linux/security/selinux/avc.c
<<
>>
Prefs
   1/*
   2 * Implementation of the kernel access vector cache (AVC).
   3 *
   4 * Authors:  Stephen Smalley, <sds@epoch.ncsc.mil>
   5 *           James Morris <jmorris@redhat.com>
   6 *
   7 * Update:   KaiGai, Kohei <kaigai@ak.jp.nec.com>
   8 *      Replaced the avc_lock spinlock by RCU.
   9 *
  10 * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
  11 *
  12 *      This program is free software; you can redistribute it and/or modify
  13 *      it under the terms of the GNU General Public License version 2,
  14 *      as published by the Free Software Foundation.
  15 */
  16#include <linux/types.h>
  17#include <linux/stddef.h>
  18#include <linux/kernel.h>
  19#include <linux/slab.h>
  20#include <linux/fs.h>
  21#include <linux/dcache.h>
  22#include <linux/init.h>
  23#include <linux/skbuff.h>
  24#include <linux/percpu.h>
  25#include <net/sock.h>
  26#include <linux/un.h>
  27#include <net/af_unix.h>
  28#include <linux/ip.h>
  29#include <linux/audit.h>
  30#include <linux/ipv6.h>
  31#include <net/ipv6.h>
  32#include "avc.h"
  33#include "avc_ss.h"
  34
  35static const struct av_perm_to_string av_perm_to_string[] = {
  36#define S_(c, v, s) { c, v, s },
  37#include "av_perm_to_string.h"
  38#undef S_
  39};
  40
  41static const char *class_to_string[] = {
  42#define S_(s) s,
  43#include "class_to_string.h"
  44#undef S_
  45};
  46
  47#define TB_(s) static const char *s[] = {
  48#define TE_(s) };
  49#define S_(s) s,
  50#include "common_perm_to_string.h"
  51#undef TB_
  52#undef TE_
  53#undef S_
  54
  55static const struct av_inherit av_inherit[] = {
  56#define S_(c, i, b) { c, common_##i##_perm_to_string, b },
  57#include "av_inherit.h"
  58#undef S_
  59};
  60
  61const struct selinux_class_perm selinux_class_perm = {
  62        av_perm_to_string,
  63        ARRAY_SIZE(av_perm_to_string),
  64        class_to_string,
  65        ARRAY_SIZE(class_to_string),
  66        av_inherit,
  67        ARRAY_SIZE(av_inherit)
  68};
  69
  70#define AVC_CACHE_SLOTS                 512
  71#define AVC_DEF_CACHE_THRESHOLD         512
  72#define AVC_CACHE_RECLAIM               16
  73
  74#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
  75#define avc_cache_stats_incr(field)                             \
  76do {                                                            \
  77        per_cpu(avc_cache_stats, get_cpu()).field++;            \
  78        put_cpu();                                              \
  79} while (0)
  80#else
  81#define avc_cache_stats_incr(field)     do {} while (0)
  82#endif
  83
  84struct avc_entry {
  85        u32                     ssid;
  86        u32                     tsid;
  87        u16                     tclass;
  88        struct av_decision      avd;
  89        atomic_t                used;   /* used recently */
  90};
  91
  92struct avc_node {
  93        struct avc_entry        ae;
  94        struct list_head        list;
  95        struct rcu_head         rhead;
  96};
  97
  98struct avc_cache {
  99        struct list_head        slots[AVC_CACHE_SLOTS];
 100        spinlock_t              slots_lock[AVC_CACHE_SLOTS]; /* lock for writes */
 101        atomic_t                lru_hint;       /* LRU hint for reclaim scan */
 102        atomic_t                active_nodes;
 103        u32                     latest_notif;   /* latest revocation notification */
 104};
 105
 106struct avc_callback_node {
 107        int (*callback) (u32 event, u32 ssid, u32 tsid,
 108                         u16 tclass, u32 perms,
 109                         u32 *out_retained);
 110        u32 events;
 111        u32 ssid;
 112        u32 tsid;
 113        u16 tclass;
 114        u32 perms;
 115        struct avc_callback_node *next;
 116};
 117
 118/* Exported via selinufs */
 119unsigned int avc_cache_threshold = AVC_DEF_CACHE_THRESHOLD;
 120
 121#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
 122DEFINE_PER_CPU(struct avc_cache_stats, avc_cache_stats) = { 0 };
 123#endif
 124
 125static struct avc_cache avc_cache;
 126static struct avc_callback_node *avc_callbacks;
 127static struct kmem_cache *avc_node_cachep;
 128
 129static inline int avc_hash(u32 ssid, u32 tsid, u16 tclass)
 130{
 131        return (ssid ^ (tsid<<2) ^ (tclass<<4)) & (AVC_CACHE_SLOTS - 1);
 132}
 133
 134/**
 135 * avc_dump_av - Display an access vector in human-readable form.
