif_perm = NETIF__UDP_RECV;
4141 node_perm = NODE__UDP_RECV;
4142 recv_perm = UDP_SOCKET__RECV_MSG;
4143 break;
4144 case SECCLASS_TCP_SOCKET:
4145 netif_perm = NETIF__TCP_RECV;
4146 node_perm = NODE__TCP_RECV;
4147 recv_perm = TCP_SOCKET__RECV_MSG;
4148 break;
4149 case SECCLASS_DCCP_SOCKET:
4150 netif_perm = NETIF__DCCP_RECV;
4151 node_perm = NODE__DCCP_RECV;
4152 recv_perm = DCCP_SOCKET__RECV_MSG;
4153 break;
4154 default:
4155 netif_perm = NETIF__RAWIP_RECV;
4156 node_perm = NODE__RAWIP_RECV;
4157 recv_perm = 0;
4158 break;
4159 }
4160
4161 err = sel_netif_sid(skb->iif, &if_sid);
4162 if (err)
4163 return err;
4164 err = avc_has_perm(sk_sid, if_sid, SECCLASS_NETIF, netif_perm, ad);
4165 if (err)
4166 return err;
4167
4168 err = sel_netnode_sid(addrp, family, &node_sid);
4169 if (err)
4170 return err;
4171 err = avc_has_perm(sk_sid, node_sid, SECCLASS_NODE, node_perm, ad);
4172 if (err)
4173 return err;
4174
4175 if (!recv_perm)
4176 return 0;
4177 err = sel_netport_sid(sk->sk_protocol,
4178 ntohs(ad->u.net.sport), &port_sid);
4179 if (unlikely(err)) {
4180 printk(KERN_WARNING
4181 "SELinux: failure in"
4182 " selinux_sock_rcv_skb_iptables_compat(),"
4183 " network port label not found\n");
4184 return err;
4185 }
4186 return avc_has_perm(sk_sid, port_sid, sk_class, recv_perm, ad);
4187}
4188
4189static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4190 u16 family)
4191{
4192 int err = 0;
4193 struct sk_security_struct *sksec = sk->sk_security;
4194 u32 peer_sid;
4195 u32 sk_sid = sksec->sid;
4196 struct avc_audit_data ad;
4197 char *addrp;
4198
4199 AVC_AUDIT_DATA_INIT(&ad, NET);
4200 ad.u.net.netif = skb->iif;
4201 ad.u.net.family = family;
4202 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4203 if (err)
4204 return err;
4205
4206 if (selinux_compat_net)
4207 err = selinux_sock_rcv_skb_iptables_compat(sk, skb, &ad,
4208 family, addrp);
4209 else if (selinux_secmark_enabled())
4210 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4211 PACKET__RECV, &ad);
4212 if (err)
4213 return err;
4214
4215 if (selinux_policycap_netpeer) {
4216 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4217 if (err)
4218 return err;
4219 err = avc_has_perm(sk_sid, peer_sid,
4220 SECCLASS_PEER, PEER__RECV, &ad);
4221 if (err)
4222 selinux_netlbl_err(skb, err, 0);
4223 } else {
4224 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
4225 if (err)
4226 return err;
4227 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
4228 }
4229
4230 return err;
4231}
4232
4233static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4234{
4235 int err;
4236 struct sk_security_struct *sksec = sk->sk_security;
4237 u16 family = sk->sk_family;
4238 u32 sk_sid = sksec->sid;
4239 struct avc_audit_data ad;
4240 char *addrp;
4241 u8 secmark_active;
4242 u8 peerlbl_active;
4243
4244 if (family != PF_INET && family != PF_INET6)
4245 return 0;
4246
4247
4248 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4249 family = PF_INET;
4250
4251
4252
4253
4254
4255 if (selinux_compat_net || !selinux_policycap_netpeer)
4256 return selinux_sock_rcv_skb_compat(sk, skb, family);
4257
4258 secmark_active = selinux_secmark_enabled();
4259 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4260 if (!secmark_active && !peerlbl_active)
4261 return 0;
4262
4263 AVC_AUDIT_DATA_INIT(&ad, NET);
4264 ad.u.net.netif = skb->iif;
4265 ad.u.net.family = family;
4266 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4267 if (err)
4268 return err;
4269
4270 if (peerlbl_active) {
4271 u32 peer_sid;
4272
4273 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4274 if (err)
4275 return err;
4276 err = selinux_inet_sys_rcv_skb(skb->iif, addrp, family,
4277 peer_sid, &ad);
4278 if (err) {
4279 selinux_netlbl_err(skb, err, 0);
4280 return err;
4281 }
4282 err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
4283 PEER__RECV, &ad);
4284 if (err)
4285 selinux_netlbl_err(skb, err, 0);
4286 }
4287
4288 if (secmark_active) {
4289 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4290 PACKET__RECV, &ad);
4291 if (err)
4292 return err;
4293 }
4294
4295 return err;
4296}
4297
4298static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
4299 int __user *optlen, unsigned len)
4300{
4301 int err = 0;
4302 char *scontext;
4303 u32 scontext_len;
4304 struct sk_security_struct *ssec;
4305 struct inode_security_struct *isec;
4306 u32 peer_sid = SECSID_NULL;
4307
4308 isec = SOCK_INODE(sock)->i_security;
4309
4310 if (isec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
4311 isec->sclass == SECCLASS_TCP_SOCKET) {
4312 ssec = sock->sk->sk_security;
4313 peer_sid = ssec->peer_sid;
4314 }
4315 if (peer_sid == SECSID_NULL) {
4316 err = -ENOPROTOOPT;
4317 goto out;
4318 }
4319
4320 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
4321
4322 if (err)
4323 goto out;
4324
4325 if (scontext_len > len) {
4326 err = -ERANGE;
4327 goto out_len;
4328 }
4329
4330 if (copy_to_user(optval, scontext, scontext_len))
4331 err = -EFAULT;
4332
4333out_len:
4334 if (put_user(scontext_len, optlen))
4335 err = -EFAULT;
4336
4337 kfree(scontext);
4338out:
4339 return err;
4340}
4341
4342static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
4343{
4344 u32 peer_secid = SECSID_NULL;
4345 u16 family;
4346
4347 if (skb && skb->protocol == htons(ETH_P_IP))
4348 family = PF_INET;
4349 else if (skb && skb->protocol == htons(ETH_P_IPV6))
4350 family = PF_INET6;
4351 else if (sock)
4352 family = sock->sk->sk_family;
4353 else
4354 goto out;
4355
4356 if (sock && family == PF_UNIX)
4357 selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
4358 else if (skb)
4359 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
4360
4361out:
4362 *secid = peer_secid;
4363 if (peer_secid == SECSID_NULL)
4364 return -EINVAL;
4365 return 0;
4366}
4367
4368static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
4369{
4370 return sk_alloc_security(sk, family, priority);
