1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26#include <linux/init.h>
27#include <linux/kd.h>
28#include <linux/kernel.h>
29#include <linux/tracehook.h>
30#include <linux/errno.h>
31#include <linux/ext2_fs.h>
32#include <linux/sched.h>
33#include <linux/security.h>
34#include <linux/xattr.h>
35#include <linux/capability.h>
36#include <linux/unistd.h>
37#include <linux/mm.h>
38#include <linux/mman.h>
39#include <linux/slab.h>
40#include <linux/pagemap.h>
41#include <linux/proc_fs.h>
42#include <linux/swap.h>
43#include <linux/spinlock.h>
44#include <linux/syscalls.h>
45#include <linux/dcache.h>
46#include <linux/file.h>
47#include <linux/fdtable.h>
48#include <linux/namei.h>
49#include <linux/mount.h>
50#include <linux/netfilter_ipv4.h>
51#include <linux/netfilter_ipv6.h>
52#include <linux/tty.h>
53#include <net/icmp.h>
54#include <net/ip.h>
55#include <net/tcp.h>
56#include <net/net_namespace.h>
57#include <net/netlabel.h>
58#include <linux/uaccess.h>
59#include <asm/ioctls.h>
60#include <linux/atomic.h>
61#include <linux/bitops.h>
62#include <linux/interrupt.h>
63#include <linux/netdevice.h>
64#include <linux/netlink.h>
65#include <linux/tcp.h>
66#include <linux/udp.h>
67#include <linux/dccp.h>
68#include <linux/quota.h>
69#include <linux/un.h>
70#include <net/af_unix.h>
71#include <linux/parser.h>
72#include <linux/nfs_mount.h>
73#include <net/ipv6.h>
74#include <linux/hugetlb.h>
75#include <linux/personality.h>
76#include <linux/audit.h>
77#include <linux/string.h>
78#include <linux/selinux.h>
79#include <linux/mutex.h>
80#include <linux/posix-timers.h>
81#include <linux/syslog.h>
82#include <linux/user_namespace.h>
83#include <linux/export.h>
84
85#include "avc.h"
86#include "objsec.h"
87#include "netif.h"
88#include "netnode.h"
89#include "netport.h"
90#include "xfrm.h"
91#include "netlabel.h"
92#include "audit.h"
93#include "avc_ss.h"
94
95#define NUM_SEL_MNT_OPTS 5
96
97extern struct security_operations *security_ops;
98
99
100static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
101
102#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
103int selinux_enforcing;
104
105static int __init enforcing_setup(char *str)
106{
107 unsigned long enforcing;
108 if (!strict_strtoul(str, 0, &enforcing))
109 selinux_enforcing = enforcing ? 1 : 0;
110 return 1;
111}
112__setup("enforcing=", enforcing_setup);
113#endif
114
115#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
116int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
117
118static int __init selinux_enabled_setup(char *str)
119{
120 unsigned long enabled;
121 if (!strict_strtoul(str, 0, &enabled))
122 selinux_enabled = enabled ? 1 : 0;
123 return 1;
124}
125__setup("selinux=", selinux_enabled_setup);
126#else
127int selinux_enabled = 1;
128#endif
129
130static struct kmem_cache *sel_inode_cache;
131
132
133
134
135
136
137
138
139
140
141
142static int selinux_secmark_enabled(void)
143{
144 return (atomic_read(&selinux_secmark_refcount) > 0);
145}
146
147
148
149
150static void cred_init_security(void)
151{
152 struct cred *cred = (struct cred *) current->real_cred;
153 struct task_security_struct *tsec;
154
155 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
156 if (!tsec)
157 panic("SELinux: Failed to initialize initial task.\n");
158
159 tsec->osid = tsec->sid = SECINITSID_KERNEL;
160 cred->security = tsec;
161}
162
163
164
165
166static inline u32 cred_sid(const struct cred *cred)
167{
168 const struct task_security_struct *tsec;
169
170 tsec = cred->security;
171 return tsec->sid;
172}
173
174
175
176
177static inline u32 task_sid(const struct task_struct *task)
178{
179 u32 sid;
180
181 rcu_read_lock();
182 sid = cred_sid(__task_cred(task));
183 rcu_read_unlock();
184 return sid;
185}
186
187
188
189
190static inline u32 current_sid(void)
191{
192 const struct task_security_struct *tsec = current_security();
193
194 return tsec->sid;
195}
196
197
198
199static int inode_alloc_security(struct inode *inode)
200{
201 struct inode_security_struct *isec;
202 u32 sid = current_sid();
203
204 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
205 if (!isec)
206 return -ENOMEM;
207
208 mutex_init(&isec->lock);
209 INIT_LIST_HEAD(&isec->list);
210 isec->inode = inode;
211 isec->sid = SECINITSID_UNLABELED;
212 isec->sclass = SECCLASS_FILE;
213 isec->task_sid = sid;
214 inode->i_security = isec;
215
216 return 0;
217}
218
219static void inode_free_security(struct inode *inode)
220{
221 struct inode_security_struct *isec = inode->i_security;
222 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
223
224 spin_lock(&sbsec->isec_lock);
225 if (!list_empty(&isec->list))
226 list_del_init(&isec->list);
227 spin_unlock(&sbsec->isec_lock);
228
229 inode->i_security = NULL;
230 kmem_cache_free(sel_inode_cache, isec);
231}
232
233static int file_alloc_security(struct file *file)
234{
235 struct file_security_struct *fsec;
236 u32 sid = current_sid();
237
238 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
239 if (!fsec)
240 return -ENOMEM;
241
242 fsec->sid = sid;
243 fsec->fown_sid = sid;
244 file->f_security = fsec;
245
246 return 0;
247}
248
249static void file_free_security(struct file *file)
250{
251 struct file_security_struct *fsec = file->f_security;
252 file->f_security = NULL;
253 kfree(fsec);
254}
255
256static int superblock_alloc_security(struct super_block *sb)
257{
258 struct superblock_security_struct *sbsec;
259
260 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
261 if (!sbsec)
262 return -ENOMEM;
263
264 mutex_init(&sbsec->lock);
265 INIT_LIST_HEAD(&sbsec->isec_head);
266 spin_lock_init(&sbsec->isec_lock);
267 sbsec->sb = sb;
268 sbsec->sid = SECINITSID_UNLABELED;
269 sbsec->def_sid = SECINITSID_FILE;
270 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
271 sb->s_security = sbsec;
272
273 return 0;
274}
275
276static void superblock_free_security(struct super_block *sb)
277{
278 struct superblock_security_struct *sbsec = sb->s_security;
279 sb->s_security = NULL;
280 kfree(sbsec);
281}
282
283
284
285static const char *labeling_behaviors[6] = {
286 "uses xattr",
287 "uses transition SIDs",
288 "uses task SIDs",
289 "uses genfs_contexts",
290 "not configured for labeling",
291 "uses mountpoint labeling",
292};
293
294static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
295
296static inline int inode_doinit(struct inode *inode)
297{
298 return inode_doinit_with_dentry(inode, NULL);
299}
300
301enum {
302 Opt_error = -1,
303 Opt_context = 1,
304 Opt_fscontext = 2,
305 Opt_defcontext = 3,
306 Opt_rootcontext = 4,
307 Opt_labelsupport = 5,
308};
309
310static const match_table_t tokens = {
311 {Opt_context, CONTEXT_STR "%s"},
312 {Opt_fscontext, FSCONTEXT_STR "%s"},
313 {Opt_defcontext, DEFCONTEXT_STR "%s"},
314 {Opt_rootcontext, ROOTCONTEXT_STR "%s"},
315 {Opt_labelsupport, LABELSUPP_STR},
316 {Opt_error, NULL},
317};
318
319#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
320
321static int may_context_mount_sb_relabel(u32 sid,
322 struct superblock_security_struct *sbsec,
323 const struct cred *cred)
324{
325 const struct task_security_struct *tsec = cred->security;
326 int rc;
327
328 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
329 FILESYSTEM__RELABELFROM, NULL);
330 if (rc)
331 return rc;
332
333 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
334 FILESYSTEM__RELABELTO, NULL);
335 return rc;
336}
337
338static int may_context_mount_inode_relabel(u32 sid,
339 struct superblock_security_struct *sbsec,
340 const struct cred *cred)
341{
342 const struct task_security_struct *tsec = cred->security;
343 int rc;
344 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
345 FILESYSTEM__RELABELFROM, NULL);
346 if (rc)
347 return rc;
348
349 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
350 FILESYSTEM__ASSOCIATE, NULL);
351 return rc;
352}
353
354static int sb_finish_set_opts(struct super_block *sb)
355{
356 struct superblock_security_struct *sbsec = sb->s_security;
357 struct dentry *root = sb->s_root;
358 struct inode *root_inode = root->d_inode;
359 int rc = 0;
360
361 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
362
363
364
365
366
367 if (!root_inode->i_op->getxattr) {
368 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
369 "xattr support\n", sb->s_id, sb->s_type->name);
370 rc = -EOPNOTSUPP;
371 goto out;
372 }
373 rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
374 if (rc < 0 && rc != -ENODATA) {
375 if (rc == -EOPNOTSUPP)
376 printk(KERN_WARNING "SELinux: (dev %s, type "
377 "%s) has no security xattr handler\n",
378 sb->s_id, sb->s_type->name);
379 else
380 printk(KERN_WARNING "SELinux: (dev %s, type "
381 "%s) getxattr errno %d\n", sb->s_id,
382 sb->s_type->name, -rc);
383 goto out;
384 }
385 }
386
387 sbsec->flags |= (SE_SBINITIALIZED | SE_SBLABELSUPP);
388
389 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
390 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
391 sb->s_id, sb->s_type->name);
392 else
393 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
394 sb->s_id, sb->s_type->name,
395 labeling_behaviors[sbsec->behavior-1]);
396
397 if (sbsec->behavior == SECURITY_FS_USE_GENFS ||
398 sbsec->behavior == SECURITY_FS_USE_MNTPOINT ||
399 sbsec->behavior == SECURITY_FS_USE_NONE ||
400 sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
401 sbsec->flags &= ~SE_SBLABELSUPP;
402
403
404 if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
405 sbsec->flags |= SE_SBLABELSUPP;
406
407
408 rc = inode_doinit_with_dentry(root_inode, root);
409
410
411
412
413
414 spin_lock(&sbsec->isec_lock);
415next_inode:
416 if (!list_empty(&sbsec->isec_head)) {
417 struct inode_security_struct *isec =
418 list_entry(sbsec->isec_head.next,
419 struct inode_security_struct, list);
420 struct inode *inode = isec->inode;
421 spin_unlock(&sbsec->isec_lock);
422 inode = igrab(inode);
423 if (inode) {
424 if (!IS_PRIVATE(inode))
425 inode_doinit(inode);
426 iput(inode);
427 }
428 spin_lock(&sbsec->isec_lock);
429 list_del_init(&isec->list);
430 goto next_inode;
431 }
432 spin_unlock(&sbsec->isec_lock);
433out:
434 return rc;
435}
436
437
438
439
440
441
442static int selinux_get_mnt_opts(const struct super_block *sb,
443 struct security_mnt_opts *opts)
444{
445 int rc = 0, i;
446 struct superblock_security_struct *sbsec = sb->s_security;
447 char *context = NULL;
448 u32 len;
449 char tmp;
450
451 security_init_mnt_opts(opts);
452
453 if (!(sbsec->flags & SE_SBINITIALIZED))
454 return -EINVAL;
455
456 if (!ss_initialized)
457 return -EINVAL;
458
459 tmp = sbsec->flags & SE_MNTMASK;
460
461 for (i = 0; i < 8; i++) {
462 if (tmp & 0x01)
463 opts->num_mnt_opts++;
464 tmp >>= 1;
465 }
466
467 if (sbsec->flags & SE_SBLABELSUPP)
468 opts->num_mnt_opts++;
469
470 opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
471 if (!opts->mnt_opts) {
472 rc = -ENOMEM;
473 goto out_free;
474 }
475
476 opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);
477 if (!opts->mnt_opts_flags) {
478 rc = -ENOMEM;
479 goto out_free;
480 }
481
482 i = 0;
483 if (sbsec->flags & FSCONTEXT_MNT) {
484 rc = security_sid_to_context(sbsec->sid, &context, &len);
485 if (rc)
486 goto out_free;
487 opts->mnt_opts[i] = context;
488 opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
489 }
490 if (sbsec->flags & CONTEXT_MNT) {
491 rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
492 if (rc)
493 goto out_free;
494 opts->mnt_opts[i] = context;
495 opts->mnt_opts_flags[i++] = CONTEXT_MNT;
496 }
497 if (sbsec->flags & DEFCONTEXT_MNT) {
498 rc = security_sid_to_context(sbsec->def_sid, &context, &len);
499 if (rc)
500 goto out_free;
501 opts->mnt_opts[i] = context;
502 opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;
503 }
504 if (sbsec->flags & ROOTCONTEXT_MNT) {
505 struct inode *root = sbsec->sb->s_root->d_inode;
506 struct inode_security_struct *isec = root->i_security;
507
508 rc = security_sid_to_context(isec->sid, &context, &len);
509 if (rc)
510 goto out_free;
511 opts->mnt_opts[i] = context;
512 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
513 }
514 if (sbsec->flags & SE_SBLABELSUPP) {
515 opts->mnt_opts[i] = NULL;
516 opts->mnt_opts_flags[i++] = SE_SBLABELSUPP;
517 }
518
519 BUG_ON(i != opts->num_mnt_opts);
520
521 return 0;
522
523out_free:
524 security_free_mnt_opts(opts);
525 return rc;
526}
527
528static int bad_option(struct superblock_security_struct *sbsec, char flag,
529 u32 old_sid, u32 new_sid)
530{
531 char mnt_flags = sbsec->flags & SE_MNTMASK;
532
533
534 if (sbsec->flags & SE_SBINITIALIZED)
535 if (!(sbsec->flags & flag) ||
536 (old_sid != new_sid))
537 return 1;
538
539
540
541
542 if (!(sbsec->flags & SE_SBINITIALIZED))
543 if (mnt_flags & flag)
544 return 1;
545 return 0;
546}
547
548
549
550
551
552static int selinux_set_mnt_opts(struct super_block *sb,
553 struct security_mnt_opts *opts)
554{
555 const struct cred *cred = current_cred();
556 int rc = 0, i;
557 struct superblock_security_struct *sbsec = sb->s_security;
558 const char *name = sb->s_type->name;
559 struct inode *inode = sbsec->sb->s_root->d_inode;
560 struct inode_security_struct *root_isec = inode->i_security;
561 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
562 u32 defcontext_sid = 0;
563 char **mount_options = opts->mnt_opts;
564 int *flags = opts->mnt_opts_flags;
565 int num_opts = opts->num_mnt_opts;
566
567 mutex_lock(&sbsec->lock);
568
569 if (!ss_initialized) {
570 if (!num_opts) {
571
572
573
574 goto out;
575 }
576 rc = -EINVAL;
577 printk(KERN_WARNING "SELinux: Unable to set superblock options "
578 "before the security server is initialized\n");
579 goto out;
580 }
581
582
583
584
585
586
587
588
589
590
591
592
593 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
594 && (num_opts == 0))
595 goto out;
596
597
598
599
600
601
602 for (i = 0; i < num_opts; i++) {
603 u32 sid;
604
605 if (flags[i] == SE_SBLABELSUPP)
606 continue;
607 rc = security_context_to_sid(mount_options[i],
608 strlen(mount_options[i]), &sid);
609 if (rc) {
610 printk(KERN_WARNING "SELinux: security_context_to_sid"
611 "(%s) failed for (dev %s, type %s) errno=%d\n",
612 mount_options[i], sb->s_id, name, rc);
613 goto out;
614 }
615 switch (flags[i]) {
616 case FSCONTEXT_MNT:
617 fscontext_sid = sid;
618
619 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
620 fscontext_sid))
621 goto out_double_mount;
622
623 sbsec->flags |= FSCONTEXT_MNT;
624 break;
625 case CONTEXT_MNT:
626 context_sid = sid;
627
628 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
629 context_sid))
630 goto out_double_mount;
631
632 sbsec->flags |= CONTEXT_MNT;
633 break;
634 case ROOTCONTEXT_MNT:
635 rootcontext_sid = sid;
636
637 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
638 rootcontext_sid))
639 goto out_double_mount;
640
641 sbsec->flags |= ROOTCONTEXT_MNT;
642
643 break;
644 case DEFCONTEXT_MNT:
645 defcontext_sid = sid;
646
647 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
648 defcontext_sid))
649 goto out_double_mount;
650
651 sbsec->flags |= DEFCONTEXT_MNT;
652
653 break;
654 default:
655 rc = -EINVAL;
656 goto out;
657 }
658 }
659
660 if (sbsec->flags & SE_SBINITIALIZED) {
661
662 if ((sbsec->flags & SE_MNTMASK) && !num_opts)
663 goto out_double_mount;
664 rc = 0;
665 goto out;
666 }
667
668 if (strcmp(sb->s_type->name, "proc") == 0)
669 sbsec->flags |= SE_SBPROC;
670
671
672 rc = security_fs_use((sbsec->flags & SE_SBPROC) ? "proc" : sb->s_type->name, &sbsec->behavior, &sbsec->sid);
673 if (rc) {
674 printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
675 __func__, sb->s_type->name, rc);
676 goto out;
677 }
678
679
680 if (fscontext_sid) {
681 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
682 if (rc)
683 goto out;
684
685 sbsec->sid = fscontext_sid;
686 }
687
688
689
690
691
692
693 if (context_sid) {
694 if (!fscontext_sid) {
695 rc = may_context_mount_sb_relabel(context_sid, sbsec,
696 cred);
697 if (rc)
698 goto out;
699 sbsec->sid = context_sid;
700 } else {
701 rc = may_context_mount_inode_relabel(context_sid, sbsec,
702 cred);