 136 * @tclass: target security class
 137 * @av: access vector
 138 */
 139static void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av)
 140{
 141        const char **common_pts = NULL;
 142        u32 common_base = 0;
 143        int i, i2, perm;
 144
 145        if (av == 0) {
 146                audit_log_format(ab, " null");
 147                return;
 148        }
 149
 150        for (i = 0; i < ARRAY_SIZE(av_inherit); i++) {
 151                if (av_inherit[i].tclass == tclass) {
 152                        common_pts = av_inherit[i].common_pts;
 153                        common_base = av_inherit[i].common_base;
 154                        break;
 155                }
 156        }
 157
 158        audit_log_format(ab, " {");
 159        i = 0;
 160        perm = 1;
 161        while (perm < common_base) {
 162                if (perm & av) {
 163                        audit_log_format(ab, " %s", common_pts[i]);
 164                        av &= ~perm;
 165                }
 166                i++;
 167                perm <<= 1;
 168        }
 169
 170        while (i < sizeof(av) * 8) {
 171                if (perm & av) {
 172                        for (i2 = 0; i2 < ARRAY_SIZE(av_perm_to_string); i2++) {
 173                                if ((av_perm_to_string[i2].tclass == tclass) &&
 174                                    (av_perm_to_string[i2].value == perm))
 175                                        break;
 176                        }
 177                        if (i2 < ARRAY_SIZE(av_perm_to_string)) {
 178                                audit_log_format(ab, " %s",
 179                                                 av_perm_to_string[i2].name);
 180                                av &= ~perm;
 181                        }
 182                }
 183                i++;
 184                perm <<= 1;
 185        }
 186
 187        if (av)
 188                audit_log_format(ab, " 0x%x", av);
 189
 190        audit_log_format(ab, " }");
 191}
 192
 193/**
 194 * avc_dump_query - Display a SID pair and a class in human-readable form.
 195 * @ssid: source security identifier
 196 * @tsid: target security identifier
 197 * @tclass: target security class
 198 */
 199static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tclass)
 200{
 201        int rc;
 202        char *scontext;
 203        u32 scontext_len;
 204
 205        rc = security_sid_to_context(ssid, &scontext, &scontext_len);
 206        if (rc)
 207                audit_log_format(ab, "ssid=%d", ssid);
 208        else {
 209                audit_log_format(ab, "scontext=%s", scontext);
 210                kfree(scontext);
 211        }
 212
 213        rc = security_sid_to_context(tsid, &scontext, &scontext_len);
 214        if (rc)
 215                audit_log_format(ab, " tsid=%d", tsid);
 216        else {
 217                audit_log_format(ab, " tcontext=%s", scontext);
 218                kfree(scontext);
 219        }
 220
 221        BUG_ON(tclass >= ARRAY_SIZE(class_to_string) || !class_to_string[tclass]);
 222        audit_log_format(ab, " tclass=%s", class_to_string[tclass]);
 223}
 224
 225/**
 226 * avc_init - Initialize the AVC.
 227 *
 228 * Initialize the access vector cache.
