1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26#include <linux/init.h>
27#include <linux/kernel.h>
28#include <linux/tracehook.h>
29#include <linux/errno.h>
30#include <linux/sched.h>
31#include <linux/security.h>
32#include <linux/xattr.h>
33#include <linux/capability.h>
34#include <linux/unistd.h>
35#include <linux/mm.h>
36#include <linux/mman.h>
37#include <linux/slab.h>
38#include <linux/pagemap.h>
39#include <linux/swap.h>
40#include <linux/spinlock.h>
41#include <linux/syscalls.h>
42#include <linux/file.h>
43#include <linux/fdtable.h>
44#include <linux/namei.h>
45#include <linux/mount.h>
46#include <linux/proc_fs.h>
47#include <linux/netfilter_ipv4.h>
48#include <linux/netfilter_ipv6.h>
49#include <linux/tty.h>
50#include <net/icmp.h>
51#include <net/ip.h>
52#include <net/tcp.h>
53#include <net/net_namespace.h>
54#include <net/netlabel.h>
55#include <linux/uaccess.h>
56#include <asm/ioctls.h>
57#include <asm/atomic.h>
58#include <linux/bitops.h>
59#include <linux/interrupt.h>
60#include <linux/netdevice.h>
61#include <linux/netlink.h>
62#include <linux/tcp.h>
63#include <linux/udp.h>
64#include <linux/dccp.h>
65#include <linux/quota.h>
66#include <linux/un.h>
67#include <net/af_unix.h>
68#include <linux/parser.h>
69#include <linux/nfs_mount.h>
70#include <net/ipv6.h>
71#include <linux/hugetlb.h>
72#include <linux/personality.h>
73#include <linux/sysctl.h>
74#include <linux/audit.h>
75#include <linux/string.h>
76#include <linux/selinux.h>
77#include <linux/mutex.h>
78#include <linux/posix-timers.h>
79
80#include "avc.h"
81#include "objsec.h"
82#include "netif.h"
83#include "netnode.h"
84#include "netport.h"
85#include "xfrm.h"
86#include "netlabel.h"
87#include "audit.h"
88
89#define XATTR_SELINUX_SUFFIX "selinux"
90#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
91
92#define NUM_SEL_MNT_OPTS 5
93
94extern unsigned int policydb_loaded_version;
95extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
96extern struct security_operations *security_ops;
97
98
99atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
100
101#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
102int selinux_enforcing;
103
104static int __init enforcing_setup(char *str)
105{
106 unsigned long enforcing;
107 if (!strict_strtoul(str, 0, &enforcing))
108 selinux_enforcing = enforcing ? 1 : 0;
109 return 1;
110}
111__setup("enforcing=", enforcing_setup);
112#endif
113
114#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
115int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
116
117static int __init selinux_enabled_setup(char *str)
118{
119 unsigned long enabled;
120 if (!strict_strtoul(str, 0, &enabled))
121 selinux_enabled = enabled ? 1 : 0;
122 return 1;
123}
124__setup("selinux=", selinux_enabled_setup);
125#else
126int selinux_enabled = 1;
127#endif
128
129
130
131
132
133
134static struct security_operations *secondary_ops;
135
136
137
138static LIST_HEAD(superblock_security_head);
139static DEFINE_SPINLOCK(sb_security_lock);
140
141static struct kmem_cache *sel_inode_cache;
142
143
144
145
146
147
148
149
150
151
152
153static int selinux_secmark_enabled(void)
154{
155 return (atomic_read(&selinux_secmark_refcount) > 0);
156}
157
158
159
160
161static void cred_init_security(void)
162{
163 struct cred *cred = (struct cred *) current->real_cred;
164 struct task_security_struct *tsec;
165
166 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
167 if (!tsec)
168 panic("SELinux: Failed to initialize initial task.\n");
169
170 tsec->osid = tsec->sid = SECINITSID_KERNEL;
171 cred->security = tsec;
172}
173
174
175
176
177static inline u32 cred_sid(const struct cred *cred)
178{
179 const struct task_security_struct *tsec;
180
181 tsec = cred->security;
182 return tsec->sid;
183}
184
185
186
187
188static inline u32 task_sid(const struct task_struct *task)
189{
190 u32 sid;
191
192 rcu_read_lock();
193 sid = cred_sid(__task_cred(task));
194 rcu_read_unlock();
195 return sid;
196}
197
198
199
200
201static inline u32 current_sid(void)
202{
203 const struct task_security_struct *tsec = current_cred()->security;
204
205 return tsec->sid;
206}
207
208
209
210static int inode_alloc_security(struct inode *inode)
211{
212 struct inode_security_struct *isec;
213 u32 sid = current_sid();
214
215 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
216 if (!isec)
217 return -ENOMEM;
218
219 mutex_init(&isec->lock);
220 INIT_LIST_HEAD(&isec->list);
221 isec->inode = inode;
222 isec->sid = SECINITSID_UNLABELED;
223 isec->sclass = SECCLASS_FILE;
224 isec->task_sid = sid;
225 inode->i_security = isec;
226
227 return 0;
228}
229
230static void inode_free_security(struct inode *inode)
231{
232 struct inode_security_struct *isec = inode->i_security;
233 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
234
235 spin_lock(&sbsec->isec_lock);
236 if (!list_empty(&isec->list))
237 list_del_init(&isec->list);
238 spin_unlock(&sbsec->isec_lock);
239
240 inode->i_security = NULL;
241 kmem_cache_free(sel_inode_cache, isec);
242}
243
244static int file_alloc_security(struct file *file)
245{
246 struct file_security_struct *fsec;
247 u32 sid = current_sid();
248
249 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
250 if (!fsec)
251 return -ENOMEM;
252
253 fsec->sid = sid;
254 fsec->fown_sid = sid;
255 file->f_security = fsec;
256
257 return 0;
258}
259
260static void file_free_security(struct file *file)
261{
262 struct file_security_struct *fsec = file->f_security;
263 file->f_security = NULL;
264 kfree(fsec);
265}
266
267static int superblock_alloc_security(struct super_block *sb)
268{
269 struct superblock_security_struct *sbsec;
270
271 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
272 if (!sbsec)
273 return -ENOMEM;
274
275 mutex_init(&sbsec->lock);
276 INIT_LIST_HEAD(&sbsec->list);
277 INIT_LIST_HEAD(&sbsec->isec_head);
278 spin_lock_init(&sbsec->isec_lock);
279 sbsec->sb = sb;
280 sbsec->sid = SECINITSID_UNLABELED;
281 sbsec->def_sid = SECINITSID_FILE;
282 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
283 sb->s_security = sbsec;
284
285 return 0;
286}
287
288static void superblock_free_security(struct super_block *sb)
289{
290 struct superblock_security_struct *sbsec = sb->s_security;
291
292 spin_lock(&sb_security_lock);
293 if (!list_empty(&sbsec->list))
294 list_del_init(&sbsec->list);
295 spin_unlock(&sb_security_lock);
296
297 sb->s_security = NULL;
298 kfree(sbsec);
299}
300
301static int sk_alloc_security(struct sock *sk, int family, gfp_t priority)
302{
303 struct sk_security_struct *ssec;
304
305 ssec = kzalloc(sizeof(*ssec), priority);
306 if (!ssec)
307 return -ENOMEM;
308
309 ssec->peer_sid = SECINITSID_UNLABELED;
310 ssec->sid = SECINITSID_UNLABELED;
311 sk->sk_security = ssec;
312
313 selinux_netlbl_sk_security_reset(ssec);
314
315 return 0;
316}
317
318static void sk_free_security(struct sock *sk)
319{
320 struct sk_security_struct *ssec = sk->sk_security;
321
322 sk->sk_security = NULL;
323 selinux_netlbl_sk_security_free(ssec);
324 kfree(ssec);
325}
326
327
328
329extern int ss_initialized;
330
331
332
333static char *labeling_behaviors[6] = {
334 "uses xattr",
335 "uses transition SIDs",
336 "uses task SIDs",
337 "uses genfs_contexts",
338 "not configured for labeling",
339 "uses mountpoint labeling",
340};
341
342static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
343
344static inline int inode_doinit(struct inode *inode)
345{
346 return inode_doinit_with_dentry(inode, NULL);
347}
348
349enum {
350 Opt_error = -1,
351 Opt_context = 1,
352 Opt_fscontext = 2,
353 Opt_defcontext = 3,
354 Opt_rootcontext = 4,
355 Opt_labelsupport = 5,
356};
357
358static const match_table_t tokens = {
359 {Opt_context, CONTEXT_STR "%s"},
360 {Opt_fscontext, FSCONTEXT_STR "%s"},
361 {Opt_defcontext, DEFCONTEXT_STR "%s"},
362 {Opt_rootcontext, ROOTCONTEXT_STR "%s"},
363 {Opt_labelsupport, LABELSUPP_STR},
364 {Opt_error, NULL},
365};
366
367#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
368
369static int may_context_mount_sb_relabel(u32 sid,
370 struct superblock_security_struct *sbsec,
371 const struct cred *cred)
372{
373 const struct task_security_struct *tsec = cred->security;
374 int rc;
375
376 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
377 FILESYSTEM__RELABELFROM, NULL);
378 if (rc)
379 return rc;
380
381 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
382 FILESYSTEM__RELABELTO, NULL);
383 return rc;
384}
385
386static int may_context_mount_inode_relabel(u32 sid,
387 struct superblock_security_struct *sbsec,
388 const struct cred *cred)
389{
390 const struct task_security_struct *tsec = cred->security;
391 int rc;
392 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
393 FILESYSTEM__RELABELFROM, NULL);
394 if (rc)
395 return rc;
396
397 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
398 FILESYSTEM__ASSOCIATE, NULL);
399 return rc;
400}
401
402static int sb_finish_set_opts(struct super_block *sb)
403{
404 struct superblock_security_struct *sbsec = sb->s_security;
405 struct dentry *root = sb->s_root;
406 struct inode *root_inode = root->d_inode;
407 int rc = 0;
408
409 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
410
411
412
413
414
415 if (!root_inode->i_op->getxattr) {
416 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
417 "xattr support\n", sb->s_id, sb->s_type->name);
418 rc = -EOPNOTSUPP;
419 goto out;
420 }
421 rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
422 if (rc < 0 && rc != -ENODATA) {
423 if (rc == -EOPNOTSUPP)
424 printk(KERN_WARNING "SELinux: (dev %s, type "
425 "%s) has no security xattr handler\n",
426 sb->s_id, sb->s_type->name);
427 else
428 printk(KERN_WARNING "SELinux: (dev %s, type "
429 "%s) getxattr errno %d\n", sb->s_id,
430 sb->s_type->name, -rc);
431 goto out;
432 }
433 }
434
435 sbsec->flags |= (SE_SBINITIALIZED | SE_SBLABELSUPP);
436
437 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
438 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
439 sb->s_id, sb->s_type->name);
440 else
441 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
442 sb->s_id, sb->s_type->name,
443 labeling_behaviors[sbsec->behavior-1]);
444
445 if (sbsec->behavior == SECURITY_FS_USE_GENFS ||
446 sbsec->behavior == SECURITY_FS_USE_MNTPOINT ||
447 sbsec->behavior == SECURITY_FS_USE_NONE ||
448 sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
449 sbsec->flags &= ~SE_SBLABELSUPP;
450
451
452 rc = inode_doinit_with_dentry(root_inode, root);
453
454
455
456
457
458 spin_lock(&sbsec->isec_lock);
459next_inode:
460 if (!list_empty(&sbsec->isec_head)) {
461 struct inode_security_struct *isec =
462 list_entry(sbsec->isec_head.next,
463 struct inode_security_struct, list);
464 struct inode *inode = isec->inode;
465 spin_unlock(&sbsec->isec_lock);
466 inode = igrab(inode);
467 if (inode) {
468 if (!IS_PRIVATE(inode))
469 inode_doinit(inode);
470 iput(inode);
471 }
472 spin_lock(&sbsec->isec_lock);
473 list_del_init(&isec->list);
474 goto next_inode;
475 }
476 spin_unlock(&sbsec->isec_lock);
477out:
478 return rc;
479}
480
481
482
483
484
485
486static int selinux_get_mnt_opts(const struct super_block *sb,
487 struct security_mnt_opts *opts)
488{
489 int rc = 0, i;
490 struct superblock_security_struct *sbsec = sb->s_security;
491 char *context = NULL;
492 u32 len;
493 char tmp;
494
495 security_init_mnt_opts(opts);
496
497 if (!(sbsec->flags & SE_SBINITIALIZED))
498 return -EINVAL;
499
500 if (!ss_initialized)
501 return -EINVAL;
502
503 tmp = sbsec->flags & SE_MNTMASK;
504
505 for (i = 0; i < 8; i++) {
506 if (tmp & 0x01)
507 opts->num_mnt_opts++;
508 tmp >>= 1;
509 }
510
511 if (sbsec->flags & SE_SBLABELSUPP)
512 opts->num_mnt_opts++;
513
514 opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
515 if (!opts->mnt_opts) {
516 rc = -ENOMEM;
517 goto out_free;
518 }
519
520 opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);
521 if (!opts->mnt_opts_flags) {
522 rc = -ENOMEM;
523 goto out_free;
524 }
525
526 i = 0;
527 if (sbsec->flags & FSCONTEXT_MNT) {
528 rc = security_sid_to_context(sbsec->sid, &context, &len);
529 if (rc)
530 goto out_free;
531 opts->mnt_opts[i] = context;
532 opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
533 }
534 if (sbsec->flags & CONTEXT_MNT) {
535 rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
536 if (rc)
537 goto out_free;
538 opts->mnt_opts[i] = context;
539 opts->mnt_opts_flags[i++] = CONTEXT_MNT;
540 }
541 if (sbsec->flags & DEFCONTEXT_MNT) {
542 rc = security_sid_to_context(sbsec->def_sid, &context, &len);
543 if (rc)
544 goto out_free;
545 opts->mnt_opts[i] = context;
546 opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;
547 }
548 if (sbsec->flags & ROOTCONTEXT_MNT) {
549 struct inode *root = sbsec->sb->s_root->d_inode;
550 struct inode_security_struct *isec = root->i_security;
551
552 rc = security_sid_to_context(isec->sid, &context, &len);
553 if (rc)
554 goto out_free;
555 opts->mnt_opts[i] = context;
556 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
557 }
558 if (sbsec->flags & SE_SBLABELSUPP) {
559 opts->mnt_opts[i] = NULL;
560 opts->mnt_opts_flags[i++] = SE_SBLABELSUPP;
561 }
562
563 BUG_ON(i != opts->num_mnt_opts);
564
565 return 0;
566
567out_free:
568 security_free_mnt_opts(opts);
569 return rc;
570}
571
572static int bad_option(struct superblock_security_struct *sbsec, char flag,
573 u32 old_sid, u32 new_sid)
574{
575 char mnt_flags = sbsec->flags & SE_MNTMASK;
576
577
578 if (sbsec->flags & SE_SBINITIALIZED)
579 if (!(sbsec->flags & flag) ||
580 (old_sid != new_sid))
581 return 1;
582
583
584
585
586 if (!(sbsec->flags & SE_SBINITIALIZED))
587 if (mnt_flags & flag)
588 return 1;
589 return 0;
590}
591
592
593
594
595
596static int selinux_set_mnt_opts(struct super_block *sb,
597 struct security_mnt_opts *opts)
598{
599 const struct cred *cred = current_cred();
600 int rc = 0, i;
601 struct superblock_security_struct *sbsec = sb->s_security;
602 const char *name = sb->s_type->name;
603 struct inode *inode = sbsec->sb->s_root->d_inode;
604 struct inode_security_struct *root_isec = inode->i_security;
605 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
606 u32 defcontext_sid = 0;
607 char **mount_options = opts->mnt_opts;
608 int *flags = opts->mnt_opts_flags;
609 int num_opts = opts->num_mnt_opts;
610
611 mutex_lock(&sbsec->lock);
612
613 if (!ss_initialized) {
614 if (!num_opts) {
615
616
617
618 spin_lock(&sb_security_lock);
619 if (list_empty(&sbsec->list))
620 list_add(&sbsec->list, &superblock_security_head);
621 spin_unlock(&sb_security_lock);
622 goto out;
623 }
624 rc = -EINVAL;
625 printk(KERN_WARNING "SELinux: Unable to set superblock options "
626 "before the security server is initialized\n");
627 goto out;
628 }
629
630
631
632
633
634
635
636
637
638
639
640
641 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
642 && (num_opts == 0))
643 goto out;
644
645
646
647
648
649
650 for (i = 0; i < num_opts; i++) {
651 u32 sid;
652
653 if (flags[i] == SE_SBLABELSUPP)
654 continue;
655 rc = security_context_to_sid(mount_options[i],
656 strlen(mount_options[i]), &sid);
657 if (rc) {
658 printk(KERN_WARNING "SELinux: security_context_to_sid"
659 "(%s) failed for (dev %s, type %s) errno=%d\n",
660 mount_options[i], sb->s_id, name, rc);
661 goto out;
662 }
663 switch (flags[i]) {
664 case FSCONTEXT_MNT:
665 fscontext_sid = sid;
666
667 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
668 fscontext_sid))
669 goto out_double_mount;
670
671 sbsec->flags |= FSCONTEXT_MNT;
672 break;
673 case CONTEXT_MNT:
674 context_sid = sid;
675
676 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
677 context_sid))
678 goto out_double_mount;
679
680 sbsec->flags |= CONTEXT_MNT;
681 break;
682 case ROOTCONTEXT_MNT:
683 rootcontext_sid = sid;
684
685 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
686 rootcontext_sid))
687 goto out_double_mount;
688
689 sbsec->flags |= ROOTCONTEXT_MNT;
690
691 break;
692 case DEFCONTEXT_MNT:
693 defcontext_sid = sid;
694
695 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
696 defcontext_sid))
697 goto out_double_mount;
698
699 sbsec->flags |= DEFCONTEXT_MNT;
700
701 break;
702 default:
703 rc = -EINVAL;
704 goto out;
705 }
706 }
707
708 if (sbsec->flags & SE_SBINITIALIZED) {
709
710 if ((sbsec->flags & SE_MNTMASK) && !num_opts)
711 goto out_double_mount;
712 rc = 0;
713 goto out;
714 }
715
716 if (strcmp(sb->s_type->name, "proc") == 0)
717 sbsec->flags |= SE_SBPROC;
718
719
720 rc = security_fs_use((sbsec->flags & SE_SBPROC) ? "proc" : sb->s_type->name, &sbsec->behavior, &sbsec->sid);
721 if (rc) {
722 printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
723 __func__, sb->s_type->name, rc);
724 goto out;
725 }
726
727
728 if (fscontext_sid) {
729 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
730 if (rc)