4371}
4372
4373static void selinux_sk_free_security(struct sock *sk)
4374{
4375 sk_free_security(sk);
4376}
4377
4378static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
4379{
4380 struct sk_security_struct *ssec = sk->sk_security;
4381 struct sk_security_struct *newssec = newsk->sk_security;
4382
4383 newssec->sid = ssec->sid;
4384 newssec->peer_sid = ssec->peer_sid;
4385 newssec->sclass = ssec->sclass;
4386
4387 selinux_netlbl_sk_security_reset(newssec, newsk->sk_family);
4388}
4389
4390static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
4391{
4392 if (!sk)
4393 *secid = SECINITSID_ANY_SOCKET;
4394 else {
4395 struct sk_security_struct *sksec = sk->sk_security;
4396
4397 *secid = sksec->sid;
4398 }
4399}
4400
4401static void selinux_sock_graft(struct sock *sk, struct socket *parent)
4402{
4403 struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
4404 struct sk_security_struct *sksec = sk->sk_security;
4405
4406 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
4407 sk->sk_family == PF_UNIX)
4408 isec->sid = sksec->sid;
4409 sksec->sclass = isec->sclass;
4410}
4411
4412static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4413 struct request_sock *req)
4414{
4415 struct sk_security_struct *sksec = sk->sk_security;
4416 int err;
4417 u16 family = sk->sk_family;
4418 u32 newsid;
4419 u32 peersid;
4420
4421
4422 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4423 family = PF_INET;
4424
4425 err = selinux_skb_peerlbl_sid(skb, family, &peersid);
4426 if (err)
4427 return err;
4428 if (peersid == SECSID_NULL) {
4429 req->secid = sksec->sid;
4430 req->peer_secid = SECSID_NULL;
4431 return 0;
4432 }
4433
4434 err = security_sid_mls_copy(sksec->sid, peersid, &newsid);
4435 if (err)
4436 return err;
4437
4438 req->secid = newsid;
4439 req->peer_secid = peersid;
4440 return 0;
4441}
4442
4443static void selinux_inet_csk_clone(struct sock *newsk,
4444 const struct request_sock *req)
4445{
4446 struct sk_security_struct *newsksec = newsk->sk_security;
4447
4448 newsksec->sid = req->secid;
4449 newsksec->peer_sid = req->peer_secid;
4450
4451
4452
4453
4454
4455
4456
4457 selinux_netlbl_sk_security_reset(newsksec, req->rsk_ops->family);
4458}
4459
4460static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
4461{
4462 u16 family = sk->sk_family;
4463 struct sk_security_struct *sksec = sk->sk_security;
4464
4465
4466 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4467 family = PF_INET;
4468
4469 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
4470
4471 selinux_netlbl_inet_conn_established(sk, family);
4472}
4473
4474static void selinux_req_classify_flow(const struct request_sock *req,
4475 struct flowi *fl)
4476{
4477 fl->secid = req->secid;
4478}
4479
4480static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
4481{
4482 int err = 0;
4483 u32 perm;
4484 struct nlmsghdr *nlh;
4485 struct socket *sock = sk->sk_socket;
4486 struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;
4487
4488 if (skb->len < NLMSG_SPACE(0)) {
4489 err = -EINVAL;
4490 goto out;
4491 }
4492 nlh = nlmsg_hdr(skb);
4493
4494 err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
4495 if (err) {
4496 if (err == -EINVAL) {
4497 audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR,
4498 "SELinux: unrecognized netlink message"
4499 " type=%hu for sclass=%hu\n",
4500 nlh->nlmsg_type, isec->sclass);
4501 if (!selinux_enforcing || security_get_allow_unknown())
4502 err = 0;
4503 }
4504
4505
4506 if (err == -ENOENT)
4507 err = 0;
4508 goto out;
4509 }
4510
4511 err = socket_has_perm(current, sock, perm);
4512out:
4513 return err;
4514}
4515
4516#ifdef CONFIG_NETFILTER
4517
4518static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
4519 u16 family)
4520{
4521 int err;
4522 char *addrp;
4523 u32 peer_sid;
4524 struct avc_audit_data ad;
4525 u8 secmark_active;
4526 u8 netlbl_active;
4527 u8 peerlbl_active;
4528
4529 if (!selinux_policycap_netpeer)
4530 return NF_ACCEPT;
4531
4532 secmark_active = selinux_secmark_enabled();
4533 netlbl_active = netlbl_enabled();
4534 peerlbl_active = netlbl_active || selinux_xfrm_enabled();
4535 if (!secmark_active && !peerlbl_active)
4536 return NF_ACCEPT;
4537
4538 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
4539 return NF_DROP;
4540
4541 AVC_AUDIT_DATA_INIT(&ad, NET);
4542 ad.u.net.netif = ifindex;
4543 ad.u.net.family = family;
4544 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
4545 return NF_DROP;
4546
4547 if (peerlbl_active) {
4548 err = selinux_inet_sys_rcv_skb(ifindex, addrp, family,
4549 peer_sid, &ad);
4550 if (err) {
4551 selinux_netlbl_err(skb, err, 1);
4552 return NF_DROP;
4553 }
4554 }
4555
4556 if (secmark_active)
4557 if (avc_has_perm(peer_sid, skb->secmark,
4558 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
4559 return NF_DROP;
4560
4561 if (netlbl_active)
4562
4563
4564
4565
4566 if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
4567 return NF_DROP;
4568
4569 return NF_ACCEPT;
4570}
4571
4572static unsigned int selinux_ipv4_forward(unsigned int hooknum,
4573 struct sk_buff *skb,
4574 const struct net_device *in,
4575 const struct net_device *out,
4576 int (*okfn)(struct sk_buff *))
4577{
4578 return selinux_ip_forward(skb, in->ifindex, PF_INET);
4579}
4580
4581#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4582static unsigned int selinux_ipv6_forward(unsigned int hooknum,
4583 struct sk_buff *skb,
4584 const struct net_device *in,
4585 const struct net_device *out,
4586 int (*okfn)(struct sk_buff *))
4587{
4588 return selinux_ip_forward(skb, in->ifindex, PF_INET6);
4589}
4590#endif
4591
4592static unsigned int selinux_ip_output(struct sk_buff *skb,
4593 u16 family)
4594{
4595 u32 sid;
4596
4597 if (!netlbl_enabled())
4598 return NF_ACCEPT;
4599
4600
4601
4602
4603 if (skb->sk) {
4604 struct sk_security_struct *sksec = skb->sk->sk_security;