 229 */
 230void __init avc_init(void)
 231{
 232        int i;
 233
 234        for (i = 0; i < AVC_CACHE_SLOTS; i++) {
 235                INIT_LIST_HEAD(&avc_cache.slots[i]);
 236                spin_lock_init(&avc_cache.slots_lock[i]);
 237        }
 238        atomic_set(&avc_cache.active_nodes, 0);
 239        atomic_set(&avc_cache.lru_hint, 0);
 240
 241        avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node),
 242                                             0, SLAB_PANIC, NULL);
 243
 244        audit_log(current->audit_context, GFP_KERNEL, AUDIT_KERNEL, "AVC INITIALIZED\n");
 245}
 246
 247int avc_get_hash_stats(char *page)
 248{
 249        int i, chain_len, max_chain_len, slots_used;
 250        struct avc_node *node;
 251
 252        rcu_read_lock();
 253
 254        slots_used = 0;
 255        max_chain_len = 0;
 256        for (i = 0; i < AVC_CACHE_SLOTS; i++) {
 257                if (!list_empty(&avc_cache.slots[i])) {
 258                        slots_used++;
 259                        chain_len = 0;
 260                        list_for_each_entry_rcu(node, &avc_cache.slots[i], list)
 261                                chain_len++;
 262                        if (chain_len > max_chain_len)
 263                                max_chain_len = chain_len;
 264                }
 265        }
 266
 267        rcu_read_unlock();
 268
 269        return scnprintf(page, PAGE_SIZE, "entries: %d\nbuckets used: %d/%d\n"
 270                         "longest chain: %d\n",
 271                         atomic_read(&avc_cache.active_nodes),
 272                         slots_used, AVC_CACHE_SLOTS, max_chain_len);
 273}
 274
 275static void avc_node_free(struct rcu_head *rhead)
 276{
 277        struct avc_node *node = container_of(rhead, struct avc_node, rhead);
 278        kmem_cache_free(avc_node_cachep, node);
 279        avc_cache_stats_incr(frees);
 280}
 281
 282static void avc_node_delete(struct avc_node *node)
 283{
 284        list_del_rcu(&node->list);
 285        call_rcu(&node->rhead, avc_node_free);
 286        atomic_dec(&avc_cache.active_nodes);
 287}
 288
 289static void avc_node_kill(struct avc_node *node)
 290{
 291        kmem_cache_free(avc_node_cachep, node);
 292        avc_cache_stats_incr(frees);
 293        atomic_dec(&avc_cache.active_nodes);
 294}
 295
 296static void avc_node_replace(struct avc_node *new, struct avc_node *old)
 297{
 298        list_replace_rcu(&old->list, &new->list);
 299        call_rcu(&old->rhead, avc_node_free);
 300        atomic_dec(&avc_cache.active_nodes);
 301}
 302
 303static inline int avc_reclaim_node(void)
 304{
 305        struct avc_node *node;
 306        int hvalue, try, ecx;
 307        unsigned long flags;
 308
 309        for (try = 0, ecx = 0; try < AVC_CACHE_SLOTS; try++) {
 310                hvalue = atomic_inc_return(&avc_cache.lru_hint) & (AVC_CACHE_SLOTS - 1);
 311
 312                if (!spin_trylock_irqsave(&avc_cache.slots_lock[hvalue], flags))
 313                        continue;
 314
 315                rcu_read_lock();
 316                list_for_each_entry(node, &avc_cache.slots[hvalue], list) {
 317                        if (atomic_dec_and_test(&node->ae.used)) {
 318                                /* Recently Unused */
 319                                avc_node_delete(node);
 320                                avc_cache_stats_incr(reclaims);
 321                                ecx++;
 322                                if (ecx >= AVC_CACHE_RECLAIM) {
 323                                        rcu_read_unlock();
 324                                        spin_unlock_irqrestore(&avc_cache.slots_lock[hvalue], flags);
 325                                        goto out;
 326                                }
 327                        }
 328                }
 329                rcu_read_unlock();
 330                spin_unlock_irqrestore(&avc_cache.slots_lock[hvalue], flags);
 331        }
 332out:
 333        return ecx;
 334}
 335
 336static struct avc_node *avc_alloc_node(void)
 337{
 338        struct avc_node *node;
 339
 340        node = kmem_cache_zalloc(avc_node_cachep, GFP_ATOMIC);
 341        if (!node)
 342                goto out;
 343
 344        INIT_RCU_HEAD(&node->rhead);
 345        INIT_LIST_HEAD(&node->list);
 346        atomic_set(&node->ae.used, 1);
 347        avc_cache_stats_incr(allocations);
 348
 349        if (atomic_inc_return(&avc_cache.active_nodes) > avc_cache_threshold)
 350                avc_reclaim_node();
 351
 352out:
 353        return node;
 354}
 355
 356static void avc_node_populate(struct avc_node *node, u32 ssid, u32 tsid, u16 tclass, struct avc_entry *ae)
 357{
 358        node->ae.ssid = ssid;
 359        node->ae.tsid = tsid;
 360        node->ae.tclass = tclass;
 361        memcpy(&node->ae.avd, &ae->avd, sizeof(node->ae.avd));
 362}
 363
 364static inline struct avc_node *avc_search_node(u32 ssid, u32 tsid, u16 tclass)
 365{
 366        struct avc_node *node, *ret = NULL;
 367        int hvalue;
 368
 369        hvalue = avc_hash(ssid, tsid, tclass);
 370        list_for_each_entry_rcu(node, &avc_cache.slots[hvalue], list) {
 371                if (ssid == node->ae.ssid &&
 372                    tclass == node->ae.tclass &&
 373                    tsid == node->ae.tsid) {
 374                        ret = node;
 375                        break;
 376                }
 377        }
 378
 379        if (ret == NULL) {
 380                /* cache miss */
 381                goto out;
 382        }
 383
 384        /* cache hit */
 385        if (atomic_read(&ret->ae.used) != 1)
 386                atomic_set(&ret->ae.used, 1);
 387out:
 388        return ret;
 389}
 390
 391/**
 392 * avc_lookup - Look up an AVC entry.