731 goto out;
732
733 sbsec->sid = fscontext_sid;
734 }
735
736
737
738
739
740
741 if (context_sid) {
742 if (!fscontext_sid) {
743 rc = may_context_mount_sb_relabel(context_sid, sbsec,
744 cred);
745 if (rc)
746 goto out;
747 sbsec->sid = context_sid;
748 } else {
749 rc = may_context_mount_inode_relabel(context_sid, sbsec,
750 cred);
751 if (rc)
752 goto out;
753 }
754 if (!rootcontext_sid)
755 rootcontext_sid = context_sid;
756
757 sbsec->mntpoint_sid = context_sid;
758 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
759 }
760
761 if (rootcontext_sid) {
762 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
763 cred);
764 if (rc)
765 goto out;
766
767 root_isec->sid = rootcontext_sid;
768 root_isec->initialized = 1;
769 }
770
771 if (defcontext_sid) {
772 if (sbsec->behavior != SECURITY_FS_USE_XATTR) {
773 rc = -EINVAL;
774 printk(KERN_WARNING "SELinux: defcontext option is "
775 "invalid for this filesystem type\n");
776 goto out;
777 }
778
779 if (defcontext_sid != sbsec->def_sid) {
780 rc = may_context_mount_inode_relabel(defcontext_sid,
781 sbsec, cred);
782 if (rc)
783 goto out;
784 }
785
786 sbsec->def_sid = defcontext_sid;
787 }
788
789 rc = sb_finish_set_opts(sb);
790out:
791 mutex_unlock(&sbsec->lock);
792 return rc;
793out_double_mount:
794 rc = -EINVAL;
795 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
796 "security settings for (dev %s, type %s)\n", sb->s_id, name);
797 goto out;
798}
799
800static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
801 struct super_block *newsb)
802{
803 const struct superblock_security_struct *oldsbsec = oldsb->s_security;
804 struct superblock_security_struct *newsbsec = newsb->s_security;
805
806 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
807 int set_context = (oldsbsec->flags & CONTEXT_MNT);
808 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
809
810
811
812
813
814
815 if (!ss_initialized) {
816 spin_lock(&sb_security_lock);
817 if (list_empty(&newsbsec->list))
818 list_add(&newsbsec->list, &superblock_security_head);
819 spin_unlock(&sb_security_lock);
820 return;
821 }
822
823
824 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
825
826
827 if (newsbsec->flags & SE_SBINITIALIZED)
828 return;
829
830 mutex_lock(&newsbsec->lock);
831
832 newsbsec->flags = oldsbsec->flags;
833
834 newsbsec->sid = oldsbsec->sid;
835 newsbsec->def_sid = oldsbsec->def_sid;
836 newsbsec->behavior = oldsbsec->behavior;
837
838 if (set_context) {
839 u32 sid = oldsbsec->mntpoint_sid;
840
841 if (!set_fscontext)
842 newsbsec->sid = sid;
843 if (!set_rootcontext) {
844 struct inode *newinode = newsb->s_root->d_inode;
845 struct inode_security_struct *newisec = newinode->i_security;
846 newisec->sid = sid;
847 }
848 newsbsec->mntpoint_sid = sid;
849 }
850 if (set_rootcontext) {
851 const struct inode *oldinode = oldsb->s_root->d_inode;
852 const struct inode_security_struct *oldisec = oldinode->i_security;
853 struct inode *newinode = newsb->s_root->d_inode;
854 struct inode_security_struct *newisec = newinode->i_security;
855
856 newisec->sid = oldisec->sid;
857 }
858
859 sb_finish_set_opts(newsb);
860 mutex_unlock(&newsbsec->lock);
861}
862
863static int selinux_parse_opts_str(char *options,
864 struct security_mnt_opts *opts)
865{
866 char *p;
867 char *context = NULL, *defcontext = NULL;
868 char *fscontext = NULL, *rootcontext = NULL;
869 int rc, num_mnt_opts = 0;
870
871 opts->num_mnt_opts = 0;
872
873
874 while ((p = strsep(&options, "|")) != NULL) {
875 int token;
876 substring_t args[MAX_OPT_ARGS];
877
878 if (!*p)
879 continue;
880
881 token = match_token(p, tokens, args);
882
883 switch (token) {
884 case Opt_context:
885 if (context || defcontext) {
886 rc = -EINVAL;
887 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
888 goto out_err;
889 }
890 context = match_strdup(&args[0]);
891 if (!context) {
892 rc = -ENOMEM;
893 goto out_err;
894 }
895 break;
896
897 case Opt_fscontext:
898 if (fscontext) {
899 rc = -EINVAL;
900 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
901 goto out_err;
902 }
903 fscontext = match_strdup(&args[0]);
904 if (!fscontext) {
905 rc = -ENOMEM;
906 goto out_err;
907 }
908 break;
909
910 case Opt_rootcontext:
911 if (rootcontext) {
912 rc = -EINVAL;
913 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
914 goto out_err;
915 }
916 rootcontext = match_strdup(&args[0]);
917 if (!rootcontext) {
918 rc = -ENOMEM;
919 goto out_err;
920 }
921 break;
922
923 case Opt_defcontext:
924 if (context || defcontext) {
925 rc = -EINVAL;
926 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
927 goto out_err;
928 }
929 defcontext = match_strdup(&args[0]);
930 if (!defcontext) {
931 rc = -ENOMEM;
932 goto out_err;
933 }
934 break;
935 case Opt_labelsupport:
936 break;
937 default:
938 rc = -EINVAL;
939 printk(KERN_WARNING "SELinux: unknown mount option\n");
940 goto out_err;
941
942 }
943 }
944
945 rc = -ENOMEM;
946 opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC);
947 if (!opts->mnt_opts)
948 goto out_err;
949
950 opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC);
951 if (!opts->mnt_opts_flags) {
952 kfree(opts->mnt_opts);
953 goto out_err;
954 }
955
956 if (fscontext) {
957 opts->mnt_opts[num_mnt_opts] = fscontext;
958 opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;
959 }
960 if (context) {
961 opts->mnt_opts[num_mnt_opts] = context;
962 opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;
963 }
964 if (rootcontext) {
965 opts->mnt_opts[num_mnt_opts] = rootcontext;
966 opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;
967 }
968 if (defcontext) {
969 opts->mnt_opts[num_mnt_opts] = defcontext;
970 opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;
971 }
972
973 opts->num_mnt_opts = num_mnt_opts;
974 return 0;
975
976out_err:
977 kfree(context);
978 kfree(defcontext);
979 kfree(fscontext);
980 kfree(rootcontext);
981 return rc;
982}
983
984
985
986static int superblock_doinit(struct super_block *sb, void *data)
987{
988 int rc = 0;
989 char *options = data;
990 struct security_mnt_opts opts;
991
992 security_init_mnt_opts(&opts);
993
994 if (!data)
995 goto out;
996
997 BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
998
999 rc = selinux_parse_opts_str(options, &opts);
1000 if (rc)
1001 goto out_err;
1002
1003out:
1004 rc = selinux_set_mnt_opts(sb, &opts);
1005
1006out_err:
1007 security_free_mnt_opts(&opts);
1008 return rc;
1009}
1010
1011static void selinux_write_opts(struct seq_file *m,
1012 struct security_mnt_opts *opts)
1013{
1014 int i;
1015 char *prefix;
1016
1017 for (i = 0; i < opts->num_mnt_opts; i++) {
1018 char *has_comma;
1019
1020 if (opts->mnt_opts[i])
1021 has_comma = strchr(opts->mnt_opts[i], ',');
1022 else
1023 has_comma = NULL;
1024
1025 switch (opts->mnt_opts_flags[i]) {
1026 case CONTEXT_MNT:
1027 prefix = CONTEXT_STR;
1028 break;
1029 case FSCONTEXT_MNT:
1030 prefix = FSCONTEXT_STR;
1031 break;
1032 case ROOTCONTEXT_MNT:
1033 prefix = ROOTCONTEXT_STR;
1034 break;
1035 case DEFCONTEXT_MNT:
1036 prefix = DEFCONTEXT_STR;
1037 break;
1038 case SE_SBLABELSUPP:
1039 seq_putc(m, ',');
1040 seq_puts(m, LABELSUPP_STR);
1041 continue;
1042 default:
1043 BUG();
1044 };
1045
1046 seq_putc(m, ',');
1047 seq_puts(m, prefix);
1048 if (has_comma)
1049 seq_putc(m, '\"');
1050 seq_puts(m, opts->mnt_opts[i]);
1051 if (has_comma)
1052 seq_putc(m, '\"');
1053 }
1054}
1055
1056static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
1057{
1058 struct security_mnt_opts opts;
1059 int rc;
1060
1061 rc = selinux_get_mnt_opts(sb, &opts);
1062 if (rc) {
1063
1064 if (rc == -EINVAL)
1065 rc = 0;
1066 return rc;
1067 }
1068
1069 selinux_write_opts(m, &opts);
1070
1071 security_free_mnt_opts(&opts);
1072
1073 return rc;
1074}
1075
1076static inline u16 inode_mode_to_security_class(umode_t mode)
1077{
1078 switch (mode & S_IFMT) {
1079 case S_IFSOCK:
1080 return SECCLASS_SOCK_FILE;
1081 case S_IFLNK:
1082 return SECCLASS_LNK_FILE;
1083 case S_IFREG:
1084 return SECCLASS_FILE;
1085 case S_IFBLK:
1086 return SECCLASS_BLK_FILE;
1087 case S_IFDIR:
1088 return SECCLASS_DIR;
1089 case S_IFCHR:
1090 return SECCLASS_CHR_FILE;
1091 case S_IFIFO:
1092 return SECCLASS_FIFO_FILE;
1093
1094 }
1095
1096 return SECCLASS_FILE;
1097}
1098
1099static inline int default_protocol_stream(int protocol)
1100{
1101 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
1102}
1103
1104static inline int default_protocol_dgram(int protocol)
1105{
1106 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
1107}
1108
1109static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1110{
1111 switch (family) {
1112 case PF_UNIX:
1113 switch (type) {
1114 case SOCK_STREAM:
1115 case SOCK_SEQPACKET:
1116 return SECCLASS_UNIX_STREAM_SOCKET;
1117 case SOCK_DGRAM:
1118 return SECCLASS_UNIX_DGRAM_SOCKET;
1119 }
1120 break;
1121 case PF_INET:
1122 case PF_INET6:
1123 switch (type) {
1124 case SOCK_STREAM:
1125 if (default_protocol_stream(protocol))
1126 return SECCLASS_TCP_SOCKET;
1127 else
1128 return SECCLASS_RAWIP_SOCKET;
1129 case SOCK_DGRAM:
1130 if (default_protocol_dgram(protocol))
1131 return SECCLASS_UDP_SOCKET;
1132 else
1133 return SECCLASS_RAWIP_SOCKET;
1134 case SOCK_DCCP:
1135 return SECCLASS_DCCP_SOCKET;
1136 default:
1137 return SECCLASS_RAWIP_SOCKET;
1138 }
1139 break;
1140 case PF_NETLINK:
1141 switch (protocol) {
1142 case NETLINK_ROUTE:
1143 return SECCLASS_NETLINK_ROUTE_SOCKET;
1144 case NETLINK_FIREWALL:
1145 return SECCLASS_NETLINK_FIREWALL_SOCKET;
1146 case NETLINK_INET_DIAG:
1147 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1148 case NETLINK_NFLOG:
1149 return SECCLASS_NETLINK_NFLOG_SOCKET;
1150 case NETLINK_XFRM:
1151 return SECCLASS_NETLINK_XFRM_SOCKET;
1152 case NETLINK_SELINUX:
1153 return SECCLASS_NETLINK_SELINUX_SOCKET;
1154 case NETLINK_AUDIT:
1155 return SECCLASS_NETLINK_AUDIT_SOCKET;
1156 case NETLINK_IP6_FW:
1157 return SECCLASS_NETLINK_IP6FW_SOCKET;
1158 case NETLINK_DNRTMSG:
1159 return SECCLASS_NETLINK_DNRT_SOCKET;
1160 case NETLINK_KOBJECT_UEVENT:
1161 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1162 default:
1163 return SECCLASS_NETLINK_SOCKET;
1164 }
1165 case PF_PACKET:
1166 return SECCLASS_PACKET_SOCKET;
1167 case PF_KEY:
1168 return SECCLASS_KEY_SOCKET;
1169 case PF_APPLETALK:
1170 return SECCLASS_APPLETALK_SOCKET;
1171 }
1172
1173 return SECCLASS_SOCKET;
1174}
1175
1176#ifdef CONFIG_PROC_FS
1177static int selinux_proc_get_sid(struct proc_dir_entry *de,
1178 u16 tclass,
1179 u32 *sid)
1180{
1181 int buflen, rc;
1182 char *buffer, *path, *end;
1183
1184 buffer = (char *)__get_free_page(GFP_KERNEL);
1185 if (!buffer)
1186 return -ENOMEM;
1187
1188 buflen = PAGE_SIZE;
1189 end = buffer+buflen;
1190 *--end = '\0';
1191 buflen--;
1192 path = end-1;
1193 *path = '/';
1194 while (de && de != de->parent) {
1195 buflen -= de->namelen + 1;
1196 if (buflen < 0)
1197 break;
1198 end -= de->namelen;
1199 memcpy(end, de->name, de->namelen);
1200 *--end = '/';
1201 path = end;
1202 de = de->parent;
1203 }
1204 rc = security_genfs_sid("proc", path, tclass, sid);
1205 free_page((unsigned long)buffer);
1206 return rc;
1207}
1208#else
1209static int selinux_proc_get_sid(struct proc_dir_entry *de,
1210 u16 tclass,
1211 u32 *sid)
1212{
1213 return -EINVAL;
1214}
1215#endif
1216
1217
1218static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1219{
1220 struct superblock_security_struct *sbsec = NULL;
1221 struct inode_security_struct *isec = inode->i_security;
1222 u32 sid;
1223 struct dentry *dentry;
1224#define INITCONTEXTLEN 255
1225 char *context = NULL;
1226 unsigned len = 0;
1227 int rc = 0;
1228
1229 if (isec->initialized)
1230 goto out;
1231
1232 mutex_lock(&isec->lock);
1233 if (isec->initialized)
1234 goto out_unlock;
1235
1236 sbsec = inode->i_sb->s_security;
1237 if (!(sbsec->flags & SE_SBINITIALIZED)) {
1238
1239
1240
1241 spin_lock(&sbsec->isec_lock);
1242 if (list_empty(&isec->list))
1243 list_add(&isec->list, &sbsec->isec_head);
1244 spin_unlock(&sbsec->isec_lock);
1245 goto out_unlock;
1246 }
1247
1248 switch (sbsec->behavior) {
1249 case SECURITY_FS_USE_XATTR:
1250 if (!inode->i_op->getxattr) {
1251 isec->sid = sbsec->def_sid;
1252 break;
1253 }
1254
1255
1256
1257 if (opt_dentry) {
1258
1259 dentry = dget(opt_dentry);
1260 } else {
1261
1262 dentry = d_find_alias(inode);
1263 }
1264 if (!dentry) {
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274 goto out_unlock;
1275 }
1276
1277 len = INITCONTEXTLEN;
1278 context = kmalloc(len+1, GFP_NOFS);
1279 if (!context) {
1280 rc = -ENOMEM;
1281 dput(dentry);
1282 goto out_unlock;
1283 }
1284 context[len] = '\0';
1285 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1286 context, len);
1287 if (rc == -ERANGE) {
1288
1289 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1290 NULL, 0);
1291 if (rc < 0) {
1292 dput(dentry);
1293 goto out_unlock;
1294 }
1295 kfree(context);
1296 len = rc;
1297 context = kmalloc(len+1, GFP_NOFS);
1298 if (!context) {
1299 rc = -ENOMEM;
1300 dput(dentry);
1301 goto out_unlock;
1302 }
1303 context[len] = '\0';
1304 rc = inode->i_op->getxattr(dentry,
1305 XATTR_NAME_SELINUX,
1306 context, len);
1307 }
1308 dput(dentry);
1309 if (rc < 0) {
1310 if (rc != -ENODATA) {
1311 printk(KERN_WARNING "SELinux: %s: getxattr returned "
1312 "%d for dev=%s ino=%ld\n", __func__,
1313 -rc, inode->i_sb->s_id, inode->i_ino);
1314 kfree(context);
1315 goto out_unlock;
1316 }
1317
1318 sid = sbsec->def_sid;
1319 rc = 0;
1320 } else {
1321 rc = security_context_to_sid_default(context, rc, &sid,
1322 sbsec->def_sid,
1323 GFP_NOFS);
1324 if (rc) {
1325 char *dev = inode->i_sb->s_id;
1326 unsigned long ino = inode->i_ino;
1327
1328 if (rc == -EINVAL) {
1329 if (printk_ratelimit())
1330 printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
1331 "context=%s. This indicates you may need to relabel the inode or the "
1332 "filesystem in question.\n", ino, dev, context);
1333 } else {
1334 printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
1335 "returned %d for dev=%s ino=%ld\n",
1336 __func__, context, -rc, dev, ino);
1337 }
1338 kfree(context);
1339
1340 rc = 0;
1341 break;
1342 }
1343 }
1344 kfree(context);
1345 isec->sid = sid;
1346 break;
1347 case SECURITY_FS_USE_TASK:
1348 isec->sid = isec->task_sid;
1349 break;
1350 case SECURITY_FS_USE_TRANS:
1351
1352 isec->sid = sbsec->sid;
1353
1354
1355 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1356 rc = security_transition_sid(isec->task_sid,
1357 sbsec->sid,
1358 isec->sclass,
1359 &sid);
1360 if (rc)
1361 goto out_unlock;
1362 isec->sid = sid;
1363 break;
1364 case SECURITY_FS_USE_MNTPOINT:
1365 isec->sid = sbsec->mntpoint_sid;
1366 break;
1367 default:
1368
1369 isec->sid = sbsec->sid;
1370
1371 if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
1372 struct proc_inode *proci = PROC_I(inode);
1373 if (proci->pde) {
1374 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1375 rc = selinux_proc_get_sid(proci->pde,
1376 isec->sclass,
1377 &sid);
1378 if (rc)
1379 goto out_unlock;
1380 isec->sid = sid;
1381 }
1382 }
1383 break;
1384 }
1385
1386 isec->initialized = 1;
1387
1388out_unlock:
1389 mutex_unlock(&isec->lock);
1390out:
1391 if (isec->sclass == SECCLASS_FILE)
1392 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1393 return rc;
1394}
1395
1396
1397static inline u32 signal_to_av(int sig)
1398{
1399 u32 perm = 0;
1400
1401 switch (sig) {
1402 case SIGCHLD:
1403
1404 perm = PROCESS__SIGCHLD;
1405 break;
1406 case SIGKILL:
1407
1408 perm = PROCESS__SIGKILL;
1409 break;
1410 case SIGSTOP:
1411
1412 perm = PROCESS__SIGSTOP;
1413 break;
1414 default:
1415
1416 perm = PROCESS__SIGNAL;
1417 break;
1418 }
1419
1420 return perm;
1421}
1422
1423
1424
1425
1426
1427static int cred_has_perm(const struct cred *actor,
1428 const struct cred *target,
1429 u32 perms)
1430{
1431 u32 asid = cred_sid(actor), tsid = cred_sid(target);
1432
1433 return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL);
1434}
1435
1436
1437
1438
1439
1440
1441
1442static int task_has_perm(const struct task_struct *tsk1,
1443 const struct task_struct *tsk2,
1444 u32 perms)
1445{
1446 const struct task_security_struct *__tsec1, *__tsec2;
1447 u32 sid1, sid2;
1448
1449 rcu_read_lock();
1450 __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid;
1451 __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid;
1452 rcu_read_unlock();
1453 return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL);
1454}
1455
1456
1457
1458
1459
1460
1461
1462static int current_has_perm(const struct task_struct *tsk,
1463 u32 perms)
1464{
1465 u32 sid, tsid;
1466
1467 sid = current_sid();
1468 tsid = task_sid(tsk);
1469 return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL);
1470}
1471
1472#if CAP_LAST_CAP > 63
1473#error Fix SELinux to handle capabilities > 63.