4605 sid = sksec->sid;
4606 } else
4607 sid = SECINITSID_KERNEL;
4608 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
4609 return NF_DROP;
4610
4611 return NF_ACCEPT;
4612}
4613
4614static unsigned int selinux_ipv4_output(unsigned int hooknum,
4615 struct sk_buff *skb,
4616 const struct net_device *in,
4617 const struct net_device *out,
4618 int (*okfn)(struct sk_buff *))
4619{
4620 return selinux_ip_output(skb, PF_INET);
4621}
4622
4623static int selinux_ip_postroute_iptables_compat(struct sock *sk,
4624 int ifindex,
4625 struct avc_audit_data *ad,
4626 u16 family, char *addrp)
4627{
4628 int err;
4629 struct sk_security_struct *sksec = sk->sk_security;
4630 u16 sk_class;
4631 u32 netif_perm, node_perm, send_perm;
4632 u32 port_sid, node_sid, if_sid, sk_sid;
4633
4634 sk_sid = sksec->sid;
4635 sk_class = sksec->sclass;
4636
4637 switch (sk_class) {
4638 case SECCLASS_UDP_SOCKET:
4639 netif_perm = NETIF__UDP_SEND;
4640 node_perm = NODE__UDP_SEND;
4641 send_perm = UDP_SOCKET__SEND_MSG;
4642 break;
4643 case SECCLASS_TCP_SOCKET:
4644 netif_perm = NETIF__TCP_SEND;
4645 node_perm = NODE__TCP_SEND;
4646 send_perm = TCP_SOCKET__SEND_MSG;
4647 break;
4648 case SECCLASS_DCCP_SOCKET:
4649 netif_perm = NETIF__DCCP_SEND;
4650 node_perm = NODE__DCCP_SEND;
4651 send_perm = DCCP_SOCKET__SEND_MSG;
4652 break;
4653 default:
4654 netif_perm = NETIF__RAWIP_SEND;
4655 node_perm = NODE__RAWIP_SEND;
4656 send_perm = 0;
4657 break;
4658 }
4659
4660 err = sel_netif_sid(ifindex, &if_sid);
4661 if (err)
4662 return err;
4663 err = avc_has_perm(sk_sid, if_sid, SECCLASS_NETIF, netif_perm, ad);
4664 return err;
4665
4666 err = sel_netnode_sid(addrp, family, &node_sid);
4667 if (err)
4668 return err;
4669 err = avc_has_perm(sk_sid, node_sid, SECCLASS_NODE, node_perm, ad);
4670 if (err)
4671 return err;
4672
4673 if (send_perm != 0)
4674 return 0;
4675
4676 err = sel_netport_sid(sk->sk_protocol,
4677 ntohs(ad->u.net.dport), &port_sid);
4678 if (unlikely(err)) {
4679 printk(KERN_WARNING
4680 "SELinux: failure in"
4681 " selinux_ip_postroute_iptables_compat(),"
4682 " network port label not found\n");
4683 return err;
4684 }
4685 return avc_has_perm(sk_sid, port_sid, sk_class, send_perm, ad);
4686}
4687
4688static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4689 int ifindex,
4690 u16 family)
4691{
4692 struct sock *sk = skb->sk;
4693 struct sk_security_struct *sksec;
4694 struct avc_audit_data ad;
4695 char *addrp;
4696 u8 proto;
4697
4698 if (sk == NULL)
4699 return NF_ACCEPT;
4700 sksec = sk->sk_security;
4701
4702 AVC_AUDIT_DATA_INIT(&ad, NET);
4703 ad.u.net.netif = ifindex;
4704 ad.u.net.family = family;
4705 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
4706 return NF_DROP;
4707
4708 if (selinux_compat_net) {
4709 if (selinux_ip_postroute_iptables_compat(skb->sk, ifindex,
4710 &ad, family, addrp))
4711 return NF_DROP;
4712 } else if (selinux_secmark_enabled()) {
4713 if (avc_has_perm(sksec->sid, skb->secmark,
4714 SECCLASS_PACKET, PACKET__SEND, &ad))
4715 return NF_DROP;
4716 }
4717
4718 if (selinux_policycap_netpeer)
4719 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
4720 return NF_DROP;
4721
4722 return NF_ACCEPT;
4723}
4724
4725static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4726 u16 family)
4727{
4728 u32 secmark_perm;
4729 u32 peer_sid;
4730 struct sock *sk;
4731 struct avc_audit_data ad;
4732 char *addrp;
4733 u8 secmark_active;
4734 u8 peerlbl_active;
4735
4736
4737
4738
4739
4740 if (selinux_compat_net || !selinux_policycap_netpeer)
4741 return selinux_ip_postroute_compat(skb, ifindex, family);
4742#ifdef CONFIG_XFRM
4743
4744
4745
4746
4747
4748
4749 if (skb->dst != NULL && skb->dst->xfrm != NULL)
4750 return NF_ACCEPT;
4751#endif
4752 secmark_active = selinux_secmark_enabled();
4753 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4754 if (!secmark_active && !peerlbl_active)
4755 return NF_ACCEPT;
4756
4757
4758
4759
4760
4761 sk = skb->sk;
4762 if (sk == NULL) {
4763 switch (family) {
4764 case PF_INET:
4765 if (IPCB(skb)->flags & IPSKB_FORWARDED)
4766 secmark_perm = PACKET__FORWARD_OUT;
4767 else
4768 secmark_perm = PACKET__SEND;
4769 break;
4770 case PF_INET6:
4771 if (IP6CB(skb)->flags & IP6SKB_FORWARDED)
4772 secmark_perm = PACKET__FORWARD_OUT;
4773 else
4774 secmark_perm = PACKET__SEND;
4775 break;
4776 default:
4777 return NF_DROP;
4778 }
4779 if (secmark_perm == PACKET__FORWARD_OUT) {
4780 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
4781 return NF_DROP;
4782 } else
4783 peer_sid = SECINITSID_KERNEL;
4784 } else {
4785 struct sk_security_struct *sksec = sk->sk_security;
4786 peer_sid = sksec->sid;
4787 secmark_perm = PACKET__SEND;
4788 }
4789
4790 AVC_AUDIT_DATA_INIT(&ad, NET);
4791 ad.u.net.netif = ifindex;
4792 ad.u.net.family = family;
4793 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
4794 return NF_DROP;
4795
4796 if (secmark_active)
4797 if (avc_has_perm(peer_sid, skb->secmark,
4798 SECCLASS_PACKET, secmark_perm, &ad))
4799 return NF_DROP;
4800
4801 if (peerlbl_active) {
4802 u32 if_sid;
4803 u32 node_sid;
4804
4805 if (sel_netif_sid(ifindex, &if_sid))
4806 return NF_DROP;
4807 if (avc_has_perm(peer_sid, if_sid,
4808 SECCLASS_NETIF, NETIF__EGRESS, &ad))
4809 return NF_DROP;
4810
4811 if (sel_netnode_sid(addrp, family, &node_sid))
4812 return NF_DROP;
4813 if (avc_has_perm(peer_sid, node_sid,
4814 SECCLASS_NODE, NODE__SENDTO, &ad))
4815 return NF_DROP;
4816 }
4817
4818 return NF_ACCEPT;
4819}
4820
4821static unsigned int selinux_ipv4_postroute(unsigned int hooknum,
4822 struct sk_buff *skb,
4823 const struct net_device *in,
4824 const struct net_device *out,
4825 int (*okfn)(struct sk_buff *))
4826{
4827 return selinux_ip_postroute(skb, out->ifindex, PF_INET);
4828}
4829
4830#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4831static unsigned int selinux_ipv6_postroute(unsigned int hooknum,
4832 struct sk_buff *skb,
