1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26#include <linux/init.h>
27#include <linux/kd.h>
28#include <linux/kernel.h>
29#include <linux/tracehook.h>
30#include <linux/errno.h>
31#include <linux/sched.h>
32#include <linux/security.h>
33#include <linux/xattr.h>
34#include <linux/capability.h>
35#include <linux/unistd.h>
36#include <linux/mm.h>
37#include <linux/mman.h>
38#include <linux/slab.h>
39#include <linux/pagemap.h>
40#include <linux/proc_fs.h>
41#include <linux/swap.h>
42#include <linux/spinlock.h>
43#include <linux/syscalls.h>
44#include <linux/dcache.h>
45#include <linux/file.h>
46#include <linux/fdtable.h>
47#include <linux/namei.h>
48#include <linux/mount.h>
49#include <linux/netfilter_ipv4.h>
50#include <linux/netfilter_ipv6.h>
51#include <linux/tty.h>
52#include <net/icmp.h>
53#include <net/ip.h>
54#include <net/tcp.h>
55#include <net/net_namespace.h>
56#include <net/netlabel.h>
57#include <linux/uaccess.h>
58#include <asm/ioctls.h>
59#include <linux/atomic.h>
60#include <linux/bitops.h>
61#include <linux/interrupt.h>
62#include <linux/netdevice.h>
63#include <linux/netlink.h>
64#include <linux/tcp.h>
65#include <linux/udp.h>
66#include <linux/dccp.h>
67#include <linux/quota.h>
68#include <linux/un.h>
69#include <net/af_unix.h>
70#include <linux/parser.h>
71#include <linux/nfs_mount.h>
72#include <net/ipv6.h>
73#include <linux/hugetlb.h>
74#include <linux/personality.h>
75#include <linux/audit.h>
76#include <linux/string.h>
77#include <linux/selinux.h>
78#include <linux/mutex.h>
79#include <linux/posix-timers.h>
80#include <linux/syslog.h>
81#include <linux/user_namespace.h>
82#include <linux/export.h>
83#include <linux/msg.h>
84#include <linux/shm.h>
85
86#include "avc.h"
87#include "objsec.h"
88#include "netif.h"
89#include "netnode.h"
90#include "netport.h"
91#include "xfrm.h"
92#include "netlabel.h"
93#include "audit.h"
94#include "avc_ss.h"
95
96#define NUM_SEL_MNT_OPTS 5
97
98extern struct security_operations *security_ops;
99
100
101static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
102
103#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
104int selinux_enforcing;
105
106static int __init enforcing_setup(char *str)
107{
108 unsigned long enforcing;
109 if (!strict_strtoul(str, 0, &enforcing))
110 selinux_enforcing = enforcing ? 1 : 0;
111 return 1;
112}
113__setup("enforcing=", enforcing_setup);
114#endif
115
116#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
117int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
118
119static int __init selinux_enabled_setup(char *str)
120{
121 unsigned long enabled;
122 if (!strict_strtoul(str, 0, &enabled))
123 selinux_enabled = enabled ? 1 : 0;
124 return 1;
125}
126__setup("selinux=", selinux_enabled_setup);
127#else
128int selinux_enabled = 1;
129#endif
130
131static struct kmem_cache *sel_inode_cache;
132
133
134
135
136
137
138
139
140
141
142
143static int selinux_secmark_enabled(void)
144{
145 return (atomic_read(&selinux_secmark_refcount) > 0);
146}
147
148
149
150
151static void cred_init_security(void)
152{
153 struct cred *cred = (struct cred *) current->real_cred;
154 struct task_security_struct *tsec;
155
156 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
157 if (!tsec)
158 panic("SELinux: Failed to initialize initial task.\n");
159
160 tsec->osid = tsec->sid = SECINITSID_KERNEL;
161 cred->security = tsec;
162}
163
164
165
166
167static inline u32 cred_sid(const struct cred *cred)
168{
169 const struct task_security_struct *tsec;
170
171 tsec = cred->security;
172 return tsec->sid;
173}
174
175
176
177
178static inline u32 task_sid(const struct task_struct *task)
179{
180 u32 sid;
181
182 rcu_read_lock();
183 sid = cred_sid(__task_cred(task));
184 rcu_read_unlock();
185 return sid;
186}
187
188
189
190
191static inline u32 current_sid(void)
192{
193 const struct task_security_struct *tsec = current_security();
194
195 return tsec->sid;
196}
197
198
199
200static int inode_alloc_security(struct inode *inode)
201{
202 struct inode_security_struct *isec;
203 u32 sid = current_sid();
204
205 isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
206 if (!isec)
207 return -ENOMEM;
208
209 mutex_init(&isec->lock);
210 INIT_LIST_HEAD(&isec->list);
211 isec->inode = inode;
212 isec->sid = SECINITSID_UNLABELED;
213 isec->sclass = SECCLASS_FILE;
214 isec->task_sid = sid;
215 inode->i_security = isec;
216
217 return 0;
218}
219
220static void inode_free_security(struct inode *inode)
221{
222 struct inode_security_struct *isec = inode->i_security;
223 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
224
225 spin_lock(&sbsec->isec_lock);
226 if (!list_empty(&isec->list))
227 list_del_init(&isec->list);
228 spin_unlock(&sbsec->isec_lock);
229
230 inode->i_security = NULL;
231 kmem_cache_free(sel_inode_cache, isec);
232}
233
234static int file_alloc_security(struct file *file)
235{
236 struct file_security_struct *fsec;
237 u32 sid = current_sid();
238
239 fsec = kzalloc(sizeof(struct file_security_struct), GFP_KERNEL);
240 if (!fsec)
241 return -ENOMEM;
242
243 fsec->sid = sid;
244 fsec->fown_sid = sid;
245 file->f_security = fsec;
246
247 return 0;
248}
249
250static void file_free_security(struct file *file)
251{
252 struct file_security_struct *fsec = file->f_security;
253 file->f_security = NULL;
254 kfree(fsec);
255}
256
257static int superblock_alloc_security(struct super_block *sb)
258{
259 struct superblock_security_struct *sbsec;
260
261 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
262 if (!sbsec)
263 return -ENOMEM;
264
265 mutex_init(&sbsec->lock);
266 INIT_LIST_HEAD(&sbsec->isec_head);
267 spin_lock_init(&sbsec->isec_lock);
268 sbsec->sb = sb;
269 sbsec->sid = SECINITSID_UNLABELED;
270 sbsec->def_sid = SECINITSID_FILE;
271 sbsec->mntpoint_sid = SECINITSID_UNLABELED;
272 sb->s_security = sbsec;
273
274 return 0;
275}
276
277static void superblock_free_security(struct super_block *sb)
278{
279 struct superblock_security_struct *sbsec = sb->s_security;
280 sb->s_security = NULL;
281 kfree(sbsec);
282}
283
284
285
286static const char *labeling_behaviors[6] = {
287 "uses xattr",
288 "uses transition SIDs",
289 "uses task SIDs",
290 "uses genfs_contexts",
291 "not configured for labeling",
292 "uses mountpoint labeling",
293};
294
295static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
296
297static inline int inode_doinit(struct inode *inode)
298{
299 return inode_doinit_with_dentry(inode, NULL);
300}
301
302enum {
303 Opt_error = -1,
304 Opt_context = 1,
305 Opt_fscontext = 2,
306 Opt_defcontext = 3,
307 Opt_rootcontext = 4,
308 Opt_labelsupport = 5,
309};
310
311static const match_table_t tokens = {
312 {Opt_context, CONTEXT_STR "%s"},
313 {Opt_fscontext, FSCONTEXT_STR "%s"},
314 {Opt_defcontext, DEFCONTEXT_STR "%s"},
315 {Opt_rootcontext, ROOTCONTEXT_STR "%s"},
316 {Opt_labelsupport, LABELSUPP_STR},
317 {Opt_error, NULL},
318};
319
320#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
321
322static int may_context_mount_sb_relabel(u32 sid,
323 struct superblock_security_struct *sbsec,
324 const struct cred *cred)
325{
326 const struct task_security_struct *tsec = cred->security;
327 int rc;
328
329 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
330 FILESYSTEM__RELABELFROM, NULL);
331 if (rc)
332 return rc;
333
334 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
335 FILESYSTEM__RELABELTO, NULL);
336 return rc;
337}
338
339static int may_context_mount_inode_relabel(u32 sid,
340 struct superblock_security_struct *sbsec,
341 const struct cred *cred)
342{
343 const struct task_security_struct *tsec = cred->security;
344 int rc;
345 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
346 FILESYSTEM__RELABELFROM, NULL);
347 if (rc)
348 return rc;
349
350 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
351 FILESYSTEM__ASSOCIATE, NULL);
352 return rc;
353}
354
355static int sb_finish_set_opts(struct super_block *sb)
356{
357 struct superblock_security_struct *sbsec = sb->s_security;
358 struct dentry *root = sb->s_root;
359 struct inode *root_inode = root->d_inode;
360 int rc = 0;
361
362 if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
363
364
365
366
367
368 if (!root_inode->i_op->getxattr) {
369 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
370 "xattr support\n", sb->s_id, sb->s_type->name);
371 rc = -EOPNOTSUPP;
372 goto out;
373 }
374 rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
375 if (rc < 0 && rc != -ENODATA) {
376 if (rc == -EOPNOTSUPP)
377 printk(KERN_WARNING "SELinux: (dev %s, type "
378 "%s) has no security xattr handler\n",
379 sb->s_id, sb->s_type->name);
380 else
381 printk(KERN_WARNING "SELinux: (dev %s, type "
382 "%s) getxattr errno %d\n", sb->s_id,
383 sb->s_type->name, -rc);
384 goto out;
385 }
386 }
387
388 sbsec->flags |= (SE_SBINITIALIZED | SE_SBLABELSUPP);
389
390 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
391 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
392 sb->s_id, sb->s_type->name);
393 else
394 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
395 sb->s_id, sb->s_type->name,
396 labeling_behaviors[sbsec->behavior-1]);
397
398 if (sbsec->behavior == SECURITY_FS_USE_GENFS ||
399 sbsec->behavior == SECURITY_FS_USE_MNTPOINT ||
400 sbsec->behavior == SECURITY_FS_USE_NONE ||
401 sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
402 sbsec->flags &= ~SE_SBLABELSUPP;
403
404
405 if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
406 sbsec->flags |= SE_SBLABELSUPP;
407
408
409 rc = inode_doinit_with_dentry(root_inode, root);
410
411
412
413
414
415 spin_lock(&sbsec->isec_lock);
416next_inode:
417 if (!list_empty(&sbsec->isec_head)) {
418 struct inode_security_struct *isec =
419 list_entry(sbsec->isec_head.next,
420 struct inode_security_struct, list);
421 struct inode *inode = isec->inode;
422 spin_unlock(&sbsec->isec_lock);
423 inode = igrab(inode);
424 if (inode) {
425 if (!IS_PRIVATE(inode))
426 inode_doinit(inode);
427 iput(inode);
428 }
429 spin_lock(&sbsec->isec_lock);
430 list_del_init(&isec->list);
431 goto next_inode;
432 }
433 spin_unlock(&sbsec->isec_lock);
434out:
435 return rc;
436}
437
438
439
440
441
442
443static int selinux_get_mnt_opts(const struct super_block *sb,
444 struct security_mnt_opts *opts)
445{
446 int rc = 0, i;
447 struct superblock_security_struct *sbsec = sb->s_security;
448 char *context = NULL;
449 u32 len;
450 char tmp;
451
452 security_init_mnt_opts(opts);
453
454 if (!(sbsec->flags & SE_SBINITIALIZED))
455 return -EINVAL;
456
457 if (!ss_initialized)
458 return -EINVAL;
459
460 tmp = sbsec->flags & SE_MNTMASK;
461
462 for (i = 0; i < 8; i++) {
463 if (tmp & 0x01)
464 opts->num_mnt_opts++;
465 tmp >>= 1;
466 }
467
468 if (sbsec->flags & SE_SBLABELSUPP)
469 opts->num_mnt_opts++;
470
471 opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
472 if (!opts->mnt_opts) {
473 rc = -ENOMEM;
474 goto out_free;
475 }
476
477 opts->mnt_opts_flags = kcalloc(opts->num_mnt_opts, sizeof(int), GFP_ATOMIC);
478 if (!opts->mnt_opts_flags) {
479 rc = -ENOMEM;
480 goto out_free;
481 }
482
483 i = 0;
484 if (sbsec->flags & FSCONTEXT_MNT) {
485 rc = security_sid_to_context(sbsec->sid, &context, &len);
486 if (rc)
487 goto out_free;
488 opts->mnt_opts[i] = context;
489 opts->mnt_opts_flags[i++] = FSCONTEXT_MNT;
490 }
491 if (sbsec->flags & CONTEXT_MNT) {
492 rc = security_sid_to_context(sbsec->mntpoint_sid, &context, &len);
493 if (rc)
494 goto out_free;
495 opts->mnt_opts[i] = context;
496 opts->mnt_opts_flags[i++] = CONTEXT_MNT;
497 }
498 if (sbsec->flags & DEFCONTEXT_MNT) {
499 rc = security_sid_to_context(sbsec->def_sid, &context, &len);
500 if (rc)
501 goto out_free;
502 opts->mnt_opts[i] = context;
503 opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT;
504 }
505 if (sbsec->flags & ROOTCONTEXT_MNT) {
506 struct inode *root = sbsec->sb->s_root->d_inode;
507 struct inode_security_struct *isec = root->i_security;
508
509 rc = security_sid_to_context(isec->sid, &context, &len);
510 if (rc)
511 goto out_free;
512 opts->mnt_opts[i] = context;
513 opts->mnt_opts_flags[i++] = ROOTCONTEXT_MNT;
514 }
515 if (sbsec->flags & SE_SBLABELSUPP) {
516 opts->mnt_opts[i] = NULL;
517 opts->mnt_opts_flags[i++] = SE_SBLABELSUPP;
518 }
519
520 BUG_ON(i != opts->num_mnt_opts);
521
522 return 0;
523
524out_free:
525 security_free_mnt_opts(opts);
526 return rc;
527}
528
529static int bad_option(struct superblock_security_struct *sbsec, char flag,
530 u32 old_sid, u32 new_sid)
531{
532 char mnt_flags = sbsec->flags & SE_MNTMASK;
533
534
535 if (sbsec->flags & SE_SBINITIALIZED)
536 if (!(sbsec->flags & flag) ||
537 (old_sid != new_sid))
538 return 1;
539
540
541
542
543 if (!(sbsec->flags & SE_SBINITIALIZED))
544 if (mnt_flags & flag)
545 return 1;
546 return 0;
547}
548
549
550
551
552
553static int selinux_set_mnt_opts(struct super_block *sb,
554 struct security_mnt_opts *opts)
555{
556 const struct cred *cred = current_cred();
557 int rc = 0, i;
558 struct superblock_security_struct *sbsec = sb->s_security;
559 const char *name = sb->s_type->name;
560 struct inode *inode = sbsec->sb->s_root->d_inode;
561 struct inode_security_struct *root_isec = inode->i_security;
562 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
563 u32 defcontext_sid = 0;
564 char **mount_options = opts->mnt_opts;
565 int *flags = opts->mnt_opts_flags;
566 int num_opts = opts->num_mnt_opts;
567
568 mutex_lock(&sbsec->lock);
569
570 if (!ss_initialized) {
571 if (!num_opts) {
572
573
574
575 goto out;
576 }
577 rc = -EINVAL;
578 printk(KERN_WARNING "SELinux: Unable to set superblock options "
579 "before the security server is initialized\n");
580 goto out;
581 }
582
583
584
585
586
587
588
589
590
591
592
593
594 if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
595 && (num_opts == 0))
596 goto out;
597
598
599
600
601
602
603 for (i = 0; i < num_opts; i++) {
604 u32 sid;
605
606 if (flags[i] == SE_SBLABELSUPP)
607 continue;
608 rc = security_context_to_sid(mount_options[i],
609 strlen(mount_options[i]), &sid);
610 if (rc) {
611 printk(KERN_WARNING "SELinux: security_context_to_sid"
612 "(%s) failed for (dev %s, type %s) errno=%d\n",
613 mount_options[i], sb->s_id, name, rc);
614 goto out;
615 }
616 switch (flags[i]) {
617 case FSCONTEXT_MNT:
618 fscontext_sid = sid;
619
620 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
621 fscontext_sid))
622 goto out_double_mount;
623
624 sbsec->flags |= FSCONTEXT_MNT;
625 break;
626 case CONTEXT_MNT:
627 context_sid = sid;
628
629 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
630 context_sid))
631 goto out_double_mount;
632
633 sbsec->flags |= CONTEXT_MNT;
634 break;
635 case ROOTCONTEXT_MNT:
636 rootcontext_sid = sid;
637
638 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
639 rootcontext_sid))
640 goto out_double_mount;
641
642 sbsec->flags |= ROOTCONTEXT_MNT;
643
644 break;
645 case DEFCONTEXT_MNT:
646 defcontext_sid = sid;
647
648 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
649 defcontext_sid))
650 goto out_double_mount;
651
652 sbsec->flags |= DEFCONTEXT_MNT;
653
654 break;
655 default:
656 rc = -EINVAL;
657 goto out;
658 }
659 }
660
661 if (sbsec->flags & SE_SBINITIALIZED) {
662
663 if ((sbsec->flags & SE_MNTMASK) && !num_opts)
664 goto out_double_mount;
665 rc = 0;
666 goto out;
667 }
668
669 if (strcmp(sb->s_type->name, "proc") == 0)
670 sbsec->flags |= SE_SBPROC;
671
672
673 rc = security_fs_use((sbsec->flags & SE_SBPROC) ? "proc" : sb->s_type->name, &sbsec->behavior, &sbsec->sid);
674 if (rc) {
675 printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
676 __func__, sb->s_type->name, rc);
677 goto out;
678 }
679
680
681 if (fscontext_sid) {
682 rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
683 if (rc)
684 goto out;
685
686 sbsec->sid = fscontext_sid;
687 }
688
689
690
691
692
693
694 if (context_sid) {
695 if (!fscontext_sid) {
696 rc = may_context_mount_sb_relabel(context_sid, sbsec,
697 cred);
698 if (rc)
699 goto out;
700 sbsec->sid = context_sid;
701 } else {
702 rc = may_context_mount_inode_relabel(context_sid, sbsec,
703 cred);
704 if (rc)