1474#endif
1475
1476
1477static int task_has_capability(struct task_struct *tsk,
1478 const struct cred *cred,
1479 int cap, int audit)
1480{
1481 struct avc_audit_data ad;
1482 struct av_decision avd;
1483 u16 sclass;
1484 u32 sid = cred_sid(cred);
1485 u32 av = CAP_TO_MASK(cap);
1486 int rc;
1487
1488 AVC_AUDIT_DATA_INIT(&ad, CAP);
1489 ad.tsk = tsk;
1490 ad.u.cap = cap;
1491
1492 switch (CAP_TO_INDEX(cap)) {
1493 case 0:
1494 sclass = SECCLASS_CAPABILITY;
1495 break;
1496 case 1:
1497 sclass = SECCLASS_CAPABILITY2;
1498 break;
1499 default:
1500 printk(KERN_ERR
1501 "SELinux: out of range capability %d\n", cap);
1502 BUG();
1503 }
1504
1505 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
1506 if (audit == SECURITY_CAP_AUDIT)
1507 avc_audit(sid, sid, sclass, av, &avd, rc, &ad);
1508 return rc;
1509}
1510
1511
1512static int task_has_system(struct task_struct *tsk,
1513 u32 perms)
1514{
1515 u32 sid = task_sid(tsk);
1516
1517 return avc_has_perm(sid, SECINITSID_KERNEL,
1518 SECCLASS_SYSTEM, perms, NULL);
1519}
1520
1521
1522
1523
1524static int inode_has_perm(const struct cred *cred,
1525 struct inode *inode,
1526 u32 perms,
1527 struct avc_audit_data *adp)
1528{
1529 struct inode_security_struct *isec;
1530 struct avc_audit_data ad;
1531 u32 sid;
1532
1533 if (unlikely(IS_PRIVATE(inode)))
1534 return 0;
1535
1536 sid = cred_sid(cred);
1537 isec = inode->i_security;
1538
1539 if (!adp) {
1540 adp = &ad;
1541 AVC_AUDIT_DATA_INIT(&ad, FS);
1542 ad.u.fs.inode = inode;
1543 }
1544
1545 return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);
1546}
1547
1548
1549
1550
1551static inline int dentry_has_perm(const struct cred *cred,
1552 struct vfsmount *mnt,
1553 struct dentry *dentry,
1554 u32 av)
1555{
1556 struct inode *inode = dentry->d_inode;
1557 struct avc_audit_data ad;
1558
1559 AVC_AUDIT_DATA_INIT(&ad, FS);
1560 ad.u.fs.path.mnt = mnt;
1561 ad.u.fs.path.dentry = dentry;
1562 return inode_has_perm(cred, inode, av, &ad);
1563}
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573static int file_has_perm(const struct cred *cred,
1574 struct file *file,
1575 u32 av)
1576{
1577 struct file_security_struct *fsec = file->f_security;
1578 struct inode *inode = file->f_path.dentry->d_inode;
1579 struct avc_audit_data ad;
1580 u32 sid = cred_sid(cred);
1581 int rc;
1582
1583 AVC_AUDIT_DATA_INIT(&ad, FS);
1584 ad.u.fs.path = file->f_path;
1585
1586 if (sid != fsec->sid) {
1587 rc = avc_has_perm(sid, fsec->sid,
1588 SECCLASS_FD,
1589 FD__USE,
1590 &ad);
1591 if (rc)
1592 goto out;
1593 }
1594
1595
1596 rc = 0;
1597 if (av)
1598 rc = inode_has_perm(cred, inode, av, &ad);
1599
1600out:
1601 return rc;
1602}
1603
1604
1605static int may_create(struct inode *dir,
1606 struct dentry *dentry,
1607 u16 tclass)
1608{
1609 const struct cred *cred = current_cred();
1610 const struct task_security_struct *tsec = cred->security;
1611 struct inode_security_struct *dsec;
1612 struct superblock_security_struct *sbsec;
1613 u32 sid, newsid;
1614 struct avc_audit_data ad;
1615 int rc;
1616
1617 dsec = dir->i_security;
1618 sbsec = dir->i_sb->s_security;
1619
1620 sid = tsec->sid;
1621 newsid = tsec->create_sid;
1622
1623 AVC_AUDIT_DATA_INIT(&ad, FS);
1624 ad.u.fs.path.dentry = dentry;
1625
1626 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
1627 DIR__ADD_NAME | DIR__SEARCH,
1628 &ad);
1629 if (rc)
1630 return rc;
1631
1632 if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
1633 rc = security_transition_sid(sid, dsec->sid, tclass, &newsid);
1634 if (rc)
1635 return rc;
1636 }
1637
1638 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);
1639 if (rc)
1640 return rc;
1641
1642 return avc_has_perm(newsid, sbsec->sid,
1643 SECCLASS_FILESYSTEM,
1644 FILESYSTEM__ASSOCIATE, &ad);
1645}
1646
1647
1648static int may_create_key(u32 ksid,
1649 struct task_struct *ctx)
1650{
1651 u32 sid = task_sid(ctx);
1652
1653 return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1654}
1655
1656#define MAY_LINK 0
1657#define MAY_UNLINK 1
1658#define MAY_RMDIR 2
1659
1660
1661static int may_link(struct inode *dir,
1662 struct dentry *dentry,
1663 int kind)
1664
1665{
1666 struct inode_security_struct *dsec, *isec;
1667 struct avc_audit_data ad;
1668 u32 sid = current_sid();
1669 u32 av;
1670 int rc;
1671
1672 dsec = dir->i_security;
1673 isec = dentry->d_inode->i_security;
1674
1675 AVC_AUDIT_DATA_INIT(&ad, FS);
1676 ad.u.fs.path.dentry = dentry;
1677
1678 av = DIR__SEARCH;
1679 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1680 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);
1681 if (rc)
1682 return rc;
1683
1684 switch (kind) {
1685 case MAY_LINK:
1686 av = FILE__LINK;
1687 break;
1688 case MAY_UNLINK:
1689 av = FILE__UNLINK;
1690 break;
1691 case MAY_RMDIR:
1692 av = DIR__RMDIR;
1693 break;
1694 default:
1695 printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
1696 __func__, kind);
1697 return 0;
1698 }
1699
1700 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);
1701 return rc;
1702}
1703
1704static inline int may_rename(struct inode *old_dir,
1705 struct dentry *old_dentry,
1706 struct inode *new_dir,
1707 struct dentry *new_dentry)
1708{
1709 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1710 struct avc_audit_data ad;
1711 u32 sid = current_sid();
1712 u32 av;
1713 int old_is_dir, new_is_dir;
1714 int rc;
1715
1716 old_dsec = old_dir->i_security;
1717 old_isec = old_dentry->d_inode->i_security;
1718 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
1719 new_dsec = new_dir->i_security;
1720
1721 AVC_AUDIT_DATA_INIT(&ad, FS);
1722
1723 ad.u.fs.path.dentry = old_dentry;
1724 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
1725 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1726 if (rc)
1727 return rc;
1728 rc = avc_has_perm(sid, old_isec->sid,
1729 old_isec->sclass, FILE__RENAME, &ad);
1730 if (rc)
1731 return rc;
1732 if (old_is_dir && new_dir != old_dir) {
1733 rc = avc_has_perm(sid, old_isec->sid,
1734 old_isec->sclass, DIR__REPARENT, &ad);
1735 if (rc)
1736 return rc;
1737 }
1738
1739 ad.u.fs.path.dentry = new_dentry;
1740 av = DIR__ADD_NAME | DIR__SEARCH;
1741 if (new_dentry->d_inode)
1742 av |= DIR__REMOVE_NAME;
1743 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1744 if (rc)
1745 return rc;
1746 if (new_dentry->d_inode) {
1747 new_isec = new_dentry->d_inode->i_security;
1748 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
1749 rc = avc_has_perm(sid, new_isec->sid,
1750 new_isec->sclass,
1751 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1752 if (rc)
1753 return rc;
1754 }
1755
1756 return 0;
1757}
1758
1759
1760static int superblock_has_perm(const struct cred *cred,
1761 struct super_block *sb,
1762 u32 perms,
1763 struct avc_audit_data *ad)
1764{
1765 struct superblock_security_struct *sbsec;
1766 u32 sid = cred_sid(cred);
1767
1768 sbsec = sb->s_security;
1769 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
1770}
1771
1772
1773static inline u32 file_mask_to_av(int mode, int mask)
1774{
1775 u32 av = 0;
1776
1777 if ((mode & S_IFMT) != S_IFDIR) {
1778 if (mask & MAY_EXEC)
1779 av |= FILE__EXECUTE;
1780 if (mask & MAY_READ)
1781 av |= FILE__READ;
1782
1783 if (mask & MAY_APPEND)
1784 av |= FILE__APPEND;
1785 else if (mask & MAY_WRITE)
1786 av |= FILE__WRITE;
1787
1788 } else {
1789 if (mask & MAY_EXEC)
1790 av |= DIR__SEARCH;
1791 if (mask & MAY_WRITE)
1792 av |= DIR__WRITE;
1793 if (mask & MAY_READ)
1794 av |= DIR__READ;
1795 }
1796
1797 return av;
1798}
1799
1800
1801static inline u32 file_to_av(struct file *file)
1802{
1803 u32 av = 0;
1804
1805 if (file->f_mode & FMODE_READ)
1806 av |= FILE__READ;
1807 if (file->f_mode & FMODE_WRITE) {
1808 if (file->f_flags & O_APPEND)
1809 av |= FILE__APPEND;
1810 else
1811 av |= FILE__WRITE;
1812 }
1813 if (!av) {
1814
1815
1816
1817 av = FILE__IOCTL;
1818 }
1819
1820 return av;
1821}
1822
1823
1824
1825
1826
1827static inline u32 open_file_to_av(struct file *file)
1828{
1829 u32 av = file_to_av(file);
1830
1831 if (selinux_policycap_openperm) {
1832 mode_t mode = file->f_path.dentry->d_inode->i_mode;
1833
1834
1835
1836 if (S_ISREG(mode))
1837 av |= FILE__OPEN;
1838 else if (S_ISCHR(mode))
1839 av |= CHR_FILE__OPEN;
1840 else if (S_ISBLK(mode))
1841 av |= BLK_FILE__OPEN;
1842 else if (S_ISFIFO(mode))
1843 av |= FIFO_FILE__OPEN;
1844 else if (S_ISDIR(mode))
1845 av |= DIR__OPEN;
1846 else if (S_ISSOCK(mode))
1847 av |= SOCK_FILE__OPEN;
1848 else
1849 printk(KERN_ERR "SELinux: WARNING: inside %s with "
1850 "unknown mode:%o\n", __func__, mode);
1851 }
1852 return av;
1853}
1854
1855
1856
1857static int selinux_ptrace_may_access(struct task_struct *child,
1858 unsigned int mode)
1859{
1860 int rc;
1861
1862 rc = cap_ptrace_may_access(child, mode);
1863 if (rc)
1864 return rc;
1865
1866 if (mode == PTRACE_MODE_READ) {
1867 u32 sid = current_sid();
1868 u32 csid = task_sid(child);
1869 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
1870 }
1871
1872 return current_has_perm(child, PROCESS__PTRACE);
1873}
1874
1875static int selinux_ptrace_traceme(struct task_struct *parent)
1876{
1877 int rc;
1878
1879 rc = cap_ptrace_traceme(parent);
1880 if (rc)
1881 return rc;
1882
1883 return task_has_perm(parent, current, PROCESS__PTRACE);
1884}
1885
1886static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
1887 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1888{
1889 int error;
1890
1891 error = current_has_perm(target, PROCESS__GETCAP);
1892 if (error)
1893 return error;
1894
1895 return cap_capget(target, effective, inheritable, permitted);
1896}
1897
1898static int selinux_capset(struct cred *new, const struct cred *old,
1899 const kernel_cap_t *effective,
1900 const kernel_cap_t *inheritable,
1901 const kernel_cap_t *permitted)
1902{
1903 int error;
1904
1905 error = cap_capset(new, old,
1906 effective, inheritable, permitted);
1907 if (error)
1908 return error;
1909
1910 return cred_has_perm(old, new, PROCESS__SETCAP);
1911}
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923static int selinux_capable(struct task_struct *tsk, const struct cred *cred,
1924 int cap, int audit)
1925{
1926 int rc;
1927
1928 rc = cap_capable(tsk, cred, cap, audit);
1929 if (rc)
1930 return rc;
1931
1932 return task_has_capability(tsk, cred, cap, audit);
1933}
1934
1935static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid)
1936{
1937 int buflen, rc;
1938 char *buffer, *path, *end;
1939
1940 rc = -ENOMEM;
1941 buffer = (char *)__get_free_page(GFP_KERNEL);
1942 if (!buffer)
1943 goto out;
1944
1945 buflen = PAGE_SIZE;
1946 end = buffer+buflen;
1947 *--end = '\0';
1948 buflen--;
1949 path = end-1;
1950 *path = '/';
1951 while (table) {
1952 const char *name = table->procname;
1953 size_t namelen = strlen(name);
1954 buflen -= namelen + 1;
1955 if (buflen < 0)
1956 goto out_free;
1957 end -= namelen;
1958 memcpy(end, name, namelen);
1959 *--end = '/';
1960 path = end;
1961 table = table->parent;
1962 }
1963 buflen -= 4;
1964 if (buflen < 0)
1965 goto out_free;
1966 end -= 4;
1967 memcpy(end, "/sys", 4);
1968 path = end;
1969 rc = security_genfs_sid("proc", path, tclass, sid);
1970out_free:
1971 free_page((unsigned long)buffer);
1972out:
1973 return rc;
1974}
1975
1976static int selinux_sysctl(ctl_table *table, int op)
1977{
1978 int error = 0;
1979 u32 av;
1980 u32 tsid, sid;
1981 int rc;
1982
1983 rc = secondary_ops->sysctl(table, op);
1984 if (rc)
1985 return rc;
1986
1987 sid = current_sid();
1988
1989 rc = selinux_sysctl_get_sid(table, (op == 0001) ?