703 if (rc)
704 goto out;
705 }
706 if (!rootcontext_sid)
707 rootcontext_sid = context_sid;
708
709 sbsec->mntpoint_sid = context_sid;
710 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
711 }
712
713 if (rootcontext_sid) {
714 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
715 cred);
716 if (rc)
717 goto out;
718
719 root_isec->sid = rootcontext_sid;
720 root_isec->initialized = 1;
721 }
722
723 if (defcontext_sid) {
724 if (sbsec->behavior != SECURITY_FS_USE_XATTR) {
725 rc = -EINVAL;
726 printk(KERN_WARNING "SELinux: defcontext option is "
727 "invalid for this filesystem type\n");
728 goto out;
729 }
730
731 if (defcontext_sid != sbsec->def_sid) {
732 rc = may_context_mount_inode_relabel(defcontext_sid,
733 sbsec, cred);
734 if (rc)
735 goto out;
736 }
737
738 sbsec->def_sid = defcontext_sid;
739 }
740
741 rc = sb_finish_set_opts(sb);
742out:
743 mutex_unlock(&sbsec->lock);
744 return rc;
745out_double_mount:
746 rc = -EINVAL;
747 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
748 "security settings for (dev %s, type %s)\n", sb->s_id, name);
749 goto out;
750}
751
752static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
753 struct super_block *newsb)
754{
755 const struct superblock_security_struct *oldsbsec = oldsb->s_security;
756 struct superblock_security_struct *newsbsec = newsb->s_security;
757
758 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
759 int set_context = (oldsbsec->flags & CONTEXT_MNT);
760 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
761
762
763
764
765
766 if (!ss_initialized)
767 return;
768
769
770 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
771
772
773 if (newsbsec->flags & SE_SBINITIALIZED)
774 return;
775
776 mutex_lock(&newsbsec->lock);
777
778 newsbsec->flags = oldsbsec->flags;
779
780 newsbsec->sid = oldsbsec->sid;
781 newsbsec->def_sid = oldsbsec->def_sid;
782 newsbsec->behavior = oldsbsec->behavior;
783
784 if (set_context) {
785 u32 sid = oldsbsec->mntpoint_sid;
786
787 if (!set_fscontext)
788 newsbsec->sid = sid;
789 if (!set_rootcontext) {
790 struct inode *newinode = newsb->s_root->d_inode;
791 struct inode_security_struct *newisec = newinode->i_security;
792 newisec->sid = sid;
793 }
794 newsbsec->mntpoint_sid = sid;
795 }
796 if (set_rootcontext) {
797 const struct inode *oldinode = oldsb->s_root->d_inode;
798 const struct inode_security_struct *oldisec = oldinode->i_security;
799 struct inode *newinode = newsb->s_root->d_inode;
800 struct inode_security_struct *newisec = newinode->i_security;
801
802 newisec->sid = oldisec->sid;
803 }
804
805 sb_finish_set_opts(newsb);
806 mutex_unlock(&newsbsec->lock);
807}
808
809static int selinux_parse_opts_str(char *options,
810 struct security_mnt_opts *opts)
811{
812 char *p;
813 char *context = NULL, *defcontext = NULL;
814 char *fscontext = NULL, *rootcontext = NULL;
815 int rc, num_mnt_opts = 0;
816
817 opts->num_mnt_opts = 0;
818
819
820 while ((p = strsep(&options, "|")) != NULL) {
821 int token;
822 substring_t args[MAX_OPT_ARGS];
823
824 if (!*p)
825 continue;
826
827 token = match_token(p, tokens, args);
828
829 switch (token) {
830 case Opt_context:
831 if (context || defcontext) {
832 rc = -EINVAL;
833 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
834 goto out_err;
835 }
836 context = match_strdup(&args[0]);
837 if (!context) {
838 rc = -ENOMEM;
839 goto out_err;
840 }
841 break;
842
843 case Opt_fscontext:
844 if (fscontext) {
845 rc = -EINVAL;
846 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
847 goto out_err;
848 }
849 fscontext = match_strdup(&args[0]);
850 if (!fscontext) {
851 rc = -ENOMEM;
852 goto out_err;
853 }
854 break;
855
856 case Opt_rootcontext:
857 if (rootcontext) {
858 rc = -EINVAL;
859 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
860 goto out_err;
861 }
862 rootcontext = match_strdup(&args[0]);
863 if (!rootcontext) {
864 rc = -ENOMEM;
865 goto out_err;
866 }
867 break;
868
869 case Opt_defcontext:
870 if (context || defcontext) {
871 rc = -EINVAL;
872 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
873 goto out_err;
874 }
875 defcontext = match_strdup(&args[0]);
876 if (!defcontext) {
877 rc = -ENOMEM;
878 goto out_err;
879 }
880 break;
881 case Opt_labelsupport:
882 break;
883 default:
884 rc = -EINVAL;
885 printk(KERN_WARNING "SELinux: unknown mount option\n");
886 goto out_err;
887
888 }
889 }
890
891 rc = -ENOMEM;
892 opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC);
893 if (!opts->mnt_opts)
894 goto out_err;
895
896 opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC);
897 if (!opts->mnt_opts_flags) {
898 kfree(opts->mnt_opts);
899 goto out_err;
900 }
901
902 if (fscontext) {
903 opts->mnt_opts[num_mnt_opts] = fscontext;
904 opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;
905 }
906 if (context) {
907 opts->mnt_opts[num_mnt_opts] = context;
908 opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;
909 }
910 if (rootcontext) {
911 opts->mnt_opts[num_mnt_opts] = rootcontext;
912 opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;
913 }
914 if (defcontext) {
915 opts->mnt_opts[num_mnt_opts] = defcontext;
916 opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;
917 }
918
919 opts->num_mnt_opts = num_mnt_opts;
920 return 0;
921
922out_err:
923 kfree(context);
924 kfree(defcontext);
925 kfree(fscontext);
926 kfree(rootcontext);
927 return rc;
928}
929
930
931
932static int superblock_doinit(struct super_block *sb, void *data)
933{
934 int rc = 0;
935 char *options = data;
936 struct security_mnt_opts opts;
937
938 security_init_mnt_opts(&opts);
939
940 if (!data)
941 goto out;
942
943 BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
944
945 rc = selinux_parse_opts_str(options, &opts);
946 if (rc)
947 goto out_err;
948
949out:
950 rc = selinux_set_mnt_opts(sb, &opts);
951
952out_err:
953 security_free_mnt_opts(&opts);
954 return rc;
955}
956
957static void selinux_write_opts(struct seq_file *m,
958 struct security_mnt_opts *opts)
959{
960 int i;
961 char *prefix;
962
963 for (i = 0; i < opts->num_mnt_opts; i++) {
964 char *has_comma;
965
966 if (opts->mnt_opts[i])
967 has_comma = strchr(opts->mnt_opts[i], ',');
968 else
969 has_comma = NULL;
970
971 switch (opts->mnt_opts_flags[i]) {
972 case CONTEXT_MNT:
973 prefix = CONTEXT_STR;
974 break;
975 case FSCONTEXT_MNT:
976 prefix = FSCONTEXT_STR;
977 break;
978 case ROOTCONTEXT_MNT:
979 prefix = ROOTCONTEXT_STR;
980 break;
981 case DEFCONTEXT_MNT:
982 prefix = DEFCONTEXT_STR;
983 break;
984 case SE_SBLABELSUPP:
985 seq_putc(m, ',');
986 seq_puts(m, LABELSUPP_STR);
987 continue;
988 default:
989 BUG();
990 return;
991 };
992
993 seq_putc(m, ',');
994 seq_puts(m, prefix);
995 if (has_comma)
996 seq_putc(m, '\"');
997 seq_puts(m, opts->mnt_opts[i]);
998 if (has_comma)
999 seq_putc(m, '\"');
1000 }
1001}
1002
1003static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
1004{
1005 struct security_mnt_opts opts;
1006 int rc;
1007
1008 rc = selinux_get_mnt_opts(sb, &opts);
1009 if (rc) {
1010
1011 if (rc == -EINVAL)
1012 rc = 0;
1013 return rc;
1014 }
1015
1016 selinux_write_opts(m, &opts);
1017
1018 security_free_mnt_opts(&opts);
1019
1020 return rc;
1021}
1022
1023static inline u16 inode_mode_to_security_class(umode_t mode)
1024{
1025 switch (mode & S_IFMT) {
1026 case S_IFSOCK:
1027 return SECCLASS_SOCK_FILE;
1028 case S_IFLNK:
1029 return SECCLASS_LNK_FILE;
1030 case S_IFREG:
1031 return SECCLASS_FILE;
1032 case S_IFBLK:
1033 return SECCLASS_BLK_FILE;
1034 case S_IFDIR:
1035 return SECCLASS_DIR;
1036 case S_IFCHR:
1037 return SECCLASS_CHR_FILE;
1038 case S_IFIFO:
1039 return SECCLASS_FIFO_FILE;
1040
1041 }
1042
1043 return SECCLASS_FILE;
1044}
1045
1046static inline int default_protocol_stream(int protocol)
1047{
1048 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
1049}
1050
1051static inline int default_protocol_dgram(int protocol)
1052{
1053 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
1054}
1055
1056static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1057{
1058 switch (family) {
1059 case PF_UNIX:
1060 switch (type) {
1061 case SOCK_STREAM:
1062 case SOCK_SEQPACKET:
1063 return SECCLASS_UNIX_STREAM_SOCKET;
1064 case SOCK_DGRAM:
1065 return SECCLASS_UNIX_DGRAM_SOCKET;
1066 }
1067 break;
1068 case PF_INET:
1069 case PF_INET6:
1070 switch (type) {
1071 case SOCK_STREAM:
1072 if (default_protocol_stream(protocol))
1073 return SECCLASS_TCP_SOCKET;
1074 else
1075 return SECCLASS_RAWIP_SOCKET;
1076 case SOCK_DGRAM:
1077 if (default_protocol_dgram(protocol))
1078 return SECCLASS_UDP_SOCKET;
1079 else
1080 return SECCLASS_RAWIP_SOCKET;
1081 case SOCK_DCCP:
1082 return SECCLASS_DCCP_SOCKET;
1083 default:
1084 return SECCLASS_RAWIP_SOCKET;
1085 }
1086 break;
1087 case PF_NETLINK:
1088 switch (protocol) {
1089 case NETLINK_ROUTE:
1090 return SECCLASS_NETLINK_ROUTE_SOCKET;
1091 case NETLINK_FIREWALL:
1092 return SECCLASS_NETLINK_FIREWALL_SOCKET;
1093 case NETLINK_SOCK_DIAG:
1094 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1095 case NETLINK_NFLOG:
1096 return SECCLASS_NETLINK_NFLOG_SOCKET;
1097 case NETLINK_XFRM:
1098 return SECCLASS_NETLINK_XFRM_SOCKET;
1099 case NETLINK_SELINUX:
1100 return SECCLASS_NETLINK_SELINUX_SOCKET;
1101 case NETLINK_AUDIT:
1102 return SECCLASS_NETLINK_AUDIT_SOCKET;
1103 case NETLINK_IP6_FW:
1104 return SECCLASS_NETLINK_IP6FW_SOCKET;
1105 case NETLINK_DNRTMSG:
1106 return SECCLASS_NETLINK_DNRT_SOCKET;
1107 case NETLINK_KOBJECT_UEVENT:
1108 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1109 default:
1110 return SECCLASS_NETLINK_SOCKET;
1111 }
1112 case PF_PACKET:
1113 return SECCLASS_PACKET_SOCKET;
1114 case PF_KEY:
1115 return SECCLASS_KEY_SOCKET;
1116 case PF_APPLETALK:
1117 return SECCLASS_APPLETALK_SOCKET;
1118 }
1119
1120 return SECCLASS_SOCKET;
1121}
1122
1123#ifdef CONFIG_PROC_FS
1124static int selinux_proc_get_sid(struct dentry *dentry,
1125 u16 tclass,
1126 u32 *sid)
1127{
1128 int rc;
1129 char *buffer, *path;
1130
1131 buffer = (char *)__get_free_page(GFP_KERNEL);
1132 if (!buffer)
1133 return -ENOMEM;
1134
1135 path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
1136 if (IS_ERR(path))
1137 rc = PTR_ERR(path);
1138 else {
1139
1140
1141
1142 while (path[1] >= '0' && path[1] <= '9') {
1143 path[1] = '/';
1144 path++;
1145 }
1146 rc = security_genfs_sid("proc", path, tclass, sid);
1147 }
1148 free_page((unsigned long)buffer);
1149 return rc;
1150}
1151#else
1152static int selinux_proc_get_sid(struct dentry *dentry,
1153 u16 tclass,
1154 u32 *sid)
1155{
1156 return -EINVAL;
1157}
1158#endif
1159
1160
1161static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1162{
1163 struct superblock_security_struct *sbsec = NULL;
1164 struct inode_security_struct *isec = inode->i_security;
1165 u32 sid;
1166 struct dentry *dentry;
1167#define INITCONTEXTLEN 255
1168 char *context = NULL;
1169 unsigned len = 0;
1170 int rc = 0;
1171
1172 if (isec->initialized)
1173 goto out;
1174
1175 mutex_lock(&isec->lock);
1176 if (isec->initialized)
1177 goto out_unlock;
1178
1179 sbsec = inode->i_sb->s_security;
1180 if (!(sbsec->flags & SE_SBINITIALIZED)) {
1181
1182
1183
1184 spin_lock(&sbsec->isec_lock);
1185 if (list_empty(&isec->list))
1186 list_add(&isec->list, &sbsec->isec_head);
1187 spin_unlock(&sbsec->isec_lock);
1188 goto out_unlock;
1189 }
1190
1191 switch (sbsec->behavior) {
1192 case SECURITY_FS_USE_XATTR:
1193 if (!inode->i_op->getxattr) {
1194 isec->sid = sbsec->def_sid;
1195 break;
1196 }
1197
1198
1199
1200 if (opt_dentry) {
1201
1202 dentry = dget(opt_dentry);
1203 } else {
1204
1205 dentry = d_find_alias(inode);
1206 }
1207 if (!dentry) {
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217 goto out_unlock;
1218 }
1219
1220 len = INITCONTEXTLEN;
1221 context = kmalloc(len+1, GFP_NOFS);
1222 if (!context) {
1223 rc = -ENOMEM;
1224 dput(dentry);
1225 goto out_unlock;
1226 }
1227 context[len] = '\0';
1228 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1229 context, len);
1230 if (rc == -ERANGE) {
1231 kfree(context);
1232
1233
1234 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1235 NULL, 0);
1236 if (rc < 0) {
1237 dput(dentry);
1238 goto out_unlock;
1239 }
1240 len = rc;
1241 context = kmalloc(len+1, GFP_NOFS);
1242 if (!context) {
1243 rc = -ENOMEM;
1244 dput(dentry);
1245 goto out_unlock;
1246 }
1247 context[len] = '\0';
1248 rc = inode->i_op->getxattr(dentry,
1249 XATTR_NAME_SELINUX,
1250 context, len);
1251 }
1252 dput(dentry);
1253 if (rc < 0) {
1254 if (rc != -ENODATA) {
1255 printk(KERN_WARNING "SELinux: %s: getxattr returned "
1256 "%d for dev=%s ino=%ld\n", __func__,
1257 -rc, inode->i_sb->s_id, inode->i_ino);
1258 kfree(context);
1259 goto out_unlock;
1260 }
1261
1262 sid = sbsec->def_sid;
1263 rc = 0;
1264 } else {
1265 rc = security_context_to_sid_default(context, rc, &sid,
1266 sbsec->def_sid,
1267 GFP_NOFS);
1268 if (rc) {
1269 char *dev = inode->i_sb->s_id;
1270 unsigned long ino = inode->i_ino;
1271
1272 if (rc == -EINVAL) {
1273 if (printk_ratelimit())
1274 printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
1275 "context=%s. This indicates you may need to relabel the inode or the "
1276 "filesystem in question.\n", ino, dev, context);
1277 } else {
1278 printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
1279 "returned %d for dev=%s ino=%ld\n",
1280 __func__, context, -rc, dev, ino);
1281 }
1282 kfree(context);
1283
1284 rc = 0;
1285 break;
1286 }
1287 }
1288 kfree(context);
1289 isec->sid = sid;
1290 break;
1291 case SECURITY_FS_USE_TASK:
1292 isec->sid = isec->task_sid;
1293 break;
1294 case SECURITY_FS_USE_TRANS:
1295
1296 isec->sid = sbsec->sid;
1297
1298
1299 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1300 rc = security_transition_sid(isec->task_sid, sbsec->sid,
1301 isec->sclass, NULL, &sid);
1302 if (rc)
1303 goto out_unlock;
1304 isec->sid = sid;
1305 break;
1306 case SECURITY_FS_USE_MNTPOINT:
1307 isec->sid = sbsec->mntpoint_sid;
1308 break;
1309 default:
1310
1311 isec->sid = sbsec->sid;
1312
1313 if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
1314 if (opt_dentry) {
1315 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1316 rc = selinux_proc_get_sid(opt_dentry,
1317 isec->sclass,
1318 &sid);
1319 if (rc)
1320 goto out_unlock;
1321 isec->sid = sid;
1322 }
1323 }
1324 break;
1325 }
1326
1327 isec->initialized = 1;
1328
1329out_unlock:
1330 mutex_unlock(&isec->lock);
1331out:
1332 if (isec->sclass == SECCLASS_FILE)
1333 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1334 return rc;
1335}
1336
1337
1338static inline u32 signal_to_av(int sig)
1339{
1340 u32 perm = 0;
1341
1342 switch (sig) {
1343 case SIGCHLD:
1344
1345 perm = PROCESS__SIGCHLD;
1346 break;
1347 case SIGKILL:
1348
1349 perm = PROCESS__SIGKILL;
1350 break;
1351 case SIGSTOP:
1352
1353 perm = PROCESS__SIGSTOP;
1354 break;
1355 default:
1356
1357 perm = PROCESS__SIGNAL;
1358 break;
1359 }
1360
1361 return perm;
1362}
1363
1364
1365
1366
1367
1368static int cred_has_perm(const struct cred *actor,
1369 const struct cred *target,
1370 u32 perms)
1371{
1372 u32 asid = cred_sid(actor), tsid = cred_sid(target);
1373
1374 return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL);
1375}
1376
1377
1378
1379
1380
1381
1382
1383static int task_has_perm(const struct task_struct *tsk1,
1384 const struct task_struct *tsk2,
1385 u32 perms)
1386{
1387 const struct task_security_struct *__tsec1, *__tsec2;
1388 u32 sid1, sid2;
1389
1390 rcu_read_lock();
1391 __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid;
1392 __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid;
1393 rcu_read_unlock();
1394 return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL);
1395}
1396
1397
1398
1399
1400
1401
1402
1403static int current_has_perm(const struct task_struct *tsk,
1404 u32 perms)
1405{
1406 u32 sid, tsid;
1407
1408 sid = current_sid();
1409 tsid = task_sid(tsk);
1410 return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL);
1411}
1412
1413#if CAP_LAST_CAP > 63
1414#error Fix SELinux to handle capabilities > 63.