705 goto out;
706 }
707 if (!rootcontext_sid)
708 rootcontext_sid = context_sid;
709
710 sbsec->mntpoint_sid = context_sid;
711 sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
712 }
713
714 if (rootcontext_sid) {
715 rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
716 cred);
717 if (rc)
718 goto out;
719
720 root_isec->sid = rootcontext_sid;
721 root_isec->initialized = 1;
722 }
723
724 if (defcontext_sid) {
725 if (sbsec->behavior != SECURITY_FS_USE_XATTR) {
726 rc = -EINVAL;
727 printk(KERN_WARNING "SELinux: defcontext option is "
728 "invalid for this filesystem type\n");
729 goto out;
730 }
731
732 if (defcontext_sid != sbsec->def_sid) {
733 rc = may_context_mount_inode_relabel(defcontext_sid,
734 sbsec, cred);
735 if (rc)
736 goto out;
737 }
738
739 sbsec->def_sid = defcontext_sid;
740 }
741
742 rc = sb_finish_set_opts(sb);
743out:
744 mutex_unlock(&sbsec->lock);
745 return rc;
746out_double_mount:
747 rc = -EINVAL;
748 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
749 "security settings for (dev %s, type %s)\n", sb->s_id, name);
750 goto out;
751}
752
753static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
754 struct super_block *newsb)
755{
756 const struct superblock_security_struct *oldsbsec = oldsb->s_security;
757 struct superblock_security_struct *newsbsec = newsb->s_security;
758
759 int set_fscontext = (oldsbsec->flags & FSCONTEXT_MNT);
760 int set_context = (oldsbsec->flags & CONTEXT_MNT);
761 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
762
763
764
765
766
767 if (!ss_initialized)
768 return;
769
770
771 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
772
773
774 if (newsbsec->flags & SE_SBINITIALIZED)
775 return;
776
777 mutex_lock(&newsbsec->lock);
778
779 newsbsec->flags = oldsbsec->flags;
780
781 newsbsec->sid = oldsbsec->sid;
782 newsbsec->def_sid = oldsbsec->def_sid;
783 newsbsec->behavior = oldsbsec->behavior;
784
785 if (set_context) {
786 u32 sid = oldsbsec->mntpoint_sid;
787
788 if (!set_fscontext)
789 newsbsec->sid = sid;
790 if (!set_rootcontext) {
791 struct inode *newinode = newsb->s_root->d_inode;
792 struct inode_security_struct *newisec = newinode->i_security;
793 newisec->sid = sid;
794 }
795 newsbsec->mntpoint_sid = sid;
796 }
797 if (set_rootcontext) {
798 const struct inode *oldinode = oldsb->s_root->d_inode;
799 const struct inode_security_struct *oldisec = oldinode->i_security;
800 struct inode *newinode = newsb->s_root->d_inode;
801 struct inode_security_struct *newisec = newinode->i_security;
802
803 newisec->sid = oldisec->sid;
804 }
805
806 sb_finish_set_opts(newsb);
807 mutex_unlock(&newsbsec->lock);
808}
809
810static int selinux_parse_opts_str(char *options,
811 struct security_mnt_opts *opts)
812{
813 char *p;
814 char *context = NULL, *defcontext = NULL;
815 char *fscontext = NULL, *rootcontext = NULL;
816 int rc, num_mnt_opts = 0;
817
818 opts->num_mnt_opts = 0;
819
820
821 while ((p = strsep(&options, "|")) != NULL) {
822 int token;
823 substring_t args[MAX_OPT_ARGS];
824
825 if (!*p)
826 continue;
827
828 token = match_token(p, tokens, args);
829
830 switch (token) {
831 case Opt_context:
832 if (context || defcontext) {
833 rc = -EINVAL;
834 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
835 goto out_err;
836 }
837 context = match_strdup(&args[0]);
838 if (!context) {
839 rc = -ENOMEM;
840 goto out_err;
841 }
842 break;
843
844 case Opt_fscontext:
845 if (fscontext) {
846 rc = -EINVAL;
847 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
848 goto out_err;
849 }
850 fscontext = match_strdup(&args[0]);
851 if (!fscontext) {
852 rc = -ENOMEM;
853 goto out_err;
854 }
855 break;
856
857 case Opt_rootcontext:
858 if (rootcontext) {
859 rc = -EINVAL;
860 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
861 goto out_err;
862 }
863 rootcontext = match_strdup(&args[0]);
864 if (!rootcontext) {
865 rc = -ENOMEM;
866 goto out_err;
867 }
868 break;
869
870 case Opt_defcontext:
871 if (context || defcontext) {
872 rc = -EINVAL;
873 printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
874 goto out_err;
875 }
876 defcontext = match_strdup(&args[0]);
877 if (!defcontext) {
878 rc = -ENOMEM;
879 goto out_err;
880 }
881 break;
882 case Opt_labelsupport:
883 break;
884 default:
885 rc = -EINVAL;
886 printk(KERN_WARNING "SELinux: unknown mount option\n");
887 goto out_err;
888
889 }
890 }
891
892 rc = -ENOMEM;
893 opts->mnt_opts = kcalloc(NUM_SEL_MNT_OPTS, sizeof(char *), GFP_ATOMIC);
894 if (!opts->mnt_opts)
895 goto out_err;
896
897 opts->mnt_opts_flags = kcalloc(NUM_SEL_MNT_OPTS, sizeof(int), GFP_ATOMIC);
898 if (!opts->mnt_opts_flags) {
899 kfree(opts->mnt_opts);
900 goto out_err;
901 }
902
903 if (fscontext) {
904 opts->mnt_opts[num_mnt_opts] = fscontext;
905 opts->mnt_opts_flags[num_mnt_opts++] = FSCONTEXT_MNT;
906 }
907 if (context) {
908 opts->mnt_opts[num_mnt_opts] = context;
909 opts->mnt_opts_flags[num_mnt_opts++] = CONTEXT_MNT;
910 }
911 if (rootcontext) {
912 opts->mnt_opts[num_mnt_opts] = rootcontext;
913 opts->mnt_opts_flags[num_mnt_opts++] = ROOTCONTEXT_MNT;
914 }
915 if (defcontext) {
916 opts->mnt_opts[num_mnt_opts] = defcontext;
917 opts->mnt_opts_flags[num_mnt_opts++] = DEFCONTEXT_MNT;
918 }
919
920 opts->num_mnt_opts = num_mnt_opts;
921 return 0;
922
923out_err:
924 kfree(context);
925 kfree(defcontext);
926 kfree(fscontext);
927 kfree(rootcontext);
928 return rc;
929}
930
931
932
933static int superblock_doinit(struct super_block *sb, void *data)
934{
935 int rc = 0;
936 char *options = data;
937 struct security_mnt_opts opts;
938
939 security_init_mnt_opts(&opts);
940
941 if (!data)
942 goto out;
943
944 BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA);
945
946 rc = selinux_parse_opts_str(options, &opts);
947 if (rc)
948 goto out_err;
949
950out:
951 rc = selinux_set_mnt_opts(sb, &opts);
952
953out_err:
954 security_free_mnt_opts(&opts);
955 return rc;
956}
957
958static void selinux_write_opts(struct seq_file *m,
959 struct security_mnt_opts *opts)
960{
961 int i;
962 char *prefix;
963
964 for (i = 0; i < opts->num_mnt_opts; i++) {
965 char *has_comma;
966
967 if (opts->mnt_opts[i])
968 has_comma = strchr(opts->mnt_opts[i], ',');
969 else
970 has_comma = NULL;
971
972 switch (opts->mnt_opts_flags[i]) {
973 case CONTEXT_MNT:
974 prefix = CONTEXT_STR;
975 break;
976 case FSCONTEXT_MNT:
977 prefix = FSCONTEXT_STR;
978 break;
979 case ROOTCONTEXT_MNT:
980 prefix = ROOTCONTEXT_STR;
981 break;
982 case DEFCONTEXT_MNT:
983 prefix = DEFCONTEXT_STR;
984 break;
985 case SE_SBLABELSUPP:
986 seq_putc(m, ',');
987 seq_puts(m, LABELSUPP_STR);
988 continue;
989 default:
990 BUG();
991 return;
992 };
993
994 seq_putc(m, ',');
995 seq_puts(m, prefix);
996 if (has_comma)
997 seq_putc(m, '\"');
998 seq_puts(m, opts->mnt_opts[i]);
999 if (has_comma)
1000 seq_putc(m, '\"');
1001 }
1002}
1003
1004static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
1005{
1006 struct security_mnt_opts opts;
1007 int rc;
1008
1009 rc = selinux_get_mnt_opts(sb, &opts);
1010 if (rc) {
1011
1012 if (rc == -EINVAL)
1013 rc = 0;
1014 return rc;
1015 }
1016
1017 selinux_write_opts(m, &opts);
1018
1019 security_free_mnt_opts(&opts);
1020
1021 return rc;
1022}
1023
1024static inline u16 inode_mode_to_security_class(umode_t mode)
1025{
1026 switch (mode & S_IFMT) {
1027 case S_IFSOCK:
1028 return SECCLASS_SOCK_FILE;
1029 case S_IFLNK:
1030 return SECCLASS_LNK_FILE;
1031 case S_IFREG:
1032 return SECCLASS_FILE;
1033 case S_IFBLK:
1034 return SECCLASS_BLK_FILE;
1035 case S_IFDIR:
1036 return SECCLASS_DIR;
1037 case S_IFCHR:
1038 return SECCLASS_CHR_FILE;
1039 case S_IFIFO:
1040 return SECCLASS_FIFO_FILE;
1041
1042 }
1043
1044 return SECCLASS_FILE;
1045}
1046
1047static inline int default_protocol_stream(int protocol)
1048{
1049 return (protocol == IPPROTO_IP || protocol == IPPROTO_TCP);
1050}
1051
1052static inline int default_protocol_dgram(int protocol)
1053{
1054 return (protocol == IPPROTO_IP || protocol == IPPROTO_UDP);
1055}
1056
1057static inline u16 socket_type_to_security_class(int family, int type, int protocol)
1058{
1059 switch (family) {
1060 case PF_UNIX:
1061 switch (type) {
1062 case SOCK_STREAM:
1063 case SOCK_SEQPACKET:
1064 return SECCLASS_UNIX_STREAM_SOCKET;
1065 case SOCK_DGRAM:
1066 return SECCLASS_UNIX_DGRAM_SOCKET;
1067 }
1068 break;
1069 case PF_INET:
1070 case PF_INET6:
1071 switch (type) {
1072 case SOCK_STREAM:
1073 if (default_protocol_stream(protocol))
1074 return SECCLASS_TCP_SOCKET;
1075 else
1076 return SECCLASS_RAWIP_SOCKET;
1077 case SOCK_DGRAM:
1078 if (default_protocol_dgram(protocol))
1079 return SECCLASS_UDP_SOCKET;
1080 else
1081 return SECCLASS_RAWIP_SOCKET;
1082 case SOCK_DCCP:
1083 return SECCLASS_DCCP_SOCKET;
1084 default:
1085 return SECCLASS_RAWIP_SOCKET;
1086 }
1087 break;
1088 case PF_NETLINK:
1089 switch (protocol) {
1090 case NETLINK_ROUTE:
1091 return SECCLASS_NETLINK_ROUTE_SOCKET;
1092 case NETLINK_FIREWALL:
1093 return SECCLASS_NETLINK_FIREWALL_SOCKET;
1094 case NETLINK_SOCK_DIAG:
1095 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1096 case NETLINK_NFLOG:
1097 return SECCLASS_NETLINK_NFLOG_SOCKET;
1098 case NETLINK_XFRM:
1099 return SECCLASS_NETLINK_XFRM_SOCKET;
1100 case NETLINK_SELINUX:
1101 return SECCLASS_NETLINK_SELINUX_SOCKET;
1102 case NETLINK_AUDIT:
1103 return SECCLASS_NETLINK_AUDIT_SOCKET;
1104 case NETLINK_IP6_FW:
1105 return SECCLASS_NETLINK_IP6FW_SOCKET;
1106 case NETLINK_DNRTMSG:
1107 return SECCLASS_NETLINK_DNRT_SOCKET;
1108 case NETLINK_KOBJECT_UEVENT:
1109 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1110 default:
1111 return SECCLASS_NETLINK_SOCKET;
1112 }
1113 case PF_PACKET:
1114 return SECCLASS_PACKET_SOCKET;
1115 case PF_KEY:
1116 return SECCLASS_KEY_SOCKET;
1117 case PF_APPLETALK:
1118 return SECCLASS_APPLETALK_SOCKET;
1119 }
1120
1121 return SECCLASS_SOCKET;
1122}
1123
1124#ifdef CONFIG_PROC_FS
1125static int selinux_proc_get_sid(struct dentry *dentry,
1126 u16 tclass,
1127 u32 *sid)
1128{
1129 int rc;
1130 char *buffer, *path;
1131
1132 buffer = (char *)__get_free_page(GFP_KERNEL);
1133 if (!buffer)
1134 return -ENOMEM;
1135
1136 path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
1137 if (IS_ERR(path))
1138 rc = PTR_ERR(path);
1139 else {
1140
1141
1142
1143 while (path[1] >= '0' && path[1] <= '9') {
1144 path[1] = '/';
1145 path++;
1146 }
1147 rc = security_genfs_sid("proc", path, tclass, sid);
1148 }
1149 free_page((unsigned long)buffer);
1150 return rc;
1151}
1152#else
1153static int selinux_proc_get_sid(struct dentry *dentry,
1154 u16 tclass,
1155 u32 *sid)
1156{
1157 return -EINVAL;
1158}
1159#endif
1160
1161
1162static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1163{
1164 struct superblock_security_struct *sbsec = NULL;
1165 struct inode_security_struct *isec = inode->i_security;
1166 u32 sid;
1167 struct dentry *dentry;
1168#define INITCONTEXTLEN 255
1169 char *context = NULL;
1170 unsigned len = 0;
1171 int rc = 0;
1172
1173 if (isec->initialized)
1174 goto out;
1175
1176 mutex_lock(&isec->lock);
1177 if (isec->initialized)
1178 goto out_unlock;
1179
1180 sbsec = inode->i_sb->s_security;
1181 if (!(sbsec->flags & SE_SBINITIALIZED)) {
1182
1183
1184
1185 spin_lock(&sbsec->isec_lock);
1186 if (list_empty(&isec->list))
1187 list_add(&isec->list, &sbsec->isec_head);
1188 spin_unlock(&sbsec->isec_lock);
1189 goto out_unlock;
1190 }
1191
1192 switch (sbsec->behavior) {
1193 case SECURITY_FS_USE_XATTR:
1194 if (!inode->i_op->getxattr) {
1195 isec->sid = sbsec->def_sid;
1196 break;
1197 }
1198
1199
1200
1201 if (opt_dentry) {
1202
1203 dentry = dget(opt_dentry);
1204 } else {
1205
1206 dentry = d_find_alias(inode);
1207 }
1208 if (!dentry) {
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218 goto out_unlock;
1219 }
1220
1221 len = INITCONTEXTLEN;
1222 context = kmalloc(len+1, GFP_NOFS);
1223 if (!context) {
1224 rc = -ENOMEM;
1225 dput(dentry);
1226 goto out_unlock;
1227 }
1228 context[len] = '\0';
1229 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1230 context, len);
1231 if (rc == -ERANGE) {
1232 kfree(context);
1233
1234
1235 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1236 NULL, 0);
1237 if (rc < 0) {
1238 dput(dentry);
1239 goto out_unlock;
1240 }
1241 len = rc;
1242 context = kmalloc(len+1, GFP_NOFS);
1243 if (!context) {
1244 rc = -ENOMEM;
1245 dput(dentry);
1246 goto out_unlock;
1247 }
1248 context[len] = '\0';
1249 rc = inode->i_op->getxattr(dentry,
1250 XATTR_NAME_SELINUX,
1251 context, len);
1252 }
1253 dput(dentry);
1254 if (rc < 0) {
1255 if (rc != -ENODATA) {
1256 printk(KERN_WARNING "SELinux: %s: getxattr returned "
1257 "%d for dev=%s ino=%ld\n", __func__,
1258 -rc, inode->i_sb->s_id, inode->i_ino);
1259 kfree(context);
1260 goto out_unlock;
1261 }
1262
1263 sid = sbsec->def_sid;
1264 rc = 0;
1265 } else {
1266 rc = security_context_to_sid_default(context, rc, &sid,
1267 sbsec->def_sid,
1268 GFP_NOFS);
1269 if (rc) {
1270 char *dev = inode->i_sb->s_id;
1271 unsigned long ino = inode->i_ino;
1272
1273 if (rc == -EINVAL) {
1274 if (printk_ratelimit())
1275 printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
1276 "context=%s. This indicates you may need to relabel the inode or the "
1277 "filesystem in question.\n", ino, dev, context);
1278 } else {
1279 printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
1280 "returned %d for dev=%s ino=%ld\n",
1281 __func__, context, -rc, dev, ino);
1282 }
1283 kfree(context);
1284
1285 rc = 0;
1286 break;
1287 }
1288 }
1289 kfree(context);
1290 isec->sid = sid;
1291 break;
1292 case SECURITY_FS_USE_TASK:
1293 isec->sid = isec->task_sid;
1294 break;
1295 case SECURITY_FS_USE_TRANS:
1296
1297 isec->sid = sbsec->sid;
1298
1299
1300 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1301 rc = security_transition_sid(isec->task_sid, sbsec->sid,
1302 isec->sclass, NULL, &sid);
1303 if (rc)
1304 goto out_unlock;
1305 isec->sid = sid;
1306 break;
1307 case SECURITY_FS_USE_MNTPOINT:
1308 isec->sid = sbsec->mntpoint_sid;
1309 break;
1310 default:
1311
1312 isec->sid = sbsec->sid;
1313
1314 if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) {
1315 if (opt_dentry) {
1316 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1317 rc = selinux_proc_get_sid(opt_dentry,
1318 isec->sclass,
1319 &sid);
1320 if (rc)
1321 goto out_unlock;
1322 isec->sid = sid;
1323 }
1324 }
1325 break;
1326 }
1327
1328 isec->initialized = 1;
1329
1330out_unlock:
1331 mutex_unlock(&isec->lock);
1332out:
1333 if (isec->sclass == SECCLASS_FILE)
1334 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1335 return rc;
1336}
1337
1338
1339static inline u32 signal_to_av(int sig)
1340{
1341 u32 perm = 0;
1342
1343 switch (sig) {
1344 case SIGCHLD:
1345
1346 perm = PROCESS__SIGCHLD;
1347 break;
1348 case SIGKILL:
1349
1350 perm = PROCESS__SIGKILL;
1351 break;
1352 case SIGSTOP:
1353
1354 perm = PROCESS__SIGSTOP;
1355 break;
1356 default:
1357
1358 perm = PROCESS__SIGNAL;
1359 break;
1360 }
1361
1362 return perm;
1363}
1364
1365
1366
1367
1368
1369static int cred_has_perm(const struct cred *actor,
1370 const struct cred *target,
1371 u32 perms)
1372{
1373 u32 asid = cred_sid(actor), tsid = cred_sid(target);
1374
1375 return avc_has_perm(asid, tsid, SECCLASS_PROCESS, perms, NULL);
1376}
1377
1378
1379
1380
1381
1382
1383
1384static int task_has_perm(const struct task_struct *tsk1,
1385 const struct task_struct *tsk2,
1386 u32 perms)
1387{
1388 const struct task_security_struct *__tsec1, *__tsec2;
1389 u32 sid1, sid2;
1390
1391 rcu_read_lock();
1392 __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid;
1393 __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid;
1394 rcu_read_unlock();
1395 return avc_has_perm(sid1, sid2, SECCLASS_PROCESS, perms, NULL);
1396}
1397
1398
1399
1400
1401
1402
1403
1404static int current_has_perm(const struct task_struct *tsk,
1405 u32 perms)
1406{
1407 u32 sid, tsid;
1408
1409 sid = current_sid();
1410 tsid = task_sid(tsk);
1411 return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL);
1412}
1413
1414#if CAP_LAST_CAP > 63
1415#error Fix SELinux to handle capabilities > 63.