4833 const struct net_device *in,
4834 const struct net_device *out,
4835 int (*okfn)(struct sk_buff *))
4836{
4837 return selinux_ip_postroute(skb, out->ifindex, PF_INET6);
4838}
4839#endif
4840
4841#endif
4842
4843static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
4844{
4845 int err;
4846
4847 err = secondary_ops->netlink_send(sk, skb);
4848 if (err)
4849 return err;
4850
4851 if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS)
4852 err = selinux_nlmsg_perm(sk, skb);
4853
4854 return err;
4855}
4856
4857static int selinux_netlink_recv(struct sk_buff *skb, int capability)
4858{
4859 int err;
4860 struct avc_audit_data ad;
4861
4862 err = secondary_ops->netlink_recv(skb, capability);
4863 if (err)
4864 return err;
4865
4866 AVC_AUDIT_DATA_INIT(&ad, CAP);
4867 ad.u.cap = capability;
4868
4869 return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid,
4870 SECCLASS_CAPABILITY, CAP_TO_MASK(capability), &ad);
4871}
4872
4873static int ipc_alloc_security(struct task_struct *task,
4874 struct kern_ipc_perm *perm,
4875 u16 sclass)
4876{
4877 struct ipc_security_struct *isec;
4878 u32 sid;
4879
4880 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
4881 if (!isec)
4882 return -ENOMEM;
4883
4884 sid = task_sid(task);
4885 isec->sclass = sclass;
4886 isec->sid = sid;
4887 perm->security = isec;
4888
4889 return 0;
4890}
4891
4892static void ipc_free_security(struct kern_ipc_perm *perm)
4893{
4894 struct ipc_security_struct *isec = perm->security;
4895 perm->security = NULL;
4896 kfree(isec);
4897}
4898
4899static int msg_msg_alloc_security(struct msg_msg *msg)
4900{
4901 struct msg_security_struct *msec;
4902
4903 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
4904 if (!msec)
4905 return -ENOMEM;
4906
4907 msec->sid = SECINITSID_UNLABELED;
4908 msg->security = msec;
4909
4910 return 0;
4911}
4912
4913static void msg_msg_free_security(struct msg_msg *msg)
4914{
4915 struct msg_security_struct *msec = msg->security;
4916
4917 msg->security = NULL;
4918 kfree(msec);
4919}
4920
4921static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
4922 u32 perms)
4923{
4924 struct ipc_security_struct *isec;
4925 struct avc_audit_data ad;
4926 u32 sid = current_sid();
4927
4928 isec = ipc_perms->security;
4929
4930 AVC_AUDIT_DATA_INIT(&ad, IPC);
4931 ad.u.ipc_id = ipc_perms->key;
4932
4933 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
4934}
4935
4936static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
4937{
4938 return msg_msg_alloc_security(msg);
4939}
4940
4941static void selinux_msg_msg_free_security(struct msg_msg *msg)
4942{
4943 msg_msg_free_security(msg);
4944}
4945
4946
4947static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4948{
4949 struct ipc_security_struct *isec;
4950 struct avc_audit_data ad;
4951 u32 sid = current_sid();
4952 int rc;
4953
4954 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
4955 if (rc)
4956 return rc;
4957
4958 isec = msq->q_perm.security;
4959
4960 AVC_AUDIT_DATA_INIT(&ad, IPC);
4961 ad.u.ipc_id = msq->q_perm.key;
4962
4963 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4964 MSGQ__CREATE, &ad);
4965 if (rc) {
4966 ipc_free_security(&msq->q_perm);
4967 return rc;
4968 }
4969 return 0;
4970}
4971
4972static void selinux_msg_queue_free_security(struct msg_queue *msq)
4973{
4974 ipc_free_security(&msq->q_perm);
4975}
4976
4977static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
4978{
4979 struct ipc_security_struct *isec;
4980 struct avc_audit_data ad;
4981 u32 sid = current_sid();
4982
4983 isec = msq->q_perm.security;
4984
4985 AVC_AUDIT_DATA_INIT(&ad, IPC);
4986 ad.u.ipc_id = msq->q_perm.key;
4987
4988 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4989 MSGQ__ASSOCIATE, &ad);
4990}
4991
4992static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
4993{
4994 int err;
4995 int perms;
4996
4997 switch (cmd) {
4998 case IPC_INFO:
4999 case MSG_INFO:
5000
5001 return task_has_system(current, SYSTEM__IPC_INFO);
5002 case IPC_STAT:
5003 case MSG_STAT:
5004 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
5005 break;
5006 case IPC_SET:
5007 perms = MSGQ__SETATTR;
5008 break;
5009 case IPC_RMID:
5010 perms = MSGQ__DESTROY;
5011 break;
5012 default:
5013 return 0;
5014 }
5015
5016 err = ipc_has_perm(&msq->q_perm, perms);
5017 return err;
5018}
5019
5020static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
5021{
5022 struct ipc_security_struct *isec;
5023 struct msg_security_struct *msec;
5024 struct avc_audit_data ad;
5025 u32 sid = current_sid();
5026 int rc;
5027
5028 isec = msq->q_perm.security;
5029 msec = msg->security;
5030
5031
5032
5033
5034 if (msec->sid == SECINITSID_UNLABELED) {
5035
5036
5037
5038
5039 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG,
5040 &msec->sid);
5041 if (rc)
5042 return rc;
5043 }
5044
5045 AVC_AUDIT_DATA_INIT(&ad, IPC);
5046 ad.u.ipc_id = msq->q_perm.key;
5047
5048
5049 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
5050 MSGQ__WRITE, &ad);
5051 if (!rc)
5052
5053 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG,
5054 MSG__SEND, &ad);
5055 if (!rc)
5056
5057 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ,
5058 MSGQ__ENQUEUE, &ad);
5059
5060 return rc;
5061}
5062
5063static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
5064 struct task_struct *target,
5065 long type, int mode)
5066{
5067 struct ipc_security_struct *isec;
5068 struct msg_security_struct *msec;
5069 struct avc_audit_data ad;
5070 u32 sid = task_sid(target);
5071 int rc;
5072
5073 isec = msq->q_perm.security;
5074 msec = msg->security;
5075
5076 AVC_AUDIT_DATA_INIT(&ad, IPC);
5077 ad.u.ipc_id = msq->q_perm.key;
5078
5079 rc = avc_has_perm(sid, isec->sid,
5080 SECCLASS_MSGQ, MSGQ__READ, &ad);
5081 if (!rc)
5082 rc = avc_has_perm(sid, msec->sid,
5083 SECCLASS_MSG, MSG__RECEIVE, &ad);
5084 return rc;
5085}
5086
5087