1990 SECCLASS_DIR : SECCLASS_FILE, &tsid);
1991 if (rc) {
1992
1993 tsid = SECINITSID_SYSCTL;
1994 }
1995
1996
1997
1998 if (op == 001) {
1999 error = avc_has_perm(sid, tsid,
2000 SECCLASS_DIR, DIR__SEARCH, NULL);
2001 } else {
2002 av = 0;
2003 if (op & 004)
2004 av |= FILE__READ;
2005 if (op & 002)
2006 av |= FILE__WRITE;
2007 if (av)
2008 error = avc_has_perm(sid, tsid,
2009 SECCLASS_FILE, av, NULL);
2010 }
2011
2012 return error;
2013}
2014
2015static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
2016{
2017 const struct cred *cred = current_cred();
2018 int rc = 0;
2019
2020 if (!sb)
2021 return 0;
2022
2023 switch (cmds) {
2024 case Q_SYNC:
2025 case Q_QUOTAON:
2026 case Q_QUOTAOFF:
2027 case Q_SETINFO:
2028 case Q_SETQUOTA:
2029 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
2030 break;
2031 case Q_GETFMT:
2032 case Q_GETINFO:
2033 case Q_GETQUOTA:
2034 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
2035 break;
2036 default:
2037 rc = 0;
2038 break;
2039 }
2040 return rc;
2041}
2042
2043static int selinux_quota_on(struct dentry *dentry)
2044{
2045 const struct cred *cred = current_cred();
2046
2047 return dentry_has_perm(cred, NULL, dentry, FILE__QUOTAON);
2048}
2049
2050static int selinux_syslog(int type)
2051{
2052 int rc;
2053
2054 rc = cap_syslog(type);
2055 if (rc)
2056 return rc;
2057
2058 switch (type) {
2059 case 3:
2060 case 10:
2061 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
2062 break;
2063 case 6:
2064 case 7:
2065 case 8:
2066 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
2067 break;
2068 case 0:
2069 case 1:
2070 case 2:
2071 case 4:
2072 case 5:
2073 default:
2074 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
2075 break;
2076 }
2077 return rc;
2078}
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
2089{
2090 int rc, cap_sys_admin = 0;
2091
2092 rc = selinux_capable(current, current_cred(), CAP_SYS_ADMIN,
2093 SECURITY_CAP_NOAUDIT);
2094 if (rc == 0)
2095 cap_sys_admin = 1;
2096
2097 return __vm_enough_memory(mm, pages, cap_sys_admin);
2098}
2099
2100
2101
2102static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2103{
2104 const struct task_security_struct *old_tsec;
2105 struct task_security_struct *new_tsec;
2106 struct inode_security_struct *isec;
2107 struct avc_audit_data ad;
2108 struct inode *inode = bprm->file->f_path.dentry->d_inode;
2109 int rc;
2110
2111 rc = cap_bprm_set_creds(bprm);
2112 if (rc)
2113 return rc;
2114
2115
2116
2117 if (bprm->cred_prepared)
2118 return 0;
2119
2120 old_tsec = current_security();
2121 new_tsec = bprm->cred->security;
2122 isec = inode->i_security;
2123
2124
2125 new_tsec->sid = old_tsec->sid;
2126 new_tsec->osid = old_tsec->sid;
2127
2128
2129 new_tsec->create_sid = 0;
2130 new_tsec->keycreate_sid = 0;
2131 new_tsec->sockcreate_sid = 0;
2132
2133 if (old_tsec->exec_sid) {
2134 new_tsec->sid = old_tsec->exec_sid;
2135
2136 new_tsec->exec_sid = 0;
2137 } else {
2138
2139 rc = security_transition_sid(old_tsec->sid, isec->sid,
2140 SECCLASS_PROCESS, &new_tsec->sid);
2141 if (rc)
2142 return rc;
2143 }
2144
2145 AVC_AUDIT_DATA_INIT(&ad, FS);
2146 ad.u.fs.path = bprm->file->f_path;
2147
2148 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
2149 new_tsec->sid = old_tsec->sid;
2150
2151 if (new_tsec->sid == old_tsec->sid) {
2152 rc = avc_has_perm(old_tsec->sid, isec->sid,
2153 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2154 if (rc)
2155 return rc;
2156 } else {
2157
2158 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2159 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2160 if (rc)
2161 return rc;
2162
2163 rc = avc_has_perm(new_tsec->sid, isec->sid,
2164 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2165 if (rc)
2166 return rc;
2167
2168
2169 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2170 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2171 SECCLASS_PROCESS, PROCESS__SHARE,
2172 NULL);
2173 if (rc)
2174 return -EPERM;
2175 }
2176
2177
2178
2179 if (bprm->unsafe &
2180 (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
2181 struct task_struct *tracer;
2182 struct task_security_struct *sec;
2183 u32 ptsid = 0;
2184
2185 rcu_read_lock();
2186 tracer = tracehook_tracer_task(current);
2187 if (likely(tracer != NULL)) {
2188 sec = __task_cred(tracer)->security;
2189 ptsid = sec->sid;
2190 }
2191 rcu_read_unlock();
2192
2193 if (ptsid != 0) {
2194 rc = avc_has_perm(ptsid, new_tsec->sid,
2195 SECCLASS_PROCESS,
2196 PROCESS__PTRACE, NULL);
2197 if (rc)
2198 return -EPERM;
2199 }
2200 }
2201
2202
2203 bprm->per_clear |= PER_CLEAR_ON_SETID;
2204 }
2205
2206 return 0;
2207}
2208
2209static int selinux_bprm_secureexec(struct linux_binprm *bprm)
2210{
2211 const struct cred *cred = current_cred();
2212 const struct task_security_struct *tsec = cred->security;
2213 u32 sid, osid;
2214 int atsecure = 0;
2215
2216 sid = tsec->sid;
2217 osid = tsec->osid;
2218
2219 if (osid != sid) {
2220
2221
2222
2223 atsecure = avc_has_perm(osid, sid,
2224 SECCLASS_PROCESS,
2225 PROCESS__NOATSECURE, NULL);
2226 }
2227
2228 return (atsecure || cap_bprm_secureexec(bprm));
2229}
2230
2231extern struct vfsmount *selinuxfs_mount;
2232extern struct dentry *selinux_null;
2233
2234
2235static inline void flush_unauthorized_files(const struct cred *cred,
2236 struct files_struct *files)
2237{
2238 struct avc_audit_data ad;
2239 struct file *file, *devnull = NULL;
2240 struct tty_struct *tty;
2241 struct fdtable *fdt;
2242 long j = -1;
2243 int drop_tty = 0;
2244
2245 tty = get_current_tty();
2246 if (tty) {
2247 file_list_lock();
2248 if (!list_empty(&tty->tty_files)) {
2249 struct inode *inode;
2250
2251
2252
2253
2254
2255
2256 file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list);
2257 inode = file->f_path.dentry->d_inode;
2258 if (inode_has_perm(cred, inode,
2259 FILE__READ | FILE__WRITE, NULL)) {
2260 drop_tty = 1;
2261 }
2262 }
2263 file_list_unlock();
2264 tty_kref_put(tty);
2265 }
2266
2267 if (drop_tty)
2268 no_tty();
2269
2270
2271
2272 AVC_AUDIT_DATA_INIT(&ad, FS);
2273
2274 spin_lock(&files->file_lock);
2275 for (;;) {
2276 unsigned long set, i;
2277 int fd;
2278
2279 j++;
2280 i = j * __NFDBITS;
2281 fdt = files_fdtable(files);
2282 if (i >= fdt->max_fds)
2283 break;
2284 set = fdt->open_fds->fds_bits[j];
2285 if (!set)
2286 continue;
2287 spin_unlock(&files->file_lock);
2288 for ( ; set ; i++, set >>= 1) {
2289 if (set & 1) {
2290 file = fget(i);
2291 if (!file)
2292 continue;
2293 if (file_has_perm(cred,
2294 file,
2295 file_to_av(file))) {
2296 sys_close(i);
2297 fd = get_unused_fd();
2298 if (fd != i) {
2299 if (fd >= 0)
2300 put_unused_fd(fd);
2301 fput(file);
2302 continue;
2303 }
2304 if (devnull) {
2305 get_file(devnull);
2306 } else {
2307 devnull = dentry_open(
2308 dget(selinux_null),
2309 mntget(selinuxfs_mount),
2310 O_RDWR, cred);
2311 if (IS_ERR(devnull)) {
2312 devnull = NULL;
2313 put_unused_fd(fd);
2314 fput(file);
2315 continue;
2316 }
2317 }
2318 fd_install(fd, devnull);
2319 }
2320 fput(file);
2321 }
2322 }
2323 spin_lock(&files->file_lock);
2324
2325 }
2326 spin_unlock(&files->file_lock);
2327}
2328
2329
2330
2331
2332static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2333{
2334 struct task_security_struct *new_tsec;
2335 struct rlimit *rlim, *initrlim;
2336 int rc, i;
2337
2338 new_tsec = bprm->cred->security;
2339 if (new_tsec->sid == new_tsec->osid)
2340 return;
2341
2342
2343 flush_unauthorized_files(bprm->cred, current->files);
2344
2345
2346 current->pdeath_signal = 0;
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2359 PROCESS__RLIMITINH, NULL);
2360 if (rc) {
2361 for (i = 0; i < RLIM_NLIMITS; i++) {
2362 rlim = current->signal->rlim + i;
2363 initrlim = init_task.signal->rlim + i;
2364 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2365 }
2366 update_rlimit_cpu(rlim->rlim_cur);
2367 }
2368}
2369
2370
2371
2372
2373
2374static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2375{
2376 const struct task_security_struct *tsec = current_security();
2377 struct itimerval itimer;
2378 struct sighand_struct *psig;
2379 u32 osid, sid;
2380 int rc, i;
2381 unsigned long flags;
2382
2383 osid = tsec->osid;
2384 sid = tsec->sid;
2385
2386 if (sid == osid)
2387 return;
2388
2389
2390
2391
2392
2393
2394
2395
2396 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2397 if (rc) {
2398 memset(&itimer, 0, sizeof itimer);
2399 for (i = 0; i < 3; i++)
2400 do_setitimer(i, &itimer, NULL);
2401 flush_signals(current);
2402 spin_lock_irq(¤t->sighand->siglock);
2403 flush_signal_handlers(current, 1);
2404 sigemptyset(¤t->blocked);
2405 recalc_sigpending();
2406 spin_unlock_irq(¤t->sighand->siglock);
2407 }
2408
2409
2410
2411 read_lock_irq(&tasklist_lock);
2412 psig = current->parent->sighand;
2413 spin_lock_irqsave(&psig->siglock, flags);
2414 wake_up_interruptible(¤t->parent->signal->wait_chldexit);
2415 spin_unlock_irqrestore(&psig->siglock, flags);
2416 read_unlock_irq(&tasklist_lock);
2417}
2418
2419
2420
2421static int selinux_sb_alloc_security(struct super_block *sb)
2422{
2423 return superblock_alloc_security(sb);
2424}
2425
2426static void selinux_sb_free_security(struct super_block *sb)
2427{
2428 superblock_free_security(sb);
2429}
2430
2431static inline int match_prefix(char *prefix, int plen, char *option, int olen)
2432{
2433 if (plen > olen)
2434 return 0;
2435
2436 return !memcmp(prefix, option, plen);
2437}
2438
2439static inline int selinux_option(char *option, int len)
2440{
2441 return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) ||
2442 match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) ||
2443 match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) ||
2444 match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) ||
2445 match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len));
2446}
2447
2448static inline void take_option(char **to, char *from, int *first, int len)
2449{
2450 if (!*first) {
2451 **to = ',';
2452 *to += 1;
2453 } else
2454 *first = 0;
2455 memcpy(*to, from, len);
2456 *to += len;
2457}
2458
2459static inline void take_selinux_option(char **to, char *from, int *first,
2460 int len)
2461{
2462 int current_size = 0;
2463
2464 if (!*first) {
2465 **to = '|';
2466 *to += 1;
2467 } else
2468 *first = 0;
2469
2470 while (current_size < len) {
2471 if (*from != '"') {
2472 **to = *from;
2473 *to += 1;
2474 }
2475 from += 1;
2476 current_size += 1;
2477 }
2478}
2479
2480static int selinux_sb_copy_data(char *orig, char *copy)
2481{
2482 int fnosec, fsec, rc = 0;
2483 char *in_save, *in_curr, *in_end;
2484 char *sec_curr, *nosec_save, *nosec;
2485 int open_quote = 0;
2486
2487 in_curr = orig;
2488 sec_curr = copy;
2489
2490 nosec = (char *)get_zeroed_page(GFP_KERNEL);
2491 if (!nosec) {
2492 rc = -ENOMEM;
2493 goto out;
2494 }
2495
2496 nosec_save = nosec;
2497 fnosec = fsec = 1;
2498 in_save = in_end = orig;
2499
2500 do {
2501 if (*in_end == '"')
2502 open_quote = !open_quote;
2503 if ((*in_end == ',' && open_quote == 0) ||
2504 *in_end == '\0') {
2505 int len = in_end - in_curr;
2506
2507 if (selinux_option(in_curr, len))
2508 take_selinux_option(&sec_curr, in_curr, &fsec, len);
2509 else
2510 take_option(&nosec, in_curr, &fnosec, len);
2511
2512 in_curr = in_end + 1;
2513 }
2514 } while (*in_end++);
2515
2516 strcpy(in_save, nosec_save);
2517 free_page((unsigned long)nosec_save);
2518out:
2519 return rc;
2520}
2521
2522static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2523{
2524 const struct cred *cred = current_cred();
2525 struct avc_audit_data ad;
2526 int rc;
2527
2528 rc = superblock_doinit(sb, data);
2529 if (rc)
2530 return rc;
2531
2532
2533 if (flags & MS_KERNMOUNT)
2534 return 0;
2535
2536 AVC_AUDIT_DATA_INIT(&ad, FS);
2537 ad.u.fs.path.dentry = sb->s_root;
2538 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2539}
2540
2541static int selinux_sb_statfs(struct dentry *dentry)
2542{
2543 const struct cred *cred = current_cred();
2544 struct avc_audit_data ad;
2545
2546 AVC_AUDIT_DATA_INIT(&ad, FS);
2547 ad.u.fs.path.dentry = dentry->d_sb->s_root;
2548 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2549}
2550
2551static int selinux_mount(char *dev_name,
2552 struct path *path,
2553 char *type,
2554 unsigned long flags,
2555 void *data)
2556{
2557 const struct cred *cred = current_cred();
2558
2559 if (flags & MS_REMOUNT)
2560 return superblock_has_perm(cred, path->mnt->mnt_sb,
2561 FILESYSTEM__REMOUNT, NULL);
2562 else
2563 return dentry_has_perm(cred, path->mnt, path->dentry,
2564 FILE__MOUNTON);
2565}
2566
2567static int selinux_umount(struct vfsmount *mnt, int flags)
2568{
2569 const struct cred *cred = current_cred();
2570
2571 return superblock_has_perm(cred, mnt->mnt_sb,
2572 FILESYSTEM__UNMOUNT, NULL);
2573}
2574
2575
2576
2577static int selinux_inode_alloc_security(struct inode *inode)
2578{
2579 return inode_alloc_security(inode);
2580}
2581
2582static void selinux_inode_free_security(struct inode *inode)
2583{
2584 inode_free_security(inode);
2585}
2586
2587static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2588 char **name, void **value,
2589 size_t *len)
2590{
2591 const struct cred *cred = current_cred();
2592 const struct task_security_struct *tsec = cred->security;
2593 struct inode_security_struct *dsec;
2594 struct superblock_security_struct *sbsec;
2595 u32 sid, newsid, clen;
2596 int rc;
2597 char *namep = NULL, *context;
2598
2599 dsec = dir->i_security;
2600 sbsec = dir->i_sb->s_security;
2601
2602 sid = tsec->sid;
2603 newsid = tsec->create_sid;
2604
2605 if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
2606 rc = security_transition_sid(sid, dsec->sid,
2607 inode_mode_to_security_class(inode->i_mode),
2608 &newsid);
2609 if (rc) {
2610 printk(KERN_WARNING "%s: "
2611 "security_transition_sid failed, rc=%d (dev=%s "
2612 "ino=%ld)\n",
2613 __func__,
2614 -rc, inode->i_sb->s_id, inode->i_ino);
2615 return rc;
2616 }
2617 }
2618
2619
2620 if (sbsec->flags & SE_SBINITIALIZED) {
2621 struct inode_security_struct *isec = inode->i_security;
2622 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2623 isec->sid = newsid;
2624 isec->initialized = 1;
2625 }
2626
2627 if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP))
2628 return -EOPNOTSUPP;
2629
2630 if (name) {
2631 namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS);
2632 if (!namep)
2633 return -ENOMEM;
2634 *name = namep;
2635 }
2636
2637 if (value && len) {
2638 rc = security_sid_to_context_force(newsid, &context, &clen);
2639 if (rc) {
2640 kfree(namep);
2641 return rc;
2642 }
2643 *value = context;
2644 *len = clen;
2645 }
2646
2647 return 0;
2648}
2649
2650static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int mask)
2651{
2652 return may_create(dir, dentry, SECCLASS_FILE);
2653}
2654
2655static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2656{
2657 return may_link(dir, old_dentry, MAY_LINK);
2658}
2659
2660static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2661{
2662 return may_link(dir, dentry, MAY_UNLINK);
2663}
2664
2665static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2666{
2667 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2668}
2669
2670static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask)
2671{
2672 return may_create(dir, dentry, SECCLASS_DIR);
2673}
2674
2675static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2676{
2677 return may_link(dir, dentry, MAY_RMDIR);
2678}
2679
2680static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
2681{
2682 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2683}
2684
2685static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2686 struct inode *new_inode, struct dentry *new_dentry)
2687{
2688 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2689}
2690