1416#endif
1417
1418
1419static int cred_has_capability(const struct cred *cred,
1420 int cap, int audit)
1421{
1422 struct common_audit_data ad;
1423 struct av_decision avd;
1424 u16 sclass;
1425 u32 sid = cred_sid(cred);
1426 u32 av = CAP_TO_MASK(cap);
1427 int rc;
1428
1429 ad.type = LSM_AUDIT_DATA_CAP;
1430 ad.u.cap = cap;
1431
1432 switch (CAP_TO_INDEX(cap)) {
1433 case 0:
1434 sclass = SECCLASS_CAPABILITY;
1435 break;
1436 case 1:
1437 sclass = SECCLASS_CAPABILITY2;
1438 break;
1439 default:
1440 printk(KERN_ERR
1441 "SELinux: out of range capability %d\n", cap);
1442 BUG();
1443 return -EINVAL;
1444 }
1445
1446 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
1447 if (audit == SECURITY_CAP_AUDIT) {
1448 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0);
1449 if (rc2)
1450 return rc2;
1451 }
1452 return rc;
1453}
1454
1455
1456static int task_has_system(struct task_struct *tsk,
1457 u32 perms)
1458{
1459 u32 sid = task_sid(tsk);
1460
1461 return avc_has_perm(sid, SECINITSID_KERNEL,
1462 SECCLASS_SYSTEM, perms, NULL);
1463}
1464
1465
1466
1467
1468static int inode_has_perm(const struct cred *cred,
1469 struct inode *inode,
1470 u32 perms,
1471 struct common_audit_data *adp,
1472 unsigned flags)
1473{
1474 struct inode_security_struct *isec;
1475 u32 sid;
1476
1477 validate_creds(cred);
1478
1479 if (unlikely(IS_PRIVATE(inode)))
1480 return 0;
1481
1482 sid = cred_sid(cred);
1483 isec = inode->i_security;
1484
1485 return avc_has_perm_flags(sid, isec->sid, isec->sclass, perms, adp, flags);
1486}
1487
1488
1489
1490
1491static inline int dentry_has_perm(const struct cred *cred,
1492 struct dentry *dentry,
1493 u32 av)
1494{
1495 struct inode *inode = dentry->d_inode;
1496 struct common_audit_data ad;
1497
1498 ad.type = LSM_AUDIT_DATA_DENTRY;
1499 ad.u.dentry = dentry;
1500 return inode_has_perm(cred, inode, av, &ad, 0);
1501}
1502
1503
1504
1505
1506static inline int path_has_perm(const struct cred *cred,
1507 struct path *path,
1508 u32 av)
1509{
1510 struct inode *inode = path->dentry->d_inode;
1511 struct common_audit_data ad;
1512
1513 ad.type = LSM_AUDIT_DATA_PATH;
1514 ad.u.path = *path;
1515 return inode_has_perm(cred, inode, av, &ad, 0);
1516}
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526static int file_has_perm(const struct cred *cred,
1527 struct file *file,
1528 u32 av)
1529{
1530 struct file_security_struct *fsec = file->f_security;
1531 struct inode *inode = file->f_path.dentry->d_inode;
1532 struct common_audit_data ad;
1533 u32 sid = cred_sid(cred);
1534 int rc;
1535
1536 ad.type = LSM_AUDIT_DATA_PATH;
1537 ad.u.path = file->f_path;
1538
1539 if (sid != fsec->sid) {
1540 rc = avc_has_perm(sid, fsec->sid,
1541 SECCLASS_FD,
1542 FD__USE,
1543 &ad);
1544 if (rc)
1545 goto out;
1546 }
1547
1548
1549 rc = 0;
1550 if (av)
1551 rc = inode_has_perm(cred, inode, av, &ad, 0);
1552
1553out:
1554 return rc;
1555}
1556
1557
1558static int may_create(struct inode *dir,
1559 struct dentry *dentry,
1560 u16 tclass)
1561{
1562 const struct task_security_struct *tsec = current_security();
1563 struct inode_security_struct *dsec;
1564 struct superblock_security_struct *sbsec;
1565 u32 sid, newsid;
1566 struct common_audit_data ad;
1567 int rc;
1568
1569 dsec = dir->i_security;
1570 sbsec = dir->i_sb->s_security;
1571
1572 sid = tsec->sid;
1573 newsid = tsec->create_sid;
1574
1575 ad.type = LSM_AUDIT_DATA_DENTRY;
1576 ad.u.dentry = dentry;
1577
1578 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
1579 DIR__ADD_NAME | DIR__SEARCH,
1580 &ad);
1581 if (rc)
1582 return rc;
1583
1584 if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
1585 rc = security_transition_sid(sid, dsec->sid, tclass,
1586 &dentry->d_name, &newsid);
1587 if (rc)
1588 return rc;
1589 }
1590
1591 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);
1592 if (rc)
1593 return rc;
1594
1595 return avc_has_perm(newsid, sbsec->sid,
1596 SECCLASS_FILESYSTEM,
1597 FILESYSTEM__ASSOCIATE, &ad);
1598}
1599
1600
1601static int may_create_key(u32 ksid,
1602 struct task_struct *ctx)
1603{
1604 u32 sid = task_sid(ctx);
1605
1606 return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1607}
1608
1609#define MAY_LINK 0
1610#define MAY_UNLINK 1
1611#define MAY_RMDIR 2
1612
1613
1614static int may_link(struct inode *dir,
1615 struct dentry *dentry,
1616 int kind)
1617
1618{
1619 struct inode_security_struct *dsec, *isec;
1620 struct common_audit_data ad;
1621 u32 sid = current_sid();
1622 u32 av;
1623 int rc;
1624
1625 dsec = dir->i_security;
1626 isec = dentry->d_inode->i_security;
1627
1628 ad.type = LSM_AUDIT_DATA_DENTRY;
1629 ad.u.dentry = dentry;
1630
1631 av = DIR__SEARCH;
1632 av |= (kind ? DIR__REMOVE_NAME : DIR__ADD_NAME);
1633 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);
1634 if (rc)
1635 return rc;
1636
1637 switch (kind) {
1638 case MAY_LINK:
1639 av = FILE__LINK;
1640 break;
1641 case MAY_UNLINK:
1642 av = FILE__UNLINK;
1643 break;
1644 case MAY_RMDIR:
1645 av = DIR__RMDIR;
1646 break;
1647 default:
1648 printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
1649 __func__, kind);
1650 return 0;
1651 }
1652
1653 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);
1654 return rc;
1655}
1656
1657static inline int may_rename(struct inode *old_dir,
1658 struct dentry *old_dentry,
1659 struct inode *new_dir,
1660 struct dentry *new_dentry)
1661{
1662 struct inode_security_struct *old_dsec, *new_dsec, *old_isec, *new_isec;
1663 struct common_audit_data ad;
1664 u32 sid = current_sid();
1665 u32 av;
1666 int old_is_dir, new_is_dir;
1667 int rc;
1668
1669 old_dsec = old_dir->i_security;
1670 old_isec = old_dentry->d_inode->i_security;
1671 old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
1672 new_dsec = new_dir->i_security;
1673
1674 ad.type = LSM_AUDIT_DATA_DENTRY;
1675
1676 ad.u.dentry = old_dentry;
1677 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
1678 DIR__REMOVE_NAME | DIR__SEARCH, &ad);
1679 if (rc)
1680 return rc;
1681 rc = avc_has_perm(sid, old_isec->sid,
1682 old_isec->sclass, FILE__RENAME, &ad);
1683 if (rc)
1684 return rc;
1685 if (old_is_dir && new_dir != old_dir) {
1686 rc = avc_has_perm(sid, old_isec->sid,
1687 old_isec->sclass, DIR__REPARENT, &ad);
1688 if (rc)
1689 return rc;
1690 }
1691
1692 ad.u.dentry = new_dentry;
1693 av = DIR__ADD_NAME | DIR__SEARCH;
1694 if (new_dentry->d_inode)
1695 av |= DIR__REMOVE_NAME;
1696 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1697 if (rc)
1698 return rc;
1699 if (new_dentry->d_inode) {
1700 new_isec = new_dentry->d_inode->i_security;
1701 new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
1702 rc = avc_has_perm(sid, new_isec->sid,
1703 new_isec->sclass,
1704 (new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
1705 if (rc)
1706 return rc;
1707 }
1708
1709 return 0;
1710}
1711
1712
1713static int superblock_has_perm(const struct cred *cred,
1714 struct super_block *sb,
1715 u32 perms,
1716 struct common_audit_data *ad)
1717{
1718 struct superblock_security_struct *sbsec;
1719 u32 sid = cred_sid(cred);
1720
1721 sbsec = sb->s_security;
1722 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
1723}
1724
1725
1726static inline u32 file_mask_to_av(int mode, int mask)
1727{
1728 u32 av = 0;
1729
1730 if (!S_ISDIR(mode)) {
1731 if (mask & MAY_EXEC)
1732 av |= FILE__EXECUTE;
1733 if (mask & MAY_READ)
1734 av |= FILE__READ;
1735
1736 if (mask & MAY_APPEND)
1737 av |= FILE__APPEND;
1738 else if (mask & MAY_WRITE)
1739 av |= FILE__WRITE;
1740
1741 } else {
1742 if (mask & MAY_EXEC)
1743 av |= DIR__SEARCH;
1744 if (mask & MAY_WRITE)
1745 av |= DIR__WRITE;
1746 if (mask & MAY_READ)
1747 av |= DIR__READ;
1748 }
1749
1750 return av;
1751}
1752
1753
1754static inline u32 file_to_av(struct file *file)
1755{
1756 u32 av = 0;
1757
1758 if (file->f_mode & FMODE_READ)
1759 av |= FILE__READ;
1760 if (file->f_mode & FMODE_WRITE) {
1761 if (file->f_flags & O_APPEND)
1762 av |= FILE__APPEND;
1763 else
1764 av |= FILE__WRITE;
1765 }
1766 if (!av) {
1767
1768
1769
1770 av = FILE__IOCTL;
1771 }
1772
1773 return av;
1774}
1775
1776
1777
1778
1779
1780static inline u32 open_file_to_av(struct file *file)
1781{
1782 u32 av = file_to_av(file);
1783
1784 if (selinux_policycap_openperm)
1785 av |= FILE__OPEN;
1786
1787 return av;
1788}
1789
1790
1791
1792static int selinux_ptrace_access_check(struct task_struct *child,
1793 unsigned int mode)
1794{
1795 int rc;
1796
1797 rc = cap_ptrace_access_check(child, mode);
1798 if (rc)
1799 return rc;
1800
1801 if (mode & PTRACE_MODE_READ) {
1802 u32 sid = current_sid();
1803 u32 csid = task_sid(child);
1804 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
1805 }
1806
1807 return current_has_perm(child, PROCESS__PTRACE);
1808}
1809
1810static int selinux_ptrace_traceme(struct task_struct *parent)
1811{
1812 int rc;
1813
1814 rc = cap_ptrace_traceme(parent);
1815 if (rc)
1816 return rc;
1817
1818 return task_has_perm(parent, current, PROCESS__PTRACE);
1819}
1820
1821static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
1822 kernel_cap_t *inheritable, kernel_cap_t *permitted)
1823{
1824 int error;
1825
1826 error = current_has_perm(target, PROCESS__GETCAP);
1827 if (error)
1828 return error;
1829
1830 return cap_capget(target, effective, inheritable, permitted);
1831}
1832
1833static int selinux_capset(struct cred *new, const struct cred *old,
1834 const kernel_cap_t *effective,
1835 const kernel_cap_t *inheritable,
1836 const kernel_cap_t *permitted)
1837{
1838 int error;
1839
1840 error = cap_capset(new, old,
1841 effective, inheritable, permitted);
1842 if (error)
1843 return error;
1844
1845 return cred_has_perm(old, new, PROCESS__SETCAP);
1846}
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
1859 int cap, int audit)
1860{
1861 int rc;
1862
1863 rc = cap_capable(cred, ns, cap, audit);
1864 if (rc)
1865 return rc;
1866
1867 return cred_has_capability(cred, cap, audit);
1868}
1869
1870static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
1871{
1872 const struct cred *cred = current_cred();
1873 int rc = 0;
1874
1875 if (!sb)
1876 return 0;
1877
1878 switch (cmds) {
1879 case Q_SYNC:
1880 case Q_QUOTAON:
1881 case Q_QUOTAOFF:
1882 case Q_SETINFO:
1883 case Q_SETQUOTA:
1884 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
1885 break;
1886 case Q_GETFMT:
1887 case Q_GETINFO:
1888 case Q_GETQUOTA:
1889 rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
1890 break;
1891 default:
1892 rc = 0;
1893 break;
1894 }
1895 return rc;
1896}
1897
1898static int selinux_quota_on(struct dentry *dentry)
1899{
1900 const struct cred *cred = current_cred();
1901
1902 return dentry_has_perm(cred, dentry, FILE__QUOTAON);
1903}
1904
1905static int selinux_syslog(int type)
1906{
1907 int rc;
1908
1909 switch (type) {
1910 case SYSLOG_ACTION_READ_ALL:
1911 case SYSLOG_ACTION_SIZE_BUFFER:
1912 rc = task_has_system(current, SYSTEM__SYSLOG_READ);
1913 break;
1914 case SYSLOG_ACTION_CONSOLE_OFF:
1915 case SYSLOG_ACTION_CONSOLE_ON:
1916
1917 case SYSLOG_ACTION_CONSOLE_LEVEL:
1918 rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
1919 break;
1920 case SYSLOG_ACTION_CLOSE:
1921 case SYSLOG_ACTION_OPEN:
1922 case SYSLOG_ACTION_READ:
1923 case SYSLOG_ACTION_READ_CLEAR:
1924 case SYSLOG_ACTION_CLEAR:
1925 default:
1926 rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
1927 break;
1928 }
1929 return rc;
1930}
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
1941{
1942 int rc, cap_sys_admin = 0;
1943
1944 rc = selinux_capable(current_cred(), &init_user_ns, CAP_SYS_ADMIN,
1945 SECURITY_CAP_NOAUDIT);
1946 if (rc == 0)
1947 cap_sys_admin = 1;
1948
1949 return __vm_enough_memory(mm, pages, cap_sys_admin);
1950}
1951
1952
1953
1954static int selinux_bprm_set_creds(struct linux_binprm *bprm)
1955{
1956 const struct task_security_struct *old_tsec;
1957 struct task_security_struct *new_tsec;
1958 struct inode_security_struct *isec;
1959 struct common_audit_data ad;
1960 struct inode *inode = bprm->file->f_path.dentry->d_inode;
1961 int rc;
1962
1963 rc = cap_bprm_set_creds(bprm);
1964 if (rc)
1965 return rc;
1966
1967
1968
1969 if (bprm->cred_prepared)
1970 return 0;
1971
1972 old_tsec = current_security();
1973 new_tsec = bprm->cred->security;
1974 isec = inode->i_security;
1975
1976
1977 new_tsec->sid = old_tsec->sid;
1978 new_tsec->osid = old_tsec->sid;
1979
1980
1981 new_tsec->create_sid = 0;
1982 new_tsec->keycreate_sid = 0;
1983 new_tsec->sockcreate_sid = 0;
1984
1985 if (old_tsec->exec_sid) {
1986 new_tsec->sid = old_tsec->exec_sid;
1987
1988 new_tsec->exec_sid = 0;
1989
1990
1991
1992
1993
1994 if (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS)
1995 return -EPERM;
1996 } else {
1997
1998 rc = security_transition_sid(old_tsec->sid, isec->sid,
1999 SECCLASS_PROCESS, NULL,
2000 &new_tsec->sid);
2001 if (rc)
2002 return rc;
2003 }
2004
2005 ad.type = LSM_AUDIT_DATA_PATH;
2006 ad.u.path = bprm->file->f_path;
2007
2008 if ((bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID) ||
2009 (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS))
2010 new_tsec->sid = old_tsec->sid;
2011
2012 if (new_tsec->sid == old_tsec->sid) {
2013 rc = avc_has_perm(old_tsec->sid, isec->sid,
2014 SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
2015 if (rc)
2016 return rc;
2017 } else {
2018
2019 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2020 SECCLASS_PROCESS, PROCESS__TRANSITION, &ad);
2021 if (rc)
2022 return rc;
2023
2024 rc = avc_has_perm(new_tsec->sid, isec->sid,
2025 SECCLASS_FILE, FILE__ENTRYPOINT, &ad);
2026 if (rc)
2027 return rc;
2028
2029
2030 if (bprm->unsafe & LSM_UNSAFE_SHARE) {
2031 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2032 SECCLASS_PROCESS, PROCESS__SHARE,
2033 NULL);
2034 if (rc)
2035 return -EPERM;
2036 }
2037
2038
2039
2040 if (bprm->unsafe &
2041 (LSM_UNSAFE_PTRACE | LSM_UNSAFE_PTRACE_CAP)) {
2042 struct task_struct *tracer;
2043 struct task_security_struct *sec;
2044 u32 ptsid = 0;
2045
2046 rcu_read_lock();
2047 tracer = ptrace_parent(current);
2048 if (likely(tracer != NULL)) {
2049 sec = __task_cred(tracer)->security;
2050 ptsid = sec->sid;
2051 }
2052 rcu_read_unlock();
2053
2054 if (ptsid != 0) {
2055 rc = avc_has_perm(ptsid, new_tsec->sid,
2056 SECCLASS_PROCESS,
2057 PROCESS__PTRACE, NULL);
2058 if (rc)
2059 return -EPERM;
2060 }
2061 }
2062
2063
2064 bprm->per_clear |= PER_CLEAR_ON_SETID;
2065 }
2066
2067 return 0;
2068}
2069
2070static int selinux_bprm_secureexec(struct linux_binprm *bprm)
2071{
2072 const struct task_security_struct *tsec = current_security();