5088static int selinux_shm_alloc_security(struct shmid_kernel *shp)
5089{
5090 struct ipc_security_struct *isec;
5091 struct avc_audit_data ad;
5092 u32 sid = current_sid();
5093 int rc;
5094
5095 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
5096 if (rc)
5097 return rc;
5098
5099 isec = shp->shm_perm.security;
5100
5101 AVC_AUDIT_DATA_INIT(&ad, IPC);
5102 ad.u.ipc_id = shp->shm_perm.key;
5103
5104 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5105 SHM__CREATE, &ad);
5106 if (rc) {
5107 ipc_free_security(&shp->shm_perm);
5108 return rc;
5109 }
5110 return 0;
5111}
5112
5113static void selinux_shm_free_security(struct shmid_kernel *shp)
5114{
5115 ipc_free_security(&shp->shm_perm);
5116}
5117
5118static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
5119{
5120 struct ipc_security_struct *isec;
5121 struct avc_audit_data ad;
5122 u32 sid = current_sid();
5123
5124 isec = shp->shm_perm.security;
5125
5126 AVC_AUDIT_DATA_INIT(&ad, IPC);
5127 ad.u.ipc_id = shp->shm_perm.key;
5128
5129 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5130 SHM__ASSOCIATE, &ad);
5131}
5132
5133
5134static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
5135{
5136 int perms;
5137 int err;
5138
5139 switch (cmd) {
5140 case IPC_INFO:
5141 case SHM_INFO:
5142
5143 return task_has_system(current, SYSTEM__IPC_INFO);
5144 case IPC_STAT:
5145 case SHM_STAT:
5146 perms = SHM__GETATTR | SHM__ASSOCIATE;
5147 break;
5148 case IPC_SET:
5149 perms = SHM__SETATTR;
5150 break;
5151 case SHM_LOCK:
5152 case SHM_UNLOCK:
5153 perms = SHM__LOCK;
5154 break;
5155 case IPC_RMID:
5156 perms = SHM__DESTROY;
5157 break;
5158 default:
5159 return 0;
5160 }
5161
5162 err = ipc_has_perm(&shp->shm_perm, perms);
5163 return err;
5164}
5165
5166static int selinux_shm_shmat(struct shmid_kernel *shp,
5167 char __user *shmaddr, int shmflg)
5168{
5169 u32 perms;
5170 int rc;
5171
5172 rc = secondary_ops->shm_shmat(shp, shmaddr, shmflg);
5173 if (rc)
5174 return rc;
5175
5176 if (shmflg & SHM_RDONLY)
5177 perms = SHM__READ;
5178 else
5179 perms = SHM__READ | SHM__WRITE;
5180
5181 return ipc_has_perm(&shp->shm_perm, perms);
5182}
5183
5184
5185static int selinux_sem_alloc_security(struct sem_array *sma)
5186{
5187 struct ipc_security_struct *isec;
5188 struct avc_audit_data ad;
5189 u32 sid = current_sid();
5190 int rc;
5191
5192 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
5193 if (rc)
5194 return rc;
5195
5196 isec = sma->sem_perm.security;
5197
5198 AVC_AUDIT_DATA_INIT(&ad, IPC);
5199 ad.u.ipc_id = sma->sem_perm.key;
5200
5201 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5202 SEM__CREATE, &ad);
5203 if (rc) {
5204 ipc_free_security(&sma->sem_perm);
5205 return rc;
5206 }
5207 return 0;
5208}
5209
5210static void selinux_sem_free_security(struct sem_array *sma)
5211{
5212 ipc_free_security(&sma->sem_perm);
5213}
5214
5215static int selinux_sem_associate(struct sem_array *sma, int semflg)
5216{
5217 struct ipc_security_struct *isec;
5218 struct avc_audit_data ad;
5219 u32 sid = current_sid();
5220
5221 isec = sma->sem_perm.security;
5222
5223 AVC_AUDIT_DATA_INIT(&ad, IPC);
5224 ad.u.ipc_id = sma->sem_perm.key;
5225
5226 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5227 SEM__ASSOCIATE, &ad);
5228}
5229
5230
5231static int selinux_sem_semctl(struct sem_array *sma, int cmd)
5232{
5233 int err;
5234 u32 perms;
5235
5236 switch (cmd) {
5237 case IPC_INFO:
5238 case SEM_INFO:
5239
5240 return task_has_system(current, SYSTEM__IPC_INFO);
5241 case GETPID:
5242 case GETNCNT:
5243 case GETZCNT:
5244 perms = SEM__GETATTR;
5245 break;
5246 case GETVAL:
5247 case GETALL:
5248 perms = SEM__READ;
5249 break;
5250 case SETVAL:
5251 case SETALL:
5252 perms = SEM__WRITE;
5253 break;
5254 case IPC_RMID:
5255 perms = SEM__DESTROY;
5256 break;
5257 case IPC_SET:
5258 perms = SEM__SETATTR;
5259 break;
5260 case IPC_STAT:
5261 case SEM_STAT:
5262 perms = SEM__GETATTR | SEM__ASSOCIATE;
5263 break;
5264 default:
5265 return 0;
5266 }
5267
5268 err = ipc_has_perm(&sma->sem_perm, perms);
5269 return err;
5270}
5271
5272static int selinux_sem_semop(struct sem_array *sma,
5273 struct sembuf *sops, unsigned nsops, int alter)
5274{
5275 u32 perms;
5276
5277 if (alter)
5278 perms = SEM__READ | SEM__WRITE;
5279 else
5280 perms = SEM__READ;
5281
5282 return ipc_has_perm(&sma->sem_perm, perms);
5283}
5284
5285static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
5286{
5287 u32 av = 0;
5288
5289 av = 0;
5290 if (flag & S_IRUGO)
5291 av |= IPC__UNIX_READ;
5292 if (flag & S_IWUGO)
5293 av |= IPC__UNIX_WRITE;
5294
5295 if (av == 0)
5296 return 0;
5297
5298 return ipc_has_perm(ipcp, av);
5299}
5300
5301static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
5302{
5303 struct ipc_security_struct *isec = ipcp->security;
5304 *secid = isec->sid;
5305}
5306
5307static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
5308{
5309 if (inode)
5310 inode_doinit_with_dentry(inode, dentry);
5311}
5312
5313static int selinux_getprocattr(struct task_struct *p,
5314 char *name, char **value)
5315{
5316 const struct task_security_struct *__tsec;
5317 u32 sid;
5318 int error;
5319 unsigned len;
5320
5321 if (current != p) {
5322 error = current_has_perm(p, PROCESS__GETATTR);
5323 if (error)
5324 return error;
5325 }
5326
5327 rcu_read_lock();
5328 __tsec = __task_cred(p)->security;
5329
5330 if (!strcmp(name, "current"))
5331 sid = __tsec->sid;
5332 else if (!strcmp(name, "prev"))
5333 sid = __tsec->osid;
5334 else if (!strcmp(name, "exec"))
5335 sid = __tsec->exec_sid;
5336 else if (!strcmp(name, "fscreate"))
5337 sid = __tsec->create_sid;
5338 else if (!strcmp(name, "keycreate"))
5339 sid = __tsec->keycreate_sid;
5340 else if (!strcmp(name, "sockcreate"))
5341 sid = __tsec->sockcreate_sid;
5342 else
5343 goto invalid;
5344 rcu_read_unlock();
5345
5346 if (!sid)
5347 return 0;
5348
5349 error = security_sid_to_context(sid, value, &len);
5350 if (error)