2691static int selinux_inode_readlink(struct dentry *dentry)
2692{
2693 const struct cred *cred = current_cred();
2694
2695 return dentry_has_perm(cred, NULL, dentry, FILE__READ);
2696}
2697
2698static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
2699{
2700 const struct cred *cred = current_cred();
2701
2702 return dentry_has_perm(cred, NULL, dentry, FILE__READ);
2703}
2704
2705static int selinux_inode_permission(struct inode *inode, int mask)
2706{
2707 const struct cred *cred = current_cred();
2708
2709 if (!mask) {
2710
2711 return 0;
2712 }
2713
2714 return inode_has_perm(cred, inode,
2715 file_mask_to_av(inode->i_mode, mask), NULL);
2716}
2717
2718static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2719{
2720 const struct cred *cred = current_cred();
2721
2722 if (iattr->ia_valid & ATTR_FORCE)
2723 return 0;
2724
2725 if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
2726 ATTR_ATIME_SET | ATTR_MTIME_SET))
2727 return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR);
2728
2729 return dentry_has_perm(cred, NULL, dentry, FILE__WRITE);
2730}
2731
2732static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
2733{
2734 const struct cred *cred = current_cred();
2735
2736 return dentry_has_perm(cred, mnt, dentry, FILE__GETATTR);
2737}
2738
2739static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
2740{
2741 const struct cred *cred = current_cred();
2742
2743 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2744 sizeof XATTR_SECURITY_PREFIX - 1)) {
2745 if (!strcmp(name, XATTR_NAME_CAPS)) {
2746 if (!capable(CAP_SETFCAP))
2747 return -EPERM;
2748 } else if (!capable(CAP_SYS_ADMIN)) {
2749
2750
2751 return -EPERM;
2752 }
2753 }
2754
2755
2756
2757 return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR);
2758}
2759
2760static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2761 const void *value, size_t size, int flags)
2762{
2763 struct inode *inode = dentry->d_inode;
2764 struct inode_security_struct *isec = inode->i_security;
2765 struct superblock_security_struct *sbsec;
2766 struct avc_audit_data ad;
2767 u32 newsid, sid = current_sid();
2768 int rc = 0;
2769
2770 if (strcmp(name, XATTR_NAME_SELINUX))
2771 return selinux_inode_setotherxattr(dentry, name);
2772
2773 sbsec = inode->i_sb->s_security;
2774 if (!(sbsec->flags & SE_SBLABELSUPP))
2775 return -EOPNOTSUPP;
2776
2777 if (!is_owner_or_cap(inode))
2778 return -EPERM;
2779
2780 AVC_AUDIT_DATA_INIT(&ad, FS);
2781 ad.u.fs.path.dentry = dentry;
2782
2783 rc = avc_has_perm(sid, isec->sid, isec->sclass,
2784 FILE__RELABELFROM, &ad);
2785 if (rc)
2786 return rc;
2787
2788 rc = security_context_to_sid(value, size, &newsid);
2789 if (rc == -EINVAL) {
2790 if (!capable(CAP_MAC_ADMIN))
2791 return rc;
2792 rc = security_context_to_sid_force(value, size, &newsid);
2793 }
2794 if (rc)
2795 return rc;
2796
2797 rc = avc_has_perm(sid, newsid, isec->sclass,
2798 FILE__RELABELTO, &ad);
2799 if (rc)
2800 return rc;
2801
2802 rc = security_validate_transition(isec->sid, newsid, sid,
2803 isec->sclass);
2804 if (rc)
2805 return rc;
2806
2807 return avc_has_perm(newsid,
2808 sbsec->sid,
2809 SECCLASS_FILESYSTEM,
2810 FILESYSTEM__ASSOCIATE,
2811 &ad);
2812}
2813
2814static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
2815 const void *value, size_t size,
2816 int flags)
2817{
2818 struct inode *inode = dentry->d_inode;
2819 struct inode_security_struct *isec = inode->i_security;
2820 u32 newsid;
2821 int rc;
2822
2823 if (strcmp(name, XATTR_NAME_SELINUX)) {
2824
2825 return;
2826 }
2827
2828 rc = security_context_to_sid_force(value, size, &newsid);
2829 if (rc) {
2830 printk(KERN_ERR "SELinux: unable to map context to SID"
2831 "for (%s, %lu), rc=%d\n",
2832 inode->i_sb->s_id, inode->i_ino, -rc);
2833 return;
2834 }
2835
2836 isec->sid = newsid;
2837 return;
2838}
2839
2840static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
2841{
2842 const struct cred *cred = current_cred();
2843
2844 return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR);
2845}
2846
2847static int selinux_inode_listxattr(struct dentry *dentry)
2848{
2849 const struct cred *cred = current_cred();
2850
2851 return dentry_has_perm(cred, NULL, dentry, FILE__GETATTR);
2852}
2853
2854static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
2855{
2856 if (strcmp(name, XATTR_NAME_SELINUX))
2857 return selinux_inode_setotherxattr(dentry, name);
2858
2859
2860
2861 return -EACCES;
2862}
2863
2864
2865
2866
2867
2868
2869static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
2870{
2871 u32 size;
2872 int error;
2873 char *context = NULL;
2874 struct inode_security_struct *isec = inode->i_security;
2875
2876 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2877 return -EOPNOTSUPP;
2878
2879
2880
2881
2882
2883
2884
2885
2886
2887
2888 error = selinux_capable(current, current_cred(), CAP_MAC_ADMIN,
2889 SECURITY_CAP_NOAUDIT);
2890 if (!error)
2891 error = security_sid_to_context_force(isec->sid, &context,
2892 &size);
2893 else
2894 error = security_sid_to_context(isec->sid, &context, &size);
2895 if (error)
2896 return error;
2897 error = size;
2898 if (alloc) {
2899 *buffer = context;
2900 goto out_nofree;
2901 }
2902 kfree(context);
2903out_nofree:
2904 return error;
2905}
2906
2907static int selinux_inode_setsecurity(struct inode *inode, const char *name,
2908 const void *value, size_t size, int flags)
2909{
2910 struct inode_security_struct *isec = inode->i_security;
2911 u32 newsid;
2912 int rc;
2913
2914 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2915 return -EOPNOTSUPP;
2916
2917 if (!value || !size)
2918 return -EACCES;
2919
2920 rc = security_context_to_sid((void *)value, size, &newsid);
2921 if (rc)
2922 return rc;
2923
2924 isec->sid = newsid;
2925 return 0;
2926}
2927
2928static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
2929{
2930 const int len = sizeof(XATTR_NAME_SELINUX);
2931 if (buffer && len <= buffer_size)
2932 memcpy(buffer, XATTR_NAME_SELINUX, len);
2933 return len;
2934}
2935
2936static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
2937{
2938 struct inode_security_struct *isec = inode->i_security;
2939 *secid = isec->sid;
2940}
2941
2942
2943
2944static int selinux_revalidate_file_permission(struct file *file, int mask)
2945{
2946 const struct cred *cred = current_cred();
2947 struct inode *inode = file->f_path.dentry->d_inode;
2948
2949 if (!mask) {
2950
2951 return 0;
2952 }
2953
2954
2955 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
2956 mask |= MAY_APPEND;
2957
2958 return file_has_perm(cred, file,
2959 file_mask_to_av(inode->i_mode, mask));
2960}
2961
2962static int selinux_file_permission(struct file *file, int mask)
2963{
2964 if (!mask)
2965
2966 return 0;
2967
2968 return selinux_revalidate_file_permission(file, mask);
2969}
2970
2971static int selinux_file_alloc_security(struct file *file)
2972{
2973 return file_alloc_security(file);
2974}
2975
2976static void selinux_file_free_security(struct file *file)
2977{
2978 file_free_security(file);
2979}
2980
2981static int selinux_file_ioctl(struct file *file, unsigned int cmd,
2982 unsigned long arg)
2983{
2984 const struct cred *cred = current_cred();
2985 u32 av = 0;
2986
2987 if (_IOC_DIR(cmd) & _IOC_WRITE)
2988 av |= FILE__WRITE;
2989 if (_IOC_DIR(cmd) & _IOC_READ)
2990 av |= FILE__READ;
2991 if (!av)
2992 av = FILE__IOCTL;
2993
2994 return file_has_perm(cred, file, av);
2995}
2996
2997static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
2998{
2999 const struct cred *cred = current_cred();
3000 int rc = 0;
3001
3002#ifndef CONFIG_PPC32
3003 if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
3004
3005
3006
3007
3008
3009 rc = cred_has_perm(cred, cred, PROCESS__EXECMEM);
3010 if (rc)
3011 goto error;
3012 }
3013#endif
3014
3015 if (file) {
3016
3017 u32 av = FILE__READ;
3018
3019
3020 if (shared && (prot & PROT_WRITE))
3021 av |= FILE__WRITE;
3022
3023 if (prot & PROT_EXEC)
3024 av |= FILE__EXECUTE;
3025
3026 return file_has_perm(cred, file, av);
3027 }
3028
3029error:
3030 return rc;
3031}
3032
3033static int selinux_file_mmap(struct file *file, unsigned long reqprot,
3034 unsigned long prot, unsigned long flags,
3035 unsigned long addr, unsigned long addr_only)
3036{
3037 int rc = 0;
3038 u32 sid = current_sid();
3039
3040 if (addr < mmap_min_addr)
3041 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
3042 MEMPROTECT__MMAP_ZERO, NULL);
3043 if (rc || addr_only)
3044 return rc;
3045
3046 if (selinux_checkreqprot)
3047 prot = reqprot;
3048
3049 return file_map_prot_check(file, prot,
3050 (flags & MAP_TYPE) == MAP_SHARED);
3051}
3052
3053static int selinux_file_mprotect(struct vm_area_struct *vma,
3054 unsigned long reqprot,
3055 unsigned long prot)
3056{
3057 const struct cred *cred = current_cred();
3058
3059 if (selinux_checkreqprot)
3060 prot = reqprot;
3061
3062#ifndef CONFIG_PPC32
3063 if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3064 int rc = 0;
3065 if (vma->vm_start >= vma->vm_mm->start_brk &&
3066 vma->vm_end <= vma->vm_mm->brk) {
3067 rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP);
3068 } else if (!vma->vm_file &&
3069 vma->vm_start <= vma->vm_mm->start_stack &&
3070 vma->vm_end >= vma->vm_mm->start_stack) {
3071 rc = current_has_perm(current, PROCESS__EXECSTACK);
3072 } else if (vma->vm_file && vma->anon_vma) {
3073
3074
3075
3076
3077
3078
3079
3080 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3081 }
3082 if (rc)
3083 return rc;
3084 }
3085#endif
3086
3087 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3088}
3089
3090static int selinux_file_lock(struct file *file, unsigned int cmd)
3091{
3092 const struct cred *cred = current_cred();
3093
3094 return file_has_perm(cred, file, FILE__LOCK);
3095}
3096
3097static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3098 unsigned long arg)
3099{
3100 const struct cred *cred = current_cred();
3101 int err = 0;
3102
3103 switch (cmd) {
3104 case F_SETFL:
3105 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3106 err = -EINVAL;
3107 break;
3108 }
3109
3110 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3111 err = file_has_perm(cred, file, FILE__WRITE);
3112 break;
3113 }
3114
3115 case F_SETOWN:
3116 case F_SETSIG:
3117 case F_GETFL:
3118 case F_GETOWN:
3119 case F_GETSIG:
3120
3121 err = file_has_perm(cred, file, 0);
3122 break;
3123 case F_GETLK:
3124 case F_SETLK:
3125 case F_SETLKW:
3126#if BITS_PER_LONG == 32
3127 case F_GETLK64:
3128 case F_SETLK64:
3129 case F_SETLKW64:
3130#endif
3131 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3132 err = -EINVAL;
3133 break;
3134 }
3135 err = file_has_perm(cred, file, FILE__LOCK);
3136 break;
3137 }
3138
3139 return err;
3140}
3141
3142static int selinux_file_set_fowner(struct file *file)
3143{
3144 struct file_security_struct *fsec;
3145
3146 fsec = file->f_security;
3147 fsec->fown_sid = current_sid();
3148
3149 return 0;
3150}
3151
3152static int selinux_file_send_sigiotask(struct task_struct *tsk,
3153 struct fown_struct *fown, int signum)
3154{
3155 struct file *file;
3156 u32 sid = task_sid(tsk);
3157 u32 perm;
3158 struct file_security_struct *fsec;
3159
3160
3161 file = container_of(fown, struct file, f_owner);
3162
3163 fsec = file->f_security;
3164
3165 if (!signum)
3166 perm = signal_to_av(SIGIO);
3167 else
3168 perm = signal_to_av(signum);
3169
3170 return avc_has_perm(fsec->fown_sid, sid,
3171 SECCLASS_PROCESS, perm, NULL);
3172}
3173
3174static int selinux_file_receive(struct file *file)
3175{
3176 const struct cred *cred = current_cred();
3177
3178 return file_has_perm(cred, file, file_to_av(file));
3179}
3180
3181static int selinux_dentry_open(struct file *file, const struct cred *cred)
3182{
3183 struct file_security_struct *fsec;
3184 struct inode *inode;
3185 struct inode_security_struct *isec;
3186
3187 inode = file->f_path.dentry->d_inode;
3188 fsec = file->f_security;
3189 isec = inode->i_security;
3190
3191
3192
3193
3194
3195
3196
3197 fsec->isid = isec->sid;
3198 fsec->pseqno = avc_policy_seqno();
3199
3200
3201
3202
3203
3204
3205
3206
3207 return inode_has_perm(cred, inode, open_file_to_av(file), NULL);
3208}
3209
3210
3211
3212static int selinux_task_create(unsigned long clone_flags)
3213{
3214 return current_has_perm(current, PROCESS__FORK);
3215}
3216
3217
3218
3219
3220static void selinux_cred_free(struct cred *cred)
3221{
3222 struct task_security_struct *tsec = cred->security;
3223 cred->security = NULL;
3224 kfree(tsec);
3225}
3226
3227
3228
3229
3230static int selinux_cred_prepare(struct cred *new, const struct cred *old,
3231 gfp_t gfp)
3232{
3233 const struct task_security_struct *old_tsec;
3234 struct task_security_struct *tsec;
3235
3236 old_tsec = old->security;
3237
3238 tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp);
3239 if (!tsec)
3240 return -ENOMEM;
3241
3242 new->security = tsec;
3243 return 0;
3244}
3245
3246
3247
3248
3249
3250static int selinux_kernel_act_as(struct cred *new, u32 secid)
3251{
3252 struct task_security_struct *tsec = new->security;
3253 u32 sid = current_sid();
3254 int ret;
3255
3256 ret = avc_has_perm(sid, secid,
3257 SECCLASS_KERNEL_SERVICE,
3258 KERNEL_SERVICE__USE_AS_OVERRIDE,
3259 NULL);
3260 if (ret == 0) {
3261 tsec->sid = secid;
3262 tsec->create_sid = 0;
3263 tsec->keycreate_sid = 0;
3264 tsec->sockcreate_sid = 0;
3265 }
3266 return ret;
3267}
3268
3269
3270
3271
3272
3273static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3274{
3275 struct inode_security_struct *isec = inode->i_security;
3276 struct task_security_struct *tsec = new->security;
3277 u32 sid = current_sid();
3278 int ret;
3279
3280 ret = avc_has_perm(sid, isec->sid,
3281 SECCLASS_KERNEL_SERVICE,
3282 KERNEL_SERVICE__CREATE_FILES_AS,
3283 NULL);
3284
3285 if (ret == 0)
3286 tsec->create_sid = isec->sid;
3287 return 0;
3288}
3289
3290static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
3291{
3292 return current_has_perm(p, PROCESS__SETPGID);
3293}
3294
3295static int selinux_task_getpgid(struct task_struct *p)
3296{
3297 return current_has_perm(p, PROCESS__GETPGID);
3298}
3299
3300static int selinux_task_getsid(struct task_struct *p)
3301{
3302 return current_has_perm(p, PROCESS__GETSESSION);
3303}
3304
3305static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
3306{
3307 *secid = task_sid(p);
3308}
3309
3310static int selinux_task_setnice(struct task_struct *p, int nice)
3311{
3312 int rc;
3313
3314 rc = cap_task_setnice(p, nice);
3315 if (rc)
3316 return rc;
3317
3318 return current_has_perm(p, PROCESS__SETSCHED);
3319}
3320
3321static int selinux_task_setioprio(struct task_struct *p, int ioprio)
3322{
3323 int rc;
3324
3325 rc = cap_task_setioprio(p, ioprio);
3326 if (rc)
3327 return rc;
3328
3329 return current_has_perm(p, PROCESS__SETSCHED);
3330}
3331
3332static int selinux_task_getioprio(struct task_struct *p)
3333{
3334 return current_has_perm(p, PROCESS__GETSCHED);
3335}
3336
3337static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim)
3338{
3339 struct rlimit *old_rlim = current->signal->rlim + resource;
3340
3341
3342
3343
3344
3345 if (old_rlim->rlim_max != new_rlim->rlim_max)
3346 return current_has_perm(current, PROCESS__SETRLIMIT);
3347
3348 return 0;
3349}
3350
3351static int selinux_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp)
3352{
3353 int rc;
3354
3355 rc = cap_task_setscheduler(p, policy, lp);
3356 if (rc)
3357 return rc;
3358
3359 return current_has_perm(p, PROCESS__SETSCHED);
3360}
3361
3362static int selinux_task_getscheduler(struct task_struct *p)
3363{
3364 return current_has_perm(p, PROCESS__GETSCHED);
3365}
3366
3367static int selinux_task_movememory(struct task_struct *p)
3368{
3369 return current_has_perm(p, PROCESS__SETSCHED);
3370}
3371
3372static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