2073 u32 sid, osid;
2074 int atsecure = 0;
2075
2076 sid = tsec->sid;
2077 osid = tsec->osid;
2078
2079 if (osid != sid) {
2080
2081
2082
2083 atsecure = avc_has_perm(osid, sid,
2084 SECCLASS_PROCESS,
2085 PROCESS__NOATSECURE, NULL);
2086 }
2087
2088 return (atsecure || cap_bprm_secureexec(bprm));
2089}
2090
2091static int match_file(const void *p, struct file *file, unsigned fd)
2092{
2093 return file_has_perm(p, file, file_to_av(file)) ? fd + 1 : 0;
2094}
2095
2096
2097static inline void flush_unauthorized_files(const struct cred *cred,
2098 struct files_struct *files)
2099{
2100 struct file *file, *devnull = NULL;
2101 struct tty_struct *tty;
2102 int drop_tty = 0;
2103 unsigned n;
2104
2105 tty = get_current_tty();
2106 if (tty) {
2107 spin_lock(&tty_files_lock);
2108 if (!list_empty(&tty->tty_files)) {
2109 struct tty_file_private *file_priv;
2110
2111
2112
2113
2114
2115
2116 file_priv = list_first_entry(&tty->tty_files,
2117 struct tty_file_private, list);
2118 file = file_priv->file;
2119 if (path_has_perm(cred, &file->f_path, FILE__READ | FILE__WRITE))
2120 drop_tty = 1;
2121 }
2122 spin_unlock(&tty_files_lock);
2123 tty_kref_put(tty);
2124 }
2125
2126 if (drop_tty)
2127 no_tty();
2128
2129
2130 n = iterate_fd(files, 0, match_file, cred);
2131 if (!n)
2132 return;
2133
2134 devnull = dentry_open(&selinux_null, O_RDWR, cred);
2135 if (IS_ERR(devnull))
2136 devnull = NULL;
2137
2138 do {
2139 replace_fd(n - 1, devnull, 0);
2140 } while ((n = iterate_fd(files, n, match_file, cred)) != 0);
2141 if (devnull)
2142 fput(devnull);
2143}
2144
2145
2146
2147
2148static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
2149{
2150 struct task_security_struct *new_tsec;
2151 struct rlimit *rlim, *initrlim;
2152 int rc, i;
2153
2154 new_tsec = bprm->cred->security;
2155 if (new_tsec->sid == new_tsec->osid)
2156 return;
2157
2158
2159 flush_unauthorized_files(bprm->cred, current->files);
2160
2161
2162 current->pdeath_signal = 0;
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2175 PROCESS__RLIMITINH, NULL);
2176 if (rc) {
2177
2178 task_lock(current);
2179 for (i = 0; i < RLIM_NLIMITS; i++) {
2180 rlim = current->signal->rlim + i;
2181 initrlim = init_task.signal->rlim + i;
2182 rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
2183 }
2184 task_unlock(current);
2185 update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
2186 }
2187}
2188
2189
2190
2191
2192
2193static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2194{
2195 const struct task_security_struct *tsec = current_security();
2196 struct itimerval itimer;
2197 u32 osid, sid;
2198 int rc, i;
2199
2200 osid = tsec->osid;
2201 sid = tsec->sid;
2202
2203 if (sid == osid)
2204 return;
2205
2206
2207
2208
2209
2210
2211
2212
2213 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2214 if (rc) {
2215 memset(&itimer, 0, sizeof itimer);
2216 for (i = 0; i < 3; i++)
2217 do_setitimer(i, &itimer, NULL);
2218 spin_lock_irq(¤t->sighand->siglock);
2219 if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) {
2220 __flush_signals(current);
2221 flush_signal_handlers(current, 1);
2222 sigemptyset(¤t->blocked);
2223 }
2224 spin_unlock_irq(¤t->sighand->siglock);
2225 }
2226
2227
2228
2229 read_lock(&tasklist_lock);
2230 __wake_up_parent(current, current->real_parent);
2231 read_unlock(&tasklist_lock);
2232}
2233
2234
2235
2236static int selinux_sb_alloc_security(struct super_block *sb)
2237{
2238 return superblock_alloc_security(sb);
2239}
2240
2241static void selinux_sb_free_security(struct super_block *sb)
2242{
2243 superblock_free_security(sb);
2244}
2245
2246static inline int match_prefix(char *prefix, int plen, char *option, int olen)
2247{
2248 if (plen > olen)
2249 return 0;
2250
2251 return !memcmp(prefix, option, plen);
2252}
2253
2254static inline int selinux_option(char *option, int len)
2255{
2256 return (match_prefix(CONTEXT_STR, sizeof(CONTEXT_STR)-1, option, len) ||
2257 match_prefix(FSCONTEXT_STR, sizeof(FSCONTEXT_STR)-1, option, len) ||
2258 match_prefix(DEFCONTEXT_STR, sizeof(DEFCONTEXT_STR)-1, option, len) ||
2259 match_prefix(ROOTCONTEXT_STR, sizeof(ROOTCONTEXT_STR)-1, option, len) ||
2260 match_prefix(LABELSUPP_STR, sizeof(LABELSUPP_STR)-1, option, len));
2261}
2262
2263static inline void take_option(char **to, char *from, int *first, int len)
2264{
2265 if (!*first) {
2266 **to = ',';
2267 *to += 1;
2268 } else
2269 *first = 0;
2270 memcpy(*to, from, len);
2271 *to += len;
2272}
2273
2274static inline void take_selinux_option(char **to, char *from, int *first,
2275 int len)
2276{
2277 int current_size = 0;
2278
2279 if (!*first) {
2280 **to = '|';
2281 *to += 1;
2282 } else
2283 *first = 0;
2284
2285 while (current_size < len) {
2286 if (*from != '"') {
2287 **to = *from;
2288 *to += 1;
2289 }
2290 from += 1;
2291 current_size += 1;
2292 }
2293}
2294
2295static int selinux_sb_copy_data(char *orig, char *copy)
2296{
2297 int fnosec, fsec, rc = 0;
2298 char *in_save, *in_curr, *in_end;
2299 char *sec_curr, *nosec_save, *nosec;
2300 int open_quote = 0;
2301
2302 in_curr = orig;
2303 sec_curr = copy;
2304
2305 nosec = (char *)get_zeroed_page(GFP_KERNEL);
2306 if (!nosec) {
2307 rc = -ENOMEM;
2308 goto out;
2309 }
2310
2311 nosec_save = nosec;
2312 fnosec = fsec = 1;
2313 in_save = in_end = orig;
2314
2315 do {
2316 if (*in_end == '"')
2317 open_quote = !open_quote;
2318 if ((*in_end == ',' && open_quote == 0) ||
2319 *in_end == '\0') {
2320 int len = in_end - in_curr;
2321
2322 if (selinux_option(in_curr, len))
2323 take_selinux_option(&sec_curr, in_curr, &fsec, len);
2324 else
2325 take_option(&nosec, in_curr, &fnosec, len);
2326
2327 in_curr = in_end + 1;
2328 }
2329 } while (*in_end++);
2330
2331 strcpy(in_save, nosec_save);
2332 free_page((unsigned long)nosec_save);
2333out:
2334 return rc;
2335}
2336
2337static int selinux_sb_remount(struct super_block *sb, void *data)
2338{
2339 int rc, i, *flags;
2340 struct security_mnt_opts opts;
2341 char *secdata, **mount_options;
2342 struct superblock_security_struct *sbsec = sb->s_security;
2343
2344 if (!(sbsec->flags & SE_SBINITIALIZED))
2345 return 0;
2346
2347 if (!data)
2348 return 0;
2349
2350 if (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
2351 return 0;
2352
2353 security_init_mnt_opts(&opts);
2354 secdata = alloc_secdata();
2355 if (!secdata)
2356 return -ENOMEM;
2357 rc = selinux_sb_copy_data(data, secdata);
2358 if (rc)
2359 goto out_free_secdata;
2360
2361 rc = selinux_parse_opts_str(secdata, &opts);
2362 if (rc)
2363 goto out_free_secdata;
2364
2365 mount_options = opts.mnt_opts;
2366 flags = opts.mnt_opts_flags;
2367
2368 for (i = 0; i < opts.num_mnt_opts; i++) {
2369 u32 sid;
2370 size_t len;
2371
2372 if (flags[i] == SE_SBLABELSUPP)
2373 continue;
2374 len = strlen(mount_options[i]);
2375 rc = security_context_to_sid(mount_options[i], len, &sid);
2376 if (rc) {
2377 printk(KERN_WARNING "SELinux: security_context_to_sid"
2378 "(%s) failed for (dev %s, type %s) errno=%d\n",
2379 mount_options[i], sb->s_id, sb->s_type->name, rc);
2380 goto out_free_opts;
2381 }
2382 rc = -EINVAL;
2383 switch (flags[i]) {
2384 case FSCONTEXT_MNT:
2385 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
2386 goto out_bad_option;
2387 break;
2388 case CONTEXT_MNT:
2389 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
2390 goto out_bad_option;
2391 break;
2392 case ROOTCONTEXT_MNT: {
2393 struct inode_security_struct *root_isec;
2394 root_isec = sb->s_root->d_inode->i_security;
2395
2396 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
2397 goto out_bad_option;
2398 break;
2399 }
2400 case DEFCONTEXT_MNT:
2401 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
2402 goto out_bad_option;
2403 break;
2404 default:
2405 goto out_free_opts;
2406 }
2407 }
2408
2409 rc = 0;
2410out_free_opts:
2411 security_free_mnt_opts(&opts);
2412out_free_secdata:
2413 free_secdata(secdata);
2414 return rc;
2415out_bad_option:
2416 printk(KERN_WARNING "SELinux: unable to change security options "
2417 "during remount (dev %s, type=%s)\n", sb->s_id,
2418 sb->s_type->name);
2419 goto out_free_opts;
2420}
2421
2422static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
2423{
2424 const struct cred *cred = current_cred();
2425 struct common_audit_data ad;
2426 int rc;
2427
2428 rc = superblock_doinit(sb, data);
2429 if (rc)
2430 return rc;
2431
2432
2433 if (flags & MS_KERNMOUNT)
2434 return 0;
2435
2436 ad.type = LSM_AUDIT_DATA_DENTRY;
2437 ad.u.dentry = sb->s_root;
2438 return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2439}
2440
2441static int selinux_sb_statfs(struct dentry *dentry)
2442{
2443 const struct cred *cred = current_cred();
2444 struct common_audit_data ad;
2445
2446 ad.type = LSM_AUDIT_DATA_DENTRY;
2447 ad.u.dentry = dentry->d_sb->s_root;
2448 return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2449}
2450
2451static int selinux_mount(const char *dev_name,
2452 struct path *path,
2453 const char *type,
2454 unsigned long flags,
2455 void *data)
2456{
2457 const struct cred *cred = current_cred();
2458
2459 if (flags & MS_REMOUNT)
2460 return superblock_has_perm(cred, path->dentry->d_sb,
2461 FILESYSTEM__REMOUNT, NULL);
2462 else
2463 return path_has_perm(cred, path, FILE__MOUNTON);
2464}
2465
2466static int selinux_umount(struct vfsmount *mnt, int flags)
2467{
2468 const struct cred *cred = current_cred();
2469
2470 return superblock_has_perm(cred, mnt->mnt_sb,
2471 FILESYSTEM__UNMOUNT, NULL);
2472}
2473
2474
2475
2476static int selinux_inode_alloc_security(struct inode *inode)
2477{
2478 return inode_alloc_security(inode);
2479}
2480
2481static void selinux_inode_free_security(struct inode *inode)
2482{
2483 inode_free_security(inode);
2484}
2485
2486static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2487 const struct qstr *qstr, char **name,
2488 void **value, size_t *len)
2489{
2490 const struct task_security_struct *tsec = current_security();
2491 struct inode_security_struct *dsec;
2492 struct superblock_security_struct *sbsec;
2493 u32 sid, newsid, clen;
2494 int rc;
2495 char *namep = NULL, *context;
2496
2497 dsec = dir->i_security;
2498 sbsec = dir->i_sb->s_security;
2499
2500 sid = tsec->sid;
2501 newsid = tsec->create_sid;
2502
2503 if ((sbsec->flags & SE_SBINITIALIZED) &&
2504 (sbsec->behavior == SECURITY_FS_USE_MNTPOINT))
2505 newsid = sbsec->mntpoint_sid;
2506 else if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
2507 rc = security_transition_sid(sid, dsec->sid,
2508 inode_mode_to_security_class(inode->i_mode),
2509 qstr, &newsid);
2510 if (rc) {
2511 printk(KERN_WARNING "%s: "
2512 "security_transition_sid failed, rc=%d (dev=%s "
2513 "ino=%ld)\n",
2514 __func__,
2515 -rc, inode->i_sb->s_id, inode->i_ino);
2516 return rc;
2517 }
2518 }
2519
2520
2521 if (sbsec->flags & SE_SBINITIALIZED) {
2522 struct inode_security_struct *isec = inode->i_security;
2523 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2524 isec->sid = newsid;
2525 isec->initialized = 1;
2526 }
2527
2528 if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP))
2529 return -EOPNOTSUPP;
2530
2531 if (name) {
2532 namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS);
2533 if (!namep)
2534 return -ENOMEM;
2535 *name = namep;
2536 }
2537
2538 if (value && len) {
2539 rc = security_sid_to_context_force(newsid, &context, &clen);
2540 if (rc) {
2541 kfree(namep);
2542 return rc;
2543 }
2544 *value = context;
2545 *len = clen;
2546 }
2547
2548 return 0;
2549}
2550
2551static int selinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
2552{
2553 return may_create(dir, dentry, SECCLASS_FILE);
2554}
2555
2556static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2557{
2558 return may_link(dir, old_dentry, MAY_LINK);
2559}
2560
2561static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2562{
2563 return may_link(dir, dentry, MAY_UNLINK);
2564}
2565
2566static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2567{
2568 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2569}
2570
2571static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask)
2572{
2573 return may_create(dir, dentry, SECCLASS_DIR);
2574}
2575
2576static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2577{
2578 return may_link(dir, dentry, MAY_RMDIR);
2579}
2580
2581static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
2582{
2583 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2584}
2585
2586static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2587 struct inode *new_inode, struct dentry *new_dentry)
2588{
2589 return may_rename(old_inode, old_dentry, new_inode, new_dentry);
2590}
2591
2592static int selinux_inode_readlink(struct dentry *dentry)
2593{
2594 const struct cred *cred = current_cred();
2595
2596 return dentry_has_perm(cred, dentry, FILE__READ);
2597}
2598
2599static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata)
2600{
2601 const struct cred *cred = current_cred();
2602
2603 return dentry_has_perm(cred, dentry, FILE__READ);
2604}
2605
2606static noinline int audit_inode_permission(struct inode *inode,
2607 u32 perms, u32 audited, u32 denied,
2608 unsigned flags)
2609{
2610 struct common_audit_data ad;
2611 struct inode_security_struct *isec = inode->i_security;
2612 int rc;
2613
2614 ad.type = LSM_AUDIT_DATA_INODE;
2615 ad.u.inode = inode;
2616
2617 rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms,
2618 audited, denied, &ad, flags);
2619 if (rc)
2620 return rc;
2621 return 0;
2622}
2623
2624static int selinux_inode_permission(struct inode *inode, int mask)
2625{
2626 const struct cred *cred = current_cred();
2627 u32 perms;
2628 bool from_access;
2629 unsigned flags = mask & MAY_NOT_BLOCK;
2630 struct inode_security_struct *isec;
2631 u32 sid;
2632 struct av_decision avd;
2633 int rc, rc2;
2634 u32 audited, denied;
2635
2636 from_access = mask & MAY_ACCESS;
2637 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
2638
2639
2640 if (!mask)
2641 return 0;
2642
2643 validate_creds(cred);
2644
2645 if (unlikely(IS_PRIVATE(inode)))
2646 return 0;
2647
2648 perms = file_mask_to_av(inode->i_mode, mask);
2649
2650 sid = cred_sid(cred);
2651 isec = inode->i_security;
2652
2653 rc = avc_has_perm_noaudit(sid, isec->sid, isec->sclass, perms, 0, &avd);
2654 audited = avc_audit_required(perms, &avd, rc,
2655 from_access ? FILE__AUDIT_ACCESS : 0,
2656 &denied);
2657 if (likely(!audited))
2658 return rc;
2659
2660 rc2 = audit_inode_permission(inode, perms, audited, denied, flags);
2661 if (rc2)
2662 return rc2;
2663 return rc;
2664}
2665