 393 * @ssid: source security identifier
 394 * @tsid: target security identifier
 395 * @tclass: target security class
 396 * @requested: requested permissions, interpreted based on @tclass
 397 *
 398 * Look up an AVC entry that is valid for the
 399 * @requested permissions between the SID pair
 400 * (@ssid, @tsid), interpreting the permissions
 401 * based on @tclass.  If a valid AVC entry exists,
 402 * then this function return the avc_node.
 403 * Otherwise, this function returns NULL.
 404 */
 405static struct avc_node *avc_lookup(u32 ssid, u32 tsid, u16 tclass, u32 requested)
 406{
 407        struct avc_node *node;
 408
 409        avc_cache_stats_incr(lookups);
 410        node = avc_search_node(ssid, tsid, tclass);
 411
 412        if (node && ((node->ae.avd.decided & requested) == requested)) {
 413                avc_cache_stats_incr(hits);
 414                goto out;
 415        }
 416
 417        node = NULL;
 418        avc_cache_stats_incr(misses);
 419out:
 420        return node;
 421}
 422
 423static int avc_latest_notif_update(int seqno, int is_insert)
 424{
 425        int ret = 0;
 426        static DEFINE_SPINLOCK(notif_lock);
 427        unsigned long flag;
 428
 429        spin_lock_irqsave(&notif_lock, flag);
 430        if (is_insert) {
 431                if (seqno < avc_cache.latest_notif) {
 432                        printk(KERN_WARNING "SELinux: avc:  seqno %d < latest_notif %d\n",
 433                               seqno, avc_cache.latest_notif);
 434                        ret = -EAGAIN;
 435                }
 436        } else {
 437                if (seqno > avc_cache.latest_notif)
 438                        avc_cache.latest_notif = seqno;
 439        }
 440        spin_unlock_irqrestore(&notif_lock, flag);
 441
 442        return ret;
 443}
 444
 445/**
 446 * avc_insert - Insert an AVC entry.
 447 * @ssid: source security identifier
 448 * @tsid: target security identifier
 449 * @tclass: target security class
 450 * @ae: AVC entry
 451 *
 452 * Insert an AVC entry for the SID pair
 453 * (@ssid, @tsid) and class @tclass.
 454 * The access vectors and the sequence number are
 455 * normally provided by the security server in
 456 * response to a security_compute_av() call.  If the
 457 * sequence number @ae->avd.seqno is not less than the latest
 458 * revocation notification, then the function copies
 459 * the access vectors into a cache entry, returns
 460 * avc_node inserted. Otherwise, this function returns NULL.
 461 */
 462static struct avc_node *avc_insert(u32 ssid, u32 tsid, u16 tclass, struct avc_entry *ae)
 463{
 464        struct avc_node *pos, *node = NULL;
 465        int hvalue;
 466        unsigned long flag;
 467
 468        if (avc_latest_notif_update(ae->avd.seqno, 1))
 469                goto out;
 470
 471        node = avc_alloc_node();
 472        if (node) {
 473                hvalue = avc_hash(ssid, tsid, tclass);
 474                avc_node_populate(node, ssid, tsid, tclass, ae);
 475
 476                spin_lock_irqsave(&avc_cache.slots_lock[hvalue], flag);
 477                list_for_each_entry(pos, &avc_cache.slots[hvalue], list) {
 478                        if (pos->ae.ssid == ssid &&
 479                            pos->ae.tsid == tsid &&
 480                            pos->ae.tclass == tclass) {
 481                                avc_node_replace(node, pos);
 482                                goto found;
 483                        }
 484                }
 485                list_add_rcu(&node->list, &avc_cache.slots[hvalue]);
 486found:
 487                spin_unlock_irqrestore(&avc_cache.slots_lock[hvalue], flag);
 488        }
 489out:
 490        return node;
 491}
 492
 493static inline void avc_print_ipv6_addr(struct audit_buffer *ab,
 494                                       struct in6_addr *addr, __be16 port,
 495                                       char *name1, char *name2)
 496{
 497        if (!ipv6_addr_any(addr))
 498                audit_log_format(ab, " %s=" NIP6_FMT, name1, NIP6(*addr));
 499        if (port)
 500                audit_log_format(ab, " %s=%d", name2, ntohs(port));
 501}
 502
 503static inline void avc_print_ipv4_addr(struct audit_buffer *ab, __be32 addr,
 504                                       __be16 port, char *name1, char *name2)
 505{
 506        if (addr)
 507                audit_log_format(ab, " %s=" NIPQUAD_FMT, name1, NIPQUAD(addr));
 508        if (port)
 509                audit_log_format(ab, " %s=%d", name2, ntohs(port));
 510}
 511
 512/**
 513 * avc_audit - Audit the granting or denial of permissions.