3373 int sig, u32 secid)
3374{
3375 u32 perm;
3376 int rc;
3377
3378 if (!sig)
3379 perm = PROCESS__SIGNULL;
3380 else
3381 perm = signal_to_av(sig);
3382 if (secid)
3383 rc = avc_has_perm(secid, task_sid(p),
3384 SECCLASS_PROCESS, perm, NULL);
3385 else
3386 rc = current_has_perm(p, perm);
3387 return rc;
3388}
3389
3390static int selinux_task_wait(struct task_struct *p)
3391{
3392 return task_has_perm(p, current, PROCESS__SIGCHLD);
3393}
3394
3395static void selinux_task_to_inode(struct task_struct *p,
3396 struct inode *inode)
3397{
3398 struct inode_security_struct *isec = inode->i_security;
3399 u32 sid = task_sid(p);
3400
3401 isec->sid = sid;
3402 isec->initialized = 1;
3403}
3404
3405
3406static int selinux_parse_skb_ipv4(struct sk_buff *skb,
3407 struct avc_audit_data *ad, u8 *proto)
3408{
3409 int offset, ihlen, ret = -EINVAL;
3410 struct iphdr _iph, *ih;
3411
3412 offset = skb_network_offset(skb);
3413 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
3414 if (ih == NULL)
3415 goto out;
3416
3417 ihlen = ih->ihl * 4;
3418 if (ihlen < sizeof(_iph))
3419 goto out;
3420
3421 ad->u.net.v4info.saddr = ih->saddr;
3422 ad->u.net.v4info.daddr = ih->daddr;
3423 ret = 0;
3424
3425 if (proto)
3426 *proto = ih->protocol;
3427
3428 switch (ih->protocol) {
3429 case IPPROTO_TCP: {
3430 struct tcphdr _tcph, *th;
3431
3432 if (ntohs(ih->frag_off) & IP_OFFSET)
3433 break;
3434
3435 offset += ihlen;
3436 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3437 if (th == NULL)
3438 break;
3439
3440 ad->u.net.sport = th->source;
3441 ad->u.net.dport = th->dest;
3442 break;
3443 }
3444
3445 case IPPROTO_UDP: {
3446 struct udphdr _udph, *uh;
3447
3448 if (ntohs(ih->frag_off) & IP_OFFSET)
3449 break;
3450
3451 offset += ihlen;
3452 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3453 if (uh == NULL)
3454 break;
3455
3456 ad->u.net.sport = uh->source;
3457 ad->u.net.dport = uh->dest;
3458 break;
3459 }
3460
3461 case IPPROTO_DCCP: {
3462 struct dccp_hdr _dccph, *dh;
3463
3464 if (ntohs(ih->frag_off) & IP_OFFSET)
3465 break;
3466
3467 offset += ihlen;
3468 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3469 if (dh == NULL)
3470 break;
3471
3472 ad->u.net.sport = dh->dccph_sport;
3473 ad->u.net.dport = dh->dccph_dport;
3474 break;
3475 }
3476
3477 default:
3478 break;
3479 }
3480out:
3481 return ret;
3482}
3483
3484#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3485
3486
3487static int selinux_parse_skb_ipv6(struct sk_buff *skb,
3488 struct avc_audit_data *ad, u8 *proto)
3489{
3490 u8 nexthdr;
3491 int ret = -EINVAL, offset;
3492 struct ipv6hdr _ipv6h, *ip6;
3493
3494 offset = skb_network_offset(skb);
3495 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3496 if (ip6 == NULL)
3497 goto out;
3498
3499 ipv6_addr_copy(&ad->u.net.v6info.saddr, &ip6->saddr);
3500 ipv6_addr_copy(&ad->u.net.v6info.daddr, &ip6->daddr);
3501 ret = 0;
3502
3503 nexthdr = ip6->nexthdr;
3504 offset += sizeof(_ipv6h);
3505 offset = ipv6_skip_exthdr(skb, offset, &nexthdr);
3506 if (offset < 0)
3507 goto out;
3508
3509 if (proto)
3510 *proto = nexthdr;
3511
3512 switch (nexthdr) {
3513 case IPPROTO_TCP: {
3514 struct tcphdr _tcph, *th;
3515
3516 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3517 if (th == NULL)
3518 break;
3519
3520 ad->u.net.sport = th->source;
3521 ad->u.net.dport = th->dest;
3522 break;
3523 }
3524
3525 case IPPROTO_UDP: {
3526 struct udphdr _udph, *uh;
3527
3528 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3529 if (uh == NULL)
3530 break;
3531
3532 ad->u.net.sport = uh->source;
3533 ad->u.net.dport = uh->dest;
3534 break;
3535 }
3536
3537 case IPPROTO_DCCP: {
3538 struct dccp_hdr _dccph, *dh;
3539
3540 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3541 if (dh == NULL)
3542 break;
3543
3544 ad->u.net.sport = dh->dccph_sport;
3545 ad->u.net.dport = dh->dccph_dport;
3546 break;
3547 }
3548
3549
3550 default:
3551 break;
3552 }
3553out:
3554 return ret;
3555}
3556
3557#endif
3558
3559static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad,
3560 char **_addrp, int src, u8 *proto)
3561{
3562 char *addrp;
3563 int ret;
3564
3565 switch (ad->u.net.family) {
3566 case PF_INET:
3567 ret = selinux_parse_skb_ipv4(skb, ad, proto);
3568 if (ret)
3569 goto parse_error;
3570 addrp = (char *)(src ? &ad->u.net.v4info.saddr :
3571 &ad->u.net.v4info.daddr);
3572 goto okay;
3573
3574#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3575 case PF_INET6:
3576 ret = selinux_parse_skb_ipv6(skb, ad, proto);
3577 if (ret)
3578 goto parse_error;
3579 addrp = (char *)(src ? &ad->u.net.v6info.saddr :
3580 &ad->u.net.v6info.daddr);
3581 goto okay;
3582#endif
3583 default:
3584 addrp = NULL;
3585 goto okay;
3586 }
3587
3588parse_error:
3589 printk(KERN_WARNING
3590 "SELinux: failure in selinux_parse_skb(),"
3591 " unable to parse packet\n");
3592 return ret;
3593
3594okay:
3595 if (_addrp)
3596 *_addrp = addrp;
3597 return 0;
3598}
3599
3600
3601
3602
3603
3604
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
3616{
3617 int err;
3618 u32 xfrm_sid;
3619 u32 nlbl_sid;
3620 u32 nlbl_type;
3621
3622 selinux_skb_xfrm_sid(skb, &xfrm_sid);
3623 selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
3624
3625 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
3626 if (unlikely(err)) {
3627 printk(KERN_WARNING
3628 "SELinux: failure in selinux_skb_peerlbl_sid(),"
3629 " unable to determine packet's peer label\n");
3630 return -EACCES;
3631 }
3632
3633 return 0;
3634}
3635
3636
3637static int socket_has_perm(struct task_struct *task, struct socket *sock,
3638 u32 perms)
3639{
3640 struct inode_security_struct *isec;
3641 struct avc_audit_data ad;
3642 u32 sid;
3643 int err = 0;
3644
3645 isec = SOCK_INODE(sock)->i_security;
3646
3647 if (isec->sid == SECINITSID_KERNEL)
3648 goto out;
3649 sid = task_sid(task);
3650
3651 AVC_AUDIT_DATA_INIT(&ad, NET);
3652 ad.u.net.sk = sock->sk;
3653 err = avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
3654
3655out:
3656 return err;
3657}
3658
3659static int selinux_socket_create(int family, int type,
3660 int protocol, int kern)
3661{
3662 const struct cred *cred = current_cred();
3663 const struct task_security_struct *tsec = cred->security;
3664 u32 sid, newsid;
3665 u16 secclass;
3666 int err = 0;
3667
3668 if (kern)
3669 goto out;
3670
3671 sid = tsec->sid;
3672 newsid = tsec->sockcreate_sid ?: sid;
3673
3674 secclass = socket_type_to_security_class(family, type, protocol);
3675 err = avc_has_perm(sid, newsid, secclass, SOCKET__CREATE, NULL);
3676
3677out:
3678 return err;
3679}
3680
3681static int selinux_socket_post_create(struct socket *sock, int family,
3682 int type, int protocol, int kern)
3683{
3684 const struct cred *cred = current_cred();
3685 const struct task_security_struct *tsec = cred->security;
3686 struct inode_security_struct *isec;
3687 struct sk_security_struct *sksec;
3688 u32 sid, newsid;
3689 int err = 0;
3690
3691 sid = tsec->sid;
3692 newsid = tsec->sockcreate_sid;
3693
3694 isec = SOCK_INODE(sock)->i_security;
3695
3696 if (kern)
3697 isec->sid = SECINITSID_KERNEL;
3698 else if (newsid)
3699 isec->sid = newsid;
3700 else
3701 isec->sid = sid;
3702
3703 isec->sclass = socket_type_to_security_class(family, type, protocol);
3704 isec->initialized = 1;
3705
3706 if (sock->sk) {
3707 sksec = sock->sk->sk_security;
3708 sksec->sid = isec->sid;
3709 sksec->sclass = isec->sclass;
3710 err = selinux_netlbl_socket_post_create(sock->sk, family);
3711 }
3712
3713 return err;
3714}
3715
3716
3717
3718
3719
3720static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
3721{
3722 u16 family;
3723 int err;
3724
3725 err = socket_has_perm(current, sock, SOCKET__BIND);
3726 if (err)
3727 goto out;
3728
3729
3730
3731
3732
3733
3734 family = sock->sk->sk_family;
3735 if (family == PF_INET || family == PF_INET6) {
3736 char *addrp;
3737 struct inode_security_struct *isec;
3738 struct avc_audit_data ad;
3739 struct sockaddr_in *addr4 = NULL;
3740 struct sockaddr_in6 *addr6 = NULL;
3741 unsigned short snum;
3742 struct sock *sk = sock->sk;
3743 u32 sid, node_perm;
3744
3745 isec = SOCK_INODE(sock)->i_security;
3746
3747 if (family == PF_INET) {
3748 addr4 = (struct sockaddr_in *)address;
3749 snum = ntohs(addr4->sin_port);
3750 addrp = (char *)&addr4->sin_addr.s_addr;
3751 } else {
3752 addr6 = (struct sockaddr_in6 *)address;
3753 snum = ntohs(addr6->sin6_port);
3754 addrp = (char *)&addr6->sin6_addr.s6_addr;
3755 }
3756
3757 if (snum) {
3758 int low, high;
3759
3760 inet_get_local_port_range(&low, &high);
3761
3762 if (snum < max(PROT_SOCK, low) || snum > high) {
3763 err = sel_netport_sid(sk->sk_protocol,
3764 snum, &sid);
3765 if (err)
3766 goto out;
3767 AVC_AUDIT_DATA_INIT(&ad, NET);
3768 ad.u.net.sport = htons(snum);
3769 ad.u.net.family = family;
3770 err = avc_has_perm(isec->sid, sid,
3771 isec->sclass,
3772 SOCKET__NAME_BIND, &ad);
3773 if (err)
3774 goto out;
3775 }
3776 }
3777
3778 switch (isec->sclass) {
3779 case SECCLASS_TCP_SOCKET:
3780 node_perm = TCP_SOCKET__NODE_BIND;
3781 break;
3782
3783 case SECCLASS_UDP_SOCKET:
3784 node_perm = UDP_SOCKET__NODE_BIND;
3785 break;
3786
3787 case SECCLASS_DCCP_SOCKET:
3788 node_perm = DCCP_SOCKET__NODE_BIND;
3789 break;
3790
3791 default:
3792 node_perm = RAWIP_SOCKET__NODE_BIND;
3793 break;
3794 }
3795
3796 err = sel_netnode_sid(addrp, family, &sid);
3797 if (err)
3798 goto out;
3799
3800 AVC_AUDIT_DATA_INIT(&ad, NET);
3801 ad.u.net.sport = htons(snum);
3802 ad.u.net.family = family;
3803
3804 if (family == PF_INET)
3805 ad.u.net.v4info.saddr = addr4->sin_addr.s_addr;
3806 else
3807 ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr);
3808
3809 err = avc_has_perm(isec->sid, sid,
3810 isec->sclass, node_perm, &ad);
3811 if (err)
3812 goto out;
3813 }
3814out:
3815 return err;
3816}
3817
3818static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
3819{
3820 struct sock *sk = sock->sk;
3821 struct inode_security_struct *isec;
3822 int err;
3823
3824 err = socket_has_perm(current, sock, SOCKET__CONNECT);
3825 if (err)
3826 return err;
3827
3828
3829
3830
3831 isec = SOCK_INODE(sock)->i_security;
3832 if (isec->sclass == SECCLASS_TCP_SOCKET ||
3833 isec->sclass == SECCLASS_DCCP_SOCKET) {
3834 struct avc_audit_data ad;
3835 struct sockaddr_in *addr4 = NULL;
3836 struct sockaddr_in6 *addr6 = NULL;
3837 unsigned short snum;
3838 u32 sid, perm;
3839
3840 if (sk->sk_family == PF_INET) {
3841 addr4 = (struct sockaddr_in *)address;
3842 if (addrlen < sizeof(struct sockaddr_in))
3843 return -EINVAL;
3844 snum = ntohs(addr4->sin_port);
3845 } else {
3846 addr6 = (struct sockaddr_in6 *)address;
3847 if (addrlen < SIN6_LEN_RFC2133)
3848 return -EINVAL;
3849 snum = ntohs(addr6->sin6_port);
3850 }
3851
3852 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
3853 if (err)
3854 goto out;
3855
3856 perm = (isec->sclass == SECCLASS_TCP_SOCKET) ?
3857 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
3858
3859 AVC_AUDIT_DATA_INIT(&ad, NET);
3860 ad.u.net.dport = htons(snum);
3861 ad.u.net.family = sk->sk_family;
3862 err = avc_has_perm(isec->sid, sid, isec->sclass, perm, &ad);
3863 if (err)
3864 goto out;
3865 }
3866
3867 err = selinux_netlbl_socket_connect(sk, address);
3868
3869out:
3870 return err;
3871}
3872
3873static int selinux_socket_listen(struct socket *sock, int backlog)
3874{
3875 return socket_has_perm(current, sock, SOCKET__LISTEN);
3876}
3877
3878static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
3879{
3880 int err;
3881 struct inode_security_struct *isec;
3882 struct inode_security_struct *newisec;
3883
3884 err = socket_has_perm(current, sock, SOCKET__ACCEPT);
3885 if (err)
3886 return err;
3887
3888 newisec = SOCK_INODE(newsock)->i_security;
3889
3890 isec = SOCK_INODE(sock)->i_security;
3891 newisec->sclass = isec->sclass;
3892 newisec->sid = isec->sid;
3893 newisec->initialized = 1;
3894
3895 return 0;
3896}
3897
3898static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3899 int size)
3900{
3901 return socket_has_perm(current, sock, SOCKET__WRITE);
3902}
3903
3904static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
3905 int size, int flags)
3906{
3907 return socket_has_perm(current, sock, SOCKET__READ);
3908}
3909
3910static int selinux_socket_getsockname(struct socket *sock)
3911{
3912 return socket_has_perm(current, sock, SOCKET__GETATTR);
3913}
3914
3915static int selinux_socket_getpeername(struct socket *sock)
3916{
3917 return socket_has_perm(current, sock, SOCKET__GETATTR);
3918}
3919
3920static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
3921{
3922 int err;
3923
3924 err = socket_has_perm(current, sock, SOCKET__SETOPT);
3925 if (err)
3926 return err;
3927
3928 return selinux_netlbl_socket_setsockopt(sock, level, optname);
3929}
3930
3931static int selinux_socket_getsockopt(struct socket *sock, int level,
3932 int optname)
3933{
3934 return socket_has_perm(current, sock, SOCKET__GETOPT);
3935}
3936
3937static int selinux_socket_shutdown(struct socket *sock, int how)
3938{
3939 return socket_has_perm(current, sock, SOCKET__SHUTDOWN);
3940}
3941
3942static int selinux_socket_unix_stream_connect(struct socket *sock,
3943 struct socket *other,
3944 struct sock *newsk)
3945{
3946 struct sk_security_struct *ssec;
3947 struct inode_security_struct *isec;
3948 struct inode_security_struct *other_isec;
3949 struct avc_audit_data ad;
3950 int err;
3951
3952 isec = SOCK_INODE(sock)->i_security;
3953 other_isec = SOCK_INODE(other)->i_security;
3954
3955 AVC_AUDIT_DATA_INIT(&ad, NET);
3956 ad.u.net.sk = other->sk;
3957
3958 err = avc_has_perm(isec->sid, other_isec->sid,
3959 isec->sclass,
3960 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
3961 if (err)
3962 return err;
3963
3964
3965 ssec = sock->sk->sk_security;
3966 ssec->peer_sid = other_isec->sid;
3967
3968
3969 ssec = newsk->sk_security;
3970 ssec->peer_sid = isec->sid;
3971 err = security_sid_mls_copy(other_isec->sid, ssec->peer_sid, &ssec->sid);
3972
3973 return err;
3974}
3975
3976static int selinux_socket_unix_may_send(struct socket *sock,
3977 struct socket *other)
3978{
3979 struct inode_security_struct *isec;
3980 struct inode_security_struct *other_isec;
3981 struct avc_audit_data ad;
3982 int err;
3983
3984 isec = SOCK_INODE(sock)->i_security;
3985 other_isec = SOCK_INODE(other)->i_security;
3986
3987 AVC_AUDIT_DATA_INIT(&ad, NET);
3988 ad.u.net.sk = other->sk;
3989
3990 err = avc_has_perm(isec->sid, other_isec->sid,
3991 isec->sclass, SOCKET__SENDTO, &ad);
3992 if (err)
3993 return err;
3994
3995 return 0;
3996}
3997
3998static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family,
3999 u32 peer_sid,
4000 struct avc_audit_data *ad)
4001{
4002 int err;
4003 u32 if_sid;
4004 u32 node_sid;
4005
4006 err = sel_netif_sid(ifindex, &if_sid);
4007 if (err)
4008 return err;
4009 err = avc_has_perm(peer_sid, if_sid,
4010 SECCLASS_NETIF, NETIF__INGRESS, ad);
4011 if (err)
4012 return err;
4013
4014 err = sel_netnode_sid(addrp, family, &node_sid);
4015 if (err)
4016 return err;
4017 return avc_has_perm(peer_sid, node_sid,
4018 SECCLASS_NODE, NODE__RECVFROM, ad);
4019}
4020
4021static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4022 u16 family)
4023{
4024 int err = 0;
4025 struct sk_security_struct *sksec = sk->sk_security;
4026 u32 peer_sid;
4027 u32 sk_sid = sksec->sid;
4028 struct avc_audit_data ad;
4029 char *addrp;
4030
4031 AVC_AUDIT_DATA_INIT(&ad, NET);
4032 ad.u.net.netif = skb->iif;
4033 ad.u.net.family = family;
4034 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4035 if (err)
4036 return err;
4037
4038 if (selinux_secmark_enabled()) {
4039 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4040 PACKET__RECV, &ad);
4041 if (err)
4042 return err;
4043 }
4044
4045 if (selinux_policycap_netpeer) {