2666static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
2667{
2668 const struct cred *cred = current_cred();
2669 unsigned int ia_valid = iattr->ia_valid;
2670 __u32 av = FILE__WRITE;
2671
2672
2673 if (ia_valid & ATTR_FORCE) {
2674 ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE |
2675 ATTR_FORCE);
2676 if (!ia_valid)
2677 return 0;
2678 }
2679
2680 if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
2681 ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_TIMES_SET))
2682 return dentry_has_perm(cred, dentry, FILE__SETATTR);
2683
2684 if (selinux_policycap_openperm && (ia_valid & ATTR_SIZE))
2685 av |= FILE__OPEN;
2686
2687 return dentry_has_perm(cred, dentry, av);
2688}
2689
2690static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
2691{
2692 const struct cred *cred = current_cred();
2693 struct path path;
2694
2695 path.dentry = dentry;
2696 path.mnt = mnt;
2697
2698 return path_has_perm(cred, &path, FILE__GETATTR);
2699}
2700
2701static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
2702{
2703 const struct cred *cred = current_cred();
2704
2705 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2706 sizeof XATTR_SECURITY_PREFIX - 1)) {
2707 if (!strcmp(name, XATTR_NAME_CAPS)) {
2708 if (!capable(CAP_SETFCAP))
2709 return -EPERM;
2710 } else if (!capable(CAP_SYS_ADMIN)) {
2711
2712
2713 return -EPERM;
2714 }
2715 }
2716
2717
2718
2719 return dentry_has_perm(cred, dentry, FILE__SETATTR);
2720}
2721
2722static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2723 const void *value, size_t size, int flags)
2724{
2725 struct inode *inode = dentry->d_inode;
2726 struct inode_security_struct *isec = inode->i_security;
2727 struct superblock_security_struct *sbsec;
2728 struct common_audit_data ad;
2729 u32 newsid, sid = current_sid();
2730 int rc = 0;
2731
2732 if (strcmp(name, XATTR_NAME_SELINUX))
2733 return selinux_inode_setotherxattr(dentry, name);
2734
2735 sbsec = inode->i_sb->s_security;
2736 if (!(sbsec->flags & SE_SBLABELSUPP))
2737 return -EOPNOTSUPP;
2738
2739 if (!inode_owner_or_capable(inode))
2740 return -EPERM;
2741
2742 ad.type = LSM_AUDIT_DATA_DENTRY;
2743 ad.u.dentry = dentry;
2744
2745 rc = avc_has_perm(sid, isec->sid, isec->sclass,
2746 FILE__RELABELFROM, &ad);
2747 if (rc)
2748 return rc;
2749
2750 rc = security_context_to_sid(value, size, &newsid);
2751 if (rc == -EINVAL) {
2752 if (!capable(CAP_MAC_ADMIN)) {
2753 struct audit_buffer *ab;
2754 size_t audit_size;
2755 const char *str;
2756
2757
2758
2759 if (value) {
2760 str = value;
2761 if (str[size - 1] == '\0')
2762 audit_size = size - 1;
2763 else
2764 audit_size = size;
2765 } else {
2766 str = "";
2767 audit_size = 0;
2768 }
2769 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
2770 audit_log_format(ab, "op=setxattr invalid_context=");
2771 audit_log_n_untrustedstring(ab, value, audit_size);
2772 audit_log_end(ab);
2773
2774 return rc;
2775 }
2776 rc = security_context_to_sid_force(value, size, &newsid);
2777 }
2778 if (rc)
2779 return rc;
2780
2781 rc = avc_has_perm(sid, newsid, isec->sclass,
2782 FILE__RELABELTO, &ad);
2783 if (rc)
2784 return rc;
2785
2786 rc = security_validate_transition(isec->sid, newsid, sid,
2787 isec->sclass);
2788 if (rc)
2789 return rc;
2790
2791 return avc_has_perm(newsid,
2792 sbsec->sid,
2793 SECCLASS_FILESYSTEM,
2794 FILESYSTEM__ASSOCIATE,
2795 &ad);
2796}
2797
2798static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
2799 const void *value, size_t size,
2800 int flags)
2801{
2802 struct inode *inode = dentry->d_inode;
2803 struct inode_security_struct *isec = inode->i_security;
2804 u32 newsid;
2805 int rc;
2806
2807 if (strcmp(name, XATTR_NAME_SELINUX)) {
2808
2809 return;
2810 }
2811
2812 rc = security_context_to_sid_force(value, size, &newsid);
2813 if (rc) {
2814 printk(KERN_ERR "SELinux: unable to map context to SID"
2815 "for (%s, %lu), rc=%d\n",
2816 inode->i_sb->s_id, inode->i_ino, -rc);
2817 return;
2818 }
2819
2820 isec->sid = newsid;
2821 return;
2822}
2823
2824static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
2825{
2826 const struct cred *cred = current_cred();
2827
2828 return dentry_has_perm(cred, dentry, FILE__GETATTR);
2829}
2830
2831static int selinux_inode_listxattr(struct dentry *dentry)
2832{
2833 const struct cred *cred = current_cred();
2834
2835 return dentry_has_perm(cred, dentry, FILE__GETATTR);
2836}
2837
2838static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
2839{
2840 if (strcmp(name, XATTR_NAME_SELINUX))
2841 return selinux_inode_setotherxattr(dentry, name);
2842
2843
2844
2845 return -EACCES;
2846}
2847
2848
2849
2850
2851
2852
2853static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
2854{
2855 u32 size;
2856 int error;
2857 char *context = NULL;
2858 struct inode_security_struct *isec = inode->i_security;
2859
2860 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2861 return -EOPNOTSUPP;
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872 error = selinux_capable(current_cred(), &init_user_ns, CAP_MAC_ADMIN,
2873 SECURITY_CAP_NOAUDIT);
2874 if (!error)
2875 error = security_sid_to_context_force(isec->sid, &context,
2876 &size);
2877 else
2878 error = security_sid_to_context(isec->sid, &context, &size);
2879 if (error)
2880 return error;
2881 error = size;
2882 if (alloc) {
2883 *buffer = context;
2884 goto out_nofree;
2885 }
2886 kfree(context);
2887out_nofree:
2888 return error;
2889}
2890
2891static int selinux_inode_setsecurity(struct inode *inode, const char *name,
2892 const void *value, size_t size, int flags)
2893{
2894 struct inode_security_struct *isec = inode->i_security;
2895 u32 newsid;
2896 int rc;
2897
2898 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2899 return -EOPNOTSUPP;
2900
2901 if (!value || !size)
2902 return -EACCES;
2903
2904 rc = security_context_to_sid((void *)value, size, &newsid);
2905 if (rc)
2906 return rc;
2907
2908 isec->sid = newsid;
2909 isec->initialized = 1;
2910 return 0;
2911}
2912
2913static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
2914{
2915 const int len = sizeof(XATTR_NAME_SELINUX);
2916 if (buffer && len <= buffer_size)
2917 memcpy(buffer, XATTR_NAME_SELINUX, len);
2918 return len;
2919}
2920
2921static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
2922{
2923 struct inode_security_struct *isec = inode->i_security;
2924 *secid = isec->sid;
2925}
2926
2927
2928
2929static int selinux_revalidate_file_permission(struct file *file, int mask)
2930{
2931 const struct cred *cred = current_cred();
2932 struct inode *inode = file->f_path.dentry->d_inode;
2933
2934
2935 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
2936 mask |= MAY_APPEND;
2937
2938 return file_has_perm(cred, file,
2939 file_mask_to_av(inode->i_mode, mask));
2940}
2941
2942static int selinux_file_permission(struct file *file, int mask)
2943{
2944 struct inode *inode = file->f_path.dentry->d_inode;
2945 struct file_security_struct *fsec = file->f_security;
2946 struct inode_security_struct *isec = inode->i_security;
2947 u32 sid = current_sid();
2948
2949 if (!mask)
2950
2951 return 0;
2952
2953 if (sid == fsec->sid && fsec->isid == isec->sid &&
2954 fsec->pseqno == avc_policy_seqno())
2955
2956 return 0;
2957
2958 return selinux_revalidate_file_permission(file, mask);
2959}
2960
2961static int selinux_file_alloc_security(struct file *file)
2962{
2963 return file_alloc_security(file);
2964}
2965
2966static void selinux_file_free_security(struct file *file)
2967{
2968 file_free_security(file);
2969}
2970
2971static int selinux_file_ioctl(struct file *file, unsigned int cmd,
2972 unsigned long arg)
2973{
2974 const struct cred *cred = current_cred();
2975 int error = 0;
2976
2977 switch (cmd) {
2978 case FIONREAD:
2979
2980 case FIBMAP:
2981
2982 case FIGETBSZ:
2983
2984 case FS_IOC_GETFLAGS:
2985
2986 case FS_IOC_GETVERSION:
2987 error = file_has_perm(cred, file, FILE__GETATTR);
2988 break;
2989
2990 case FS_IOC_SETFLAGS:
2991
2992 case FS_IOC_SETVERSION:
2993 error = file_has_perm(cred, file, FILE__SETATTR);
2994 break;
2995
2996
2997 case FIONBIO:
2998
2999 case FIOASYNC:
3000 error = file_has_perm(cred, file, 0);
3001 break;
3002
3003 case KDSKBENT:
3004 case KDSKBSENT:
3005 error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG,
3006 SECURITY_CAP_AUDIT);
3007 break;
3008
3009
3010
3011
3012 default:
3013 error = file_has_perm(cred, file, FILE__IOCTL);
3014 }
3015 return error;
3016}
3017
3018static int default_noexec;
3019
3020static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
3021{
3022 const struct cred *cred = current_cred();
3023 int rc = 0;
3024
3025 if (default_noexec &&
3026 (prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) {
3027
3028
3029
3030
3031
3032 rc = cred_has_perm(cred, cred, PROCESS__EXECMEM);
3033 if (rc)
3034 goto error;
3035 }
3036
3037 if (file) {
3038
3039 u32 av = FILE__READ;
3040
3041
3042 if (shared && (prot & PROT_WRITE))
3043 av |= FILE__WRITE;
3044
3045 if (prot & PROT_EXEC)
3046 av |= FILE__EXECUTE;
3047
3048 return file_has_perm(cred, file, av);
3049 }
3050
3051error:
3052 return rc;
3053}
3054
3055static int selinux_mmap_addr(unsigned long addr)
3056{
3057 int rc = 0;
3058 u32 sid = current_sid();
3059
3060
3061
3062
3063
3064
3065
3066 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
3067 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
3068 MEMPROTECT__MMAP_ZERO, NULL);
3069 if (rc)
3070 return rc;
3071 }
3072
3073
3074 return cap_mmap_addr(addr);
3075}
3076
3077static int selinux_mmap_file(struct file *file, unsigned long reqprot,
3078 unsigned long prot, unsigned long flags)
3079{
3080 if (selinux_checkreqprot)
3081 prot = reqprot;
3082
3083 return file_map_prot_check(file, prot,
3084 (flags & MAP_TYPE) == MAP_SHARED);
3085}
3086
3087static int selinux_file_mprotect(struct vm_area_struct *vma,
3088 unsigned long reqprot,
3089 unsigned long prot)
3090{
3091 const struct cred *cred = current_cred();
3092
3093 if (selinux_checkreqprot)
3094 prot = reqprot;
3095
3096 if (default_noexec &&
3097 (prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
3098 int rc = 0;
3099 if (vma->vm_start >= vma->vm_mm->start_brk &&
3100 vma->vm_end <= vma->vm_mm->brk) {
3101 rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP);
3102 } else if (!vma->vm_file &&
3103 vma->vm_start <= vma->vm_mm->start_stack &&
3104 vma->vm_end >= vma->vm_mm->start_stack) {
3105 rc = current_has_perm(current, PROCESS__EXECSTACK);
3106 } else if (vma->vm_file && vma->anon_vma) {
3107
3108
3109
3110
3111
3112
3113
3114 rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3115 }
3116 if (rc)
3117 return rc;
3118 }
3119
3120 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);
3121}
3122
3123static int selinux_file_lock(struct file *file, unsigned int cmd)
3124{
3125 const struct cred *cred = current_cred();
3126
3127 return file_has_perm(cred, file, FILE__LOCK);
3128}
3129
3130static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3131 unsigned long arg)
3132{
3133 const struct cred *cred = current_cred();
3134 int err = 0;
3135
3136 switch (cmd) {
3137 case F_SETFL:
3138 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3139 err = -EINVAL;
3140 break;
3141 }
3142
3143 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3144 err = file_has_perm(cred, file, FILE__WRITE);
3145 break;
3146 }
3147
3148 case F_SETOWN:
3149 case F_SETSIG:
3150 case F_GETFL:
3151 case F_GETOWN:
3152 case F_GETSIG:
3153 case F_GETOWNER_UIDS:
3154
3155 err = file_has_perm(cred, file, 0);
3156 break;
3157 case F_GETLK:
3158 case F_SETLK:
3159 case F_SETLKW:
3160#if BITS_PER_LONG == 32
3161 case F_GETLK64:
3162 case F_SETLK64:
3163 case F_SETLKW64:
3164#endif
3165 if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
3166 err = -EINVAL;
3167 break;
3168 }
3169 err = file_has_perm(cred, file, FILE__LOCK);
3170 break;
3171 }
3172
3173 return err;
3174}
3175
3176static int selinux_file_set_fowner(struct file *file)
3177{
3178 struct file_security_struct *fsec;
3179
3180 fsec = file->f_security;
3181 fsec->fown_sid = current_sid();
3182
3183 return 0;
3184}
3185
3186static int selinux_file_send_sigiotask(struct task_struct *tsk,
3187 struct fown_struct *fown, int signum)
3188{
3189 struct file *file;
3190 u32 sid = task_sid(tsk);
3191 u32 perm;
3192 struct file_security_struct *fsec;
3193
3194
3195 file = container_of(fown, struct file, f_owner);
3196
3197 fsec = file->f_security;
3198
3199 if (!signum)
3200 perm = signal_to_av(SIGIO);
3201 else
3202 perm = signal_to_av(signum);
3203
3204 return avc_has_perm(fsec->fown_sid, sid,
3205 SECCLASS_PROCESS, perm, NULL);
3206}
3207
3208static int selinux_file_receive(struct file *file)
3209{
3210 const struct cred *cred = current_cred();
3211
3212 return file_has_perm(cred, file, file_to_av(file));
3213}
3214
3215static int selinux_file_open(struct file *file, const struct cred *cred)
3216{
3217 struct file_security_struct *fsec;
3218 struct inode_security_struct *isec;
3219
3220 fsec = file->f_security;
3221 isec = file->f_path.dentry->d_inode->i_security;
3222
3223
3224
3225
3226
3227
3228
3229 fsec->isid = isec->sid;
3230 fsec->pseqno = avc_policy_seqno();
3231
3232
3233
3234
3235
3236
3237
3238
3239 return path_has_perm(cred, &file->f_path, open_file_to_av(file));
3240}
3241
3242
3243
3244static int selinux_task_create(unsigned long clone_flags)
3245{
3246 return current_has_perm(current, PROCESS__FORK);
3247}
3248
3249
3250
3251
3252static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp)
3253{
3254 struct task_security_struct *tsec;
3255
3256 tsec = kzalloc(sizeof(struct task_security_struct), gfp);
3257 if (!tsec)
3258 return -ENOMEM;
3259
3260 cred->security = tsec;
3261 return 0;
3262}
3263
3264
3265
3266
3267static void selinux_cred_free(struct cred *cred)
3268{
3269 struct task_security_struct *tsec = cred->security;
3270
3271
3272
3273
3274
3275 BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE);
3276 cred->security = (void *) 0x7UL;
3277 kfree(tsec);
3278}
3279
3280
3281
3282
3283static int selinux_cred_prepare(struct cred *new, const struct cred *old,
3284 gfp_t gfp)
3285{
3286 const struct task_security_struct *old_tsec;
3287 struct task_security_struct *tsec;
3288
3289 old_tsec = old->security;
3290
3291 tsec = kmemdup(old_tsec, sizeof(struct task_security_struct), gfp);
3292 if (!tsec)
3293 return -ENOMEM;
3294
3295 new->security = tsec;
3296 return 0;
3297}
3298
3299
3300
3301
3302static void selinux_cred_transfer(struct cred *new, const struct cred *old)
3303{
3304 const struct task_security_struct *old_tsec = old->security;