1415#endif
1416
1417
1418static int cred_has_capability(const struct cred *cred,
1419 int cap, int audit)
1420{
1421 struct common_audit_data ad;
1422 struct av_decision avd;
1423 u16 sclass;
1424 u32 sid = cred_sid(cred);
1425 u32 av = CAP_TO_MASK(cap);
1426 int rc;
1427
1428 COMMON_AUDIT_DATA_INIT(&ad, CAP);
1429 ad.tsk = current;
1430 ad.u.cap = cap;
1431
1432 switch (CAP_TO_INDEX(cap)) {
1433 case 0:
1434 sclass = SECCLASS_CAPABILITY;
1435 break;
1436 case 1:
1437 sclass = SECCLASS_CAPABILITY2;
1438 break;
1439 default:
1440 printk(KERN_ERR
1441 "SELinux: out of range capability %d\n", cap);
1442 BUG();
1443 return -EINVAL;
1444 }
1445
1446 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
1447 if (audit == SECURITY_CAP_AUDIT) {
1448 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0);
1449 if (rc2)
1450 return rc2;
1451 }
1452 return rc;
1453}
1454
1455
1456static int task_has_system(struct task_struct *tsk,
1457 u32 perms)
1458{
1459 u32 sid = task_sid(tsk);
1460
1461 return avc_has_perm(sid, SECINITSID_KERNEL,
1462 SECCLASS_SYSTEM, perms, NULL);
1463}
1464
1465
1466
1467
1468static int inode_has_perm(const struct cred *cred,
1469 struct inode *inode,
1470 u32 perms,
1471 struct common_audit_data *adp,
1472 unsigned flags)
1473{
1474 struct inode_security_struct *isec;
1475 u32 sid;
1476
1477 validate_creds(cred);
1478
1479 if (unlikely(IS_PRIVATE(inode)))
1480 return 0;
1481
1482 sid = cred_sid(cred);
1483 isec = inode->i_security;
1484
1485 return avc_has_perm_flags(sid, isec->sid, isec->sclass, perms, adp, flags);
1486}
1487
1488static int inode_has_perm_noadp(const struct cred *cred,
1489 struct inode *inode,
1490 u32 perms,
1491 unsigned flags)
1492{
1493 struct common_audit_data ad;
1494
1495 COMMON_AUDIT_DATA_INIT(&ad, INODE);
1496 ad.u.inode = inode;
1497 return inode_has_perm(cred, inode, perms, &ad, flags);
1498}
1499
1500
1501
1502
1503static inline int dentry_has_perm(const struct cred *cred,
1504 struct dentry *dentry,
1505 u32 av)
1506{
1507 struct inode *inode = dentry->d_inode;
1508 struct common_audit_data ad;
1509
1510 COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
1511 ad.u.dentry = dentry;
1512 return inode_has_perm(cred, inode, av, &ad, 0);
1513}
1514
1515
1516
1517
1518static inline int path_has_perm(const struct cred *cred,
1519 struct path *path,
1520 u32 av)
1521{
1522 struct inode *inode = path->dentry->d_inode;
1523 struct common_audit_data ad;
1524
1525 COMMON_AUDIT_DATA_INIT(&ad, PATH);
1526 ad.u.path = *path;
1527 return inode_has_perm(cred, inode, av, &ad, 0);
1528}
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538static int file_has_perm(const struct cred *cred,
1539 struct file *file,
1540 u32 av)
1541{
1542 struct file_security_struct *fsec = file->f_security;
1543 struct inode *inode = file->f_path.dentry->d_inode;
1544 struct common_audit_data ad;
1545 u32 sid = cred_sid(cred);
1546 int rc;
1547
1548 COMMON_AUDIT_DATA_INIT(&ad, PATH);
1549 ad.u.path = file->f_path;
1550
1551 if (sid != fsec->sid) {
1552 rc = avc_has_perm(sid, fsec->sid,
1553 SECCLASS_FD,
1554 FD__USE,
1555 &ad);
1556 if (rc)
1557 goto out;
1558 }
1559
1560
1561 rc = 0;
1562 if (av)
1563 rc = inode_has_perm(cred, inode, av, &ad, 0);
1564
1565out:
1566 return rc;
1567}
1568
1569
1570static int may_create(struct inode *dir,
1571 struct dentry *dentry,
1572 u16 tclass)
1573{
1574 const struct task_security_struct *tsec = current_security();
1575 struct inode_security_struct *dsec;
1576 struct superblock_security_struct *sbsec;
1577 u32 sid, newsid;
1578 struct common_audit_data ad;
1579 int rc;
1580
1581 dsec = dir->i_security;
1582 sbsec = dir->i_sb->s_security;
1583
1584 sid = tsec->sid;
1585 newsid = tsec->create_sid;
1586
1587 COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
1588 ad.u.dentry = dentry;
1589
1590 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
1591 DIR__ADD_NAME | DIR__SEARCH,
1592 &ad);
1593 if (rc)
1594 return rc;
1595
1596 if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
1597 rc = security_transition_sid(sid, dsec->sid, tclass,
1598 &dentry->d_name, &newsid);
1599 if (rc)
1600 return rc;
1601 }
1602
1603 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);
1604 if (rc)
1605 return rc;
1606
1607 return avc_has_perm(newsid, sbsec->sid,
1608 SECCLASS_FILESYSTEM,
1609 FILESYSTEM__ASSOCIATE, &ad);
1610}
1611
1612
1613static int may_create_key(u32 ksid,
1614 struct task_struct *ctx)
1615{
1616 u32 sid = task_sid(ctx);
1617
1618 return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1619}
1620
1621#define MAY_LINK 0
1622#define MAY_UNLINK 1
1623#define MAY_RMDIR 2
1624
1625
1626static int may_link(struct inode *dir,
1627 struct dentry *dentry,
1628 int kind)
1629
1630{
1631 struct inode_security_struct *dsec, *isec;
1632 struct common_audit_data ad;
1633 u32 sid = current_sid();
1634 u32 av;
1635 int rc;
1636
1637 dsec = dir->i_security;
1638 isec = dentry->d_inode->i_security;
1639
1640 COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
1641 ad.u.dentry = dentry;
1642
1643 av = DIR__SEARCH;
1644 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1645 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);
1646 if (rc)
1647 return rc;
1648
1649 switch (kind) {
1650 case MAY_LINK:
1651 av = FILE__LINK;
1652 break;
1653 case MAY_UNLINK:
1654 av = FILE__UNLINK;
1655 break;
1656 case MAY_RMDIR:
1657 av = DIR__RMDIR;
1658 break;
1659 default:
1660 printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
1661 __func__, kind);
1662 return 0;
1663 }
1664
1665 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);
1666 return rc;
1667}
1668
1669static inline int may_rename(struct inode *old_dir,
1670 struct dentry *old_dentry,
1671 struct inode *new_dir,
1672 struct dentry *new_dentry)
1673{
1674 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1675 struct common_audit_data ad;
1676 u32 sid = current_sid();
1677 u32 av;
1678 int old_is_dir, new_is_dir;
1679 int rc;
1680
1681 old_dsec = old_dir->i_security;
1682 old_isec = old_dentry->d_inode->i_security;
1683 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
1684 new_dsec = new_dir->i_security;
1685
1686 COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
1687
1688 ad.u.dentry = old_dentry;
1689 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
1690 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1691 if (rc)
1692 return rc;
1693 rc = avc_has_perm(sid, old_isec->sid,
1694 old_isec->sclass, FILE__RENAME, &ad);
1695 if (rc)
1696 return rc;
1697 if (old_is_dir && new_dir != old_dir) {
1698 rc = avc_has_perm(sid, old_isec->sid,
1699 old_isec->sclass, DIR__REPARENT, &ad);
1700 if (rc)
1701 return rc;
1702 }
1703
1704 ad.u.dentry = new_dentry;
1705 av = DIR__ADD_NAME | DIR__SEARCH;
1706 if (new_dentry->d_inode)
1707 av |= DIR__REMOVE_NAME;
1708 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1709 if (rc)
1710 return rc;
1711 if (new_dentry->d_inode) {
1712 new_isec = new_dentry->d_inode->i_security;
1713 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
1714 rc = avc_has_perm(sid, new_isec->sid,
1715 new_isec->sclass,
1716 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1717 if (rc)
1718 return rc;
1719 }
1720
1721 return 0;
1722}
1723
1724
1725static int superblock_has_perm(const struct cred *cred,
1726 struct super_block *sb,
1727 u32 perms,
1728 struct common_audit_data *ad)
1729{
1730 struct superblock_security_struct *sbsec;
1731 u32 sid = cred_sid(cred);
1732
1733 sbsec = sb->s_security;
1734 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
1735}
1736
1737
1738static inline u32 file_mask_to_av(int mode, int mask)
1739{
1740 u32 av = 0;
1741
1742 if (!S_ISDIR(mode)) {
1743 if (mask & MAY_EXEC)
1744 av |= FILE__EXECUTE;
1745 if (mask & MAY_READ)
1746 av |= FILE__READ;
1747
1748 if (mask & MAY_APPEND)
1749 av |= FILE__APPEND;
1750 else if (mask & MAY_WRITE)
1751 av |= FILE__WRITE;
1752
1753 } else {
1754 if (mask & MAY_EXEC)
1755 av |= DIR__SEARCH;
1756 if (mask & MAY_WRITE)
1757 av |= DIR__WRITE;
1758 if (mask & MAY_READ)
1759 av |= DIR__READ;
1760 }
1761
1762 return av;
1763}
1764
1765
1766static inline u32 file_to_av(struct file *file)
1767{
1768 u32 av = 0;
1769
1770 if (file->f_mode & FMODE_READ)
1771 av |= FILE__READ;
1772 if (file->f_mode & FMODE_WRITE) {
1773 if (file->f_flags & O_APPEND)
1774 av |= FILE__APPEND;
1775 else
1776 av |= FILE__WRITE;
1777 }
1778 if (!av) {
1779
1780
1781
1782 av = FILE__IOCTL;
1783 }
1784
1785 return av;
1786}
1787
1788
1789
1790
1791
1792static inline u32 open_file_to_av(struct file *file)
1793{
1794 u32 av = file_to_av(file);
1795
1796 if (selinux_policycap_openperm)
1797 av |= FILE__OPEN;
1798
1799 return av;
1800}
1801
1802
1803
1804static int selinux_ptrace_access_check(struct task_struct *child,
1805 unsigned int mode)
1806{
1807 int rc;
1808
1809 rc = cap_ptrace_access_check(child, mode);
1810 if (rc)
1811 return rc;
1812
1813 if (mode & PTRACE_MODE_READ) {
1814 u32 sid = current_sid();
1815 u32 csid = task_sid(child);
1816 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
1817 }
1818
1819 return current_has_perm(child, PROCESS__PTRACE);
1820}
1821
1822static int selinux_ptrace_traceme(struct task_struct *parent)
1823{
1824 int rc;
1825
1826 rc = cap_ptrace_traceme(parent);
1827 if (rc)
1828 return rc;
1829
1830 return task_has_perm(parent, current, PROCESS__PTRACE);
1831}
1832
1833static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
1834 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1835{
1836 int error;
1837
1838 error = current_has_perm(target, PROCESS__GETCAP);
1839 if (error)
1840 return error;
1841
1842 return cap_capget(target, effective, inheritable, permitted);
1843}
1844
1845static int selinux_capset(struct cred *new, const struct cred *old,
1846 const kernel_cap_t *effective,
1847 const kernel_cap_t *inheritable,
1848 const kernel_cap_t *permitted)
1849{
1850 int error;
1851
1852 error = cap_capset(new, old,
1853 effective, inheritable, permitted);
1854 if (error)
1855 return error;
1856
1857 return cred_has_perm(old, new, PROCESS__SETCAP);
1858}
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
1871 int cap, int audit)
1872{
1873 int rc;
1874
1875 rc = cap_capable(cred, ns, cap, audit);
1876 if (rc)
1877 return rc;
1878
1879 return cred_has_capability(cred, cap, audit);
1880}
1881
1882static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1883{
1884 const struct cred *cred = current_cred();
1885 int rc = 0;
1886
1887 if (!sb)
1888 return 0;
1889
1890 switch (cmds) {
1891 case Q_SYNC:
1892 case Q_QUOTAON:
1893 case Q_QUOTAOFF:
1894 case Q_SETINFO:
1895 case Q_SETQUOTA:
1896 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
1897 break;
1898 case Q_GETFMT:
1899 case Q_GETINFO:
1900 case Q_GETQUOTA:
1901 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
1902 break;
1903 default:
1904 rc = 0;
1905 break;
1906 }
1907 return rc;
1908}
1909
1910static int selinux_quota_on(struct dentry *dentry)
1911{
1912 const struct cred *cred = current_cred();
1913
1914 return dentry_has_perm(cred, dentry, FILE__QUOTAON);
1915}
1916
1917static int selinux_syslog(int type)
1918{
1919 int rc;
1920
1921 switch (type) {
1922 case SYSLOG_ACTION_READ_ALL:
1923 case SYSLOG_ACTION_SIZE_BUFFER:
1924 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
1925 break;
1926 case SYSLOG_ACTION_CONSOLE_OFF:
1927 case SYSLOG_ACTION_CONSOLE_ON:
1928
1929 case SYSLOG_ACTION_CONSOLE_LEVEL:
1930 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
1931 break;
1932 case SYSLOG_ACTION_CLOSE:
1933 case SYSLOG_ACTION_OPEN:
1934 case SYSLOG_ACTION_READ:
1935 case SYSLOG_ACTION_READ_CLEAR:
1936 case SYSLOG_ACTION_CLEAR:
1937 default:
1938 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
1939 break;
1940 }
1941 return rc;
1942}
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
1953{
1954 int rc, cap_sys_admin = 0;
1955
1956 rc = selinux_capable(current_cred(), &init_user_ns, CAP_SYS_ADMIN,
1957 SECURITY_CAP_NOAUDIT);
1958 if (rc == 0)
1959 cap_sys_admin = 1;
1960
1961 return __vm_enough_memory(mm, pages, cap_sys_admin);
1962}
1963
1964
1965
1966static int selinux_bprm_set_creds(struct linux_binprm *bprm)
1967{
1968 const struct task_security_struct *old_tsec;
1969 struct task_security_struct *new_tsec;
1970 struct inode_security_struct *isec;
1971 struct common_audit_data ad;
1972 struct inode *inode = bprm->file->f_path.dentry->d_inode;
1973 int rc;
1974
1975 rc = cap_bprm_set_creds(bprm);
1976 if (rc)
1977 return rc;
1978
1979
1980
1981 if (bprm->cred_prepared)
1982 return 0;
1983
1984 old_tsec = current_security();
1985 new_tsec = bprm->cred->security;
1986 isec = inode->i_security;
1987
1988
1989 new_tsec->sid = old_tsec->sid;
1990 new_tsec->osid = old_tsec->sid;
1991
1992
1993 new_tsec->create_sid = 0;
1994 new_tsec->keycreate_sid = 0;
1995 new_tsec->sockcreate_sid = 0;
1996
1997 if (old_tsec->exec_sid) {
1998 new_tsec->sid = old_tsec->exec_sid;
1999
2000 new_tsec->exec_sid = 0;
2001 } else {
2002
2003 rc = security_transition_sid(old_tsec->sid, isec->sid,
2004 SECCLASS_PROCESS, NULL,
2005 &new_tsec->sid);
2006 if (rc)
2007 return rc;
2008 }
2009
2010 COMMON_AUDIT_DATA_INIT(&ad, PATH);
2011 ad.u.path = bprm->file->f_path;
2012
2013 if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
2014 new_tsec->sid = old_tsec->sid;
2015
2016 if (new_tsec->sid == old_tsec->sid) {
2017 rc = avc_has_perm(old_tsec->sid, isec->sid,
2018 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2019 if (rc)
2020 return rc;
2021 } else {
2022
2023 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2024 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2025 if (rc)
2026 return rc;
2027
2028 rc = avc_has_perm(new_tsec->sid, isec->sid,
2029 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2030 if (rc)
2031 return rc;
2032
2033
2034 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2035 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2036 SECCLASS_PROCESS, PROCESS__SHARE,
2037 NULL);
2038 if (rc)
2039 return -EPERM;
2040 }
2041
2042
2043
2044 if (bprm->unsafe &
2045 (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
2046 struct task_struct *tracer;
2047 struct task_security_struct *sec;
2048 u32 ptsid = 0;
2049
2050 rcu_read_lock();
2051 tracer = ptrace_parent(current);
2052 if (likely(tracer != NULL)) {
2053 sec = __task_cred(tracer)->security;
2054 ptsid = sec->sid;