 514 * @ssid: source security identifier
 515 * @tsid: target security identifier
 516 * @tclass: target security class
 517 * @requested: requested permissions
 518 * @avd: access vector decisions
 519 * @result: result from avc_has_perm_noaudit
 520 * @a:  auxiliary audit data
 521 *
 522 * Audit the granting or denial of permissions in accordance
 523 * with the policy.  This function is typically called by
 524 * avc_has_perm() after a permission check, but can also be
 525 * called directly by callers who use avc_has_perm_noaudit()
 526 * in order to separate the permission check from the auditing.
 527 * For example, this separation is useful when the permission check must
 528 * be performed under a lock, to allow the lock to be released
 529 * before calling the auditing code.
 530 */
 531void avc_audit(u32 ssid, u32 tsid,
 532               u16 tclass, u32 requested,
 533               struct av_decision *avd, int result, struct avc_audit_data *a)
 534{
 535        struct task_struct *tsk = current;
 536        struct inode *inode = NULL;
 537        u32 denied, audited;
 538        struct audit_buffer *ab;
 539
 540        denied = requested & ~avd->allowed;
 541        if (denied) {
 542                audited = denied;
 543                if (!(audited & avd->auditdeny))
 544                        return;
 545        } else if (result) {
 546                audited = denied = requested;
 547        } else {
 548                audited = requested;
 549                if (!(audited & avd->auditallow))
 550                        return;
 551        }
 552
 553        ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_AVC);
 554        if (!ab)
 555                return;         /* audit_panic has been called */
 556        audit_log_format(ab, "avc:  %s ", denied ? "denied" : "granted");
 557        avc_dump_av(ab, tclass, audited);
 558        audit_log_format(ab, " for ");
 559        if (a && a->tsk)
 560                tsk = a->tsk;
 561        if (tsk && tsk->pid) {
 562                audit_log_format(ab, " pid=%d comm=", tsk->pid);
 563                audit_log_untrustedstring(ab, tsk->comm);
 564        }
 565        if (a) {
 566                switch (a->type) {
 567                case AVC_AUDIT_DATA_IPC:
 568                        audit_log_format(ab, " key=%d", a->u.ipc_id);
 569                        break;
 570                case AVC_AUDIT_DATA_CAP:
 571                        audit_log_format(ab, " capability=%d", a->u.cap);
 572                        break;
 573                case AVC_AUDIT_DATA_FS:
 574                        if (a->u.fs.path.dentry) {
 575                                struct dentry *dentry = a->u.fs.path.dentry;
 576                                if (a->u.fs.path.mnt) {
 577                                        audit_log_d_path(ab, "path=",
 578                                                         &a->u.fs.path);
 579                                } else {
 580                                        audit_log_format(ab, " name=");
 581                                        audit_log_untrustedstring(ab, dentry->d_name.name);
 582                                }
 583                                inode = dentry->d_inode;
 584                        } else if (a->u.fs.inode) {
 585                                struct dentry *dentry;
 586                                inode = a->u.fs.inode;
 587                                dentry = d_find_alias(inode);
 588                                if (dentry) {
 589                                        audit_log_format(ab, " name=");
 590                                        audit_log_untrustedstring(ab, dentry->d_name.name);
 591                                        dput(dentry);
 592                                }
 593                        }
 594                        if (inode)
 595                                audit_log_format(ab, " dev=%s ino=%lu",
 596                                                 inode->i_sb->s_id,
 597                                                 inode->i_ino);
 598                        break;
 599                case AVC_AUDIT_DATA_NET:
 600                        if (a->u.net.sk) {
 601                                struct sock *sk = a->u.net.sk;
 602                                struct unix_sock *u;
 603                                int len = 0;
 604                                char *p = NULL;
 605
 606                                switch (sk->sk_family) {
 607                                case AF_INET: {
 608                                        struct inet_sock *inet = inet_sk(sk);
 609
 610                                        avc_print_ipv4_addr(ab, inet->rcv_saddr,
 611                                                            inet->sport,
 612                                                            "laddr", "lport");
 613                                        avc_print_ipv4_addr(ab, inet->daddr,
 614                                                            inet->dport,