3305 struct task_security_struct *tsec = new->security;
3306
3307 *tsec = *old_tsec;
3308}
3309
3310
3311
3312
3313
3314static int selinux_kernel_act_as(struct cred *new, u32 secid)
3315{
3316 struct task_security_struct *tsec = new->security;
3317 u32 sid = current_sid();
3318 int ret;
3319
3320 ret = avc_has_perm(sid, secid,
3321 SECCLASS_KERNEL_SERVICE,
3322 KERNEL_SERVICE__USE_AS_OVERRIDE,
3323 NULL);
3324 if (ret == 0) {
3325 tsec->sid = secid;
3326 tsec->create_sid = 0;
3327 tsec->keycreate_sid = 0;
3328 tsec->sockcreate_sid = 0;
3329 }
3330 return ret;
3331}
3332
3333
3334
3335
3336
3337static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3338{
3339 struct inode_security_struct *isec = inode->i_security;
3340 struct task_security_struct *tsec = new->security;
3341 u32 sid = current_sid();
3342 int ret;
3343
3344 ret = avc_has_perm(sid, isec->sid,
3345 SECCLASS_KERNEL_SERVICE,
3346 KERNEL_SERVICE__CREATE_FILES_AS,
3347 NULL);
3348
3349 if (ret == 0)
3350 tsec->create_sid = isec->sid;
3351 return ret;
3352}
3353
3354static int selinux_kernel_module_request(char *kmod_name)
3355{
3356 u32 sid;
3357 struct common_audit_data ad;
3358
3359 sid = task_sid(current);
3360
3361 ad.type = LSM_AUDIT_DATA_KMOD;
3362 ad.u.kmod_name = kmod_name;
3363
3364 return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM,
3365 SYSTEM__MODULE_REQUEST, &ad);
3366}
3367
3368static int selinux_task_setpgid(struct task_struct *p, pid_t pgid)
3369{
3370 return current_has_perm(p, PROCESS__SETPGID);
3371}
3372
3373static int selinux_task_getpgid(struct task_struct *p)
3374{
3375 return current_has_perm(p, PROCESS__GETPGID);
3376}
3377
3378static int selinux_task_getsid(struct task_struct *p)
3379{
3380 return current_has_perm(p, PROCESS__GETSESSION);
3381}
3382
3383static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
3384{
3385 *secid = task_sid(p);
3386}
3387
3388static int selinux_task_setnice(struct task_struct *p, int nice)
3389{
3390 int rc;
3391
3392 rc = cap_task_setnice(p, nice);
3393 if (rc)
3394 return rc;
3395
3396 return current_has_perm(p, PROCESS__SETSCHED);
3397}
3398
3399static int selinux_task_setioprio(struct task_struct *p, int ioprio)
3400{
3401 int rc;
3402
3403 rc = cap_task_setioprio(p, ioprio);
3404 if (rc)
3405 return rc;
3406
3407 return current_has_perm(p, PROCESS__SETSCHED);
3408}
3409
3410static int selinux_task_getioprio(struct task_struct *p)
3411{
3412 return current_has_perm(p, PROCESS__GETSCHED);
3413}
3414
3415static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
3416 struct rlimit *new_rlim)
3417{
3418 struct rlimit *old_rlim = p->signal->rlim + resource;
3419
3420
3421
3422
3423
3424 if (old_rlim->rlim_max != new_rlim->rlim_max)
3425 return current_has_perm(p, PROCESS__SETRLIMIT);
3426
3427 return 0;
3428}
3429
3430static int selinux_task_setscheduler(struct task_struct *p)
3431{
3432 int rc;
3433
3434 rc = cap_task_setscheduler(p);
3435 if (rc)
3436 return rc;
3437
3438 return current_has_perm(p, PROCESS__SETSCHED);
3439}
3440
3441static int selinux_task_getscheduler(struct task_struct *p)
3442{
3443 return current_has_perm(p, PROCESS__GETSCHED);
3444}
3445
3446static int selinux_task_movememory(struct task_struct *p)
3447{
3448 return current_has_perm(p, PROCESS__SETSCHED);
3449}
3450
3451static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
3452 int sig, u32 secid)
3453{
3454 u32 perm;
3455 int rc;
3456
3457 if (!sig)
3458 perm = PROCESS__SIGNULL;
3459 else
3460 perm = signal_to_av(sig);
3461 if (secid)
3462 rc = avc_has_perm(secid, task_sid(p),
3463 SECCLASS_PROCESS, perm, NULL);
3464 else
3465 rc = current_has_perm(p, perm);
3466 return rc;
3467}
3468
3469static int selinux_task_wait(struct task_struct *p)
3470{
3471 return task_has_perm(p, current, PROCESS__SIGCHLD);
3472}
3473
3474static void selinux_task_to_inode(struct task_struct *p,
3475 struct inode *inode)
3476{
3477 struct inode_security_struct *isec = inode->i_security;
3478 u32 sid = task_sid(p);
3479
3480 isec->sid = sid;
3481 isec->initialized = 1;
3482}
3483
3484
3485static int selinux_parse_skb_ipv4(struct sk_buff *skb,
3486 struct common_audit_data *ad, u8 *proto)
3487{
3488 int offset, ihlen, ret = -EINVAL;
3489 struct iphdr _iph, *ih;
3490
3491 offset = skb_network_offset(skb);
3492 ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
3493 if (ih == NULL)
3494 goto out;
3495
3496 ihlen = ih->ihl * 4;
3497 if (ihlen < sizeof(_iph))
3498 goto out;
3499
3500 ad->u.net->v4info.saddr = ih->saddr;
3501 ad->u.net->v4info.daddr = ih->daddr;
3502 ret = 0;
3503
3504 if (proto)
3505 *proto = ih->protocol;
3506
3507 switch (ih->protocol) {
3508 case IPPROTO_TCP: {
3509 struct tcphdr _tcph, *th;
3510
3511 if (ntohs(ih->frag_off) & IP_OFFSET)
3512 break;
3513
3514 offset += ihlen;
3515 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3516 if (th == NULL)
3517 break;
3518
3519 ad->u.net->sport = th->source;
3520 ad->u.net->dport = th->dest;
3521 break;
3522 }
3523
3524 case IPPROTO_UDP: {
3525 struct udphdr _udph, *uh;
3526
3527 if (ntohs(ih->frag_off) & IP_OFFSET)
3528 break;
3529
3530 offset += ihlen;
3531 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3532 if (uh == NULL)
3533 break;
3534
3535 ad->u.net->sport = uh->source;
3536 ad->u.net->dport = uh->dest;
3537 break;
3538 }
3539
3540 case IPPROTO_DCCP: {
3541 struct dccp_hdr _dccph, *dh;
3542
3543 if (ntohs(ih->frag_off) & IP_OFFSET)
3544 break;
3545
3546 offset += ihlen;
3547 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3548 if (dh == NULL)
3549 break;
3550
3551 ad->u.net->sport = dh->dccph_sport;
3552 ad->u.net->dport = dh->dccph_dport;
3553 break;
3554 }
3555
3556 default:
3557 break;
3558 }
3559out:
3560 return ret;
3561}
3562
3563#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3564
3565
3566static int selinux_parse_skb_ipv6(struct sk_buff *skb,
3567 struct common_audit_data *ad, u8 *proto)
3568{
3569 u8 nexthdr;
3570 int ret = -EINVAL, offset;
3571 struct ipv6hdr _ipv6h, *ip6;
3572 __be16 frag_off;
3573
3574 offset = skb_network_offset(skb);
3575 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3576 if (ip6 == NULL)
3577 goto out;
3578
3579 ad->u.net->v6info.saddr = ip6->saddr;
3580 ad->u.net->v6info.daddr = ip6->daddr;
3581 ret = 0;
3582
3583 nexthdr = ip6->nexthdr;
3584 offset += sizeof(_ipv6h);
3585 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3586 if (offset < 0)
3587 goto out;
3588
3589 if (proto)
3590 *proto = nexthdr;
3591
3592 switch (nexthdr) {
3593 case IPPROTO_TCP: {
3594 struct tcphdr _tcph, *th;
3595
3596 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3597 if (th == NULL)
3598 break;
3599
3600 ad->u.net->sport = th->source;
3601 ad->u.net->dport = th->dest;
3602 break;
3603 }
3604
3605 case IPPROTO_UDP: {
3606 struct udphdr _udph, *uh;
3607
3608 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3609 if (uh == NULL)
3610 break;
3611
3612 ad->u.net->sport = uh->source;
3613 ad->u.net->dport = uh->dest;
3614 break;
3615 }
3616
3617 case IPPROTO_DCCP: {
3618 struct dccp_hdr _dccph, *dh;
3619
3620 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3621 if (dh == NULL)
3622 break;
3623
3624 ad->u.net->sport = dh->dccph_sport;
3625 ad->u.net->dport = dh->dccph_dport;
3626 break;
3627 }
3628
3629
3630 default:
3631 break;
3632 }
3633out:
3634 return ret;
3635}
3636
3637#endif
3638
3639static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
3640 char **_addrp, int src, u8 *proto)
3641{
3642 char *addrp;
3643 int ret;
3644
3645 switch (ad->u.net->family) {
3646 case PF_INET:
3647 ret = selinux_parse_skb_ipv4(skb, ad, proto);
3648 if (ret)
3649 goto parse_error;
3650 addrp = (char *)(src ? &ad->u.net->v4info.saddr :
3651 &ad->u.net->v4info.daddr);
3652 goto okay;
3653
3654#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3655 case PF_INET6:
3656 ret = selinux_parse_skb_ipv6(skb, ad, proto);
3657 if (ret)
3658 goto parse_error;
3659 addrp = (char *)(src ? &ad->u.net->v6info.saddr :
3660 &ad->u.net->v6info.daddr);
3661 goto okay;
3662#endif
3663 default:
3664 addrp = NULL;
3665 goto okay;
3666 }
3667
3668parse_error:
3669 printk(KERN_WARNING
3670 "SELinux: failure in selinux_parse_skb(),"
3671 " unable to parse packet\n");
3672 return ret;
3673
3674okay:
3675 if (_addrp)
3676 *_addrp = addrp;
3677 return 0;
3678}
3679
3680
3681
3682
3683
3684
3685
3686
3687
3688
3689
3690
3691
3692
3693
3694
3695static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
3696{
3697 int err;
3698 u32 xfrm_sid;
3699 u32 nlbl_sid;
3700 u32 nlbl_type;
3701
3702 selinux_skb_xfrm_sid(skb, &xfrm_sid);
3703 selinux_netlbl_skbuff_getsid(skb, family, &nlbl_type, &nlbl_sid);
3704
3705 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
3706 if (unlikely(err)) {
3707 printk(KERN_WARNING
3708 "SELinux: failure in selinux_skb_peerlbl_sid(),"
3709 " unable to determine packet's peer label\n");
3710 return -EACCES;
3711 }
3712
3713 return 0;
3714}
3715
3716
3717
3718static int socket_sockcreate_sid(const struct task_security_struct *tsec,
3719 u16 secclass, u32 *socksid)
3720{
3721 if (tsec->sockcreate_sid > SECSID_NULL) {
3722 *socksid = tsec->sockcreate_sid;
3723 return 0;
3724 }
3725
3726 return security_transition_sid(tsec->sid, tsec->sid, secclass, NULL,
3727 socksid);
3728}
3729
3730static int sock_has_perm(struct task_struct *task, struct sock *sk, u32 perms)
3731{
3732 struct sk_security_struct *sksec = sk->sk_security;
3733 struct common_audit_data ad;
3734 struct lsm_network_audit net = {0,};
3735 u32 tsid = task_sid(task);
3736
3737 if (sksec->sid == SECINITSID_KERNEL)
3738 return 0;
3739
3740 ad.type = LSM_AUDIT_DATA_NET;
3741 ad.u.net = &net;
3742 ad.u.net->sk = sk;
3743
3744 return avc_has_perm(tsid, sksec->sid, sksec->sclass, perms, &ad);
3745}
3746
3747static int selinux_socket_create(int family, int type,
3748 int protocol, int kern)
3749{
3750 const struct task_security_struct *tsec = current_security();
3751 u32 newsid;
3752 u16 secclass;
3753 int rc;
3754
3755 if (kern)
3756 return 0;
3757
3758 secclass = socket_type_to_security_class(family, type, protocol);
3759 rc = socket_sockcreate_sid(tsec, secclass, &newsid);
3760 if (rc)
3761 return rc;
3762
3763 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
3764}
3765
3766static int selinux_socket_post_create(struct socket *sock, int family,
3767 int type, int protocol, int kern)
3768{
3769 const struct task_security_struct *tsec = current_security();
3770 struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;
3771 struct sk_security_struct *sksec;
3772 int err = 0;
3773
3774 isec->sclass = socket_type_to_security_class(family, type, protocol);
3775
3776 if (kern)
3777 isec->sid = SECINITSID_KERNEL;
3778 else {
3779 err = socket_sockcreate_sid(tsec, isec->sclass, &(isec->sid));
3780 if (err)
3781 return err;
3782 }
3783
3784 isec->initialized = 1;
3785
3786 if (sock->sk) {
3787 sksec = sock->sk->sk_security;
3788 sksec->sid = isec->sid;
3789 sksec->sclass = isec->sclass;
3790 err = selinux_netlbl_socket_post_create(sock->sk, family);
3791 }
3792
3793 return err;
3794}
3795
3796
3797
3798
3799
3800static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
3801{
3802 struct sock *sk = sock->sk;
3803 u16 family;
3804 int err;
3805
3806 err = sock_has_perm(current, sk, SOCKET__BIND);
3807 if (err)
3808 goto out;
3809
3810
3811
3812
3813
3814
3815 family = sk->sk_family;
3816 if (family == PF_INET || family == PF_INET6) {
3817 char *addrp;
3818 struct sk_security_struct *sksec = sk->sk_security;
3819 struct common_audit_data ad;
3820 struct lsm_network_audit net = {0,};
3821 struct sockaddr_in *addr4 = NULL;
3822 struct sockaddr_in6 *addr6 = NULL;
3823 unsigned short snum;
3824 u32 sid, node_perm;
3825
3826 if (family == PF_INET) {
3827 addr4 = (struct sockaddr_in *)address;
3828 snum = ntohs(addr4->sin_port);
3829 addrp = (char *)&addr4->sin_addr.s_addr;
3830 } else {
3831 addr6 = (struct sockaddr_in6 *)address;
3832 snum = ntohs(addr6->sin6_port);
3833 addrp = (char *)&addr6->sin6_addr.s6_addr;
3834 }
3835
3836 if (snum) {
3837 int low, high;
3838
3839 inet_get_local_port_range(&low, &high);
3840
3841 if (snum < max(PROT_SOCK, low) || snum > high) {
3842 err = sel_netport_sid(sk->sk_protocol,
3843 snum, &sid);
3844 if (err)
3845 goto out;
3846 ad.type = LSM_AUDIT_DATA_NET;
3847 ad.u.net = &net;
3848 ad.u.net->sport = htons(snum);
3849 ad.u.net->family = family;
3850 err = avc_has_perm(sksec->sid, sid,
3851 sksec->sclass,
3852 SOCKET__NAME_BIND, &ad);
3853 if (err)
3854 goto out;
3855 }
3856 }
3857
3858 switch (sksec->sclass) {
3859 case SECCLASS_TCP_SOCKET:
3860 node_perm = TCP_SOCKET__NODE_BIND;
3861 break;
3862
3863 case SECCLASS_UDP_SOCKET:
3864 node_perm = UDP_SOCKET__NODE_BIND;
3865 break;
3866
3867 case SECCLASS_DCCP_SOCKET:
3868 node_perm = DCCP_SOCKET__NODE_BIND;
3869 break;
3870
3871 default:
3872 node_perm = RAWIP_SOCKET__NODE_BIND;
3873 break;
3874 }
3875
3876 err = sel_netnode_sid(addrp, family, &sid);
3877 if (err)
3878 goto out;
3879
3880 ad.type = LSM_AUDIT_DATA_NET;
3881 ad.u.net = &net;
3882 ad.u.net->sport = htons(snum);
3883 ad.u.net->family = family;
3884
3885 if (family == PF_INET)
3886 ad.u.net->v4info.saddr = addr4->sin_addr.s_addr;
3887 else
3888 ad.u.net->v6info.saddr = addr6->sin6_addr;
3889
3890 err = avc_has_perm(sksec->sid, sid,
3891 sksec->sclass, node_perm, &ad);
3892 if (err)
3893 goto out;
3894 }
3895out:
3896 return err;
3897}
3898
3899static int selinux_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
3900{
3901 struct sock *sk = sock->sk;
3902 struct sk_security_struct *sksec = sk->sk_security;
3903 int err;
3904
3905 err = sock_has_perm(current, sk, SOCKET__CONNECT);
3906 if (err)
3907 return err;
3908
3909
3910
3911
3912 if (sksec->sclass == SECCLASS_TCP_SOCKET ||
3913 sksec->sclass == SECCLASS_DCCP_SOCKET) {
3914 struct common_audit_data ad;
3915 struct lsm_network_audit net = {0,};
3916 struct sockaddr_in *addr4 = NULL;
3917 struct sockaddr_in6 *addr6 = NULL;
3918 unsigned short snum;
3919 u32 sid, perm;
3920
3921 if (sk->sk_family == PF_INET) {
3922 addr4 = (struct sockaddr_in *)address;
3923 if (addrlen < sizeof(struct sockaddr_in))
3924 return -EINVAL;
3925 snum = ntohs(addr4->sin_port);
3926 } else {
3927 addr6 = (struct sockaddr_in6 *)address;
3928 if (addrlen < SIN6_LEN_RFC2133)
3929 return -EINVAL;
3930 snum = ntohs(addr6->sin6_port);
3931 }
3932
3933 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
3934 if (err)
3935 goto out;
3936
3937 perm = (sksec->sclass == SECCLASS_TCP_SOCKET) ?