2055 }
2056 rcu_read_unlock();
2057
2058 if (ptsid != 0) {
2059 rc = avc_has_perm(ptsid, new_tsec->sid,
2060 SECCLASS_PROCESS,
2061 PROCESS__PTRACE, NULL);
2062 if (rc)
2063 return -EPERM;
2064 }
2065 }
2066
2067
2068 bprm->per_clear |= PER_CLEAR_ON_SETID;
2069 }
2070
2071 return 0;
2072}
2073
2074static int selinux_bprm_secureexec(struct linux_binprm *bprm)
2075{
2076 const struct task_security_struct *tsec = current_security();
2077 u32 sid, osid;
2078 int atsecure = 0;
2079
2080 sid = tsec->sid;
2081 osid = tsec->osid;
2082
2083 if (osid != sid) {
2084
2085
2086
2087 atsecure = avc_has_perm(osid, sid,
2088 SECCLASS_PROCESS,
2089 PROCESS__NOATSECURE, NULL);
2090 }
2091
2092 return (atsecure || cap_bprm_secureexec(bprm));
2093}
2094
2095
2096static inline void flush_unauthorized_files(const struct cred *cred,
2097 struct files_struct *files)
2098{
2099 struct common_audit_data ad;
2100 struct file *file, *devnull = NULL;
2101 struct tty_struct *tty;
2102 struct fdtable *fdt;
2103 long j = -1;
2104 int drop_tty = 0;
2105
2106 tty = get_current_tty();
2107 if (tty) {
2108 spin_lock(&tty_files_lock);
2109 if (!list_empty(&tty->tty_files)) {
2110 struct tty_file_private *file_priv;
2111 struct inode *inode;
2112
2113
2114
2115
2116
2117
2118 file_priv = list_first_entry(&tty->tty_files,
2119 struct tty_file_private, list);
2120 file = file_priv->file;
2121 inode = file->f_path.dentry->d_inode;
2122 if (inode_has_perm_noadp(cred, inode,
2123 FILE__READ | FILE__WRITE, 0)) {
2124 drop_tty = 1;
2125 }
2126 }
2127 spin_unlock(&tty_files_lock);
2128 tty_kref_put(tty);
2129 }
2130
2131 if (drop_tty)
2132 no_tty();
2133
2134
2135
2136 COMMON_AUDIT_DATA_INIT(&ad, INODE);
2137
2138 spin_lock(&files->file_lock);
2139 for (;;) {
2140 unsigned long set, i;
2141 int fd;
2142
2143 j++;
2144 i = j * __NFDBITS;
2145 fdt = files_fdtable(files);
2146 if (i >= fdt->max_fds)
2147 break;
2148 set = fdt->open_fds->fds_bits[j];
2149 if (!set)
2150 continue;
2151 spin_unlock(&files->file_lock);
2152 for ( ; set ; i++, set >>= 1) {
2153 if (set & 1) {
2154 file = fget(i);
2155 if (!file)
2156 continue;
2157 if (file_has_perm(cred,
2158 file,
2159 file_to_av(file))) {
2160 sys_close(i);
2161 fd = get_unused_fd();
2162 if (fd != i) {
2163 if (fd >= 0)
2164 put_unused_fd(fd);
2165 fput(file);
2166 continue;
2167 }
2168 if (devnull) {
2169 get_file(devnull);
2170 } else {
2171 devnull = dentry_open(
2172 dget(selinux_null),
2173 mntget(selinuxfs_mount),
2174 O_RDWR, cred);
2175 if (IS_ERR(devnull)) {
2176 devnull = NULL;
2177 put_unused_fd(fd);
2178 fput(file);
2179 continue;
2180 }
2181 }
2182 fd_install(fd, devnull);
2183 }
2184 fput(file);
2185 }
2186 }
2187 spin_lock(&files->file_lock);
2188
2189 }
2190 spin_unlock(&files->file_lock);
2191}
2192
2193
2194
2195
2196static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2197{
2198 struct task_security_struct *new_tsec;
2199 struct rlimit *rlim, *initrlim;
2200 int rc, i;
2201
2202 new_tsec = bprm->cred->security;
2203 if (new_tsec->sid == new_tsec->osid)
2204 return;
2205
2206
2207 flush_unauthorized_files(bprm->cred, current->files);
2208
2209
2210 current->pdeath_signal = 0;
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2223 PROCESS__RLIMITINH, NULL);
2224 if (rc) {
2225
2226 task_lock(current);
2227 for (i = 0; i < RLIM_NLIMITS; i++) {
2228 rlim = current->signal->rlim + i;
2229 initrlim = init_task.signal->rlim + i;
2230 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2231 }
2232 task_unlock(current);
2233 update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
2234 }
2235}
2236
2237
2238
2239
2240
2241static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2242{
2243 const struct task_security_struct *tsec = current_security();
2244 struct itimerval itimer;
2245 u32 osid, sid;
2246 int rc, i;
2247
2248 osid = tsec->osid;
2249 sid = tsec->sid;
2250
2251 if (sid == osid)
2252 return;
2253
2254
2255
2256
2257
2258
2259
2260
2261 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2262 if (rc) {
2263 memset(&itimer, 0, sizeof itimer);
2264 for (i = 0; i < 3; i++)
2265 do_setitimer(i, &itimer, NULL);
2266 spin_lock_irq(¤t->sighand->siglock);
2267 if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) {
2268 __flush_signals(current);
2269 flush_signal_handlers(current, 1);
2270 sigemptyset(¤t->blocked);
2271 }
2272 spin_unlock_irq(¤t->sighand->siglock);
2273 }
2274
2275
2276
2277 read_lock(&tasklist_lock);
2278 __wake_up_parent(current, current->real_parent);
2279 read_unlock(&tasklist_lock);
2280}
2281
2282
2283
2284static int selinux_sb_alloc_security(struct super_block *sb)
2285{
2286 return superblock_alloc_security(sb);
2287}
2288
2289static void selinux_sb_free_security(struct super_block *sb)
2290{
2291 superblock_free_security(sb);
2292}
2293
2294static inline int match_prefix(char *prefix, int plen, char *option, int olen)
2295{
2296 if (plen > olen)
2297 return 0;
2298
2299 return !memcmp(prefix, option, plen);
2300}
2301
2302static inline int selinux_option(char *option, int len)
2303{
2304 return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) ||
2305 match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) ||
2306 match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) ||
2307 match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) ||
2308 match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len));
2309}
2310
2311static inline void take_option(char **to, char *from, int *first, int len)
2312{
2313 if (!*first) {
2314 **to = ',';
2315 *to += 1;
2316 } else
2317 *first = 0;
2318 memcpy(*to, from, len);
2319 *to += len;
2320}
2321
2322static inline void take_selinux_option(char **to, char *from, int *first,
2323 int len)
2324{
2325 int current_size = 0;
2326
2327 if (!*first) {
2328 **to = '|';
2329 *to += 1;
2330 } else
2331 *first = 0;
2332
2333 while (current_size < len) {
2334 if (*from != '"') {
2335 **to = *from;
2336 *to += 1;
2337 }
2338 from += 1;
2339 current_size += 1;
2340 }
2341}
2342
2343static int selinux_sb_copy_data(char *orig, char *copy)
2344{
2345 int fnosec, fsec, rc = 0;
2346 char *in_save, *in_curr, *in_end;
2347 char *sec_curr, *nosec_save, *nosec;
2348 int open_quote = 0;
2349
2350 in_curr = orig;
2351 sec_curr = copy;
2352
2353 nosec = (char *)get_zeroed_page(GFP_KERNEL);
2354 if (!nosec) {
2355 rc = -ENOMEM;
2356 goto out;
2357 }
2358
2359 nosec_save = nosec;
2360 fnosec = fsec = 1;
2361 in_save = in_end = orig;
2362
2363 do {
2364 if (*in_end == '"')
2365 open_quote = !open_quote;
2366 if ((*in_end == ',' && open_quote == 0) ||
2367 *in_end == '\0') {
2368 int len = in_end - in_curr;
2369
2370 if (selinux_option(in_curr, len))
2371 take_selinux_option(&sec_curr, in_curr, &fsec, len);
2372 else
2373 take_option(&nosec, in_curr, &fnosec, len);
2374
2375 in_curr = in_end + 1;
2376 }
2377 } while (*in_end++);
2378
2379 strcpy(in_save, nosec_save);
2380 free_page((unsigned long)nosec_save);
2381out:
2382 return rc;
2383}
2384
2385static int selinux_sb_remount(struct super_block *sb, void *data)
2386{
2387 int rc, i, *flags;
2388 struct security_mnt_opts opts;
2389 char *secdata, **mount_options;
2390 struct superblock_security_struct *sbsec = sb->s_security;
2391
2392 if (!(sbsec->flags & SE_SBINITIALIZED))
2393 return 0;
2394
2395 if (!data)
2396 return 0;
2397
2398 if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
2399 return 0;
2400
2401 security_init_mnt_opts(&opts);
2402 secdata = alloc_secdata();
2403 if (!secdata)
2404 return -ENOMEM;
2405 rc = selinux_sb_copy_data(data, secdata);
2406 if (rc)
2407 goto out_free_secdata;
2408
2409 rc = selinux_parse_opts_str(secdata, &opts);
2410 if (rc)
2411 goto out_free_secdata;
2412
2413 mount_options = opts.mnt_opts;
2414 flags = opts.mnt_opts_flags;
2415
2416 for (i = 0; i < opts.num_mnt_opts; i++) {
2417 u32 sid;
2418 size_t len;
2419
2420 if (flags[i] == SE_SBLABELSUPP)
2421 continue;
2422 len = strlen(mount_options[i]);
2423 rc = security_context_to_sid(mount_options[i], len, &sid);
2424 if (rc) {
2425 printk(KERN_WARNING "SELinux: security_context_to_sid"
2426 "(%s) failed for (dev %s, type %s) errno=%d\n",
2427 mount_options[i], sb->s_id, sb->s_type->name, rc);
2428 goto out_free_opts;
2429 }
2430 rc = -EINVAL;
2431 switch (flags[i]) {
2432 case FSCONTEXT_MNT:
2433 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
2434 goto out_bad_option;
2435 break;
2436 case CONTEXT_MNT:
2437 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
2438 goto out_bad_option;
2439 break;
2440 case ROOTCONTEXT_MNT: {
2441 struct inode_security_struct *root_isec;
2442 root_isec = sb->s_root->d_inode->i_security;
2443
2444 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
2445 goto out_bad_option;
2446 break;
2447 }
2448 case DEFCONTEXT_MNT:
2449 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
2450 goto out_bad_option;
2451 break;
2452 default:
2453 goto out_free_opts;
2454 }
2455 }
2456
2457 rc = 0;
2458out_free_opts:
2459 security_free_mnt_opts(&opts);
2460out_free_secdata:
2461 free_secdata(secdata);
2462 return rc;
2463out_bad_option:
2464 printk(KERN_WARNING "SELinux: unable to change security options "
2465 "during remount (dev %s, type=%s)\n", sb->s_id,
2466 sb->s_type->name);
2467 goto out_free_opts;
2468}
2469
2470static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2471{
2472 const struct cred *cred = current_cred();
2473 struct common_audit_data ad;
2474 int rc;
2475
2476 rc = superblock_doinit(sb, data);
2477 if (rc)
2478 return rc;
2479
2480
2481 if (flags & MS_KERNMOUNT)
2482 return 0;
2483
2484 COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
2485 ad.u.dentry = sb->s_root;
2486 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2487}
2488
2489static int selinux_sb_statfs(struct dentry *dentry)
2490{
2491 const struct cred *cred = current_cred();
2492 struct common_audit_data ad;
2493
2494 COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
2495 ad.u.dentry = dentry->d_sb->s_root;
2496 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2497}
2498
2499static int selinux_mount(char *dev_name,
2500 struct path *path,
2501 char *type,
2502 unsigned long flags,
2503 void *data)
2504{
2505 const struct cred *cred = current_cred();
2506
2507 if (flags & MS_REMOUNT)
2508 return superblock_has_perm(cred, path->dentry->d_sb,
2509 FILESYSTEM__REMOUNT, NULL);
2510 else
2511 return path_has_perm(cred, path, FILE__MOUNTON);
2512}
2513
2514static int selinux_umount(struct vfsmount *mnt, int flags)
2515{
2516 const struct cred *cred = current_cred();
2517
2518 return superblock_has_perm(cred, mnt->mnt_sb,
2519 FILESYSTEM__UNMOUNT, NULL);
2520}
2521
2522
2523
2524static int selinux_inode_alloc_security(struct inode *inode)
2525{
2526 return inode_alloc_security(inode);
2527}
2528
2529static void selinux_inode_free_security(struct inode *inode)
2530{
2531 inode_free_security(inode);
2532}
2533
2534static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2535 const struct qstr *qstr, char **name,
2536 void **value, size_t *len)
2537{
2538 const struct task_security_struct *tsec = current_security();
2539 struct inode_security_struct *dsec;
2540 struct superblock_security_struct *sbsec;
2541 u32 sid, newsid, clen;
2542 int rc;
2543 char *namep = NULL, *context;
2544
2545 dsec = dir->i_security;
2546 sbsec = dir->i_sb->s_security;
2547
2548 sid = tsec->sid;
2549 newsid = tsec->create_sid;
2550
2551 if ((sbsec->flags & SE_SBINITIALIZED) &&
2552 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT))
2553 newsid = sbsec->mntpoint_sid;
2554 else if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
2555 rc = security_transition_sid(sid, dsec->sid,
2556 inode_mode_to_security_class(inode->i_mode),
2557 qstr, &newsid);
2558 if (rc) {
2559 printk(KERN_WARNING "%s: "
2560 "security_transition_sid failed, rc=%d (dev=%s "
2561 "ino=%ld)\n",
2562 __func__,
2563 -rc, inode->i_sb->s_id, inode->i_ino);
2564 return rc;
2565 }
2566 }
2567
2568
2569 if (sbsec->flags & SE_SBINITIALIZED) {
2570 struct inode_security_struct *isec = inode->i_security;
2571 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2572 isec->sid = newsid;
2573 isec->initialized = 1;
2574 }
2575
2576 if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP))
2577 return -EOPNOTSUPP;
2578
2579 if (name) {
2580 namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS);
2581 if (!namep)
2582 return -ENOMEM;
2583 *name = namep;
2584 }
2585
2586 if (value && len) {
2587 rc = security_sid_to_context_force(newsid, &context, &clen);
2588 if (rc) {
2589 kfree(namep);
2590 return rc;
2591 }
2592 *value = context;
2593 *len = clen;
2594 }
2595
2596 return 0;
2597}
2598
2599static int selinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
2600{
2601 return may_create(dir, dentry, SECCLASS_FILE);
2602}
2603
2604static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2605{
2606 return may_link(dir, old_dentry, MAY_LINK);
2607}
2608
2609static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2610{
2611 return may_link(dir, dentry, MAY_UNLINK);
2612}
2613
2614static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2615{
2616 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2617}
2618
2619static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask)
2620{
2621 return may_create(dir, dentry, SECCLASS_DIR);
2622}
2623
2624static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2625{
2626 return may_link(dir, dentry, MAY_RMDIR);
2627}
2628
2629static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
2630{
2631 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2632}
2633
2634static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2635 struct inode *new_inode, struct dentry *new_dentry)
2636{
2637 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2638}
2639
2640static int selinux_inode_readlink(struct dentry *dentry)
2641{
2642 const struct cred *cred = current_cred();
2643
2644 return dentry_has_perm(cred, dentry, FILE__READ);
2645}
2646
2647static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
2648{
2649 const struct cred *cred = current_cred();
2650
2651 return dentry_has_perm(cred, dentry, FILE__READ);
2652}
2653
2654static int selinux_inode_permission(struct inode *inode, int mask)
2655{
2656 const struct cred *cred = current_cred();
2657 struct common_audit_data ad;
2658 u32 perms;
2659 bool from_access;