 615                                                            "faddr", "fport");
 616                                        break;
 617                                }
 618                                case AF_INET6: {
 619                                        struct inet_sock *inet = inet_sk(sk);
 620                                        struct ipv6_pinfo *inet6 = inet6_sk(sk);
 621
 622                                        avc_print_ipv6_addr(ab, &inet6->rcv_saddr,
 623                                                            inet->sport,
 624                                                            "laddr", "lport");
 625                                        avc_print_ipv6_addr(ab, &inet6->daddr,
 626                                                            inet->dport,
 627                                                            "faddr", "fport");
 628                                        break;
 629                                }
 630                                case AF_UNIX:
 631                                        u = unix_sk(sk);
 632                                        if (u->dentry) {
 633                                                struct path path = {
 634                                                        .dentry = u->dentry,
 635                                                        .mnt = u->mnt
 636                                                };
 637                                                audit_log_d_path(ab, "path=",
 638                                                                 &path);
 639                                                break;
 640                                        }
 641                                        if (!u->addr)
 642                                                break;
 643                                        len = u->addr->len-sizeof(short);
 644                                        p = &u->addr->name->sun_path[0];
 645                                        audit_log_format(ab, " path=");
 646                                        if (*p)
 647                                                audit_log_untrustedstring(ab, p);
 648                                        else
 649                                                audit_log_n_hex(ab, p, len);
 650                                        break;
 651                                }
 652                        }
 653
 654                        switch (a->u.net.family) {
 655                        case AF_INET:
 656                                avc_print_ipv4_addr(ab, a->u.net.v4info.saddr,
 657                                                    a->u.net.sport,
 658                                                    "saddr", "src");
 659                                avc_print_ipv4_addr(ab, a->u.net.v4info.daddr,
 660                                                    a->u.net.dport,
 661                                                    "daddr", "dest");
 662                                break;
 663                        case AF_INET6:
 664                                avc_print_ipv6_addr(ab, &a->u.net.v6info.saddr,
 665                                                    a->u.net.sport,
 666                                                    "saddr", "src");
 667                                avc_print_ipv6_addr(ab, &a->u.net.v6info.daddr,
 668                                                    a->u.net.dport,
 669                                                    "daddr", "dest");
 670                                break;
 671                        }
 672                        if (a->u.net.netif > 0) {
 673                                struct net_device *dev;
 674
 675                                /* NOTE: we always use init's namespace */
 676                                dev = dev_get_by_index(&init_net,
 677                                                       a->u.net.netif);
 678                                if (dev) {
 679                                        audit_log_format(ab, " netif=%s",
 680                                                         dev->name);
 681                                        dev_put(dev);
 682                                }
 683                        }
 684                        break;
 685                }
 686        }
 687        audit_log_format(ab, " ");
 688        avc_dump_query(ab, ssid, tsid, tclass);
 689        audit_log_end(ab);
 690}
 691
 692/**
 693 * avc_add_callback - Register a callback for security events.
 694 * @callback: callback function
 695 * @events: security events
 696 * @ssid: source security identifier or %SECSID_WILD
 697 * @tsid: target security identifier or %SECSID_WILD
 698 * @tclass: target security class
 699 * @perms: permissions
 700 *
 701 * Register a callback function for events in the set @events
 702 * related to the SID pair (@ssid, @tsid) and
 703 * and the permissions @perms, interpreting
 704 * @perms based on @tclass.  Returns %0 on success or
 705 * -%ENOMEM if insufficient memory exists to add the callback.