3938 TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
3939
3940 ad.type = LSM_AUDIT_DATA_NET;
3941 ad.u.net = &net;
3942 ad.u.net->dport = htons(snum);
3943 ad.u.net->family = sk->sk_family;
3944 err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad);
3945 if (err)
3946 goto out;
3947 }
3948
3949 err = selinux_netlbl_socket_connect(sk, address);
3950
3951out:
3952 return err;
3953}
3954
3955static int selinux_socket_listen(struct socket *sock, int backlog)
3956{
3957 return sock_has_perm(current, sock->sk, SOCKET__LISTEN);
3958}
3959
3960static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
3961{
3962 int err;
3963 struct inode_security_struct *isec;
3964 struct inode_security_struct *newisec;
3965
3966 err = sock_has_perm(current, sock->sk, SOCKET__ACCEPT);
3967 if (err)
3968 return err;
3969
3970 newisec = SOCK_INODE(newsock)->i_security;
3971
3972 isec = SOCK_INODE(sock)->i_security;
3973 newisec->sclass = isec->sclass;
3974 newisec->sid = isec->sid;
3975 newisec->initialized = 1;
3976
3977 return 0;
3978}
3979
3980static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3981 int size)
3982{
3983 return sock_has_perm(current, sock->sk, SOCKET__WRITE);
3984}
3985
3986static int selinux_socket_recvmsg(struct socket *sock, struct msghdr *msg,
3987 int size, int flags)
3988{
3989 return sock_has_perm(current, sock->sk, SOCKET__READ);
3990}
3991
3992static int selinux_socket_getsockname(struct socket *sock)
3993{
3994 return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
3995}
3996
3997static int selinux_socket_getpeername(struct socket *sock)
3998{
3999 return sock_has_perm(current, sock->sk, SOCKET__GETATTR);
4000}
4001
4002static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
4003{
4004 int err;
4005
4006 err = sock_has_perm(current, sock->sk, SOCKET__SETOPT);
4007 if (err)
4008 return err;
4009
4010 return selinux_netlbl_socket_setsockopt(sock, level, optname);
4011}
4012
4013static int selinux_socket_getsockopt(struct socket *sock, int level,
4014 int optname)
4015{
4016 return sock_has_perm(current, sock->sk, SOCKET__GETOPT);
4017}
4018
4019static int selinux_socket_shutdown(struct socket *sock, int how)
4020{
4021 return sock_has_perm(current, sock->sk, SOCKET__SHUTDOWN);
4022}
4023
4024static int selinux_socket_unix_stream_connect(struct sock *sock,
4025 struct sock *other,
4026 struct sock *newsk)
4027{
4028 struct sk_security_struct *sksec_sock = sock->sk_security;
4029 struct sk_security_struct *sksec_other = other->sk_security;
4030 struct sk_security_struct *sksec_new = newsk->sk_security;
4031 struct common_audit_data ad;
4032 struct lsm_network_audit net = {0,};
4033 int err;
4034
4035 ad.type = LSM_AUDIT_DATA_NET;
4036 ad.u.net = &net;
4037 ad.u.net->sk = other;
4038
4039 err = avc_has_perm(sksec_sock->sid, sksec_other->sid,
4040 sksec_other->sclass,
4041 UNIX_STREAM_SOCKET__CONNECTTO, &ad);
4042 if (err)
4043 return err;
4044
4045
4046 sksec_new->peer_sid = sksec_sock->sid;
4047 err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid,
4048 &sksec_new->sid);
4049 if (err)
4050 return err;
4051
4052
4053 sksec_sock->peer_sid = sksec_new->sid;
4054
4055 return 0;
4056}
4057
4058static int selinux_socket_unix_may_send(struct socket *sock,
4059 struct socket *other)
4060{
4061 struct sk_security_struct *ssec = sock->sk->sk_security;
4062 struct sk_security_struct *osec = other->sk->sk_security;
4063 struct common_audit_data ad;
4064 struct lsm_network_audit net = {0,};
4065
4066 ad.type = LSM_AUDIT_DATA_NET;
4067 ad.u.net = &net;
4068 ad.u.net->sk = other->sk;
4069
4070 return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
4071 &ad);
4072}
4073
4074static int selinux_inet_sys_rcv_skb(int ifindex, char *addrp, u16 family,
4075 u32 peer_sid,
4076 struct common_audit_data *ad)
4077{
4078 int err;
4079 u32 if_sid;
4080 u32 node_sid;
4081
4082 err = sel_netif_sid(ifindex, &if_sid);
4083 if (err)
4084 return err;
4085 err = avc_has_perm(peer_sid, if_sid,
4086 SECCLASS_NETIF, NETIF__INGRESS, ad);
4087 if (err)
4088 return err;
4089
4090 err = sel_netnode_sid(addrp, family, &node_sid);
4091 if (err)
4092 return err;
4093 return avc_has_perm(peer_sid, node_sid,
4094 SECCLASS_NODE, NODE__RECVFROM, ad);
4095}
4096
4097static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb,
4098 u16 family)
4099{
4100 int err = 0;
4101 struct sk_security_struct *sksec = sk->sk_security;
4102 u32 sk_sid = sksec->sid;
4103 struct common_audit_data ad;
4104 struct lsm_network_audit net = {0,};
4105 char *addrp;
4106
4107 ad.type = LSM_AUDIT_DATA_NET;
4108 ad.u.net = &net;
4109 ad.u.net->netif = skb->skb_iif;
4110 ad.u.net->family = family;
4111 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4112 if (err)
4113 return err;
4114
4115 if (selinux_secmark_enabled()) {
4116 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4117 PACKET__RECV, &ad);
4118 if (err)
4119 return err;
4120 }
4121
4122 err = selinux_netlbl_sock_rcv_skb(sksec, skb, family, &ad);
4123 if (err)
4124 return err;
4125 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
4126
4127 return err;
4128}
4129
4130static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4131{
4132 int err;
4133 struct sk_security_struct *sksec = sk->sk_security;
4134 u16 family = sk->sk_family;
4135 u32 sk_sid = sksec->sid;
4136 struct common_audit_data ad;
4137 struct lsm_network_audit net = {0,};
4138 char *addrp;
4139 u8 secmark_active;
4140 u8 peerlbl_active;
4141
4142 if (family != PF_INET && family != PF_INET6)
4143 return 0;
4144
4145
4146 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4147 family = PF_INET;
4148
4149
4150
4151
4152
4153 if (!selinux_policycap_netpeer)
4154 return selinux_sock_rcv_skb_compat(sk, skb, family);
4155
4156 secmark_active = selinux_secmark_enabled();
4157 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4158 if (!secmark_active && !peerlbl_active)
4159 return 0;
4160
4161 ad.type = LSM_AUDIT_DATA_NET;
4162 ad.u.net = &net;
4163 ad.u.net->netif = skb->skb_iif;
4164 ad.u.net->family = family;
4165 err = selinux_parse_skb(skb, &ad, &addrp, 1, NULL);
4166 if (err)
4167 return err;
4168
4169 if (peerlbl_active) {
4170 u32 peer_sid;
4171
4172 err = selinux_skb_peerlbl_sid(skb, family, &peer_sid);
4173 if (err)
4174 return err;
4175 err = selinux_inet_sys_rcv_skb(skb->skb_iif, addrp, family,
4176 peer_sid, &ad);
4177 if (err) {
4178 selinux_netlbl_err(skb, err, 0);
4179 return err;
4180 }
4181 err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
4182 PEER__RECV, &ad);
4183 if (err)
4184 selinux_netlbl_err(skb, err, 0);
4185 }
4186
4187 if (secmark_active) {
4188 err = avc_has_perm(sk_sid, skb->secmark, SECCLASS_PACKET,
4189 PACKET__RECV, &ad);
4190 if (err)
4191 return err;
4192 }
4193
4194 return err;
4195}
4196
4197static int selinux_socket_getpeersec_stream(struct socket *sock, char __user *optval,
4198 int __user *optlen, unsigned len)
4199{
4200 int err = 0;
4201 char *scontext;
4202 u32 scontext_len;
4203 struct sk_security_struct *sksec = sock->sk->sk_security;
4204 u32 peer_sid = SECSID_NULL;
4205
4206 if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||
4207 sksec->sclass == SECCLASS_TCP_SOCKET)
4208 peer_sid = sksec->peer_sid;
4209 if (peer_sid == SECSID_NULL)
4210 return -ENOPROTOOPT;
4211
4212 err = security_sid_to_context(peer_sid, &scontext, &scontext_len);
4213 if (err)
4214 return err;
4215
4216 if (scontext_len > len) {
4217 err = -ERANGE;
4218 goto out_len;
4219 }
4220
4221 if (copy_to_user(optval, scontext, scontext_len))
4222 err = -EFAULT;
4223
4224out_len:
4225 if (put_user(scontext_len, optlen))
4226 err = -EFAULT;
4227 kfree(scontext);
4228 return err;
4229}
4230
4231static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
4232{
4233 u32 peer_secid = SECSID_NULL;
4234 u16 family;
4235
4236 if (skb && skb->protocol == htons(ETH_P_IP))
4237 family = PF_INET;
4238 else if (skb && skb->protocol == htons(ETH_P_IPV6))
4239 family = PF_INET6;
4240 else if (sock)
4241 family = sock->sk->sk_family;
4242 else
4243 goto out;
4244
4245 if (sock && family == PF_UNIX)
4246 selinux_inode_getsecid(SOCK_INODE(sock), &peer_secid);
4247 else if (skb)
4248 selinux_skb_peerlbl_sid(skb, family, &peer_secid);
4249
4250out:
4251 *secid = peer_secid;
4252 if (peer_secid == SECSID_NULL)
4253 return -EINVAL;
4254 return 0;
4255}
4256
4257static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
4258{
4259 struct sk_security_struct *sksec;
4260
4261 sksec = kzalloc(sizeof(*sksec), priority);
4262 if (!sksec)
4263 return -ENOMEM;
4264
4265 sksec->peer_sid = SECINITSID_UNLABELED;
4266 sksec->sid = SECINITSID_UNLABELED;
4267 selinux_netlbl_sk_security_reset(sksec);
4268 sk->sk_security = sksec;
4269
4270 return 0;
4271}
4272
4273static void selinux_sk_free_security(struct sock *sk)
4274{
4275 struct sk_security_struct *sksec = sk->sk_security;
4276
4277 sk->sk_security = NULL;
4278 selinux_netlbl_sk_security_free(sksec);
4279 kfree(sksec);
4280}
4281
4282static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
4283{
4284 struct sk_security_struct *sksec = sk->sk_security;
4285 struct sk_security_struct *newsksec = newsk->sk_security;
4286
4287 newsksec->sid = sksec->sid;
4288 newsksec->peer_sid = sksec->peer_sid;
4289 newsksec->sclass = sksec->sclass;
4290
4291 selinux_netlbl_sk_security_reset(newsksec);
4292}
4293
4294static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
4295{
4296 if (!sk)
4297 *secid = SECINITSID_ANY_SOCKET;
4298 else {
4299 struct sk_security_struct *sksec = sk->sk_security;
4300
4301 *secid = sksec->sid;
4302 }
4303}
4304
4305static void selinux_sock_graft(struct sock *sk, struct socket *parent)
4306{
4307 struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
4308 struct sk_security_struct *sksec = sk->sk_security;
4309
4310 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6 ||
4311 sk->sk_family == PF_UNIX)
4312 isec->sid = sksec->sid;
4313 sksec->sclass = isec->sclass;
4314}
4315
4316static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4317 struct request_sock *req)
4318{
4319 struct sk_security_struct *sksec = sk->sk_security;
4320 int err;
4321 u16 family = sk->sk_family;
4322 u32 newsid;
4323 u32 peersid;
4324
4325
4326 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4327 family = PF_INET;
4328
4329 err = selinux_skb_peerlbl_sid(skb, family, &peersid);
4330 if (err)
4331 return err;
4332 if (peersid == SECSID_NULL) {
4333 req->secid = sksec->sid;
4334 req->peer_secid = SECSID_NULL;
4335 } else {
4336 err = security_sid_mls_copy(sksec->sid, peersid, &newsid);
4337 if (err)
4338 return err;
4339 req->secid = newsid;
4340 req->peer_secid = peersid;
4341 }
4342
4343 return selinux_netlbl_inet_conn_request(req, family);
4344}
4345
4346static void selinux_inet_csk_clone(struct sock *newsk,
4347 const struct request_sock *req)
4348{
4349 struct sk_security_struct *newsksec = newsk->sk_security;
4350
4351 newsksec->sid = req->secid;
4352 newsksec->peer_sid = req->peer_secid;
4353
4354
4355
4356
4357
4358
4359
4360 selinux_netlbl_inet_csk_clone(newsk, req->rsk_ops->family);
4361}
4362
4363static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
4364{
4365 u16 family = sk->sk_family;
4366 struct sk_security_struct *sksec = sk->sk_security;
4367
4368
4369 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
4370 family = PF_INET;
4371
4372 selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
4373}
4374
4375static int selinux_secmark_relabel_packet(u32 sid)
4376{
4377 const struct task_security_struct *__tsec;
4378 u32 tsid;
4379
4380 __tsec = current_security();
4381 tsid = __tsec->sid;
4382
4383 return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL);
4384}
4385
4386static void selinux_secmark_refcount_inc(void)
4387{
4388 atomic_inc(&selinux_secmark_refcount);
4389}
4390
4391static void selinux_secmark_refcount_dec(void)
4392{
4393 atomic_dec(&selinux_secmark_refcount);
4394}
4395
4396static void selinux_req_classify_flow(const struct request_sock *req,
4397 struct flowi *fl)
4398{
4399 fl->flowi_secid = req->secid;
4400}
4401
4402static int selinux_tun_dev_create(void)
4403{
4404 u32 sid = current_sid();
4405
4406
4407
4408
4409
4410
4411
4412
4413 return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
4414 NULL);
4415}
4416
4417static void selinux_tun_dev_post_create(struct sock *sk)
4418{
4419 struct sk_security_struct *sksec = sk->sk_security;
4420
4421
4422
4423
4424
4425
4426
4427
4428
4429
4430
4431 sksec->sid = current_sid();
4432 sksec->sclass = SECCLASS_TUN_SOCKET;
4433}
4434
4435static int selinux_tun_dev_attach(struct sock *sk)
4436{
4437 struct sk_security_struct *sksec = sk->sk_security;
4438 u32 sid = current_sid();
4439 int err;
4440
4441 err = avc_has_perm(sid, sksec->sid, SECCLASS_TUN_SOCKET,
4442 TUN_SOCKET__RELABELFROM, NULL);
4443 if (err)
4444 return err;
4445 err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET,
4446 TUN_SOCKET__RELABELTO, NULL);
4447 if (err)
4448 return err;
4449
4450 sksec->sid = sid;
4451
4452 return 0;
4453}
4454
4455static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
4456{
4457 int err = 0;
4458 u32 perm;
4459 struct nlmsghdr *nlh;
4460 struct sk_security_struct *sksec = sk->sk_security;
4461
4462 if (skb->len < NLMSG_SPACE(0)) {
4463 err = -EINVAL;
4464 goto out;
4465 }
4466 nlh = nlmsg_hdr(skb);
4467
4468 err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);
4469 if (err) {
4470 if (err == -EINVAL) {
4471 audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR,
4472 "SELinux: unrecognized netlink message"
4473 " type=%hu for sclass=%hu\n",
4474 nlh->nlmsg_type, sksec->sclass);
4475 if (!selinux_enforcing || security_get_allow_unknown())
4476 err = 0;
4477 }
4478
4479
4480 if (err == -ENOENT)
4481 err = 0;
4482 goto out;
4483 }
4484
4485 err = sock_has_perm(current, sk, perm);
4486out:
4487 return err;
4488}
4489
4490#ifdef CONFIG_NETFILTER
4491
4492static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
4493 u16 family)
4494{
4495 int err;
4496 char *addrp;
4497 u32 peer_sid;
4498 struct common_audit_data ad;
4499 struct lsm_network_audit net = {0,};
4500 u8 secmark_active;
4501 u8 netlbl_active;
4502 u8 peerlbl_active;
4503
4504 if (!selinux_policycap_netpeer)
4505 return NF_ACCEPT;
4506
4507 secmark_active = selinux_secmark_enabled();
4508 netlbl_active = netlbl_enabled();
4509 peerlbl_active = netlbl_active || selinux_xfrm_enabled();
4510 if (!secmark_active && !peerlbl_active)
4511 return NF_ACCEPT;
4512
4513 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid) != 0)
4514 return NF_DROP;
4515
4516 ad.type = LSM_AUDIT_DATA_NET;
4517 ad.u.net = &net;
4518 ad.u.net->netif = ifindex;
4519 ad.u.net->family = family;
4520 if (selinux_parse_skb(skb, &ad, &addrp, 1, NULL) != 0)
4521 return NF_DROP;
4522
4523 if (peerlbl_active) {
4524 err = selinux_inet_sys_rcv_skb(ifindex, addrp, family,
4525 peer_sid, &ad);
4526 if (err) {
4527 selinux_netlbl_err(skb, err, 1);
4528 return NF_DROP;
4529 }
4530 }
4531
4532 if (secmark_active)
4533 if (avc_has_perm(peer_sid, skb->secmark,
4534 SECCLASS_PACKET, PACKET__FORWARD_IN, &ad))
4535 return NF_DROP;
4536
4537 if (netlbl_active)
4538
4539
4540
4541
4542 if (selinux_netlbl_skbuff_setsid(skb, family, peer_sid) != 0)
4543 return NF_DROP;
4544
4545 return NF_ACCEPT;
4546}
4547
4548static unsigned int selinux_ipv4_forward(unsigned int hooknum,
4549 struct sk_buff *skb,
4550 const struct net_device *in,
4551 const struct net_device *out,
4552 int (*okfn)(struct sk_buff *))
4553{
4554 return selinux_ip_forward(skb, in->ifindex, PF_INET);
4555}
4556
4557#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4558static unsigned int selinux_ipv6_forward(unsigned int hooknum,
4559 struct sk_buff *skb,
4560 const struct net_device *in,
4561 const struct net_device *out,
4562 int (*okfn)(struct sk_buff *))
4563{
4564 return selinux_ip_forward(skb, in->ifindex, PF_INET6);
4565}
4566#endif
4567
4568static unsigned int selinux_ip_output(struct sk_buff *skb,
4569 u16 family)
4570{
4571 u32 sid;
4572
4573 if (!netlbl_enabled())
4574 return NF_ACCEPT;
4575
4576
4577
4578
4579 if (skb->sk) {
4580 struct sk_security_struct *sksec = skb->sk->sk_security;
4581 sid = sksec->sid;
4582 } else
4583 sid = SECINITSID_KERNEL;
4584 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
4585 return NF_DROP;
4586
4587 return NF_ACCEPT;
4588}
4589
4590static unsigned int selinux_ipv4_output(unsigned int hooknum,
4591 struct sk_buff *skb,
4592 const struct net_device *in,
4593 const struct net_device *out,
4594 int (*okfn)(struct sk_buff *))
4595{
4596 return selinux_ip_output(skb, PF_INET);
4597}
4598
4599static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb,
4600 int ifindex,
4601 u16 family)
4602{
4603 struct sock *sk = skb->sk;
4604 struct sk_security_struct *sksec;
4605 struct common_audit_data ad;
4606 struct lsm_network_audit net = {0,};
4607 char *addrp;
4608 u8 proto;
4609
4610 if (sk == NULL)
4611 return NF_ACCEPT;
4612 sksec = sk->sk_security;
4613
4614 ad.type = LSM_AUDIT_DATA_NET;
4615 ad.u.net = &net;
4616 ad.u.net->netif = ifindex;
4617 ad.u.net->family = family;
4618 if (selinux_parse_skb(skb, &ad, &addrp, 0, &proto))
4619 return NF_DROP;