5351 return error;
5352 return len;
5353
5354invalid:
5355 rcu_read_unlock();
5356 return -EINVAL;
5357}
5358
5359static int selinux_setprocattr(struct task_struct *p,
5360 char *name, void *value, size_t size)
5361{
5362 struct task_security_struct *tsec;
5363 struct task_struct *tracer;
5364 struct cred *new;
5365 u32 sid = 0, ptsid;
5366 int error;
5367 char *str = value;
5368
5369 if (current != p) {
5370
5371
5372 return -EACCES;
5373 }
5374
5375
5376
5377
5378
5379
5380 if (!strcmp(name, "exec"))
5381 error = current_has_perm(p, PROCESS__SETEXEC);
5382 else if (!strcmp(name, "fscreate"))
5383 error = current_has_perm(p, PROCESS__SETFSCREATE);
5384 else if (!strcmp(name, "keycreate"))
5385 error = current_has_perm(p, PROCESS__SETKEYCREATE);
5386 else if (!strcmp(name, "sockcreate"))
5387 error = current_has_perm(p, PROCESS__SETSOCKCREATE);
5388 else if (!strcmp(name, "current"))
5389 error = current_has_perm(p, PROCESS__SETCURRENT);
5390 else
5391 error = -EINVAL;
5392 if (error)
5393 return error;
5394
5395
5396 if (size && str[1] && str[1] != '\n') {
5397 if (str[size-1] == '\n') {
5398 str[size-1] = 0;
5399 size--;
5400 }
5401 error = security_context_to_sid(value, size, &sid);
5402 if (error == -EINVAL && !strcmp(name, "fscreate")) {
5403 if (!capable(CAP_MAC_ADMIN))
5404 return error;
5405 error = security_context_to_sid_force(value, size,
5406 &sid);
5407 }
5408 if (error)
5409 return error;
5410 }
5411
5412 new = prepare_creds();
5413 if (!new)
5414 return -ENOMEM;
5415
5416
5417
5418
5419
5420
5421
5422 tsec = new->security;
5423 if (!strcmp(name, "exec")) {
5424 tsec->exec_sid = sid;
5425 } else if (!strcmp(name, "fscreate")) {
5426 tsec->create_sid = sid;
5427 } else if (!strcmp(name, "keycreate")) {
5428 error = may_create_key(sid, p);
5429 if (error)
5430 goto abort_change;
5431 tsec->keycreate_sid = sid;
5432 } else if (!strcmp(name, "sockcreate")) {
5433 tsec->sockcreate_sid = sid;
5434 } else if (!strcmp(name, "current")) {
5435 error = -EINVAL;
5436 if (sid == 0)
5437 goto abort_change;
5438
5439
5440 error = -EPERM;
5441 if (!is_single_threaded(p)) {
5442 error = security_bounded_transition(tsec->sid, sid);
5443 if (error)
5444 goto abort_change;
5445 }
5446
5447
5448 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
5449 PROCESS__DYNTRANSITION, NULL);
5450 if (error)
5451 goto abort_change;
5452
5453
5454
5455 ptsid = 0;
5456 task_lock(p);
5457 tracer = tracehook_tracer_task(p);
5458 if (tracer)
5459 ptsid = task_sid(tracer);
5460 task_unlock(p);
5461
5462 if (tracer) {
5463 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
5464 PROCESS__PTRACE, NULL);
5465 if (error)
5466 goto abort_change;
5467 }
5468
5469 tsec->sid = sid;
5470 } else {
5471 error = -EINVAL;
5472 goto abort_change;
5473 }
5474
5475 commit_creds(new);
5476 return size;
5477
5478abort_change:
5479 abort_creds(new);
5480 return error;
5481}
5482
5483static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
5484{
5485 return security_sid_to_context(secid, secdata, seclen);
5486}
5487
5488static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
5489{
5490 return security_context_to_sid(secdata, seclen, secid);
5491}
5492
5493static void selinux_release_secctx(char *secdata, u32 seclen)
5494{
5495 kfree(secdata);
5496}
5497
5498#ifdef CONFIG_KEYS
5499
5500static int selinux_key_alloc(struct key *k, const struct cred *cred,
5501 unsigned long flags)
5502{
5503 const struct task_security_struct *tsec;
5504 struct key_security_struct *ksec;
5505
5506 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
5507 if (!ksec)
5508 return -ENOMEM;
5509
5510 tsec = cred->security;
5511 if (tsec->keycreate_sid)
5512 ksec->sid = tsec->keycreate_sid;
5513 else
5514 ksec->sid = tsec->sid;
5515
5516 k->security = ksec;
5517 return 0;
5518}
5519
5520static void selinux_key_free(struct key *k)
5521{
5522 struct key_security_struct *ksec = k->security;
5523
5524 k->security = NULL;
5525 kfree(ksec);
5526}
5527
5528static int selinux_key_permission(key_ref_t key_ref,
5529 const struct cred *cred,
5530 key_perm_t perm)
5531{
5532 struct key *key;
5533 struct key_security_struct *ksec;
5534 u32 sid;
5535
5536
5537
5538
5539 if (perm == 0)
5540 return 0;
5541
5542 sid = cred_sid(cred);
5543
5544 key = key_ref_to_ptr(key_ref);
5545 ksec = key->security;
5546
5547 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL);
5548}
5549
5550static int selinux_key_getsecurity(struct key *key, char **_buffer)
5551{
5552 struct key_security_struct *ksec = key->security;
5553 char *context = NULL;
5554 unsigned len;
5555 int rc;
5556
5557 rc = security_sid_to_context(ksec->sid, &context, &len);
5558 if (!rc)
5559 rc = len;
5560 *_buffer = context;
5561 return rc;
5562}
5563
5564#endif
5565
5566static struct security_operations selinux_ops = {
5567 .name = "selinux",
5568
5569 .ptrace_may_access = selinux_ptrace_may_access,
5570 .ptrace_traceme = selinux_ptrace_traceme,
5571 .capget = selinux_capget,
5572 .capset = selinux_capset,
5573 .sysctl = selinux_sysctl,
5574 .capable = selinux_capable,
5575 .quotactl = selinux_quotactl,
5576 .quota_on = selinux_quota_on,
5577 .syslog = selinux_syslog,
5578 .vm_enough_memory = selinux_vm_enough_memory,
5579
5580 .netlink_send = selinux_netlink_send,
5581 .netlink_recv = selinux_netlink_recv,
5582
5583 .bprm_set_creds = selinux_bprm_set_creds,
5584 .bprm_check_security = selinux_bprm_check_security,
5585 .bprm_committing_creds = selinux_bprm_committing_creds,
5586 .bprm_committed_creds = selinux_bprm_committed_creds,
5587 .bprm_secureexec = selinux_bprm_secureexec,
5588
5589 .sb_alloc_security = selinux_sb_alloc_security,
5590 .sb_free_security = selinux_sb_free_security,
5591 .sb_copy_data = selinux_sb_copy_data,
5592 .sb_kern_mount = selinux_sb_kern_mount,
5593 .sb_show_options = selinux_sb_show_options,
5594 .sb_statfs = selinux_sb_statfs,
5595 .sb_mount = selinux_mount,