4046 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4047 if (err)
4048 return err;
4049 err = avc_has_perm(sk_sid, peer_sid,
4050 SECCLASS_PEER, PEER__RECV, &ad);
4051 if (err)
4052 selinux_netlbl_err(skb, err, 0);
4053 } else {
4054 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
4055 if (err)
4056 return err;
4057 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
4058 }
4059
4060 return err;
4061}
4062
4063static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4064{
4065 int err;
4066 struct sk_security_struct *sksec = sk->sk_security;
4067 u16 family = sk->sk_family;
4068 u32 sk_sid = sksec->sid;
4069 struct avc_audit_data ad;
4070 char *addrp;
4071 u8 secmark_active;
4072 u8 peerlbl_active;
4073
4074 if (family != PF_INET && family != PF_INET6)
4075 return 0;
4076
4077
4078 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4079 family = PF_INET;
4080
4081
4082
4083
4084
4085 if (!selinux_policycap_netpeer)
4086 return selinux_sock_rcv_skb_compat(sk, skb, family);
4087
4088 secmark_active = selinux_secmark_enabled();
4089 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4090 if (!secmark_active && !peerlbl_active)
4091 return 0;
4092
4093 AVC_AUDIT_DATA_INIT(&ad, NET);
4094 ad.u.net.netif = skb->iif;
4095 ad.u.net.family = family;
4096 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4097 if (err)
4098 return err;
4099
4100 if (peerlbl_active) {
4101 u32 peer_sid;
4102
4103 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4104 if (err)
4105 return err;
4106 err = selinux_inet_sys_rcv_skb(skb->iif, addrp, family,
4107 peer_sid, &ad);
4108 if (err) {
4109 selinux_netlbl_err(skb, err, 0);
4110 return err;
4111 }
4112 err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
4113 PEER__RECV, &ad);
4114 if (err)
4115 selinux_netlbl_err(skb, err, 0);
4116 }
4117
4118 if (secmark_active) {
4119 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4120 PACKET__RECV, &ad);
4121 if (err)
4122 return err;
4123 }
4124
4125 return err;
4126}
4127
4128static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
4129 int __user *optlen, unsigned len)
4130{
4131 int err = 0;
4132 char *scontext;
4133 u32 scontext_len;
4134 struct sk_security_struct *ssec;
4135 struct inode_security_struct *isec;
4136 u32 peer_sid = SECSID_NULL;
4137
4138 isec = SOCK_INODE(sock)->i_security;
4139
4140 if (isec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
4141 isec->sclass == SECCLASS_TCP_SOCKET) {
4142 ssec = sock->sk->sk_security;
4143 peer_sid = ssec->peer_sid;
4144 }
4145 if (peer_sid == SECSID_NULL) {
4146 err = -ENOPROTOOPT;
4147 goto out;
4148 }
4149
4150 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
4151
4152 if (err)
4153 goto out;
4154
4155 if (scontext_len > len) {
4156 err = -ERANGE;
4157 goto out_len;
4158 }
4159
4160 if (copy_to_user(optval, scontext, scontext_len))
4161 err = -EFAULT;
4162
4163out_len:
4164 if (put_user(scontext_len, optlen))
4165 err = -EFAULT;
4166
4167 kfree(scontext);
4168out:
4169 return err;
4170}
4171
4172static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
4173{
4174 u32 peer_secid = SECSID_NULL;
4175 u16 family;
4176
4177 if (skb && skb->protocol == htons(ETH_P_IP))
4178 family = PF_INET;
4179 else if (skb && skb->protocol == htons(ETH_P_IPV6))
4180 family = PF_INET6;
4181 else if (sock)
4182 family = sock->sk->sk_family;
4183 else
4184 goto out;
4185
4186 if (sock && family == PF_UNIX)
4187 selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
4188 else if (skb)
4189 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
4190
4191out:
4192 *secid = peer_secid;
4193 if (peer_secid == SECSID_NULL)
4194 return -EINVAL;
4195 return 0;
4196}
4197
4198static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
4199{
4200 return sk_alloc_security(sk, family, priority);
4201}
4202
4203static void selinux_sk_free_security(struct sock *sk)
4204{
4205 sk_free_security(sk);
4206}
4207
4208static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
4209{
4210 struct sk_security_struct *ssec = sk->sk_security;
4211 struct sk_security_struct *newssec = newsk->sk_security;
4212
4213 newssec->sid = ssec->sid;
4214 newssec->peer_sid = ssec->peer_sid;
4215 newssec->sclass = ssec->sclass;
4216
4217 selinux_netlbl_sk_security_reset(newssec);
4218}
4219
4220static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
4221{
4222 if (!sk)
4223 *secid = SECINITSID_ANY_SOCKET;
4224 else {
4225 struct sk_security_struct *sksec = sk->sk_security;
4226
4227 *secid = sksec->sid;
4228 }
4229}
4230
4231static void selinux_sock_graft(struct sock *sk, struct socket *parent)
4232{
4233 struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
4234 struct sk_security_struct *sksec = sk->sk_security;
4235
4236 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
4237 sk->sk_family == PF_UNIX)
4238 isec->sid = sksec->sid;
4239 sksec->sclass = isec->sclass;
4240}
4241
4242static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4243 struct request_sock *req)
4244{
4245 struct sk_security_struct *sksec = sk->sk_security;
4246 int err;
4247 u16 family = sk->sk_family;
4248 u32 newsid;
4249 u32 peersid;
4250
4251
4252 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4253 family = PF_INET;
4254
4255 err = selinux_skb_peerlbl_sid(skb, family, &peersid);
4256 if (err)
4257 return err;
4258 if (peersid == SECSID_NULL) {
4259 req->secid = sksec->sid;
4260 req->peer_secid = SECSID_NULL;
4261 } else {
4262 err = security_sid_mls_copy(sksec->sid, peersid, &newsid);
4263 if (err)
4264 return err;
4265 req->secid = newsid;
4266 req->peer_secid = peersid;
4267 }
4268
4269 return selinux_netlbl_inet_conn_request(req, family);
4270}
4271
4272static void selinux_inet_csk_clone(struct sock *newsk,
4273 const struct request_sock *req)
4274{
4275 struct sk_security_struct *newsksec = newsk->sk_security;
4276
4277 newsksec->sid = req->secid;
4278 newsksec->peer_sid = req->peer_secid;
4279
4280
4281
4282
4283
4284
4285
4286 selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
4287}
4288
4289static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
4290{
4291 u16 family = sk->sk_family;
4292 struct sk_security_struct *sksec = sk->sk_security;
4293
4294
4295 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4296 family = PF_INET;
4297
4298 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
4299}
4300
4301static void selinux_req_classify_flow(const struct request_sock *req,
4302 struct flowi *fl)
4303{
4304 fl->secid = req->secid;
4305}
4306
4307static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
4308{
4309 int err = 0;
4310 u32 perm;
4311 struct nlmsghdr *nlh;
4312 struct socket *sock = sk->sk_socket;
4313 struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;
4314
4315 if (skb->len < NLMSG_SPACE(0)) {
4316 err = -EINVAL;
4317 goto out;
4318 }
4319 nlh = nlmsg_hdr(skb);
4320
4321 err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
4322 if (err) {
4323 if (err == -EINVAL) {
4324 audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR,
4325 "SELinux: unrecognized netlink message"
4326 " type=%hu for sclass=%hu\n",
4327 nlh->nlmsg_type, isec->sclass);
4328 if (!selinux_enforcing || security_get_allow_unknown())
4329 err = 0;
4330 }
4331
4332
4333 if (err == -ENOENT)
4334 err = 0;
4335 goto out;
4336 }
4337
4338 err = socket_has_perm(current, sock, perm);
4339out:
4340 return err;
4341}
4342
4343#ifdef CONFIG_NETFILTER
4344
4345static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
4346 u16 family)
4347{
4348 int err;
4349 char *addrp;
4350 u32 peer_sid;
4351 struct avc_audit_data ad;
4352 u8 secmark_active;
4353 u8 netlbl_active;
4354 u8 peerlbl_active;
4355
4356 if (!selinux_policycap_netpeer)
4357 return NF_ACCEPT;
4358
4359 secmark_active = selinux_secmark_enabled();
4360 netlbl_active = netlbl_enabled();
4361 peerlbl_active = netlbl_active || selinux_xfrm_enabled();
4362 if (!secmark_active && !peerlbl_active)
4363 return NF_ACCEPT;
4364
4365 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
4366 return NF_DROP;
4367
4368 AVC_AUDIT_DATA_INIT(&ad, NET);
4369 ad.u.net.netif = ifindex;
4370 ad.u.net.family = family;
4371 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
4372 return NF_DROP;
4373
4374 if (peerlbl_active) {
4375 err = selinux_inet_sys_rcv_skb(ifindex, addrp, family,
4376 peer_sid, &ad);
4377 if (err) {
4378 selinux_netlbl_err(skb, err, 1);
4379 return NF_DROP;
4380 }
4381 }
4382
4383 if (secmark_active)
4384 if (avc_has_perm(peer_sid, skb->secmark,
4385 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
4386 return NF_DROP;
4387
4388 if (netlbl_active)
4389
4390
4391
4392
4393 if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
4394 return NF_DROP;
4395
4396 return NF_ACCEPT;
4397}
4398
4399static unsigned int selinux_ipv4_forward(unsigned int hooknum,
4400 struct sk_buff *skb,
4401 const struct net_device *in,
4402 const struct net_device *out,
4403 int (*okfn)(struct sk_buff *))
4404{
4405 return selinux_ip_forward(skb, in->ifindex, PF_INET);
4406}
4407
4408#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4409static unsigned int selinux_ipv6_forward(unsigned int hooknum,
4410 struct sk_buff *skb,
4411 const struct net_device *in,
4412 const struct net_device *out,
4413 int (*okfn)(struct sk_buff *))
4414{
4415 return selinux_ip_forward(skb, in->ifindex, PF_INET6);
4416}
4417#endif
4418
4419static unsigned int selinux_ip_output(struct sk_buff *skb,
4420 u16 family)
4421{
4422 u32 sid;
4423
4424 if (!netlbl_enabled())
4425 return NF_ACCEPT;
4426
4427
4428
4429
4430 if (skb->sk) {
4431 struct sk_security_struct *sksec = skb->sk->sk_security;
4432 sid = sksec->sid;
4433 } else
4434 sid = SECINITSID_KERNEL;
4435 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
4436 return NF_DROP;
4437
4438 return NF_ACCEPT;
4439}
4440
4441static unsigned int selinux_ipv4_output(unsigned int hooknum,
4442 struct sk_buff *skb,
4443 const struct net_device *in,
4444 const struct net_device *out,
4445 int (*okfn)(struct sk_buff *))
4446{
4447 return selinux_ip_output(skb, PF_INET);
4448}
4449
4450static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4451 int ifindex,
4452 u16 family)
4453{
4454 struct sock *sk = skb->sk;
4455 struct sk_security_struct *sksec;
4456 struct avc_audit_data ad;
4457 char *addrp;
4458 u8 proto;
4459
4460 if (sk == NULL)
4461 return NF_ACCEPT;
4462 sksec = sk->sk_security;
4463
4464 AVC_AUDIT_DATA_INIT(&ad, NET);
4465 ad.u.net.netif = ifindex;
4466 ad.u.net.family = family;
4467 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
4468 return NF_DROP;
4469
4470 if (selinux_secmark_enabled())
4471 if (avc_has_perm(sksec->sid, skb->secmark,
4472 SECCLASS_PACKET, PACKET__SEND, &ad))
4473 return NF_DROP;
4474
4475 if (selinux_policycap_netpeer)
4476 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
4477 return NF_DROP;
4478
4479 return NF_ACCEPT;
4480}
4481
4482static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4483 u16 family)
4484{
4485 u32 secmark_perm;
4486 u32 peer_sid;
4487 struct sock *sk;
4488 struct avc_audit_data ad;
4489 char *addrp;
4490 u8 secmark_active;
4491 u8 peerlbl_active;
4492
4493
4494
4495
4496
4497 if (!selinux_policycap_netpeer)
4498 return selinux_ip_postroute_compat(skb, ifindex, family);
4499#ifdef CONFIG_XFRM
4500
4501
4502
4503
4504
4505
4506 if (skb->dst != NULL && skb->dst->xfrm != NULL)
4507 return NF_ACCEPT;
4508#endif
4509 secmark_active = selinux_secmark_enabled();
4510 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4511 if (!secmark_active && !peerlbl_active)
4512 return NF_ACCEPT;
4513
4514
4515
4516
4517
4518 sk = skb->sk;
4519 if (sk == NULL) {
4520 switch (family) {
4521 case PF_INET:
4522 if (IPCB(skb)->flags & IPSKB_FORWARDED)
4523 secmark_perm = PACKET__FORWARD_OUT;
4524 else
4525 secmark_perm = PACKET__SEND;
4526 break;
4527 case PF_INET6:
4528 if (IP6CB(skb)->flags & IP6SKB_FORWARDED)
4529 secmark_perm = PACKET__FORWARD_OUT;
4530 else
4531 secmark_perm = PACKET__SEND;
4532 break;
4533 default:
4534 return NF_DROP;
4535 }
4536 if (secmark_perm == PACKET__FORWARD_OUT) {
4537 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
4538 return NF_DROP;
4539 } else
4540 peer_sid = SECINITSID_KERNEL;
4541 } else {
4542 struct sk_security_struct *sksec = sk->sk_security;
4543 peer_sid = sksec->sid;
4544 secmark_perm = PACKET__SEND;
4545 }
4546
4547 AVC_AUDIT_DATA_INIT(&ad, NET);
4548 ad.u.net.netif = ifindex;
4549 ad.u.net.family = family;
4550 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
4551 return NF_DROP;
4552
4553 if (secmark_active)
4554 if (avc_has_perm(peer_sid, skb->secmark,
4555 SECCLASS_PACKET, secmark_perm, &ad))
4556 return NF_DROP;
4557
4558 if (peerlbl_active) {
4559 u32 if_sid;
4560 u32 node_sid;
4561
4562 if (sel_netif_sid(ifindex, &if_sid))
4563 return NF_DROP;
4564 if (avc_has_perm(peer_sid, if_sid,
4565 SECCLASS_NETIF, NETIF__EGRESS, &ad))
4566 return NF_DROP;
4567
4568 if (sel_netnode_sid(addrp, family, &node_sid))
4569 return NF_DROP;
4570 if (avc_has_perm(peer_sid, node_sid,
4571 SECCLASS_NODE, NODE__SENDTO, &ad))
4572 return NF_DROP;
4573 }
4574
4575 return NF_ACCEPT;
4576}
4577
4578static unsigned int selinux_ipv4_postroute(unsigned int hooknum,
4579 struct sk_buff *skb,
4580 const struct net_device *in,
4581 const struct net_device *out,
4582 int (*okfn)(struct sk_buff *))
4583{
4584 return selinux_ip_postroute(skb, out->ifindex, PF_INET);
4585}
4586
4587#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4588static unsigned int selinux_ipv6_postroute(unsigned int hooknum,
4589 struct sk_buff *skb,
4590 const struct net_device *in,
4591 const struct net_device *out,
4592 int (*okfn)(struct sk_buff *))
4593{
4594 return selinux_ip_postroute(skb, out->ifindex, PF_INET6);
4595}
4596#endif
4597
4598#endif
4599
4600static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
4601{
4602 int err;
4603
4604 err = cap_netlink_send(sk, skb);
4605 if (err)
4606 return err;
4607
4608 if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS)
4609 err = selinux_nlmsg_perm(sk, skb);
4610
4611 return err;
4612}
4613
4614static int selinux_netlink_recv(struct sk_buff *skb, int capability)
4615{
4616 int err;
4617 struct avc_audit_data ad;
4618
4619 err = cap_netlink_recv(skb, capability);
4620 if (err)
4621 return err;
4622
4623 AVC_AUDIT_DATA_INIT(&ad, CAP);
4624 ad.u.cap = capability;
4625
4626 return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid,
4627 SECCLASS_CAPABILITY, CAP_TO_MASK(capability), &ad);
4628}
4629
4630static int ipc_alloc_security(struct task_struct *task,
4631 struct kern_ipc_perm *perm,
4632 u16 sclass)
4633{
4634 struct ipc_security_struct *isec;
4635 u32 sid;
4636
4637 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
4638 if (!isec)
4639 return -ENOMEM;
4640
4641 sid = task_sid(task);
4642 isec->sclass = sclass;
4643 isec->sid = sid;
4644 perm->security = isec;
4645
4646 return 0;
4647}
4648
4649static void ipc_free_security(struct kern_ipc_perm *perm)
4650{
4651 struct ipc_security_struct *isec = perm->security;
4652 perm->security = NULL;
4653 kfree(isec);
4654}
4655
4656static int msg_msg_alloc_security(struct msg_msg *msg)
4657{
4658 struct msg_security_struct *msec;
4659
4660 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
4661 if (!msec)
4662 return -ENOMEM;
4663
4664 msec->sid = SECINITSID_UNLABELED;
4665 msg->security = msec;
4666
4667 return 0;
4668}
4669
4670static void msg_msg_free_security(struct msg_msg *msg)
4671{
4672 struct msg_security_struct *msec = msg->security;
4673
4674 msg->security = NULL;
4675 kfree(msec);
4676}
4677
4678static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
4679 u32 perms)
4680{
4681 struct ipc_security_struct *isec;
4682 struct avc_audit_data ad;
4683 u32 sid = current_sid();