 706 */
 707int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
 708                                     u16 tclass, u32 perms,
 709                                     u32 *out_retained),
 710                     u32 events, u32 ssid, u32 tsid,
 711                     u16 tclass, u32 perms)
 712{
 713        struct avc_callback_node *c;
 714        int rc = 0;
 715
 716        c = kmalloc(sizeof(*c), GFP_ATOMIC);
 717        if (!c) {
 718                rc = -ENOMEM;
 719                goto out;
 720        }
 721
 722        c->callback = callback;
 723        c->events = events;
 724        c->ssid = ssid;
 725        c->tsid = tsid;
 726        c->perms = perms;
 727        c->next = avc_callbacks;
 728        avc_callbacks = c;
 729out:
 730        return rc;
 731}
 732
 733static inline int avc_sidcmp(u32 x, u32 y)
 734{
 735        return (x == y || x == SECSID_WILD || y == SECSID_WILD);
 736}
 737
 738/**
 739 * avc_update_node Update an AVC entry
 740 * @event : Updating event
 741 * @perms : Permission mask bits
 742 * @ssid,@tsid,@tclass : identifier of an AVC entry
 743 *
 744 * if a valid AVC entry doesn't exist,this function returns -ENOENT.
 745 * if kmalloc() called internal returns NULL, this function returns -ENOMEM.
 746 * otherwise, this function update the AVC entry. The original AVC-entry object
 747 * will release later by RCU.
 748 */
 749static int avc_update_node(u32 event, u32 perms, u32 ssid, u32 tsid, u16 tclass)
 750{
 751        int hvalue, rc = 0;
 752        unsigned long flag;
 753        struct avc_node *pos, *node, *orig = NULL;
 754
 755        node = avc_alloc_node();
 756        if (!node) {
 757                rc = -ENOMEM;
 758                goto out;
 759        }
 760
 761        /* Lock the target slot */
 762        hvalue = avc_hash(ssid, tsid, tclass);
 763        spin_lock_irqsave(&avc_cache.slots_lock[hvalue], flag);
 764
 765        list_for_each_entry(pos, &avc_cache.slots[hvalue], list) {
 766                if (ssid == pos->ae.ssid &&
 767                    tsid == pos->ae.tsid &&
 768                    tclass == pos->ae.tclass){
 769                        orig = pos;
 770                        break;
 771                }
 772        }
 773
 774        if (!orig) {
 775                rc = -ENOENT;
 776                avc_node_kill(node);
 777                goto out_unlock;
 778        }
 779
 780        /*
 781         * Copy and replace original node.
 782         */
 783
 784        avc_node_populate(node, ssid, tsid, tclass, &orig->ae);
 785
 786        switch (event) {
 787        case AVC_CALLBACK_GRANT:
 788                node->ae.avd.allowed |= perms;
 789                break;
 790        case AVC_CALLBACK_TRY_REVOKE:
 791        case AVC_CALLBACK_REVOKE:
 792                node->ae.avd.allowed &= ~perms;
 793                break;
 794        case AVC_CALLBACK_AUDITALLOW_ENABLE:
 795                node->ae.avd.auditallow |= perms;
 796                break;
 797        case AVC_CALLBACK_AUDITALLOW_DISABLE:
 798                node->ae.avd.auditallow &= ~perms;
 799                break;
 800        case AVC_CALLBACK_AUDITDENY_ENABLE:
 801                node->ae.avd.auditdeny |= perms;
 802                break;
 803        case AVC_CALLBACK_AUDITDENY_DISABLE:
 804                node->ae.avd.auditdeny &= ~perms;
 805                break;
 806        }
 807        avc_node_replace(node, orig);
 808out_unlock:
 809        spin_unlock_irqrestore(&avc_cache.slots_lock[hvalue], flag);
 810out:
 811        return rc;
 812}
 813
 814/**
 815 * avc_ss_reset - Flush the cache and revalidate migrated permissions.
 816 * @seqno: policy sequence number
 817 */
 818int avc_ss_reset(u32 seqno)
 819{
 820        struct avc_callback_node *c;
 821        int i, rc = 0, tmprc;
 822        unsigned long flag;
 823        struct avc_node *node;
 824
 825        for (i = 0; i < AVC_CACHE_SLOTS; i++) {
 826                spin_lock_irqsave(&avc_cache.slots_lock[i], flag);
 827                /*
 828                 * With preemptable RCU, the outer spinlock does not
 829                 * prevent RCU grace periods from ending.