5596 .sb_umount = selinux_umount,
5597 .sb_set_mnt_opts = selinux_set_mnt_opts,
5598 .sb_clone_mnt_opts = selinux_sb_clone_mnt_opts,
5599 .sb_parse_opts_str = selinux_parse_opts_str,
5600
5601
5602 .inode_alloc_security = selinux_inode_alloc_security,
5603 .inode_free_security = selinux_inode_free_security,
5604 .inode_init_security = selinux_inode_init_security,
5605 .inode_create = selinux_inode_create,
5606 .inode_link = selinux_inode_link,
5607 .inode_unlink = selinux_inode_unlink,
5608 .inode_symlink = selinux_inode_symlink,
5609 .inode_mkdir = selinux_inode_mkdir,
5610 .inode_rmdir = selinux_inode_rmdir,
5611 .inode_mknod = selinux_inode_mknod,
5612 .inode_rename = selinux_inode_rename,
5613 .inode_readlink = selinux_inode_readlink,
5614 .inode_follow_link = selinux_inode_follow_link,
5615 .inode_permission = selinux_inode_permission,
5616 .inode_setattr = selinux_inode_setattr,
5617 .inode_getattr = selinux_inode_getattr,
5618 .inode_setxattr = selinux_inode_setxattr,
5619 .inode_post_setxattr = selinux_inode_post_setxattr,
5620 .inode_getxattr = selinux_inode_getxattr,
5621 .inode_listxattr = selinux_inode_listxattr,
5622 .inode_removexattr = selinux_inode_removexattr,
5623 .inode_getsecurity = selinux_inode_getsecurity,
5624 .inode_setsecurity = selinux_inode_setsecurity,
5625 .inode_listsecurity = selinux_inode_listsecurity,
5626 .inode_need_killpriv = selinux_inode_need_killpriv,
5627 .inode_killpriv = selinux_inode_killpriv,
5628 .inode_getsecid = selinux_inode_getsecid,
5629
5630 .file_permission = selinux_file_permission,
5631 .file_alloc_security = selinux_file_alloc_security,
5632 .file_free_security = selinux_file_free_security,
5633 .file_ioctl = selinux_file_ioctl,
5634 .file_mmap = selinux_file_mmap,
5635 .file_mprotect = selinux_file_mprotect,
5636 .file_lock = selinux_file_lock,
5637 .file_fcntl = selinux_file_fcntl,
5638 .file_set_fowner = selinux_file_set_fowner,
5639 .file_send_sigiotask = selinux_file_send_sigiotask,
5640 .file_receive = selinux_file_receive,
5641
5642 .dentry_open = selinux_dentry_open,
5643
5644 .task_create = selinux_task_create,
5645 .cred_free = selinux_cred_free,
5646 .cred_prepare = selinux_cred_prepare,
5647 .cred_commit = selinux_cred_commit,
5648 .kernel_act_as = selinux_kernel_act_as,
5649 .kernel_create_files_as = selinux_kernel_create_files_as,
5650 .task_setuid = selinux_task_setuid,
5651 .task_fix_setuid = selinux_task_fix_setuid,
5652 .task_setgid = selinux_task_setgid,
5653 .task_setpgid = selinux_task_setpgid,
5654 .task_getpgid = selinux_task_getpgid,
5655 .task_getsid = selinux_task_getsid,
5656 .task_getsecid = selinux_task_getsecid,
5657 .task_setgroups = selinux_task_setgroups,
5658 .task_setnice = selinux_task_setnice,
5659 .task_setioprio = selinux_task_setioprio,
5660 .task_getioprio = selinux_task_getioprio,
5661 .task_setrlimit = selinux_task_setrlimit,
5662 .task_setscheduler = selinux_task_setscheduler,
5663 .task_getscheduler = selinux_task_getscheduler,
5664 .task_movememory = selinux_task_movememory,
5665 .task_kill = selinux_task_kill,
5666 .task_wait = selinux_task_wait,
5667 .task_prctl = selinux_task_prctl,
5668 .task_to_inode = selinux_task_to_inode,
5669
5670 .ipc_permission = selinux_ipc_permission,
5671 .ipc_getsecid = selinux_ipc_getsecid,
5672
5673 .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
5674 .msg_msg_free_security = selinux_msg_msg_free_security,
5675
5676 .msg_queue_alloc_security = selinux_msg_queue_alloc_security,
5677 .msg_queue_free_security = selinux_msg_queue_free_security,
5678 .msg_queue_associate = selinux_msg_queue_associate,
5679 .msg_queue_msgctl = selinux_msg_queue_msgctl,
5680 .msg_queue_msgsnd = selinux_msg_queue_msgsnd,
5681 .msg_queue_msgrcv = selinux_msg_queue_msgrcv,
5682
5683 .shm_alloc_security = selinux_shm_alloc_security,
5684 .shm_free_security = selinux_shm_free_security,
5685 .shm_associate = selinux_shm_associate,
5686 .shm_shmctl = selinux_shm_shmctl,
5687 .shm_shmat = selinux_shm_shmat,
5688
5689 .sem_alloc_security = selinux_sem_alloc_security,
5690 .sem_free_security = selinux_sem_free_security,
5691 .sem_associate = selinux_sem_associate,
5692 .sem_semctl = selinux_sem_semctl,
5693 .sem_semop = selinux_sem_semop,
5694
5695 .d_instantiate = selinux_d_instantiate,
5696
5697 .getprocattr = selinux_getprocattr,
5698 .setprocattr = selinux_setprocattr,
5699
5700 .secid_to_secctx = selinux_secid_to_secctx,
5701 .secctx_to_secid = selinux_secctx_to_secid,
5702 .release_secctx = selinux_release_secctx,
5703
5704 .unix_stream_connect = selinux_socket_unix_stream_connect,
5705 .unix_may_send = selinux_socket_unix_may_send,
5706
5707 .socket_create = selinux_socket_create,
5708 .socket_post_create = selinux_socket_post_create,
5709 .socket_bind = selinux_socket_bind,
5710 .socket_connect = selinux_socket_connect,
5711 .socket_listen = selinux_socket_listen,
5712 .socket_accept = selinux_socket_accept,
5713 .socket_sendmsg = selinux_socket_sendmsg,
5714 .socket_recvmsg = selinux_socket_recvmsg,
5715 .socket_getsockname = selinux_socket_getsockname,
5716 .socket_getpeername = selinux_socket_getpeername,
5717 .socket_getsockopt = selinux_socket_getsockopt,
5718 .socket_setsockopt = selinux_socket_setsockopt,
5719 .socket_shutdown = selinux_socket_shutdown,
5720 .socket_sock_rcv_skb = selinux_socket_sock_rcv_skb,
5721 .socket_getpeersec_stream = selinux_socket_getpeersec_stream,
5722 .socket_getpeersec_dgram = selinux_socket_getpeersec_dgram,
5723 .sk_alloc_security = selinux_sk_alloc_security,
5724 .sk_free_security = selinux_sk_free_security,
5725 .sk_clone_security = selinux_sk_clone_security,
5726 .sk_getsecid = selinux_sk_getsecid,
5727 .sock_graft = selinux_sock_graft,
5728 .inet_conn_request = selinux_inet_conn_request,
5729 .inet_csk_clone = selinux_inet_csk_clone,
5730 .inet_conn_established = selinux_inet_conn_established,