2660 unsigned flags = mask & MAY_NOT_BLOCK;
2661
2662 from_access = mask & MAY_ACCESS;
2663 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
2664
2665
2666 if (!mask)
2667 return 0;
2668
2669 COMMON_AUDIT_DATA_INIT(&ad, INODE);
2670 ad.u.inode = inode;
2671
2672 if (from_access)
2673 ad.selinux_audit_data.auditdeny |= FILE__AUDIT_ACCESS;
2674
2675 perms = file_mask_to_av(inode->i_mode, mask);
2676
2677 return inode_has_perm(cred, inode, perms, &ad, flags);
2678}
2679
2680static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2681{
2682 const struct cred *cred = current_cred();
2683 unsigned int ia_valid = iattr->ia_valid;
2684
2685
2686 if (ia_valid & ATTR_FORCE) {
2687 ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE |
2688 ATTR_FORCE);
2689 if (!ia_valid)
2690 return 0;
2691 }
2692
2693 if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
2694 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
2695 return dentry_has_perm(cred, dentry, FILE__SETATTR);
2696
2697 return dentry_has_perm(cred, dentry, FILE__WRITE);
2698}
2699
2700static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
2701{
2702 const struct cred *cred = current_cred();
2703 struct path path;
2704
2705 path.dentry = dentry;
2706 path.mnt = mnt;
2707
2708 return path_has_perm(cred, &path, FILE__GETATTR);
2709}
2710
2711static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
2712{
2713 const struct cred *cred = current_cred();
2714
2715 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2716 sizeof XATTR_SECURITY_PREFIX - 1)) {
2717 if (!strcmp(name, XATTR_NAME_CAPS)) {
2718 if (!capable(CAP_SETFCAP))
2719 return -EPERM;
2720 } else if (!capable(CAP_SYS_ADMIN)) {
2721
2722
2723 return -EPERM;
2724 }
2725 }
2726
2727
2728
2729 return dentry_has_perm(cred, dentry, FILE__SETATTR);
2730}
2731
2732static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2733 const void *value, size_t size, int flags)
2734{
2735 struct inode *inode = dentry->d_inode;
2736 struct inode_security_struct *isec = inode->i_security;
2737 struct superblock_security_struct *sbsec;
2738 struct common_audit_data ad;
2739 u32 newsid, sid = current_sid();
2740 int rc = 0;
2741
2742 if (strcmp(name, XATTR_NAME_SELINUX))
2743 return selinux_inode_setotherxattr(dentry, name);
2744
2745 sbsec = inode->i_sb->s_security;
2746 if (!(sbsec->flags & SE_SBLABELSUPP))
2747 return -EOPNOTSUPP;
2748
2749 if (!inode_owner_or_capable(inode))
2750 return -EPERM;
2751
2752 COMMON_AUDIT_DATA_INIT(&ad, DENTRY);
2753 ad.u.dentry = dentry;
2754
2755 rc = avc_has_perm(sid, isec->sid, isec->sclass,
2756 FILE__RELABELFROM, &ad);
2757 if (rc)
2758 return rc;
2759
2760 rc = security_context_to_sid(value, size, &newsid);
2761 if (rc == -EINVAL) {
2762 if (!capable(CAP_MAC_ADMIN))
2763 return rc;
2764 rc = security_context_to_sid_force(value, size, &newsid);
2765 }
2766 if (rc)
2767 return rc;
2768
2769 rc = avc_has_perm(sid, newsid, isec->sclass,
2770 FILE__RELABELTO, &ad);
2771 if (rc)
2772 return rc;
2773
2774 rc = security_validate_transition(isec->sid, newsid, sid,
2775 isec->sclass);
2776 if (rc)
2777 return rc;
2778
2779 return avc_has_perm(newsid,
2780 sbsec->sid,
2781 SECCLASS_FILESYSTEM,
2782 FILESYSTEM__ASSOCIATE,
2783 &ad);
2784}
2785
2786static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
2787 const void *value, size_t size,
2788 int flags)
2789{
2790 struct inode *inode = dentry->d_inode;
2791 struct inode_security_struct *isec = inode->i_security;
2792 u32 newsid;
2793 int rc;
2794
2795 if (strcmp(name, XATTR_NAME_SELINUX)) {
2796
2797 return;
2798 }
2799
2800 rc = security_context_to_sid_force(value, size, &newsid);
2801 if (rc) {
2802 printk(KERN_ERR "SELinux: unable to map context to SID"
2803 "for (%s, %lu), rc=%d\n",
2804 inode->i_sb->s_id, inode->i_ino, -rc);
2805 return;
2806 }
2807
2808 isec->sid = newsid;
2809 return;
2810}
2811
2812static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
2813{
2814 const struct cred *cred = current_cred();
2815
2816 return dentry_has_perm(cred, dentry, FILE__GETATTR);
2817}
2818
2819static int selinux_inode_listxattr(struct dentry *dentry)
2820{
2821 const struct cred *cred = current_cred();
2822
2823 return dentry_has_perm(cred, dentry, FILE__GETATTR);
2824}
2825
2826static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
2827{
2828 if (strcmp(name, XATTR_NAME_SELINUX))
2829 return selinux_inode_setotherxattr(dentry, name);
2830
2831
2832
2833 return -EACCES;
2834}
2835
2836
2837
2838
2839
2840
2841static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
2842{
2843 u32 size;
2844 int error;
2845 char *context = NULL;
2846 struct inode_security_struct *isec = inode->i_security;
2847
2848 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2849 return -EOPNOTSUPP;
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859
2860 error = selinux_capable(current_cred(), &init_user_ns, CAP_MAC_ADMIN,
2861 SECURITY_CAP_NOAUDIT);
2862 if (!error)
2863 error = security_sid_to_context_force(isec->sid, &context,
2864 &size);
2865 else
2866 error = security_sid_to_context(isec->sid, &context, &size);
2867 if (error)
2868 return error;
2869 error = size;
2870 if (alloc) {
2871 *buffer = context;
2872 goto out_nofree;
2873 }
2874 kfree(context);
2875out_nofree:
2876 return error;
2877}
2878
2879static int selinux_inode_setsecurity(struct inode *inode, const char *name,
2880 const void *value, size_t size, int flags)
2881{
2882 struct inode_security_struct *isec = inode->i_security;
2883 u32 newsid;
2884 int rc;
2885
2886 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2887 return -EOPNOTSUPP;
2888
2889 if (!value || !size)
2890 return -EACCES;
2891
2892 rc = security_context_to_sid((void *)value, size, &newsid);
2893 if (rc)
2894 return rc;
2895
2896 isec->sid = newsid;
2897 isec->initialized = 1;
2898 return 0;
2899}
2900
2901static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
2902{
2903 const int len = sizeof(XATTR_NAME_SELINUX);
2904 if (buffer && len <= buffer_size)
2905 memcpy(buffer, XATTR_NAME_SELINUX, len);
2906 return len;
2907}
2908
2909static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
2910{
2911 struct inode_security_struct *isec = inode->i_security;
2912 *secid = isec->sid;
2913}
2914
2915
2916
2917static int selinux_revalidate_file_permission(struct file *file, int mask)
2918{
2919 const struct cred *cred = current_cred();
2920 struct inode *inode = file->f_path.dentry->d_inode;
2921
2922
2923 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
2924 mask |= MAY_APPEND;
2925
2926 return file_has_perm(cred, file,
2927 file_mask_to_av(inode->i_mode, mask));
2928}
2929
2930static int selinux_file_permission(struct file *file, int mask)
2931{
2932 struct inode *inode = file->f_path.dentry->d_inode;
2933 struct file_security_struct *fsec = file->f_security;
2934 struct inode_security_struct *isec = inode->i_security;
2935 u32 sid = current_sid();
2936
2937 if (!mask)
2938
2939 return 0;
2940
2941 if (sid == fsec->sid && fsec->isid == isec->sid &&
2942 fsec->pseqno == avc_policy_seqno())
2943
2944 return 0;
2945
2946 return selinux_revalidate_file_permission(file, mask);
2947}
2948
2949static int selinux_file_alloc_security(struct file *file)
2950{
2951 return file_alloc_security(file);
2952}
2953
2954static void selinux_file_free_security(struct file *file)
2955{
2956 file_free_security(file);
2957}
2958
2959static int selinux_file_ioctl(struct file *file, unsigned int cmd,
2960 unsigned long arg)
2961{
2962 const struct cred *cred = current_cred();
2963 int error = 0;
2964
2965 switch (cmd) {
2966 case FIONREAD:
2967
2968 case FIBMAP:
2969
2970 case FIGETBSZ:
2971
2972 case EXT2_IOC_GETFLAGS:
2973
2974 case EXT2_IOC_GETVERSION:
2975 error = file_has_perm(cred, file, FILE__GETATTR);
2976 break;
2977
2978 case EXT2_IOC_SETFLAGS:
2979
2980 case EXT2_IOC_SETVERSION:
2981 error = file_has_perm(cred, file, FILE__SETATTR);
2982 break;
2983
2984
2985 case FIONBIO:
2986
2987 case FIOASYNC:
2988 error = file_has_perm(cred, file, 0);
2989 break;
2990
2991 case KDSKBENT:
2992 case KDSKBSENT:
2993 error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG,
2994 SECURITY_CAP_AUDIT);
2995 break;
2996
2997
2998
2999
3000 default:
3001 error = file_has_perm(cred, file, FILE__IOCTL);
3002 }
3003 return error;
3004}
3005
3006static int default_noexec;
3007
3008static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
3009{
3010 const struct cred *cred = current_cred();
3011 int rc = 0;
3012
3013 if (default_noexec &&
3014 (prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
3015
3016
3017
3018
3019
3020 rc = cred_has_perm(cred, cred, PROCESS__EXECMEM);
3021 if (rc)
3022 goto error;
3023 }
3024
3025 if (file) {
3026
3027 u32 av = FILE__READ;
3028
3029
3030 if (shared && (prot & PROT_WRITE))
3031 av |= FILE__WRITE;
3032
3033 if (prot & PROT_EXEC)
3034 av |= FILE__EXECUTE;
3035
3036 return file_has_perm(cred, file, av);
3037 }
3038
3039error:
3040 return rc;
3041}
3042
3043static int selinux_file_mmap(struct file *file, unsigned long reqprot,
3044 unsigned long prot, unsigned long flags,
3045 unsigned long addr, unsigned long addr_only)
3046{
3047 int rc = 0;
3048 u32 sid = current_sid();
3049
3050
3051
3052
3053
3054
3055
3056 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
3057 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
3058 MEMPROTECT__MMAP_ZERO, NULL);
3059 if (rc)
3060 return rc;
3061 }
3062
3063
3064 rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
3065 if (rc || addr_only)
3066 return rc;
3067
3068 if (selinux_checkreqprot)
3069 prot = reqprot;
3070
3071 return file_map_prot_check(file, prot,
3072 (flags & MAP_TYPE) == MAP_SHARED);
3073}
3074
3075static int selinux_file_mprotect(struct vm_area_struct *vma,
3076 unsigned long reqprot,
3077 unsigned long prot)
3078{
3079 const struct cred *cred = current_cred();
3080
3081 if (selinux_checkreqprot)
3082 prot = reqprot;
3083
3084 if (default_noexec &&
3085 (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3086 int rc = 0;
3087 if (vma->vm_start >= vma->vm_mm->start_brk &&
3088 vma->vm_end <= vma->vm_mm->brk) {
3089 rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP);
3090 } else if (!vma->vm_file &&
3091 vma->vm_start <= vma->vm_mm->start_stack &&
3092 vma->vm_end >= vma->vm_mm->start_stack) {
3093 rc = current_has_perm(current, PROCESS__EXECSTACK);
3094 } else if (vma->vm_file && vma->anon_vma) {
3095
3096
3097
3098
3099
3100
3101
3102 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3103 }
3104 if (rc)
3105 return rc;
3106 }
3107
3108 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3109}
3110
3111static int selinux_file_lock(struct file *file, unsigned int cmd)
3112{
3113 const struct cred *cred = current_cred();
3114
3115 return file_has_perm(cred, file, FILE__LOCK);
3116}
3117
3118static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3119 unsigned long arg)
3120{
3121 const struct cred *cred = current_cred();
3122 int err = 0;
3123
3124 switch (cmd) {
3125 case F_SETFL:
3126 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3127 err = -EINVAL;
3128 break;
3129 }
3130
3131 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3132 err = file_has_perm(cred, file, FILE__WRITE);
3133 break;
3134 }
3135
3136 case F_SETOWN:
3137 case F_SETSIG:
3138 case F_GETFL:
3139 case F_GETOWN:
3140 case F_GETSIG:
3141
3142 err = file_has_perm(cred, file, 0);
3143 break;
3144 case F_GETLK:
3145 case F_SETLK:
3146 case F_SETLKW:
3147#if BITS_PER_LONG == 32
3148 case F_GETLK64:
3149 case F_SETLK64:
3150 case F_SETLKW64:
3151#endif
3152 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3153 err = -EINVAL;
3154 break;
3155 }
3156 err = file_has_perm(cred, file, FILE__LOCK);
3157 break;
3158 }
3159
3160 return err;
3161}
3162
3163static int selinux_file_set_fowner(struct file *file)
3164{
3165 struct file_security_struct *fsec;
3166
3167 fsec = file->f_security;
3168 fsec->fown_sid = current_sid();
3169
3170 return 0;
3171}
3172
3173static int selinux_file_send_sigiotask(struct task_struct *tsk,
3174 struct fown_struct *fown, int signum)
3175{
3176 struct file *file;
3177 u32 sid = task_sid(tsk);
3178 u32 perm;
3179 struct file_security_struct *fsec;
3180
3181
3182 file = container_of(fown, struct file, f_owner);
3183
3184 fsec = file->f_security;
3185
3186 if (!signum)
3187 perm = signal_to_av(SIGIO);
3188 else
3189 perm = signal_to_av(signum);
3190
3191 return avc_has_perm(fsec->fown_sid, sid,
3192 SECCLASS_PROCESS, perm, NULL);
3193}
3194
3195static int selinux_file_receive(struct file *file)
3196{
3197 const struct cred *cred = current_cred();
3198
3199 return file_has_perm(cred, file, file_to_av(file));
3200}
3201
3202static int selinux_dentry_open(struct file *file, const struct cred *cred)
3203{
3204 struct file_security_struct *fsec;
3205 struct inode *inode;
3206 struct inode_security_struct *isec;
3207
3208 inode = file->f_path.dentry->d_inode;
3209 fsec = file->f_security;
3210 isec = inode->i_security;
3211
3212
3213
3214
3215
3216
3217
3218 fsec->isid = isec->sid;
3219 fsec->pseqno = avc_policy_seqno();
3220
3221
3222
3223
3224
3225
3226
3227
3228 return inode_has_perm_noadp(cred, inode, open_file_to_av(file), 0);
3229}
3230
3231
3232
3233static int selinux_task_create(unsigned long clone_flags)
3234{
3235 return current_has_perm(current, PROCESS__FORK);
3236}
3237
3238
3239
3240
3241static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp)
3242{
3243 struct task_security_struct *tsec;
3244
3245 tsec = kzalloc(sizeof(struct task_security_struct), gfp);
3246 if (!tsec)
3247 return -ENOMEM;
3248
3249 cred->security = tsec;
3250 return 0;
3251}
3252
3253
3254
3255
3256static void selinux_cred_free(struct cred *cred)
3257{
3258 struct task_security_struct *tsec = cred->security;
3259
3260
3261
3262
3263
3264 BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE);
3265 cred->security = (void *) 0x7UL;
3266 kfree(tsec);
3267}
3268
3269
3270
3271
3272static int selinux_cred_prepare(struct cred *new, const struct cred *old,
3273 gfp_t gfp)
3274{
3275 const struct task_security_struct *old_tsec;
3276 struct task_security_struct *tsec;
3277
3278 old_tsec = old->security;
3279
3280 tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp);
3281 if (!tsec)
3282 return -ENOMEM;
3283
3284 new->security = tsec;
3285 return 0;
3286}
3287
3288
3289
3290