4684
4685 isec = ipc_perms->security;
4686
4687 AVC_AUDIT_DATA_INIT(&ad, IPC);
4688 ad.u.ipc_id = ipc_perms->key;
4689
4690 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
4691}
4692
4693static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
4694{
4695 return msg_msg_alloc_security(msg);
4696}
4697
4698static void selinux_msg_msg_free_security(struct msg_msg *msg)
4699{
4700 msg_msg_free_security(msg);
4701}
4702
4703
4704static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4705{
4706 struct ipc_security_struct *isec;
4707 struct avc_audit_data ad;
4708 u32 sid = current_sid();
4709 int rc;
4710
4711 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
4712 if (rc)
4713 return rc;
4714
4715 isec = msq->q_perm.security;
4716
4717 AVC_AUDIT_DATA_INIT(&ad, IPC);
4718 ad.u.ipc_id = msq->q_perm.key;
4719
4720 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4721 MSGQ__CREATE, &ad);
4722 if (rc) {
4723 ipc_free_security(&msq->q_perm);
4724 return rc;
4725 }
4726 return 0;
4727}
4728
4729static void selinux_msg_queue_free_security(struct msg_queue *msq)
4730{
4731 ipc_free_security(&msq->q_perm);
4732}
4733
4734static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
4735{
4736 struct ipc_security_struct *isec;
4737 struct avc_audit_data ad;
4738 u32 sid = current_sid();
4739
4740 isec = msq->q_perm.security;
4741
4742 AVC_AUDIT_DATA_INIT(&ad, IPC);
4743 ad.u.ipc_id = msq->q_perm.key;
4744
4745 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4746 MSGQ__ASSOCIATE, &ad);
4747}
4748
4749static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
4750{
4751 int err;
4752 int perms;
4753
4754 switch (cmd) {
4755 case IPC_INFO:
4756 case MSG_INFO:
4757
4758 return task_has_system(current, SYSTEM__IPC_INFO);
4759 case IPC_STAT:
4760 case MSG_STAT:
4761 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
4762 break;
4763 case IPC_SET:
4764 perms = MSGQ__SETATTR;
4765 break;
4766 case IPC_RMID:
4767 perms = MSGQ__DESTROY;
4768 break;
4769 default:
4770 return 0;
4771 }
4772
4773 err = ipc_has_perm(&msq->q_perm, perms);
4774 return err;
4775}
4776
4777static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
4778{
4779 struct ipc_security_struct *isec;
4780 struct msg_security_struct *msec;
4781 struct avc_audit_data ad;
4782 u32 sid = current_sid();
4783 int rc;
4784
4785 isec = msq->q_perm.security;
4786 msec = msg->security;
4787
4788
4789
4790
4791 if (msec->sid == SECINITSID_UNLABELED) {
4792
4793
4794
4795
4796 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG,
4797 &msec->sid);
4798 if (rc)
4799 return rc;
4800 }
4801
4802 AVC_AUDIT_DATA_INIT(&ad, IPC);
4803 ad.u.ipc_id = msq->q_perm.key;
4804
4805
4806 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4807 MSGQ__WRITE, &ad);
4808 if (!rc)
4809
4810 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG,
4811 MSG__SEND, &ad);
4812 if (!rc)
4813
4814 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ,
4815 MSGQ__ENQUEUE, &ad);
4816
4817 return rc;
4818}
4819
4820static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
4821 struct task_struct *target,
4822 long type, int mode)
4823{
4824 struct ipc_security_struct *isec;
4825 struct msg_security_struct *msec;
4826 struct avc_audit_data ad;
4827 u32 sid = task_sid(target);
4828 int rc;
4829
4830 isec = msq->q_perm.security;
4831 msec = msg->security;
4832
4833 AVC_AUDIT_DATA_INIT(&ad, IPC);
4834 ad.u.ipc_id = msq->q_perm.key;
4835
4836 rc = avc_has_perm(sid, isec->sid,
4837 SECCLASS_MSGQ, MSGQ__READ, &ad);
4838 if (!rc)
4839 rc = avc_has_perm(sid, msec->sid,
4840 SECCLASS_MSG, MSG__RECEIVE, &ad);
4841 return rc;
4842}
4843
4844
4845static int selinux_shm_alloc_security(struct shmid_kernel *shp)
4846{
4847 struct ipc_security_struct *isec;
4848 struct avc_audit_data ad;
4849 u32 sid = current_sid();
4850 int rc;
4851
4852 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
4853 if (rc)
4854 return rc;
4855
4856 isec = shp->shm_perm.security;
4857
4858 AVC_AUDIT_DATA_INIT(&ad, IPC);
4859 ad.u.ipc_id = shp->shm_perm.key;
4860
4861 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
4862 SHM__CREATE, &ad);
4863 if (rc) {
4864 ipc_free_security(&shp->shm_perm);
4865 return rc;
4866 }
4867 return 0;
4868}
4869
4870static void selinux_shm_free_security(struct shmid_kernel *shp)
4871{
4872 ipc_free_security(&shp->shm_perm);
4873}
4874
4875static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
4876{
4877 struct ipc_security_struct *isec;
4878 struct avc_audit_data ad;
4879 u32 sid = current_sid();
4880
4881 isec = shp->shm_perm.security;
4882
4883 AVC_AUDIT_DATA_INIT(&ad, IPC);
4884 ad.u.ipc_id = shp->shm_perm.key;
4885
4886 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
4887 SHM__ASSOCIATE, &ad);
4888}
4889
4890
4891static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
4892{
4893 int perms;
4894 int err;
4895
4896 switch (cmd) {
4897 case IPC_INFO:
4898 case SHM_INFO:
4899
4900 return task_has_system(current, SYSTEM__IPC_INFO);
4901 case IPC_STAT:
4902 case SHM_STAT:
4903 perms = SHM__GETATTR | SHM__ASSOCIATE;
4904 break;
4905 case IPC_SET:
4906 perms = SHM__SETATTR;
4907 break;
4908 case SHM_LOCK:
4909 case SHM_UNLOCK:
4910 perms = SHM__LOCK;
4911 break;
4912 case IPC_RMID:
4913 perms = SHM__DESTROY;
4914 break;
4915 default:
4916 return 0;
4917 }
4918
4919 err = ipc_has_perm(&shp->shm_perm, perms);
4920 return err;
4921}
4922
4923static int selinux_shm_shmat(struct shmid_kernel *shp,
4924 char __user *shmaddr, int shmflg)
4925{
4926 u32 perms;
4927
4928 if (shmflg & SHM_RDONLY)
4929 perms = SHM__READ;
4930 else
4931 perms = SHM__READ | SHM__WRITE;
4932
4933 return ipc_has_perm(&shp->shm_perm, perms);
4934}
4935
4936
4937static int selinux_sem_alloc_security(struct sem_array *sma)
4938{
4939 struct ipc_security_struct *isec;
4940 struct avc_audit_data ad;
4941 u32 sid = current_sid();
4942 int rc;
4943
4944 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
4945 if (rc)
4946 return rc;
4947
4948 isec = sma->sem_perm.security;
4949
4950 AVC_AUDIT_DATA_INIT(&ad, IPC);
4951 ad.u.ipc_id = sma->sem_perm.key;
4952
4953 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
4954 SEM__CREATE, &ad);
4955 if (rc) {
4956 ipc_free_security(&sma->sem_perm);
4957 return rc;
4958 }
4959 return 0;
4960}
4961
4962static void selinux_sem_free_security(struct sem_array *sma)
4963{
4964 ipc_free_security(&sma->sem_perm);
4965}
4966
4967static int selinux_sem_associate(struct sem_array *sma, int semflg)
4968{
4969 struct ipc_security_struct *isec;
4970 struct avc_audit_data ad;
4971 u32 sid = current_sid();
4972
4973 isec = sma->sem_perm.security;
4974
4975 AVC_AUDIT_DATA_INIT(&ad, IPC);
4976 ad.u.ipc_id = sma->sem_perm.key;
4977
4978 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
4979 SEM__ASSOCIATE, &ad);
4980}
4981
4982
4983static int selinux_sem_semctl(struct sem_array *sma, int cmd)
4984{
4985 int err;
4986 u32 perms;
4987
4988 switch (cmd) {
4989 case IPC_INFO:
4990 case SEM_INFO:
4991
4992 return task_has_system(current, SYSTEM__IPC_INFO);
4993 case GETPID:
4994 case GETNCNT:
4995 case GETZCNT:
4996 perms = SEM__GETATTR;
4997 break;
4998 case GETVAL:
4999 case GETALL:
5000 perms = SEM__READ;
5001 break;
5002 case SETVAL:
5003 case SETALL:
5004 perms = SEM__WRITE;
5005 break;
5006 case IPC_RMID:
5007 perms = SEM__DESTROY;
5008 break;
5009 case IPC_SET:
5010 perms = SEM__SETATTR;
5011 break;
5012 case IPC_STAT:
5013 case SEM_STAT:
5014 perms = SEM__GETATTR | SEM__ASSOCIATE;
5015 break;
5016 default:
5017 return 0;
5018 }
5019
5020 err = ipc_has_perm(&sma->sem_perm, perms);
5021 return err;
5022}
5023
5024static int selinux_sem_semop(struct sem_array *sma,
5025 struct sembuf *sops, unsigned nsops, int alter)
5026{
5027 u32 perms;
5028
5029 if (alter)
5030 perms = SEM__READ | SEM__WRITE;
5031 else
5032 perms = SEM__READ;
5033
5034 return ipc_has_perm(&sma->sem_perm, perms);
5035}
5036
5037static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
5038{
5039 u32 av = 0;
5040
5041 av = 0;
5042 if (flag & S_IRUGO)
5043 av |= IPC__UNIX_READ;
5044 if (flag & S_IWUGO)
5045 av |= IPC__UNIX_WRITE;
5046
5047 if (av == 0)
5048 return 0;
5049
5050 return ipc_has_perm(ipcp, av);
5051}
5052
5053static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
5054{
5055 struct ipc_security_struct *isec = ipcp->security;
5056 *secid = isec->sid;
5057}
5058
5059static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
5060{
5061 if (inode)
5062 inode_doinit_with_dentry(inode, dentry);
5063}
5064
5065static int selinux_getprocattr(struct task_struct *p,
5066 char *name, char **value)
5067{
5068 const struct task_security_struct *__tsec;
5069 u32 sid;
5070 int error;
5071 unsigned len;
5072
5073 if (current != p) {
5074 error = current_has_perm(p, PROCESS__GETATTR);
5075 if (error)
5076 return error;
5077 }
5078
5079 rcu_read_lock();
5080 __tsec = __task_cred(p)->security;
5081
5082 if (!strcmp(name, "current"))
5083 sid = __tsec->sid;
5084 else if (!strcmp(name, "prev"))
5085 sid = __tsec->osid;
5086 else if (!strcmp(name, "exec"))
5087 sid = __tsec->exec_sid;
5088 else if (!strcmp(name, "fscreate"))
5089 sid = __tsec->create_sid;
5090 else if (!strcmp(name, "keycreate"))
5091 sid = __tsec->keycreate_sid;
5092 else if (!strcmp(name, "sockcreate"))
5093 sid = __tsec->sockcreate_sid;
5094 else
5095 goto invalid;
5096 rcu_read_unlock();
5097
5098 if (!sid)
5099 return 0;
5100
5101 error = security_sid_to_context(sid, value, &len);
5102 if (error)
5103 return error;
5104 return len;
5105
5106invalid:
5107 rcu_read_unlock();
5108 return -EINVAL;
5109}
5110
5111static int selinux_setprocattr(struct task_struct *p,
5112 char *name, void *value, size_t size)
5113{
5114 struct task_security_struct *tsec;
5115 struct task_struct *tracer;
5116 struct cred *new;
5117 u32 sid = 0, ptsid;
5118 int error;
5119 char *str = value;
5120
5121 if (current != p) {
5122
5123
5124 return -EACCES;
5125 }
5126
5127
5128
5129
5130
5131
5132 if (!strcmp(name, "exec"))
5133 error = current_has_perm(p, PROCESS__SETEXEC);
5134 else if (!strcmp(name, "fscreate"))
5135 error = current_has_perm(p, PROCESS__SETFSCREATE);
5136 else if (!strcmp(name, "keycreate"))
5137 error = current_has_perm(p, PROCESS__SETKEYCREATE);
5138 else if (!strcmp(name, "sockcreate"))
5139 error = current_has_perm(p, PROCESS__SETSOCKCREATE);
5140 else if (!strcmp(name, "current"))
5141 error = current_has_perm(p, PROCESS__SETCURRENT);
5142 else
5143 error = -EINVAL;
5144 if (error)
5145 return error;
5146
5147
5148 if (size && str[1] && str[1] != '\n') {
5149 if (str[size-1] == '\n') {
5150 str[size-1] = 0;
5151 size--;
5152 }
5153 error = security_context_to_sid(value, size, &sid);
5154 if (error == -EINVAL && !strcmp(name, "fscreate")) {
5155 if (!capable(CAP_MAC_ADMIN))
5156 return error;
5157 error = security_context_to_sid_force(value, size,
5158 &sid);
5159 }
5160 if (error)
5161 return error;
5162 }
5163
5164 new = prepare_creds();
5165 if (!new)
5166 return -ENOMEM;
5167
5168
5169
5170
5171
5172
5173
5174 tsec = new->security;
5175 if (!strcmp(name, "exec")) {
5176 tsec->exec_sid = sid;
5177 } else if (!strcmp(name, "fscreate")) {
5178 tsec->create_sid = sid;
5179 } else if (!strcmp(name, "keycreate")) {
5180 error = may_create_key(sid, p);
5181 if (error)
5182 goto abort_change;
5183 tsec->keycreate_sid = sid;
5184 } else if (!strcmp(name, "sockcreate")) {
5185 tsec->sockcreate_sid = sid;
5186 } else if (!strcmp(name, "current")) {
5187 error = -EINVAL;
5188 if (sid == 0)
5189 goto abort_change;
5190
5191
5192 error = -EPERM;
5193 if (!is_single_threaded(p)) {
5194 error = security_bounded_transition(tsec->sid, sid);
5195 if (error)
5196 goto abort_change;
5197 }
5198
5199
5200 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
5201 PROCESS__DYNTRANSITION, NULL);
5202 if (error)
5203 goto abort_change;
5204
5205
5206
5207 ptsid = 0;
5208 task_lock(p);
5209 tracer = tracehook_tracer_task(p);
5210 if (tracer)
5211 ptsid = task_sid(tracer);
5212 task_unlock(p);
5213
5214 if (tracer) {
5215 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
5216 PROCESS__PTRACE, NULL);
5217 if (error)
5218 goto abort_change;
5219 }
5220
5221 tsec->sid = sid;
5222 } else {
5223 error = -EINVAL;
5224 goto abort_change;
5225 }
5226
5227 commit_creds(new);
5228 return size;
5229
5230abort_change:
5231 abort_creds(new);
5232 return error;
5233}
5234
5235static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
5236{
5237 return security_sid_to_context(secid, secdata, seclen);
5238}
5239
5240static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
5241{
5242 return security_context_to_sid(secdata, seclen, secid);
5243}
5244
5245static void selinux_release_secctx(char *secdata, u32 seclen)
5246{
5247 kfree(secdata);
5248}
5249
5250#ifdef CONFIG_KEYS
5251
5252static int selinux_key_alloc(struct key *k, const struct cred *cred,
5253 unsigned long flags)
5254{
5255 const struct task_security_struct *tsec;
5256 struct key_security_struct *ksec;
5257
5258 ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
5259 if (!ksec)
5260 return -ENOMEM;
5261
5262 tsec = cred->security;
5263 if (tsec->keycreate_sid)
5264 ksec->sid = tsec->keycreate_sid;
5265 else
5266 ksec->sid = tsec->sid;
5267
5268 k->security = ksec;
5269 return 0;
5270}
5271
5272static void selinux_key_free(struct key *k)
5273{
5274 struct key_security_struct *ksec = k->security;
5275
5276 k->security = NULL;
5277 kfree(ksec);
5278}
5279
5280static int selinux_key_permission(key_ref_t key_ref,
5281 const struct cred *cred,
5282 key_perm_t perm)
5283{
5284 struct key *key;
5285 struct key_security_struct *ksec;
5286 u32 sid;
5287
5288
5289
5290
5291 if (perm == 0)
5292 return 0;
5293
5294 sid = cred_sid(cred);
5295
5296 key = key_ref_to_ptr(key_ref);
5297 ksec = key->security;
5298
5299 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL);
5300}
5301
5302static int selinux_key_getsecurity(struct key *key, char **_buffer)
5303{
5304 struct key_security_struct *ksec = key->security;
5305 char *context = NULL;
5306 unsigned len;
5307 int rc;
5308
5309 rc = security_sid_to_context(ksec->sid, &context, &len);
5310 if (!rc)
5311 rc = len;
5312 *_buffer = context;
5313 return rc;
5314}
5315
5316#endif
5317
5318static struct security_operations selinux_ops = {
5319 .name = "selinux",
5320
5321 .ptrace_may_access = selinux_ptrace_may_access,
5322 .ptrace_traceme = selinux_ptrace_traceme,
5323 .capget = selinux_capget,
5324 .capset = selinux_capset,
5325 .sysctl = selinux_sysctl,
5326 .capable = selinux_capable,
5327 .quotactl = selinux_quotactl,
5328 .quota_on = selinux_quota_on,
5329 .syslog = selinux_syslog,
5330 .vm_enough_memory = selinux_vm_enough_memory,
5331
5332 .netlink_send = selinux_netlink_send,
5333 .netlink_recv = selinux_netlink_recv,
5334
5335 .bprm_set_creds = selinux_bprm_set_creds,
5336 .bprm_committing_creds = selinux_bprm_committing_creds,
5337 .bprm_committed_creds = selinux_bprm_committed_creds,
5338 .bprm_secureexec = selinux_bprm_secureexec,
5339
5340 .sb_alloc_security = selinux_sb_alloc_security,
5341 .sb_free_security = selinux_sb_free_security,
5342 .sb_copy_data = selinux_sb_copy_data,
5343 .sb_kern_mount = selinux_sb_kern_mount,
5344 .sb_show_options = selinux_sb_show_options,
5345 .sb_statfs = selinux_sb_statfs,
5346 .sb_mount = selinux_mount,
5347 .sb_umount = selinux_umount,
5348 .sb_set_mnt_opts = selinux_set_mnt_opts,
5349 .sb_clone_mnt_opts = selinux_sb_clone_mnt_opts,
5350 .sb_parse_opts_str = selinux_parse_opts_str,
5351
5352
5353 .inode_alloc_security = selinux_inode_alloc_security,
5354 .inode_free_security = selinux_inode_free_security,
5355 .inode_init_security = selinux_inode_init_security,
5356 .inode_create = selinux_inode_create,
5357 .inode_link = selinux_inode_link,
5358 .