5731 .req_classify_flow = selinux_req_classify_flow,
5732
5733#ifdef CONFIG_SECURITY_NETWORK_XFRM
5734 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc,
5735 .xfrm_policy_clone_security = selinux_xfrm_policy_clone,
5736 .xfrm_policy_free_security = selinux_xfrm_policy_free,
5737 .xfrm_policy_delete_security = selinux_xfrm_policy_delete,
5738 .xfrm_state_alloc_security = selinux_xfrm_state_alloc,
5739 .xfrm_state_free_security = selinux_xfrm_state_free,
5740 .xfrm_state_delete_security = selinux_xfrm_state_delete,
5741 .xfrm_policy_lookup = selinux_xfrm_policy_lookup,
5742 .xfrm_state_pol_flow_match = selinux_xfrm_state_pol_flow_match,
5743 .xfrm_decode_session = selinux_xfrm_decode_session,
5744#endif
5745
5746#ifdef CONFIG_KEYS
5747 .key_alloc = selinux_key_alloc,
5748 .key_free = selinux_key_free,
5749 .key_permission = selinux_key_permission,
5750 .key_getsecurity = selinux_key_getsecurity,
5751#endif
5752
5753#ifdef CONFIG_AUDIT
5754 .audit_rule_init = selinux_audit_rule_init,
5755 .audit_rule_known = selinux_audit_rule_known,
5756 .audit_rule_match = selinux_audit_rule_match,
5757 .audit_rule_free = selinux_audit_rule_free,
5758#endif
5759};
5760
5761static __init int selinux_init(void)
5762{
5763 if (!security_module_enable(&selinux_ops)) {
5764 selinux_enabled = 0;
5765 return 0;
5766 }
5767
5768 if (!selinux_enabled) {
5769 printk(KERN_INFO "SELinux: Disabled at boot.\n");
5770 return 0;
5771 }
5772
5773 printk(KERN_INFO "SELinux: Initializing.\n");
5774
5775
5776 cred_init_security();
5777
5778 sel_inode_cache = kmem_cache_create("selinux_inode_security",
5779 sizeof(struct inode_security_struct),
5780 0, SLAB_PANIC, NULL);
5781 avc_init();
5782
5783 secondary_ops = security_ops;
5784 if (!secondary_ops)
5785 panic("SELinux: No initial security operations\n");
5786 if (register_security(&selinux_ops))
5787 panic("SELinux: Unable to register with kernel.\n");
5788
5789 if (selinux_enforcing)
5790 printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
5791 else
5792 printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
5793
5794 return 0;
5795}
5796
5797void selinux_complete_init(void)
5798{
5799 printk(KERN_DEBUG "SELinux: Completing initialization.\n");
5800
5801
5802 printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
5803 spin_lock(&sb_lock);
5804 spin_lock(&sb_security_lock);
5805next_sb:
5806 if (!list_empty(&superblock_security_head)) {
5807 struct superblock_security_struct *sbsec =
5808 list_entry(superblock_security_head.next,
5809 struct superblock_security_struct,
5810 list);
5811 struct super_block *sb = sbsec->sb;
5812 sb->s_count++;
5813 spin_unlock(&sb_security_lock);
5814 spin_unlock(&sb_lock);
5815 down_read(&sb->s_umount);
5816 if (sb->s_root)
5817 superblock_doinit(sb, NULL);
5818 drop_super(sb);
5819 spin_lock(&sb_lock);
5820 spin_lock(&sb_security_lock);
5821 list_del_init(&sbsec->list);
5822 goto next_sb;
5823 }
5824 spin_unlock(&sb_security_lock);
5825 spin_unlock(&sb_lock);
5826}
5827
5828
5829
5830security_initcall(selinux_init);
5831
5832#if defined(CONFIG_NETFILTER)
5833
5834static struct nf_hook_ops selinux_ipv4_ops[] = {
5835 {
5836 .hook = selinux_ipv4_postroute,
5837 .owner = THIS_MODULE,
5838 .pf = PF_INET,
5839 .hooknum = NF_INET_POST_ROUTING,
5840 .priority = NF_IP_PRI_SELINUX_LAST,
5841 },
5842 {
5843 .hook = selinux_ipv4_forward,
5844 .owner = THIS_MODULE,
5845 .pf = PF_INET,
5846 .hooknum = NF_INET_FORWARD,
5847 .priority = NF_IP_PRI_SELINUX_FIRST,
5848 },
5849 {
5850 .hook = selinux_ipv4_output,
5851 .owner = THIS_MODULE,
5852 .pf = PF_INET,
5853 .hooknum = NF_INET_LOCAL_OUT,
5854 .priority = NF_IP_PRI_SELINUX_FIRST,
5855 }
5856};
5857
5858#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5859
5860static struct nf_hook_ops selinux_ipv6_ops[] = {
5861 {
5862 .hook = selinux_ipv6_postroute,
5863 .owner = THIS_MODULE,
5864 .pf = PF_INET6,
5865 .hooknum = NF_INET_POST_ROUTING,
5866 .priority = NF_IP6_PRI_SELINUX_LAST,
5867 },
5868 {
5869 .hook = selinux_ipv6_forward,
5870 .owner = THIS_MODULE,
5871 .pf = PF_INET6,
5872 .hooknum = NF_INET_FORWARD,
5873 .priority = NF_IP6_PRI_SELINUX_FIRST,
5874 }
5875};
5876
5877#endif
5878
5879static int __init selinux_nf_ip_init(void)
5880{
5881 int err = 0;
5882
5883 if (!selinux_enabled)
5884 goto out;
5885
5886 printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
5887
5888 err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
5889 if (err)
5890 panic("SELinux: nf_register_hooks for IPv4: error %d\n", err);
5891
5892#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5893 err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
5894 if (err)
5895 panic("SELinux: nf_register_hooks for IPv6: error %d\n", err);
5896#endif
5897
5898out:
5899 return err;
5900}
5901
5902__initcall(selinux_nf_ip_init);
5903
5904#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5905static void selinux_nf_ip_exit(void)
5906{
5907 printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
5908
5909 nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
5910#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
5911 nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
5912#endif
5913}
5914#endif
5915
5916#else
5917
5918#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5919#define selinux_nf_ip_exit()
5920#endif
5921
5922#endif
5923
5924#ifdef CONFIG_SECURITY_SELINUX_DISABLE
5925static int selinux_disabled;
5926
5927int selinux_disable(void)
5928{
5929 extern void exit_sel_fs(void);
5930
5931 if (ss_initialized) {
5932
5933 return -EINVAL;
5934 }
5935
5936 if (selinux_disabled) {
5937
5938 return -EINVAL;
5939 }
5940
5941 printk(KERN_INFO "SELinux: Disabled at runtime.\n");
5942
5943 selinux_disabled = 1;
5944 selinux_enabled = 0;
5945
5946
5947 security_ops = secondary_ops;
5948
5949
5950 selinux_nf_ip_exit();
5951
5952
5953 exit_sel_fs();
5954
5955 return 0;
5956}
5957#endif
5958