3291static void selinux_cred_transfer(struct cred *new, const struct cred *old)
3292{
3293 const struct task_security_struct *old_tsec = old->security;
3294 struct task_security_struct *tsec = new->security;
3295
3296 *tsec = *old_tsec;
3297}
3298
3299
3300
3301
3302
3303static int selinux_kernel_act_as(struct cred *new, u32 secid)
3304{
3305 struct task_security_struct *tsec = new->security;
3306 u32 sid = current_sid();
3307 int ret;
3308
3309 ret = avc_has_perm(sid, secid,
3310 SECCLASS_KERNEL_SERVICE,
3311 KERNEL_SERVICE__USE_AS_OVERRIDE,
3312 NULL);
3313 if (ret == 0) {
3314 tsec->sid = secid;
3315 tsec->create_sid = 0;
3316 tsec->keycreate_sid = 0;
3317 tsec->sockcreate_sid = 0;
3318 }
3319 return ret;
3320}
3321
3322
3323
3324
3325
3326static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3327{
3328 struct inode_security_struct *isec = inode->i_security;
3329 struct task_security_struct *tsec = new->security;
3330 u32 sid = current_sid();
3331 int ret;
3332
3333 ret = avc_has_perm(sid, isec->sid,
3334 SECCLASS_KERNEL_SERVICE,
3335 KERNEL_SERVICE__CREATE_FILES_AS,
3336 NULL);
3337
3338 if (ret == 0)
3339 tsec->create_sid = isec->sid;
3340 return ret;
3341}
3342
3343static int selinux_kernel_module_request(char *kmod_name)
3344{
3345 u32 sid;
3346 struct common_audit_data ad;
3347
3348 sid = task_sid(current);
3349
3350 COMMON_AUDIT_DATA_INIT(&ad, KMOD);
3351 ad.u.kmod_name = kmod_name;
3352
3353 return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM,
3354 SYSTEM__MODULE_REQUEST, &ad);
3355}
3356
3357static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
3358{
3359 return current_has_perm(p, PROCESS__SETPGID);
3360}
3361
3362static int selinux_task_getpgid(struct task_struct *p)
3363{
3364 return current_has_perm(p, PROCESS__GETPGID);
3365}
3366
3367static int selinux_task_getsid(struct task_struct *p)
3368{
3369 return current_has_perm(p, PROCESS__GETSESSION);
3370}
3371
3372static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
3373{
3374 *secid = task_sid(p);
3375}
3376
3377static int selinux_task_setnice(struct task_struct *p, int nice)
3378{
3379 int rc;
3380
3381 rc = cap_task_setnice(p, nice);
3382 if (rc)
3383 return rc;
3384
3385 return current_has_perm(p, PROCESS__SETSCHED);
3386}
3387
3388static int selinux_task_setioprio(struct task_struct *p, int ioprio)
3389{
3390 int rc;
3391
3392 rc = cap_task_setioprio(p, ioprio);
3393 if (rc)
3394 return rc;
3395
3396 return current_has_perm(p, PROCESS__SETSCHED);
3397}
3398
3399static int selinux_task_getioprio(struct task_struct *p)
3400{
3401 return current_has_perm(p, PROCESS__GETSCHED);
3402}
3403
3404static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
3405 struct rlimit *new_rlim)
3406{
3407 struct rlimit *old_rlim = p->signal->rlim + resource;
3408
3409
3410
3411
3412
3413 if (old_rlim->rlim_max != new_rlim->rlim_max)
3414 return current_has_perm(p, PROCESS__SETRLIMIT);
3415
3416 return 0;
3417}
3418
3419static int selinux_task_setscheduler(struct task_struct *p)
3420{
3421 int rc;
3422
3423 rc = cap_task_setscheduler(p);
3424 if (rc)
3425 return rc;
3426
3427 return current_has_perm(p, PROCESS__SETSCHED);
3428}
3429
3430static int selinux_task_getscheduler(struct task_struct *p)
3431{
3432 return current_has_perm(p, PROCESS__GETSCHED);
3433}
3434
3435static int selinux_task_movememory(struct task_struct *p)
3436{
3437 return current_has_perm(p, PROCESS__SETSCHED);
3438}
3439
3440static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
3441 int sig, u32 secid)
3442{
3443 u32 perm;
3444 int rc;
3445
3446 if (!sig)
3447 perm = PROCESS__SIGNULL;
3448 else
3449 perm = signal_to_av(sig);
3450 if (secid)
3451 rc = avc_has_perm(secid, task_sid(p),
3452 SECCLASS_PROCESS, perm, NULL);
3453 else
3454 rc = current_has_perm(p, perm);
3455 return rc;
3456}
3457
3458static int selinux_task_wait(struct task_struct *p)
3459{
3460 return task_has_perm(p, current, PROCESS__SIGCHLD);
3461}
3462
3463static void selinux_task_to_inode(struct task_struct *p,
3464 struct inode *inode)
3465{
3466 struct inode_security_struct *isec = inode->i_security;
3467 u32 sid = task_sid(p);
3468
3469 isec->sid = sid;
3470 isec->initialized = 1;
3471}
3472
3473
3474static int selinux_parse_skb_ipv4(struct sk_buff *skb,
3475 struct common_audit_data *ad, u8 *proto)
3476{
3477 int offset, ihlen, ret = -EINVAL;
3478 struct iphdr _iph, *ih;
3479
3480 offset = skb_network_offset(skb);
3481 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
3482 if (ih == NULL)
3483 goto out;
3484
3485 ihlen = ih->ihl * 4;
3486 if (ihlen < sizeof(_iph))
3487 goto out;
3488
3489 ad->u.net.v4info.saddr = ih->saddr;
3490 ad->u.net.v4info.daddr = ih->daddr;
3491 ret = 0;
3492
3493 if (proto)
3494 *proto = ih->protocol;
3495
3496 switch (ih->protocol) {
3497 case IPPROTO_TCP: {
3498 struct tcphdr _tcph, *th;
3499
3500 if (ntohs(ih->frag_off) & IP_OFFSET)
3501 break;
3502
3503 offset += ihlen;
3504 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3505 if (th == NULL)
3506 break;
3507
3508 ad->u.net.sport = th->source;
3509 ad->u.net.dport = th->dest;
3510 break;
3511 }
3512
3513 case IPPROTO_UDP: {
3514 struct udphdr _udph, *uh;
3515
3516 if (ntohs(ih->frag_off) & IP_OFFSET)
3517 break;
3518
3519 offset += ihlen;
3520 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3521 if (uh == NULL)
3522 break;
3523
3524 ad->u.net.sport = uh->source;
3525 ad->u.net.dport = uh->dest;
3526 break;
3527 }
3528
3529 case IPPROTO_DCCP: {
3530 struct dccp_hdr _dccph, *dh;
3531
3532 if (ntohs(ih->frag_off) & IP_OFFSET)
3533 break;
3534
3535 offset += ihlen;
3536 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3537 if (dh == NULL)
3538 break;
3539
3540 ad->u.net.sport = dh->dccph_sport;
3541 ad->u.net.dport = dh->dccph_dport;
3542 break;
3543 }
3544
3545 default:
3546 break;
3547 }
3548out:
3549 return ret;
3550}
3551
3552#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3553
3554
3555static int selinux_parse_skb_ipv6(struct sk_buff *skb,
3556 struct common_audit_data *ad, u8 *proto)
3557{
3558 u8 nexthdr;
3559 int ret = -EINVAL, offset;
3560 struct ipv6hdr _ipv6h, *ip6;
3561 __be16 frag_off;
3562
3563 offset = skb_network_offset(skb);
3564 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3565 if (ip6 == NULL)
3566 goto out;
3567
3568 ad->u.net.v6info.saddr = ip6->saddr;
3569 ad->u.net.v6info.daddr = ip6->daddr;
3570 ret = 0;
3571
3572 nexthdr = ip6->nexthdr;
3573 offset += sizeof(_ipv6h);
3574 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3575 if (offset < 0)
3576 goto out;
3577
3578 if (proto)
3579 *proto = nexthdr;
3580
3581 switch (nexthdr) {
3582 case IPPROTO_TCP: {
3583 struct tcphdr _tcph, *th;
3584
3585 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3586 if (th == NULL)
3587 break;
3588
3589 ad->u.net.sport = th->source;
3590 ad->u.net.dport = th->dest;
3591 break;
3592 }
3593
3594 case IPPROTO_UDP: {
3595 struct udphdr _udph, *uh;
3596
3597 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3598 if (uh == NULL)
3599 break;
3600
3601 ad->u.net.sport = uh->source;
3602 ad->u.net.dport = uh->dest;
3603 break;
3604 }
3605
3606 case IPPROTO_DCCP: {
3607 struct dccp_hdr _dccph, *dh;
3608
3609 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3610 if (dh == NULL)
3611 break;
3612
3613 ad->u.net.sport = dh->dccph_sport;
3614 ad->u.net.dport = dh->dccph_dport;
3615 break;
3616 }
3617
3618
3619 default:
3620 break;
3621 }
3622out:
3623 return ret;
3624}
3625
3626#endif
3627
3628static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
3629 char **_addrp, int src, u8 *proto)
3630{
3631 char *addrp;
3632 int ret;
3633
3634 switch (ad->u.net.family) {
3635 case PF_INET:
3636 ret = selinux_parse_skb_ipv4(skb, ad, proto);
3637 if (ret)
3638 goto parse_error;
3639 addrp = (char *)(src ? &ad->u.net.v4info.saddr :
3640 &ad->u.net.v4info.daddr);
3641 goto okay;
3642
3643#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3644 case PF_INET6:
3645 ret = selinux_parse_skb_ipv6(skb, ad, proto);
3646 if (ret)
3647 goto parse_error;
3648 addrp = (char *)(src ? &ad->u.net.v6info.saddr :
3649 &ad->u.net.v6info.daddr);
3650 goto okay;
3651#endif
3652 default:
3653 addrp = NULL;
3654 goto okay;
3655 }
3656
3657parse_error:
3658 printk(KERN_WARNING
3659 "SELinux: failure in selinux_parse_skb(),"
3660 " unable to parse packet\n");
3661 return ret;
3662
3663okay:
3664 if (_addrp)
3665 *_addrp = addrp;
3666 return 0;
3667}
3668
3669
3670
3671
3672
3673
3674
3675
3676
3677
3678
3679
3680
3681
3682
3683
3684static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
3685{
3686 int err;
3687 u32 xfrm_sid;
3688 u32 nlbl_sid;
3689 u32 nlbl_type;
3690
3691 selinux_skb_xfrm_sid(skb, &xfrm_sid);
3692 selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
3693
3694 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
3695 if (unlikely(err)) {
3696 printk(KERN_WARNING
3697 "SELinux: failure in selinux_skb_peerlbl_sid(),"
3698 " unable to determine packet's peer label\n");
3699 return -EACCES;
3700 }
3701
3702 return 0;
3703}
3704
3705
3706
3707static int socket_sockcreate_sid(const struct task_security_struct *tsec,
3708 u16 secclass, u32 *socksid)
3709{
3710 if (tsec->sockcreate_sid > SECSID_NULL) {
3711 *socksid = tsec->sockcreate_sid;
3712 return 0;
3713 }
3714
3715 return security_transition_sid(tsec->sid, tsec->sid, secclass, NULL,
3716 socksid);
3717}
3718
3719static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms)
3720{
3721 struct sk_security_struct *sksec = sk->sk_security;
3722 struct common_audit_data ad;
3723 u32 tsid = task_sid(task);
3724
3725 if (sksec->sid == SECINITSID_KERNEL)
3726 return 0;
3727
3728 COMMON_AUDIT_DATA_INIT(&ad, NET);
3729 ad.u.net.sk = sk;
3730
3731 return avc_has_perm(tsid, sksec->sid, sksec->sclass, perms, &ad);
3732}
3733
3734static int selinux_socket_create(int family, int type,
3735 int protocol, int kern)
3736{
3737 const struct task_security_struct *tsec = current_security();
3738 u32 newsid;
3739 u16 secclass;
3740 int rc;
3741
3742 if (kern)
3743 return 0;
3744
3745 secclass = socket_type_to_security_class(family, type, protocol);
3746 rc = socket_sockcreate_sid(tsec, secclass, &newsid);
3747 if (rc)
3748 return rc;
3749
3750 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
3751}
3752
3753static int selinux_socket_post_create(struct socket *sock, int family,
3754 int type, int protocol, int kern)
3755{
3756 const struct task_security_struct *tsec = current_security();
3757 struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;
3758 struct sk_security_struct *sksec;
3759 int err = 0;
3760
3761 isec->sclass = socket_type_to_security_class(family, type, protocol);
3762
3763 if (kern)
3764 isec->sid = SECINITSID_KERNEL;
3765 else {
3766 err = socket_sockcreate_sid(tsec, isec->sclass, &(isec->sid));
3767 if (err)
3768 return err;
3769 }
3770
3771 isec->initialized = 1;
3772
3773 if (sock->sk) {
3774 sksec = sock->sk->sk_security;
3775 sksec->sid = isec->sid;
3776 sksec->sclass = isec->sclass;
3777 err = selinux_netlbl_socket_post_create(sock->sk, family);
3778 }
3779
3780 return err;
3781}
3782
3783
3784
3785
3786
3787static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
3788{
3789 struct sock *sk = sock->sk;
3790 u16 family;
3791 int err;
3792
3793 err = sock_has_perm(current, sk, SOCKET__BIND);
3794 if (err)
3795 goto out;
3796
3797
3798
3799
3800
3801
3802 family = sk->sk_family;
3803 if (family == PF_INET || family == PF_INET6) {
3804 char *addrp;
3805 struct sk_security_struct *sksec = sk->sk_security;
3806 struct common_audit_data ad;
3807 struct sockaddr_in *addr4 = NULL;
3808 struct sockaddr_in6 *addr6 = NULL;
3809 unsigned short snum;
3810 u32 sid, node_perm;
3811
3812 if (family == PF_INET) {
3813 addr4 = (struct sockaddr_in *)address;
3814 snum = ntohs(addr4->sin_port);
3815 addrp = (char *)&addr4->sin_addr.s_addr;
3816 } else {
3817 addr6 = (struct sockaddr_in6 *)address;
3818 snum = ntohs(addr6->sin6_port);
3819 addrp = (char *)&addr6->sin6_addr.s6_addr;
3820 }
3821
3822 if (snum) {
3823 int low, high;
3824
3825 inet_get_local_port_range(&low, &high);
3826
3827 if (snum < max(PROT_SOCK, low) || snum > high) {
3828 err = sel_netport_sid(sk->sk_protocol,
3829 snum, &sid);
3830 if (err)
3831 goto out;
3832 COMMON_AUDIT_DATA_INIT(&ad, NET);
3833 ad.u.net.sport = htons(snum);
3834 ad.u.net.family = family;
3835 err = avc_has_perm(sksec->sid, sid,
3836 sksec->sclass,
3837 SOCKET__NAME_BIND, &ad);
3838 if (err)
3839 goto out;
3840 }
3841 }
3842
3843 switch (sksec->sclass) {
3844 case SECCLASS_TCP_SOCKET:
3845 node_perm = TCP_SOCKET__NODE_BIND;
3846 break;
3847
3848 case SECCLASS_UDP_SOCKET:
3849 node_perm = UDP_SOCKET__NODE_BIND;
3850 break;
3851
3852 case SECCLASS_DCCP_SOCKET:
3853 node_perm = DCCP_SOCKET__NODE_BIND;
3854 break;
3855
3856 default:
3857 node_perm = RAWIP_SOCKET__NODE_BIND;
3858 break;
3859 }
3860
3861 err = sel_netnode_sid(addrp, family, &sid);
3862 if (err)
3863 goto out;
3864
3865 COMMON_AUDIT_DATA_INIT(&ad, NET);
3866 ad.u.net.sport = htons(snum);
3867 ad.u.net.family = family;
3868
3869 if (family == PF_INET)
3870 ad.u.net.v4info.saddr = addr4->sin_addr.s_addr;
3871 else
3872 ad.u.net.v6info.saddr = addr6->sin6_addr;
3873
3874 err = avc_has_perm(sksec->sid, sid,
3875 sksec->sclass, node_perm, &ad);
3876 if (err)
3877 goto out;
3878 }
3879out:
3880 return err;
3881}
3882
3883static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
3884{
3885 struct sock *sk = sock->sk;
3886 struct sk_security_struct *sksec = sk->sk_security;
3887 int err;
3888
3889 err = sock_has_perm(current, sk, SOCKET__CONNECT);
3890 if (err)
3891 return err;
3892
3893
3894
3895
3896 if (sksec->sclass == SECCLASS_TCP_SOCKET ||
3897 sksec->sclass == SECCLASS_DCCP_SOCKET) {
3898 struct common_audit_data ad;
3899 struct sockaddr_in *addr4 = NULL;
3900 struct sockaddr_in6 *addr6 = NULL;
3901 unsigned short snum;
3902 u32 sid, perm;
3903
3904 if (sk->sk_family == PF_INET) {
3905 addr4 = (struct sockaddr_in *)address;
3906 if (addrlen < sizeof(struct sockaddr_in))
3907 return -EINVAL;
3908 snum = ntohs(addr4->sin_port);
3909 } else {
3910 addr6 = (struct sockaddr_in6 *)address;
3911 if (addrlen < SIN6_LEN_RFC2133)
3912 return -EINVAL;
3913 snum = ntohs(addr6->sin6_port);
3914 }
3915
3916 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
3917 if (err)
3918 goto out;
3919
3920 perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ?