4620
4621 if (selinux_secmark_enabled())
4622 if (avc_has_perm(sksec->sid, skb->secmark,
4623 SECCLASS_PACKET, PACKET__SEND, &ad))
4624 return NF_DROP_ERR(-ECONNREFUSED);
4625
4626 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
4627 return NF_DROP_ERR(-ECONNREFUSED);
4628
4629 return NF_ACCEPT;
4630}
4631
4632static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
4633 u16 family)
4634{
4635 u32 secmark_perm;
4636 u32 peer_sid;
4637 struct sock *sk;
4638 struct common_audit_data ad;
4639 struct lsm_network_audit net = {0,};
4640 char *addrp;
4641 u8 secmark_active;
4642 u8 peerlbl_active;
4643
4644
4645
4646
4647
4648 if (!selinux_policycap_netpeer)
4649 return selinux_ip_postroute_compat(skb, ifindex, family);
4650#ifdef CONFIG_XFRM
4651
4652
4653
4654
4655
4656
4657 if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL)
4658 return NF_ACCEPT;
4659#endif
4660 secmark_active = selinux_secmark_enabled();
4661 peerlbl_active = netlbl_enabled() || selinux_xfrm_enabled();
4662 if (!secmark_active && !peerlbl_active)
4663 return NF_ACCEPT;
4664
4665
4666
4667
4668
4669 sk = skb->sk;
4670 if (sk == NULL) {
4671 if (skb->skb_iif) {
4672 secmark_perm = PACKET__FORWARD_OUT;
4673 if (selinux_skb_peerlbl_sid(skb, family, &peer_sid))
4674 return NF_DROP;
4675 } else {
4676 secmark_perm = PACKET__SEND;
4677 peer_sid = SECINITSID_KERNEL;
4678 }
4679 } else {
4680 struct sk_security_struct *sksec = sk->sk_security;
4681 peer_sid = sksec->sid;
4682 secmark_perm = PACKET__SEND;
4683 }
4684
4685 ad.type = LSM_AUDIT_DATA_NET;
4686 ad.u.net = &net;
4687 ad.u.net->netif = ifindex;
4688 ad.u.net->family = family;
4689 if (selinux_parse_skb(skb, &ad, &addrp, 0, NULL))
4690 return NF_DROP;
4691
4692 if (secmark_active)
4693 if (avc_has_perm(peer_sid, skb->secmark,
4694 SECCLASS_PACKET, secmark_perm, &ad))
4695 return NF_DROP_ERR(-ECONNREFUSED);
4696
4697 if (peerlbl_active) {
4698 u32 if_sid;
4699 u32 node_sid;
4700
4701 if (sel_netif_sid(ifindex, &if_sid))
4702 return NF_DROP;
4703 if (avc_has_perm(peer_sid, if_sid,
4704 SECCLASS_NETIF, NETIF__EGRESS, &ad))
4705 return NF_DROP_ERR(-ECONNREFUSED);
4706
4707 if (sel_netnode_sid(addrp, family, &node_sid))
4708 return NF_DROP;
4709 if (avc_has_perm(peer_sid, node_sid,
4710 SECCLASS_NODE, NODE__SENDTO, &ad))
4711 return NF_DROP_ERR(-ECONNREFUSED);
4712 }
4713
4714 return NF_ACCEPT;
4715}
4716
4717static unsigned int selinux_ipv4_postroute(unsigned int hooknum,
4718 struct sk_buff *skb,
4719 const struct net_device *in,
4720 const struct net_device *out,
4721 int (*okfn)(struct sk_buff *))
4722{
4723 return selinux_ip_postroute(skb, out->ifindex, PF_INET);
4724}
4725
4726#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
4727static unsigned int selinux_ipv6_postroute(unsigned int hooknum,
4728 struct sk_buff *skb,
4729 const struct net_device *in,
4730 const struct net_device *out,
4731 int (*okfn)(struct sk_buff *))
4732{
4733 return selinux_ip_postroute(skb, out->ifindex, PF_INET6);
4734}
4735#endif
4736
4737#endif
4738
4739static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
4740{
4741 int err;
4742
4743 err = cap_netlink_send(sk, skb);
4744 if (err)
4745 return err;
4746
4747 return selinux_nlmsg_perm(sk, skb);
4748}
4749
4750static int ipc_alloc_security(struct task_struct *task,
4751 struct kern_ipc_perm *perm,
4752 u16 sclass)
4753{
4754 struct ipc_security_struct *isec;
4755 u32 sid;
4756
4757 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
4758 if (!isec)
4759 return -ENOMEM;
4760
4761 sid = task_sid(task);
4762 isec->sclass = sclass;
4763 isec->sid = sid;
4764 perm->security = isec;
4765
4766 return 0;
4767}
4768
4769static void ipc_free_security(struct kern_ipc_perm *perm)
4770{
4771 struct ipc_security_struct *isec = perm->security;
4772 perm->security = NULL;
4773 kfree(isec);
4774}
4775
4776static int msg_msg_alloc_security(struct msg_msg *msg)
4777{
4778 struct msg_security_struct *msec;
4779
4780 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
4781 if (!msec)
4782 return -ENOMEM;
4783
4784 msec->sid = SECINITSID_UNLABELED;
4785 msg->security = msec;
4786
4787 return 0;
4788}
4789
4790static void msg_msg_free_security(struct msg_msg *msg)
4791{
4792 struct msg_security_struct *msec = msg->security;
4793
4794 msg->security = NULL;
4795 kfree(msec);
4796}
4797
4798static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
4799 u32 perms)
4800{
4801 struct ipc_security_struct *isec;
4802 struct common_audit_data ad;
4803 u32 sid = current_sid();
4804
4805 isec = ipc_perms->security;
4806
4807 ad.type = LSM_AUDIT_DATA_IPC;
4808 ad.u.ipc_id = ipc_perms->key;
4809
4810 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
4811}
4812
4813static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
4814{
4815 return msg_msg_alloc_security(msg);
4816}
4817
4818static void selinux_msg_msg_free_security(struct msg_msg *msg)
4819{
4820 msg_msg_free_security(msg);
4821}
4822
4823
4824static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
4825{
4826 struct ipc_security_struct *isec;
4827 struct common_audit_data ad;
4828 u32 sid = current_sid();
4829 int rc;
4830
4831 rc = ipc_alloc_security(current, &msq->q_perm, SECCLASS_MSGQ);
4832 if (rc)
4833 return rc;
4834
4835 isec = msq->q_perm.security;
4836
4837 ad.type = LSM_AUDIT_DATA_IPC;
4838 ad.u.ipc_id = msq->q_perm.key;
4839
4840 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4841 MSGQ__CREATE, &ad);
4842 if (rc) {
4843 ipc_free_security(&msq->q_perm);
4844 return rc;
4845 }
4846 return 0;
4847}
4848
4849static void selinux_msg_queue_free_security(struct msg_queue *msq)
4850{
4851 ipc_free_security(&msq->q_perm);
4852}
4853
4854static int selinux_msg_queue_associate(struct msg_queue *msq, int msqflg)
4855{
4856 struct ipc_security_struct *isec;
4857 struct common_audit_data ad;
4858 u32 sid = current_sid();
4859
4860 isec = msq->q_perm.security;
4861
4862 ad.type = LSM_AUDIT_DATA_IPC;
4863 ad.u.ipc_id = msq->q_perm.key;
4864
4865 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4866 MSGQ__ASSOCIATE, &ad);
4867}
4868
4869static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
4870{
4871 int err;
4872 int perms;
4873
4874 switch (cmd) {
4875 case IPC_INFO:
4876 case MSG_INFO:
4877
4878 return task_has_system(current, SYSTEM__IPC_INFO);
4879 case IPC_STAT:
4880 case MSG_STAT:
4881 perms = MSGQ__GETATTR | MSGQ__ASSOCIATE;
4882 break;
4883 case IPC_SET:
4884 perms = MSGQ__SETATTR;
4885 break;
4886 case IPC_RMID:
4887 perms = MSGQ__DESTROY;
4888 break;
4889 default:
4890 return 0;
4891 }
4892
4893 err = ipc_has_perm(&msq->q_perm, perms);
4894 return err;
4895}
4896
4897static int selinux_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, int msqflg)
4898{
4899 struct ipc_security_struct *isec;
4900 struct msg_security_struct *msec;
4901 struct common_audit_data ad;
4902 u32 sid = current_sid();
4903 int rc;
4904
4905 isec = msq->q_perm.security;
4906 msec = msg->security;
4907
4908
4909
4910
4911 if (msec->sid == SECINITSID_UNLABELED) {
4912
4913
4914
4915
4916 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG,
4917 NULL, &msec->sid);
4918 if (rc)
4919 return rc;
4920 }
4921
4922 ad.type = LSM_AUDIT_DATA_IPC;
4923 ad.u.ipc_id = msq->q_perm.key;
4924
4925
4926 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
4927 MSGQ__WRITE, &ad);
4928 if (!rc)
4929
4930 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG,
4931 MSG__SEND, &ad);
4932 if (!rc)
4933
4934 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ,
4935 MSGQ__ENQUEUE, &ad);
4936
4937 return rc;
4938}
4939
4940static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
4941 struct task_struct *target,
4942 long type, int mode)
4943{
4944 struct ipc_security_struct *isec;
4945 struct msg_security_struct *msec;
4946 struct common_audit_data ad;
4947 u32 sid = task_sid(target);
4948 int rc;
4949
4950 isec = msq->q_perm.security;
4951 msec = msg->security;
4952
4953 ad.type = LSM_AUDIT_DATA_IPC;
4954 ad.u.ipc_id = msq->q_perm.key;
4955
4956 rc = avc_has_perm(sid, isec->sid,
4957 SECCLASS_MSGQ, MSGQ__READ, &ad);
4958 if (!rc)
4959 rc = avc_has_perm(sid, msec->sid,
4960 SECCLASS_MSG, MSG__RECEIVE, &ad);
4961 return rc;
4962}
4963
4964
4965static int selinux_shm_alloc_security(struct shmid_kernel *shp)
4966{
4967 struct ipc_security_struct *isec;
4968 struct common_audit_data ad;
4969 u32 sid = current_sid();
4970 int rc;
4971
4972 rc = ipc_alloc_security(current, &shp->shm_perm, SECCLASS_SHM);
4973 if (rc)
4974 return rc;
4975
4976 isec = shp->shm_perm.security;
4977
4978 ad.type = LSM_AUDIT_DATA_IPC;
4979 ad.u.ipc_id = shp->shm_perm.key;
4980
4981 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM,
4982 SHM__CREATE, &ad);
4983 if (rc) {
4984 ipc_free_security(&shp->shm_perm);
4985 return rc;
4986 }
4987 return 0;
4988}
4989
4990static void selinux_shm_free_security(struct shmid_kernel *shp)
4991{
4992 ipc_free_security(&shp->shm_perm);
4993}
4994
4995static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg)
4996{
4997 struct ipc_security_struct *isec;
4998 struct common_audit_data ad;
4999 u32 sid = current_sid();
5000
5001 isec = shp->shm_perm.security;
5002
5003 ad.type = LSM_AUDIT_DATA_IPC;
5004 ad.u.ipc_id = shp->shm_perm.key;
5005
5006 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
5007 SHM__ASSOCIATE, &ad);
5008}
5009
5010
5011static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
5012{
5013 int perms;
5014 int err;
5015
5016 switch (cmd) {
5017 case IPC_INFO:
5018 case SHM_INFO:
5019
5020 return task_has_system(current, SYSTEM__IPC_INFO);
5021 case IPC_STAT:
5022 case SHM_STAT:
5023 perms = SHM__GETATTR | SHM__ASSOCIATE;
5024 break;
5025 case IPC_SET:
5026 perms = SHM__SETATTR;
5027 break;
5028 case SHM_LOCK:
5029 case SHM_UNLOCK:
5030 perms = SHM__LOCK;
5031 break;
5032 case IPC_RMID:
5033 perms = SHM__DESTROY;
5034 break;
5035 default:
5036 return 0;
5037 }
5038
5039 err = ipc_has_perm(&shp->shm_perm, perms);
5040 return err;
5041}
5042
5043static int selinux_shm_shmat(struct shmid_kernel *shp,
5044 char __user *shmaddr, int shmflg)
5045{
5046 u32 perms;
5047
5048 if (shmflg & SHM_RDONLY)
5049 perms = SHM__READ;
5050 else
5051 perms = SHM__READ | SHM__WRITE;
5052
5053 return ipc_has_perm(&shp->shm_perm, perms);
5054}
5055
5056
5057static int selinux_sem_alloc_security(struct sem_array *sma)
5058{
5059 struct ipc_security_struct *isec;
5060 struct common_audit_data ad;
5061 u32 sid = current_sid();
5062 int rc;
5063
5064 rc = ipc_alloc_security(current, &sma->sem_perm, SECCLASS_SEM);
5065 if (rc)
5066 return rc;
5067
5068 isec = sma->sem_perm.security;
5069
5070 ad.type = LSM_AUDIT_DATA_IPC;
5071 ad.u.ipc_id = sma->sem_perm.key;
5072
5073 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5074 SEM__CREATE, &ad);
5075 if (rc) {
5076 ipc_free_security(&sma->sem_perm);
5077 return rc;
5078 }
5079 return 0;
5080}
5081
5082static void selinux_sem_free_security(struct sem_array *sma)
5083{
5084 ipc_free_security(&sma->sem_perm);
5085}
5086
5087static int selinux_sem_associate(struct sem_array *sma, int semflg)
5088{
5089 struct ipc_security_struct *isec;
5090 struct common_audit_data ad;
5091 u32 sid = current_sid();
5092
5093 isec = sma->sem_perm.security;
5094
5095 ad.type = LSM_AUDIT_DATA_IPC;
5096 ad.u.ipc_id = sma->sem_perm.key;
5097
5098 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
5099 SEM__ASSOCIATE, &ad);
5100}
5101
5102
5103static int selinux_sem_semctl(struct sem_array *sma, int cmd)
5104{
5105 int err;
5106 u32 perms;
5107
5108 switch (cmd) {
5109 case IPC_INFO:
5110 case SEM_INFO:
5111
5112 return task_has_system(current, SYSTEM__IPC_INFO);
5113 case GETPID:
5114 case GETNCNT:
5115 case GETZCNT:
5116 perms = SEM__GETATTR;
5117 break;
5118 case GETVAL:
5119 case GETALL:
5120 perms = SEM__READ;
5121 break;
5122 case SETVAL:
5123 case SETALL:
5124 perms = SEM__WRITE;
5125 break;
5126 case IPC_RMID:
5127 perms = SEM__DESTROY;
5128 break;
5129 case IPC_SET:
5130 perms = SEM__SETATTR;
5131 break;
5132 case IPC_STAT:
5133 case SEM_STAT:
5134 perms = SEM__GETATTR | SEM__ASSOCIATE;
5135 break;
5136 default:
5137 return 0;
5138 }
5139
5140 err = ipc_has_perm(&sma->sem_perm, perms);
5141 return err;
5142}
5143
5144static int selinux_sem_semop(struct sem_array *sma,
5145 struct sembuf *sops, unsigned nsops, int alter)
5146{
5147 u32 perms;
5148
5149 if (alter)
5150 perms = SEM__READ | SEM__WRITE;
5151 else
5152 perms = SEM__READ;
5153
5154 return ipc_has_perm(&sma->sem_perm, perms);
5155}
5156
5157static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
5158{
5159 u32 av = 0;
5160
5161 av = 0;
5162 if (flag & S_IRUGO)
5163 av |= IPC__UNIX_READ;
5164 if (flag & S_IWUGO)
5165 av |= IPC__UNIX_WRITE;
5166
5167 if (av == 0)
5168 return 0;
5169
5170 return ipc_has_perm(ipcp, av);
5171}
5172
5173static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
5174{
5175 struct ipc_security_struct *isec = ipcp->security;
5176 *secid = isec->sid;
5177}
5178
5179static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
5180{
5181 if (inode)
5182 inode_doinit_with_dentry(inode, dentry);
5183}
5184
5185static int selinux_getprocattr(struct task_struct *p,
5186 char *name, char **value)
5187{
5188 const struct task_security_struct *__tsec;
5189 u32 sid;
5190 int error;
5191 unsigned len;
5192
5193 if (current != p) {
5194 error = current_has_perm(p, PROCESS__GETATTR);
5195 if (error)
5196 return error;
5197 }
5198
5199 rcu_read_lock();
5200 __tsec = __task_cred(p)->security;
5201
5202 if (!strcmp(name, "current"))
5203 sid = __tsec->sid;
5204 else if (!strcmp(name, "prev"))
5205 sid = __tsec->osid;
5206 else if (!strcmp(name, "exec"))
5207 sid = __tsec->exec_sid;
5208 else if (!strcmp(name, "fscreate"))
5209 sid = __tsec->create_sid;
5210 else if (!strcmp(name, "keycreate"))
5211 sid = __tsec->keycreate_sid;
5212 else if (!strcmp(name, "sockcreate"))
5213 sid = __tsec->sockcreate_sid;
5214 else
5215 goto invalid;
5216 rcu_read_unlock();
5217
5218 if (!sid)
5219 return 0;
5220
5221 error = security_sid_to_context(sid, value, &len);
5222 if (error)
5223 return error;
5224 return len;
5225
5226invalid:
5227 rcu_read_unlock();
5228 return -EINVAL;
5229}
5230
5231static int selinux_setprocattr(struct task_struct *p,
5232 char *name, void *value, size_t size)
5233{
5234 struct task_security_struct *tsec;
5235 struct task_struct *tracer;
5236 struct cred *new;
5237 u32 sid = 0, ptsid;
5238 int error;
5239 char *str = value;
5240
5241 if (current != p) {
5242
5243
5244 return -EACCES;
5245 }
5246
5247
5248
5249
5250
5251
5252 if (!strcmp(name, "exec"))
5253 error = current_has_perm(p, PROCESS__SETEXEC);
5254 else if (!strcmp(name, "fscreate"))
5255 error = current_has_perm(p, PROCESS__SETFSCREATE);
5256 else if (!strcmp(name, "keycreate"))
5257 error = current_has_perm(p, PROCESS__SETKEYCREATE);
5258 else if (!strcmp(name, "sockcreate"))
5259 error = current_has_perm(p, PROCESS__SETSOCKCREATE);
5260 else if (!strcmp(name, "current"))
5261 error = current_has_perm(p, PROCESS__SETCURRENT);
5262 else
5263 error = -EINVAL;
5264 if (error)
5265 return error;
5266
5267
5268 if (size && str[1] && str[1] != '\n') {
5269 if (str[size-1] == '\n') {
5270 str[size-1] = 0;
5271 size--;
5272 }
5273 error = security_context_to_sid(value, size, &sid);
5274 if (error == -EINVAL && !strcmp(name, "fscreate")) {
5275 if (!capable(CAP_MAC_ADMIN)) {
5276 struct audit_buffer *ab;
5277 size_t audit_size;
5278
5279
5280
5281 if (str[size - 1] == '\0')
5282 audit_size = size - 1;
5283 else
5284 audit_size = size;
5285 ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
5286 audit_log_format(ab, "op=fscreate invalid_context=");
5287 audit_log_n_untrustedstring(ab, value, audit_size);
5288 audit_log_end(ab);
5289
5290 return error;
5291 }
5292 error = security_context_to_sid_force(value, size,
5293 &sid);
5294 }
5295 if (error)
5296 return error;
5297 }
5298
5299 new = prepare_creds();
5300 if (!new)
5301 return -ENOMEM;
5302
5303
5304
5305
5306
5307
5308
5309 tsec = new->security;
5310 if (!strcmp(name, "exec")) {
5311 tsec->exec_sid = sid;
5312 } else if (!strcmp(name, "fscreate")) {
5313 tsec->create_sid = sid;
5314 } else if (!strcmp(name, "keycreate")) {
5315 error = may_create_key(sid, p);
5316 if (error)
5317 goto abort_change;
5318 tsec->keycreate_sid = sid;
5319 } else if (!strcmp(name, "sockcreate")) {
5320 tsec->sockcreate_sid = sid;
5321 } else if (!strcmp(name, "current")) {
5322 error = -EINVAL;
5323 if (sid == 0)
5324 goto abort_change;
5325
5326
5327 error = -EPERM;
5328 if (!current_is_single_threaded()) {
5329 error = security_bounded_transition(tsec->sid, sid);
5330 if (error)
5331 goto abort_change;
5332 }
5333
5334
5335 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
5336 PROCESS__DYNTRANSITION, NULL);
5337 if (error)
5338 goto abort_change;
5339
5340
5341
5342 ptsid = 0;
5343 task_lock(p);
5344 tracer = ptrace_parent(p);
5345 if (tracer)
5346 ptsid = task_sid(tracer);
5347 task_unlock(p);
5348
5349 if (tracer) {
5350 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
5351 PROCESS__PTRACE, NULL);
5352 if (error)
5353 goto abort_change;
5354 }
5355
5356 tsec->sid = sid;
5357 } else {
5358 error = -EI