 830                 */
 831                rcu_read_lock();
 832                list_for_each_entry(node, &avc_cache.slots[i], list)
 833                        avc_node_delete(node);
 834                rcu_read_unlock();
 835                spin_unlock_irqrestore(&avc_cache.slots_lock[i], flag);
 836        }
 837
 838        for (c = avc_callbacks; c; c = c->next) {
 839                if (c->events & AVC_CALLBACK_RESET) {
 840                        tmprc = c->callback(AVC_CALLBACK_RESET,
 841                                            0, 0, 0, 0, NULL);
 842                        /* save the first error encountered for the return
 843                           value and continue processing the callbacks */
 844                        if (!rc)
 845                                rc = tmprc;
 846                }
 847        }
 848
 849        avc_latest_notif_update(seqno, 0);
 850        return rc;
 851}
 852
 853/**
 854 * avc_has_perm_noaudit - Check permissions but perform no auditing.
 855 * @ssid: source security identifier
 856 * @tsid: target security identifier
 857 * @tclass: target security class
 858 * @requested: requested permissions, interpreted based on @tclass
 859 * @flags:  AVC_STRICT or 0
 860 * @avd: access vector decisions
 861 *
 862 * Check the AVC to determine whether the @requested permissions are granted
 863 * for the SID pair (@ssid, @tsid), interpreting the permissions
 864 * based on @tclass, and call the security server on a cache miss to obtain
 865 * a new decision and add it to the cache.  Return a copy of the decisions
 866 * in @avd.  Return %0 if all @requested permissions are granted,
 867 * -%EACCES if any permissions are denied, or another -errno upon
 868 * other errors.  This function is typically called by avc_has_perm(),
 869 * but may also be called directly to separate permission checking from
 870 * auditing, e.g. in cases where a lock must be held for the check but
 871 * should be released for the auditing.
 872 */
 873int avc_has_perm_noaudit(u32 ssid, u32 tsid,
 874                         u16 tclass, u32 requested,
 875                         unsigned flags,
 876                         struct av_decision *avd)
 877{
 878        struct avc_node *node;
 879        struct avc_entry entry, *p_ae;
 880        int rc = 0;
 881        u32 denied;
 882
 883        BUG_ON(!requested);
 884
 885        rcu_read_lock();
 886
 887        node = avc_lookup(ssid, tsid, tclass, requested);
 888        if (!node) {
 889                rcu_read_unlock();
 890                rc = security_compute_av(ssid, tsid, tclass, requested, &entry.avd);
 891                if (rc)
 892                        goto out;
 893                rcu_read_lock();
 894                node = avc_insert(ssid, tsid, tclass, &entry);
 895        }
 896
 897        p_ae = node ? &node->ae : &entry;
 898
 899        if (avd)
 900                memcpy(avd, &p_ae->avd, sizeof(*avd));
 901
 902        denied = requested & ~(p_ae->avd.allowed);
 903
 904        if (denied) {
 905                if (flags & AVC_STRICT)
 906                        rc = -EACCES;
 907                else if (!selinux_enforcing || security_permissive_sid(ssid))
 908                        avc_update_node(AVC_CALLBACK_GRANT, requested, ssid,
 909                                        tsid, tclass);
 910                else
 911                        rc = -EACCES;
 912        }
 913
 914        rcu_read_unlock();
 915out:
 916        return rc;
 917}
 918
 919/**
 920 * avc_has_perm - Check permissions and perform any appropriate auditing.
 921 * @ssid: source security identifier
 922 * @tsid: target security identifier
 923 * @tclass: target security class
 924 * @requested: requested permissions, interpreted based on @tclass
 925 * @auditdata: auxiliary audit data
 926 *
 927 * Check the AVC to determine whether the @requested permissions are granted
 928 * for the SID pair (@ssid, @tsid), interpreting the permissions
 929 * based on @tclass, and call the security server on a cache miss to obtain
 930 * a new decision and add it to the cache.  Audit the granting or denial of
 931 * permissions in accordance with the policy.  Return %0 if all @requested
 932 * permissions are granted, -%EACCES if any permissions are denied, or
 933 * another -errno upon other errors.
 934 */
 935int avc_has_perm(u32 ssid, u32 tsid, u16 tclass,
 936                 u32 requested, struct avc_audit_data *auditdata)
 937{
 938        struct av_decision avd;
 939        int rc;
 940
 941        rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, 0, &avd);
 942        avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata);
 943        return rc;
 944}
 945
 946u32 avc_policy_seqno(void)
 947{
 948        return avc_cache.latest_notif;
 949}
 950