3921 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
3922
3923 COMMON_AUDIT_DATA_INIT(&ad, NET);
3924 ad.u.net.dport = htons(snum);
3925 ad.u.net.family = sk->sk_family;
3926 err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad);
3927 if (err)
3928 goto out;
3929 }
3930
3931 err = selinux_netlbl_socket_connect(sk, address);
3932
3933out:
3934 return err;
3935}
3936
3937static int selinux_socket_listen(struct socket *sock, int backlog)
3938{
3939 return sock_has_perm(current, sock->sk, SOCKET__LISTEN);
3940}
3941
3942static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
3943{
3944 int err;
3945 struct inode_security_struct *isec;
3946 struct inode_security_struct *newisec;
3947
3948 err = sock_has_perm(current, sock->sk, SOCKET__ACCEPT);
3949 if (err)
3950 return err;
3951
3952 newisec = SOCK_INODE(newsock)->i_security;
3953
3954 isec = SOCK_INODE(sock)->i_security;
3955 newisec->sclass = isec->sclass;
3956 newisec->sid = isec->sid;
3957 newisec->initialized = 1;
3958
3959 return 0;
3960}
3961
3962static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3963 int size)
3964{
3965 return sock_has_perm(current, sock->sk, SOCKET__WRITE);
3966}
3967
3968static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
3969 int size, int flags)
3970{
3971 return sock_has_perm(current, sock->sk, SOCKET__READ);
3972}
3973
3974static int selinux_socket_getsockname(struct socket *sock)
3975{
3976 return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
3977}
3978
3979static int selinux_socket_getpeername(struct socket *sock)
3980{
3981 return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
3982}
3983
3984static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
3985{
3986 int err;
3987
3988 err = sock_has_perm(current, sock->sk, SOCKET__SETOPT);
3989 if (err)
3990 return err;
3991
3992 return selinux_netlbl_socket_setsockopt(sock, level, optname);
3993}
3994
3995static int selinux_socket_getsockopt(struct socket *sock, int level,
3996 int optname)
3997{
3998 return sock_has_perm(current, sock->sk, SOCKET__GETOPT);
3999}
4000
4001static int selinux_socket_shutdown(struct socket *sock, int how)
4002{
4003 return sock_has_perm(current, sock->sk, SOCKET__SHUTDOWN);
4004}
4005
4006static int selinux_socket_unix_stream_connect(struct sock *sock,
4007 struct sock *other,
4008 struct sock *newsk)
4009{
4010 struct sk_security_struct *sksec_sock = sock->sk_security;
4011 struct sk_security_struct *sksec_other = other->sk_security;
4012 struct sk_security_struct *sksec_new = newsk->sk_security;
4013 struct common_audit_data ad;
4014 int err;
4015
4016 COMMON_AUDIT_DATA_INIT(&ad, NET);
4017 ad.u.net.sk = other;
4018
4019 err = avc_has_perm(sksec_sock->sid, sksec_other->sid,
4020 sksec_other->sclass,
4021 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
4022 if (err)
4023 return err;
4024
4025
4026 sksec_new->peer_sid = sksec_sock->sid;
4027 err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid,
4028 &sksec_new->sid);
4029 if (err)
4030 return err;
4031
4032
4033 sksec_sock->peer_sid = sksec_new->sid;
4034
4035 return 0;
4036}
4037
4038static int selinux_socket_unix_may_send(struct socket *sock,
4039 struct socket *other)
4040{
4041 struct sk_security_struct *ssec = sock->sk->sk_security;
4042 struct sk_security_struct *osec = other->sk->sk_security;
4043 struct common_audit_data ad;
4044
4045 COMMON_AUDIT_DATA_INIT(&ad, NET);
4046 ad.u.net.sk = other->sk;
4047
4048 return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
4049 &ad);
4050}
4051
4052static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family,
4053 u32 peer_sid,
4054 struct common_audit_data *ad)
4055{
4056 int err;
4057 u32 if_sid;
4058 u32 node_sid;
4059
4060 err = sel_netif_sid(ifindex, &if_sid);
4061 if (err)
4062 return err;
4063 err = avc_has_perm(peer_sid, if_sid,
4064 SECCLASS_NETIF, NETIF__INGRESS, ad);
4065 if (err)
4066 return err;
4067
4068 err = sel_netnode_sid(addrp, family, &node_sid);
4069 if (err)
4070 return err;
4071 return avc_has_perm(peer_sid, node_sid,
4072 SECCLASS_NODE, NODE__RECVFROM, ad);
4073}
4074
4075static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4076 u16 family)
4077{
4078 int err = 0;
4079 struct sk_security_struct *sksec = sk->sk_security;
4080 u32 sk_sid = sksec->sid;
4081 struct common_audit_data ad;
4082 char *addrp;
4083
4084 COMMON_AUDIT_DATA_INIT(&ad, NET);
4085 ad.u.net.netif = skb->skb_iif;
4086 ad.u.net.family = family;
4087 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4088 if (err)
4089 return err;
4090
4091 if (selinux_secmark_enabled()) {
4092 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4093 PACKET__RECV, &ad);
4094 if (err)
4095 return err;
4096 }
4097
4098 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
4099 if (err)
4100 return err;
4101 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
4102
4103 return err;
4104}
4105
4106static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4107{
4108 int err;
4109 struct sk_security_struct *sksec = sk->sk_security;
4110 u16 family = sk->sk_family;
4111 u32 sk_sid = sksec->sid;
4112 struct common_audit_data ad;
4113 char *addrp;
4114 u8 secmark_active;
4115 u8 peerlbl_active;
4116
4117 if (family != PF_INET && family != PF_INET6)
4118 return 0;
4119
4120
4121 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4122 family = PF_INET;
4123
4124
4125
4126
4127
4128 if (!selinux_policycap_netpeer)
4129 return selinux_sock_rcv_skb_compat(sk, skb, family);
4130
4131 secmark_active = selinux_secmark_enabled();
4132 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4133 if (!secmark_active && !peerlbl_active)
4134 return 0;
4135
4136 COMMON_AUDIT_DATA_INIT(&ad, NET);
4137 ad.u.net.netif = skb->skb_iif;
4138 ad.u.net.family = family;
4139 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4140 if (err)
4141 return err;
4142
4143 if (peerlbl_active) {
4144 u32 peer_sid;
4145
4146 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4147 if (err)
4148 return err;
4149 err = selinux_inet_sys_rcv_skb(skb->skb_iif, addrp, family,
4150 peer_sid, &ad);
4151 if (err) {
4152 selinux_netlbl_err(skb, err, 0);
4153 return err;
4154 }
4155 err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
4156 PEER__RECV, &ad);
4157 if (err)
4158 selinux_netlbl_err(skb, err, 0);
4159 }
4160
4161 if (secmark_active) {
4162 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4163 PACKET__RECV, &ad);
4164 if (err)
4165 return err;
4166 }
4167
4168 return err;
4169}
4170
4171static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
4172 int __user *optlen, unsigned len)
4173{
4174 int err = 0;
4175 char *scontext;
4176 u32 scontext_len;
4177 struct sk_security_struct *sksec = sock->sk->sk_security;
4178 u32 peer_sid = SECSID_NULL;
4179
4180 if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
4181 sksec->sclass == SECCLASS_TCP_SOCKET)
4182 peer_sid = sksec->peer_sid;
4183 if (peer_sid == SECSID_NULL)
4184 return -ENOPROTOOPT;
4185
4186 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
4187 if (err)
4188 return err;
4189
4190 if (scontext_len > len) {
4191 err = -ERANGE;
4192 goto out_len;
4193 }
4194
4195 if (copy_to_user(optval, scontext, scontext_len))
4196 err = -EFAULT;
4197
4198out_len:
4199 if (put_user(scontext_len, optlen))
4200 err = -EFAULT;
4201 kfree(scontext);
4202 return err;
4203}
4204
4205static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
4206{
4207 u32 peer_secid = SECSID_NULL;
4208 u16 family;
4209
4210 if (skb && skb->protocol == htons(ETH_P_IP))
4211 family = PF_INET;
4212 else if (skb && skb->protocol == htons(ETH_P_IPV6))
4213 family = PF_INET6;
4214 else if (sock)
4215 family = sock->sk->sk_family;
4216 else
4217 goto out;
4218
4219 if (sock && family == PF_UNIX)
4220 selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
4221 else if (skb)
4222 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
4223
4224out:
4225 *secid = peer_secid;
4226 if (peer_secid == SECSID_NULL)
4227 return -EINVAL;
4228 return 0;
4229}
4230
4231static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
4232{
4233 struct sk_security_struct *sksec;
4234
4235 sksec = kzalloc(sizeof(*sksec), priority);
4236 if (!sksec)
4237 return -ENOMEM;
4238
4239 sksec->peer_sid = SECINITSID_UNLABELED;
4240 sksec->sid = SECINITSID_UNLABELED;
4241 selinux_netlbl_sk_security_reset(sksec);
4242 sk->sk_security = sksec;
4243
4244 return 0;
4245}
4246
4247static void selinux_sk_free_security(struct sock *sk)
4248{
4249 struct sk_security_struct *sksec = sk->sk_security;
4250
4251 sk->sk_security = NULL;
4252 selinux_netlbl_sk_security_free(sksec);
4253 kfree(sksec);
4254}
4255
4256static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
4257{
4258 struct sk_security_struct *sksec = sk->sk_security;
4259 struct sk_security_struct *newsksec = newsk->sk_security;
4260
4261 newsksec->sid = sksec->sid;
4262 newsksec->peer_sid = sksec->peer_sid;
4263 newsksec->sclass = sksec->sclass;
4264
4265 selinux_netlbl_sk_security_reset(newsksec);
4266}
4267
4268static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
4269{
4270 if (!sk)
4271 *secid = SECINITSID_ANY_SOCKET;
4272 else {
4273 struct sk_security_struct *sksec = sk->sk_security;
4274
4275 *secid = sksec->sid;
4276 }
4277}
4278
4279static void selinux_sock_graft(struct sock *sk, struct socket *parent)
4280{
4281 struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
4282 struct sk_security_struct *sksec = sk->sk_security;
4283
4284 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
4285 sk->sk_family == PF_UNIX)
4286 isec->sid = sksec->sid;
4287 sksec->sclass = isec->sclass;
4288}
4289
4290static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4291 struct request_sock *req)
4292{
4293 struct sk_security_struct *sksec = sk->sk_security;
4294 int err;
4295 u16 family = sk->sk_family;
4296 u32 newsid;
4297 u32 peersid;
4298
4299
4300 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4301 family = PF_INET;
4302
4303 err = selinux_skb_peerlbl_sid(skb, family, &peersid);
4304 if (err)
4305 return err;
4306 if (peersid == SECSID_NULL) {
4307 req->secid = sksec->sid;
4308 req->peer_secid = SECSID_NULL;
4309 } else {
4310 err = security_sid_mls_copy(sksec->sid, peersid, &newsid);
4311 if (err)
4312 return err;
4313 req->secid = newsid;
4314 req->peer_secid = peersid;
4315 }
4316
4317 return selinux_netlbl_inet_conn_request(req, family);
4318}
4319
4320static void selinux_inet_csk_clone(struct sock *newsk,
4321 const struct request_sock *req)
4322{
4323 struct sk_security_struct *newsksec = newsk->sk_security;
4324
4325 newsksec->sid = req->secid;
4326 newsksec->peer_sid = req->peer_secid;
4327
4328
4329
4330
4331
4332
4333
4334 selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
4335}
4336
4337static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
4338{
4339 u16 family = sk->sk_family;
4340 struct sk_security_struct *sksec = sk->sk_security;
4341
4342
4343 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4344 family = PF_INET;
4345
4346 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
4347}
4348
4349static int selinux_secmark_relabel_packet(u32 sid)
4350{
4351 const struct task_security_struct *__tsec;
4352 u32 tsid;
4353
4354 __tsec = current_security();
4355 tsid = __tsec->sid;
4356
4357 return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL);
4358}
4359
4360static void selinux_secmark_refcount_inc(void)
4361{
4362 atomic_inc(&selinux_secmark_refcount);
4363}
4364
4365static void selinux_secmark_refcount_dec(void)
4366{
4367 atomic_dec(&selinux_secmark_refcount);
4368}
4369
4370static void selinux_req_classify_flow(const struct request_sock *req,
4371 struct flowi *fl)
4372{
4373 fl->flowi_secid = req->secid;
4374}
4375
4376static int selinux_tun_dev_create(void)
4377{
4378 u32 sid = current_sid();
4379
4380
4381
4382
4383
4384
4385
4386
4387 return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
4388 NULL);
4389}
4390
4391static void selinux_tun_dev_post_create(struct sock *sk)
4392{
4393 struct sk_security_struct *sksec = sk->sk_security;
4394
4395
4396
4397
4398
4399
4400
4401
4402
4403
4404
4405 sksec->sid = current_sid();
4406 sksec->sclass = SECCLASS_TUN_SOCKET;
4407}
4408
4409static int selinux_tun_dev_attach(struct sock *sk)
4410{
4411 struct sk_security_struct *sksec = sk->sk_security;
4412 u32 sid = current_sid();
4413 int err;
4414
4415 err = avc_has_perm(sid, sksec->sid, SECCLASS_TUN_SOCKET,
4416 TUN_SOCKET__RELABELFROM, NULL);
4417 if (err)
4418 return err;
4419 err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET,
4420 TUN_SOCKET__RELABELTO, NULL);
4421 if (err)
4422 return err;
4423
4424 sksec->sid = sid;
4425
4426 return 0;
4427}
4428
4429static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
4430{
4431 int err = 0;
4432 u32 perm;
4433 struct nlmsghdr *nlh;
4434 struct sk_security_struct *sksec = sk->sk_security;
4435
4436 if (skb->len < NLMSG_SPACE(0)) {
4437 err = -EINVAL;
4438 goto out;
4439 }
4440 nlh = nlmsg_hdr(skb);
4441
4442 err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);
4443 if (err) {
4444 if (err == -EINVAL) {
4445 audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR,
4446 "SELinux: unrecognized netlink message"
4447 " type=%hu for sclass=%hu\n",
4448 nlh->nlmsg_type, sksec->sclass);
4449 if (!selinux_enforcing || security_get_allow_unknown())
4450 err = 0;
4451 }
4452
4453
4454 if (err == -ENOENT)
4455 err = 0;
4456 goto out;
4457 }
4458
4459 err = sock_has_perm(current, sk, perm);
4460out:
4461 return err;
4462}
4463
4464#ifdef CONFIG_NETFILTER
4465
4466static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
4467 u16 family)
4468{
4469 int err;
4470 char *addrp;
4471 u32 peer_sid;
4472 struct common_audit_data ad;
4473 u8 secmark_active;
4474 u8 netlbl_active;
4475 u8 peerlbl_active;
4476
4477 if (!selinux_policycap_netpeer)
4478 return NF_ACCEPT;
4479
4480 secmark_active = selinux_secmark_enabled();
4481 netlbl_active = netlbl_enabled();
4482 peerlbl_active = netlbl_active || selinux_xfrm_enabled();
4483 if (!secmark_active && !peerlbl_active)
4484 return NF_ACCEPT;
4485
4486 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
4487 return NF_DROP;
4488
4489 COMMON_AUDIT_DATA_INIT(&ad, NET);
4490 ad.u.net.netif = ifindex;
4491 ad.u.net.family = family;
4492 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
4493 return NF_DROP;
4494
4495 if (peerlbl_active) {
4496 err = selinux_inet_sys_rcv_skb(ifindex, addrp, family,
4497 peer_sid, &ad);
4498 if (err) {
4499 selinux_netlbl_err(skb, err, 1);
4500 return NF_DROP;
4501 }
4502 }
4503
4504 if (secmark_active)
4505 if (avc_has_perm(peer_sid, skb->secmark,
4506 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
4507 return NF_DROP;
4508
4509 if (netlbl_active)
4510
4511
4512
4513
4514 if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
4515 return NF_DROP;
4516
4517 return NF_ACCEPT;
4518}
4519
4520static unsigned int selinux_ipv4_forward(unsigned int hooknum,
4521 struct sk_buff *skb,
4522 const struct net_device *in,
4523 const struct net_device *out,
4524 int (*okfn)(struct sk_buff *))
4525{
4526 return selinux_ip_forward(skb, in->ifindex, PF_INET);
4527}
4528
4529#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4530static unsigned int selinux_ipv6_forward(unsigned int hooknum,
4531 struct sk_buff *skb,
4532 const struct net_device *in,
4533 const struct net_device *out,
4534 int (*okfn)(struct sk_buff *))
4535{
4536 return selinux_ip_forward(skb, in->ifindex, PF_INET6);
4537}
4538#endif
4539
4540static unsigned int selinux_ip_output(struct sk_buff *skb,
4541 u16 family)
4542{
4543 u32 sid;
4544
4545 if (!netlbl_enabled())
4546 return NF_ACCEPT;
4547
4548
4549
4550
4551 if (skb->sk) {
4552 struct sk_security_struct *sksec = skb->sk->sk_security;
4553 sid = sksec->sid;
4554 } else
4555 sid = SECINITSID_KERNEL;
4556 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
4557 return NF_DROP;
4558
4559 return NF_ACCEPT;
4560}
4561
4562static unsigned int selinux_ipv4_output(unsigned int hooknum,
4563 struct sk_buff *skb,
4564 const struct net_device *in,
4565 const struct net_device *out,
4566 int (*okfn)(struct sk_buff *))
4567{
4568 return selinux_ip_output(skb, PF_INET);
4569}
4570
4571static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4572 int ifindex,
4573 u16 family)
4574{
4575 struct sock *sk = skb->sk;
4576 struct sk_security_struct *sksec;
4577 struct common_audit_data ad;
4578 char *addrp;
4579 u8 proto;
4580
4581 if (sk == NULL)
4582 return NF_ACCEPT;
4583 sksec = sk->sk_security;
4584
4585 COMMON_AUDIT_DATA_INIT(&ad, NET);
4586 ad.u.net.netif = ifindex;
4587 ad.u.net.family = family;
4588 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
4589 return NF_DROP;
4590
4591 if (selinux_secmark_enabled())
4592 if (avc_has_perm(sksec->sid, skb->secmark,
4593 SECCLASS_PACKET, PACKET__SEND, &ad))
4594 return NF_DROP_ERR(-ECONNREFUSED);
4595
4596 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
4597 return NF_DROP_ERR(-ECONNREFUSED);
4598
4599 return NF_ACCEPT;
4600}
4601
4602static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4603 u16 family)
4604{
4605 u32 secmark_perm;
4606 u32 peer_sid;
4607 struct sock *sk;
4608 struct common_audit_data ad;
4609 char *addrp;
4610 u8 secmark_active;
4611 u8 peerlbl_active;
4612
4613
4614
4615
4616
4617 if (!selinux_policycap_netpeer)
4618 return selinux_ip_postroute_compat(skb, ifindex, family);
4619#ifdef CONFIG_XFRM
4620
4621
4622
4623
4624
4625
4626 if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL)
4627 return NF_ACCEPT;
4628#endif
4629 secmark_active = selinux_secmark_enabled();
4630 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4631 if (!secmark_active && !peerlbl_active)
4632 return NF_ACCEPT;
4633
4634
4635
4636
4637
4638 sk = skb->sk;
4639 if (sk == NULL) {
4640 if (skb->skb_iif) {
4641 secmark_perm = PACKET__FORWARD_OUT;
4642 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
4643 return NF_DROP;
4644 } else {
4645 secmark_perm = PACKET__SEND;
4646 peer_sid = SECINITSID_KERNEL;
4647 }
4648 } else {
4649 struct sk_security_struct *sksec = sk->sk_security;
4650 peer_sid = sksec->sid;
4651 secmark_perm = PACKET__SEND;
4652 }
4653
4654 COMMON_AUDIT_DATA_INIT(&ad, NET);
4655 ad.u.net.netif = ifindex;
4656 ad.u.net.family = family;
4657 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
4658 return NF_DROP;
4659
4660 if (secmark_active)
4661 if (avc_has_perm(peer_sid, skb->secmark,
4662 SECCLASS_PACKET, secmark_perm, &ad))
4663 return NF_DROP_ERR(-ECONNREFUSED);
4664
4665 if (peerlbl_active) {
4666 u32 if_sid;
4667 u32 node_sid;
4668
4669 if (sel_netif_sid(ifindex, &if_sid))
4670 return NF_DROP;
4671 if (avc_has_perm(peer_sid, if_sid,
4672 SECCLASS_NETIF, NETIF__EGRESS, &ad))
4673 return NF_DROP_ERR(-ECONNREFUSED);
4674
4675 if (sel_netnode_sid(addrp, family, &node_sid))
4676 return NF_DROP;
4677 if (avc_has_perm(peer_sid, node_sid,
4678 SECCLASS_NODE, NODE__SENDTO, &ad))
4679 return NF_DROP_ERR(-ECONNREFUSED);
4680 }
4681
4682 return NF_ACCEPT;
4683}
4684
4685static unsigned int selinux_ipv4_postroute(unsigned int hooknum,
4686 struct sk_buff *skb,
4687 const struct net_device *in,
4688 const struct net_device *out,
4689 int (*okfn)(struct sk_buff *))
4690{
4691 return selinux_ip_postroute(skb, out->ifindex, PF_INET);
4692}
4693
4694#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4695static unsigned int selinux_ipv6_postroute(unsigned int hooknum,
4696 struct sk_buff *skb,
4697 const struct net_device *in,
4698 const struct net_device *out,
4699 int (*okfn)(struct sk_buff *))
4700{
4701 return selinux_ip_postroute(skb, out->ifindex, PF_INET6);
4702}
4703#endif
4704
4705#endif
4706
4707static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
4708{
4709 int err;
4710
4711 err = cap_netlink_send(sk, skb);
4712 if (err)
4713 return err;
4714
4715 return selinux_nlmsg_perm(sk, skb);
4716}
4717
4718static int ipc_alloc_security(struct task_struct *task,
4719 struct kern_ipc_perm *perm,
4720 u16 sclass)
4721{
4722 struct ipc_security_struct *isec;
4723 u32 sid;
4724
4725 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
4726 if (!isec)
4727 return -ENOMEM;
4728
4729 sid = task_sid(task);
4730 isec->sclass = sclass;
4731 isec->sid = sid;
4732 perm->security = isec;
4733
4734 return 0;
4735}
4736
4737static void ipc_free_security(struct kern_ipc_perm *perm)
4738{
4739 struct ipc_security_struct *isec = perm->security;
4740 perm->security = NULL;
4741 kfree(isec);
4742}
4743
4744static int msg_msg_alloc_security(struct msg_msg *msg)
4745{
4746 struct msg_security_struct *msec;
4747
4748 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
4749 if (!msec)
4750 return -ENOMEM;
4751
4752 msec->sid = SECINITSID_UNLABELED;
4753 msg->security = msec;
4754
4755 return 0;
4756}
4757
4758static void msg_msg_free_security(struct msg_msg *msg)
4759{
4760 struct msg_security_struct *msec = msg->security;
4761
4762 msg->security = NULL;
4763 kfree(msec);
4764}
4765
4766static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
4767 u32 perms)
4768{
4769 struct ipc_security_struct *isec;
4770 struct common_audit_data ad;
4771 u32 sid = current_sid();
4772
4773 isec = ipc_perms->security;
4774
4775 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4776 ad.u.ipc_id = ipc_perms->key;
4777
4778 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
4779}
4780
4781static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
4782{
4783 return msg_msg_alloc_security(msg);
4784}
4785
4786static void selinux_msg_msg_free_security(struct msg_msg *msg)
4787{
4788 msg_msg_free_security(msg);
4789}
4790
4791
4792static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4793{
4794 struct ipc_security_struct *isec;
4795 struct common_audit_data ad;
4796 u32 sid = current_sid();
4797 int rc;
4798
4799 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
4800 if (rc)
4801 return rc;
4802
4803 isec = msq->q_perm.security;
4804
4805 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4806 ad.u.ipc_id = msq->q_perm.key;
4807
4808 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4809 MSGQ__CREATE, &ad);
4810 if (rc) {
4811 ipc_free_security(&msq->q_perm);
4812 return rc;
4813 }
4814 return 0;
4815}
4816
4817static void selinux_msg_queue_free_security(struct msg_queue *msq)
4818{
4819 ipc_free_security(&msq->q_perm);
4820}
4821
4822static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
4823{
4824 struct ipc_security_struct *isec;
4825 struct common_audit_data ad;
4826 u32 sid = current_sid();
4827
4828 isec = msq->q_perm.security;
4829
4830 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4831 ad.u.ipc_id = msq->q_perm.key;
4832
4833 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4834 MSGQ__ASSOCIATE, &ad);
4835}
4836
4837static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
4838{
4839 int err;
4840 int perms;
4841
4842 switch (cmd) {
4843 case IPC_INFO:
4844 case MSG_INFO:
4845
4846 return task_has_system(current, SYSTEM__IPC_INFO);
4847 case IPC_STAT:
4848 case MSG_STAT:
4849 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
4850 break;
4851 case IPC_SET:
4852 perms = MSGQ__SETATTR;
4853 break;
4854 case IPC_RMID:
4855 perms = MSGQ__DESTROY;
4856 break;
4857 default:
4858 return 0;
4859 }
4860
4861 err = ipc_has_perm(&msq->q_perm, perms);
4862 return err;
4863}
4864
4865static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
4866{
4867 struct ipc_security_struct *isec;
4868 struct msg_security_struct *msec;
4869 struct common_audit_data ad;
4870 u32 sid = current_sid();
4871 int rc;
4872
4873 isec = msq->q_perm.security;
4874 msec = msg->security;
4875
4876
4877
4878
4879 if (msec->sid == SECINITSID_UNLABELED) {
4880
4881
4882
4883
4884 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG,
4885 NULL, &msec->sid);
4886 if (rc)
4887 return rc;
4888 }
4889
4890 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4891 ad.u.ipc_id = msq->q_perm.key;
4892
4893
4894 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4895 MSGQ__WRITE, &ad);
4896 if (!rc)
4897
4898 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG,
4899 MSG__SEND, &ad);
4900 if (!rc)
4901
4902 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ,
4903 MSGQ__ENQUEUE, &ad);
4904
4905 return rc;
4906}
4907
4908static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
4909 struct task_struct *target,
4910 long type, int mode)
4911{
4912 struct ipc_security_struct *isec;
4913 struct msg_security_struct *msec;
4914 struct common_audit_data ad;
4915 u32 sid = task_sid(target);
4916 int rc;
4917
4918 isec = msq->q_perm.security;
4919 msec = msg->security;
4920
4921 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4922 ad.u.ipc_id = msq->q_perm.key;
4923
4924 rc = avc_has_perm(sid, isec->sid,
4925 SECCLASS_MSGQ, MSGQ__READ, &ad);
4926 if (!rc)
4927 rc = avc_has_perm(sid, msec->sid,
4928 SECCLASS_MSG, MSG__RECEIVE, &ad);
4929 return rc;
4930}
4931
4932
4933static int selinux_shm_alloc_security(struct shmid_kernel *shp)
4934{
4935 struct ipc_security_struct *isec;
4936 struct common_audit_data ad;
4937 u32 sid = current_sid();
4938 int rc;
4939
4940 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
4941 if (rc)
4942 return rc;
4943
4944 isec = shp->shm_perm.security;
4945
4946 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4947 ad.u.ipc_id = shp->shm_perm.key;
4948
4949 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
4950 SHM__CREATE, &ad);
4951 if (rc) {
4952 ipc_free_security(&shp->shm_perm);
4953 return rc;
4954 }
4955 return 0;
4956}
4957
4958static void selinux_shm_free_security(struct shmid_kernel *shp)
4959{
4960 ipc_free_security(&shp->shm_perm);
4961}
4962
4963static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
4964{
4965 struct ipc_security_struct *isec;
4966 struct common_audit_data ad;
4967 u32 sid = current_sid();
4968
4969 isec = shp->shm_perm.security;
4970
4971 COMMON_AUDIT_DATA_INIT(&ad, IPC);
4972 ad.u.ipc_id = shp->shm_perm.key;
4973
4974 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
4975 SHM__ASSOCIATE, &ad);
4976}
4977
4978
4979static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
4980{
4981 int perms;
4982 int err;
4983
4984 switch (cmd) {
4985 case IPC_INFO:
4986 case SHM_INFO:
4987
4988 return task_has_system(current, SYSTEM__IPC_INFO);
4989 case IPC_STAT:
4990 case SHM_STAT:
4991 perms = SHM__GETATTR | SHM__ASSOCIATE;
4992 break;
4993 case IPC_SET:
4994 perms = SHM__SETATTR;
4995 break;
4996 case SHM_LOCK:
4997 case SHM_UNLOCK:
4998 perms = SHM__LOCK;
4999 break;
5000 case IPC_RMID:
5001 perms = SHM__DESTROY;
5002 break;
5003 default:
5004 return 0;
5005 }
5006
5007 err = ipc_has_perm(&shp->shm_perm, perms);
5008 return err;
5009}
5010
5011static int selinux_shm_shmat(struct shmid_kernel *shp,
5012 char __user *shmaddr, int shmflg)
5013{
5014 u32 perms;
5015
5016 if (shmflg & SHM_RDONLY)
5017 perms = SHM__READ;
5018 else
5019 perms = SHM__READ | SHM__WRITE;
5020
5021 return ipc_has_perm(&shp->shm_perm, perms);
5022}
5023
5024
5025static int selinux_sem_alloc_security(struct sem_array *sma)
5026{
5027 struct ipc_security_struct *isec;
5028 struct common_audit_data ad;
5029 u32 sid = current_sid();
5030 int rc;
5031
5032 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
5033 if (rc)
5034 return rc;
5035
5036 isec = sma->sem_perm.security;
5037
5038 COMMON_AUDIT_DATA_INIT(&ad, IPC);
5039 ad.u.ipc_id = sma->sem_perm.key;
5040
5041 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5042 SEM__CREATE, &ad);
5043 if (rc) {
5044 ipc_free_security(&sma->sem_perm);
5045 return rc;
5046 }
5047 return 0;
5048}
5049
5050static void selinux_sem_free_security(struct sem_array *sma)
5051{
5052 ipc_free_security(&sma->sem_perm);
5053}
5054
5055static int selinux_sem_associate(struct sem_array *sma, int semflg)
5056{
5057 struct ipc_security_struct *isec;
5058 struct common_audit_data ad;
5059 u32 sid = current_sid();
5060
5061 isec = sma->sem_perm.security;
5062
5063 COMMON_AUDIT_DATA_INIT(&ad, IPC);
5064 ad.u.ipc_id = sma->sem_perm.key;
5065
5066 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5067 SEM__ASSOCIATE, &ad);
5068}
5069
5070
5071static int selinux_sem_semctl(struct sem_array *sma, int cmd)
5072{
5073 int err;
5074 u32 perms;
5075
5076 switch (cmd) {
5077 case IPC_INFO:
5078 case SEM_INFO:
5079
5080 return task_has_system(current, SYSTEM__IPC_INFO);
5081 case GETPID:
5082 case GETNCNT:
5083 case GETZCNT:
5084 perms = SEM__GETATTR;
5085 break;
5086 case GETVAL:
5087 case GETALL:
5088 perms = SEM__READ;
5089 break;
5090 case SETVAL:
5091 case SETALL:
5092 perms = SEM__WRITE;
5093 break;
5094 case IPC_RMID:
5095 perms = SEM__DESTROY;
5096 break;
5097 case IPC_SET:
5098 perms = SEM__SETATTR;
5099 break;
5100 case IPC_STAT:
5101 case SEM_STAT:
5102 perms = SEM__GETATTR | SEM__ASSOCIATE;
5103 break;
5104 default:
5105 return 0;
5106 }
5107
5108 err = ipc_has_perm(&sma->sem_perm, perms);
5109 return err;
5110}
5111
5112static int selinux_sem_semop(struct sem_array *sma,
5113 struct sembuf *sops, unsigned nsops, int alter)
5114{
5115 u32 perms;
5116
5117 if (alter)
5118 perms = SEM__READ | SEM__WRITE;
5119 else
5120 perms = SEM__READ;
5121
5122 return ipc_has_perm(&sma->sem_perm, perms);
5123}
5124
5125static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
5126{
5127 u32 av = 0;
5128
5129 av = 0;
5130 if (flag & S_IRUGO)
5131 av |= IPC__UNIX_READ;
5132 if (flag & S_IWUGO)
5133 av |= IPC__UNIX_WRITE;
5134
5135 if (av == 0)
5136 return 0;
5137
5138 return ipc_has_perm(ipcp, av);
5139}
5140
5141static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
5142{
5143 struct ipc_security_struct *isec = ipcp->security;
5144 *secid = isec->sid;
5145}
5146
5147static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
5148{
5149 if (inode)
5150 inode_doinit_with_dentry(inode, dentry);
5151}
5152
5153static int selinux_getprocattr(struct task_struct *p,
5154 char *name, char **value)
5155{
5156 const struct task_security_struct *__tsec;
5157 u32 sid;
5158 int error;
5159 unsigned len;
5160
5161 if (current != p) {
5162 error = current_has_perm(p, PROCESS__GETATTR);
5163 if (error)
5164 return error;
5165 }
5166
5167 rcu_read_lock();
5168 __tsec = __task_cred(p)->security;
5169
5170 if (!strcmp(name, "current"))
5171 sid = __tsec->sid;
5172 else if (!strcmp(name, "prev"))
5173 sid = __tsec->osid;
5174 else if (!strcmp(name, "exec"))
5175 sid = __tsec->exec_sid;
5176 else if (!strcmp(name, "fscreate"))
5177 sid = __tsec->create_sid;
5178 else if (!strcmp(name, "keycreate"))
5179 sid = __tsec->keycreate_sid;
5180 else if (!strcmp(name, "sockcreate"))
5181 sid = __tsec->sockcreate_sid;
5182 else
5183 goto invalid;
5184 rcu_read_unlock();
5185
5186 if (!sid)
5187 return 0;
5188
5189 error = security_sid_to_context(sid, value, &len);
5190 if (error)
5191 return error;
5192 return len;
5193
5194invalid:
5195 rcu_read_unlock();
5196 return -EINVAL;
5197}
5198
5199static int selinux_setprocattr(struct task_struct *p,
5200 char *name, void *value, size_t size)
5201{
5202 struct task_security_struct *tsec;
5203 struct task_struct *tracer;
5204 struct cred *new;
5205 u32 sid = 0, ptsid;
5206 int error;
5207 char *str = value;
5208
5209 if (current != p) {
5210
5211
5212 return -EACCES;
5213 }
5214
5215
5216
5217
5218
5219
5220 if (!strcmp(name, "exec"))
5221 error = current_has_perm(p, PROCESS__SETEXEC);
5222 else if (!strcmp(name, "fscreate"))
5223 error = current_has_perm(p, PROCESS__SETFSCREATE);
5224 else if (!strcmp(name, "keycreate"))
5225 error = current_has_perm(p, PROCESS__SETKEYCREATE);
5226 else if (!strcmp(name, "sockcreate"))
5227 error = current_has_perm(p, PROCESS__SETSOCKCREATE);
5228 else if (!strcmp(name, "current"))
5229 error = current_has_perm(p, PROCESS__SETCURRENT);
5230 else
5231 error = -EINVAL;
5232 if (error)
5233 return error;
5234
5235
5236 if (size && str[1] && str[1] != '\n') {
5237 if (str[size-1] == '\n') {
5238 str[size-1] = 0;
5239 size--;
5240 }
5241 error = security_context_to_sid(value, size, &sid);
5242 if (error == -EINVAL && !strcmp(name, "fscreate")) {
5243 if (!capable(CAP_MAC_ADMIN))
5244 return error;
5245 error = security_context_to_sid_force(value, size,
5246 &sid);
5247 }
5248 if (error)
5249 return error;
5250 }
5251
5252 new = prepare_creds();
5253 if (!new)
5254 return -ENOMEM;
5255
5256
5257
5258
5259
5260
5261
5262 tsec = new->security;
5263 if (!strcmp(name, "exec")) {
5264 tsec->exec_sid = sid;
5265 } else if (!strcmp(name, "fscreate")) {
5266 tsec->create_sid = sid;
5267 } else if (!strcmp(name, "keycreate")) {
5268 error = may_create_key(sid, p);
5269 if (error)
5270 goto abort_change;
5271 tsec->keycreate_sid = sid;
5272 } else if (!strcmp(name, "sockcreate")) {
5273 tsec->sockcreate_sid = sid;
5274 } else if (!strcmp(name, "current")) {
5275 error = -EINVAL;
5276 if (sid == 0)
5277 goto abort_change;
5278
5279
5280 error = -EPERM;
5281 if (!current_is_single_threaded()) {
5282 error = security_bounded_transition(tsec->sid, sid);
5283 if (error)
5284 goto abort_change;
5285 }
5286
5287
5288 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
5289 PROCESS__DYNTRANSITION, NULL);
5290 if (error)
5291 goto abort_change;
5292
5293
5294
5295 ptsid = 0;
5296 task_lock(p);
5297 tracer = ptrace_parent(p);
5298 if (tracer)
5299 ptsid = task_sid(tracer);
5300 task_unlock(p);
5301
5302 if (tracer) {
5303 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
5304 PROCESS__PTRACE, NULL);
5305 if (error)
5306 goto abort_change;
5307 }
5308
5309 tsec->sid = sid;
5310 } else {
5311 error = -EINVAL;
5312 goto abort_change;
5313 }
5314
5315 commit_creds(new);
5316 return size;
5317
5318abort_change:
5319 abort_creds(new);
5320 return error;
5321}
5322
5323static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
5324{
5325 return security_sid_to_context(secid, secdata, seclen);
5326}
5327
5328static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
5329{
5330 return security_context_to_sid(secdata, seclen, secid);
5331}
5332
5333static void selinux_release_secctx(char *secdata, u32 seclen)
5334{
5335 kfree(secdata);
5336}
5337
5338
5339
5340
5341static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
5342{
5343 return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0);
5344}
5345
5346
5347
5348
5349static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
5350{
5351 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0);
5352}
5353
5354static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
5355{
5356 int len = 0;
5357 len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,
5358 ctx, true);
5359 if (len < 0)
5360 return len;
5361 *ctxlen = len;
5362 return 0;
5363}
5364#ifdef CONFIG_KEYS
5365
5366static int selinux_key_alloc(struct key *k, const struct cred *cred,
5367 unsigned long flags)
5368{
5369 const struct task_security_struct *tsec;
5370 struct key_security_struct *ksec;
5371
5372
